Find notable cyber news and cases, enriched with sources, timelines, and signals.

Identity-based access becomes the leading ransomware initial-access trend in 2026

Trend
First reported
Last updated
Happening score
H score 28
1 unique sources, 1 articles

Summary

Hide ▲

Identity-based attacks became the leading ransomware initial-access trend, raising the risk of credential abuse and legitimate login misuse across affected networks. Sophos found 79% of ransomware incidents traced back to compromised identities, while exploitation of known vulnerabilities fell to 18% in 2026. The shift shows attackers are favoring easier access paths such as phishing, malicious email, and brute force over exploit-driven entry.

Related Happenings

Vect and TeamPCP industrialize ransomware through a supply-chain credential-theft alliance

Threat Actor Meta
H score67 First: 03.07.2026 14:30 Last: 03.07.2026 14:30 Sources 1

About this happening: **Vect** and **TeamPCP** formed a new **ransomware-as-a-service** partnership that combines **supply-chain credential theft** with extortion, expanding the risk of follow-on attac...

TeamPCP and Vect partner to turn supply-chain compromises into ransomware follow-on campaigns

Threat Actor Meta
H score11 First: 31.03.2026 15:15 Last: 31.03.2026 15:15 Sources 1

About this happening: TeamPCP and **Vect ransomware group** are linking **supply-chain compromises** to **follow-on ransomware campaigns**, broadening extortion risk for affected organizations. The shi...

Timeline

  1. 15.07.2026 15:45 2 articles · 2h ago

    Sophos report finds compromised logins dominate ransomware initial access

    Initial Disclosure

    Sophos found that compromised identities and legitimate user logins accounted for 79% of ransomware initial intrusions across real-world incidents, with malicious emails at 26%, phishing at 24%, and brute force at 23%; attacks tied to exploited known vulnerabilities fell to 18% in 2026 from 32% in 2025, prompting recommendations for identity threat detection and response, multi-factor authentication across all access points, and regular identity credential audits.

    Show sources