The 2026 Sophos Active Adversary Report is out — and despite the hype, we saw no AI-driven sea change in the threat landscape, based on the 600+ IR and MDR cases that made up our dataset. Attackers mostly stuck with what already works.

Abuse of legitimate tools remained consistent, as did the lack of blocking categories of tools that are known to be routinely abused.

Missing telemetry continued to make it difficult for blue teamers to spot the signal in the noise, and an ongoing lack of phishing-resistant multifactor authentication (MFA) gave the criminals a quiet way in.

The most concerning change has been years in the making: The dominance of identity-related root causes — brute-force attacks, phishing, and other compromised-credential tactics — for successful initial access.

This constellation of tactics leverages weaknesses that can’t be addressed by simple patch hygiene and occasionally acts as a bonus multiplier for attacks in progress.

Key takeaways:

1️⃣ GenAI adds speed, volume, and noise to the threat landscape… but for now, that’s about it.

2️⃣ Identity-related tactics such as compromised credentials, brute-force attacks, and phishing, are by far the most common reason attackers gain initial access.

3️⃣ Attackers have made few changes to specific tools, tactics, or procedures — though one weird blocking trick may make a huge difference for many enterprises.

4️⃣ Saving money by minimizing telemetry collection might be penny-wise, but it’s definitely pound-foolish.

5️⃣ Prevention still beats detection, both in outcomes and in time and effort spent defending.

Read the report here: https://www.sophos.com/en-us/blog/2026-sophos-active-adversary-report

By making minor changes to command-line arguments, it is possible to bypass EDR/AV detections.

My research, comprising ~70 Windows executables, found that all of them were vulnerable to this, to varying degrees.

Here’s what I found and why it matters 👉 https://wietze.github.io/blog/bypassing-detections-with-command-line-obfuscation

Hey everyone,

I'm micr0, the creator of @altbot, the open-source bot that helps generate alt-text for images on the Fediverse to make content more accessible.

I have some exciting news to share - Altbot no longer uses Google's services! Many of you expressed concerns about privacy when I first launched Altbot using Google Gemini, worried about your images being processed on their servers and potentially used for training.

I promised to fix this, and I'm thrilled to announce that Altbot 2.0 is now running entirely on my own hardware using the Ovis2:8B model. Your images are processed locally with absolutely zero data retention - your content never leaves my server and isn't used to train any models.

The new system is fully GDPR compliant, and descriptions are even better across all 11 supported languages. What's also cool is that the setup is significantly more energy efficient, with 36% of power coming from clean sources. Altbot now even shows you how much energy was used for each request!

The only things Altbot 2.0 records are that a request happened, how long it took, and what language was used. No images, no content, no personal data - nothing that could identify you.

Building this upgrade was more expensive than planned - I needed a more powerful server with an A5500 GPU, which exceeded my budget by about $900 that I covered out of pocket. If you appreciate this commitment to privacy and accessibility, any support through my Ko-fi page would help recover these costs and keep Altbot free for everyone: https://ko-fi.com/micr0byte/goal?g=18

Thanks so much for your support! I built Altbot because I believe accessibility shouldn't compromise privacy, and now that vision is reality.

Feel free to boost or reach out with any questions! For press inquiries: [email protected]