Zero-days get the headlines. Stolen tokens + OAuth consent abuse get the invoices. 🧾🔑😈
2025 pain = AiTM/device-code phishing + token replay + KEV-speed edge fires.

BRICKSTORM intel just landed: PRC actors camping in vCenter/ESXi + Windows. 🧱🕵️‍♂️
F5 source-code drama raises the long-run 0-day odds, but the calendar + attribution lag are savage.
Our final call: 11% UNC5221 gets publicly tied to a new 0-day before Dec 31. 🎯

2026’s nastiest SaaS breaches will ride valid tokens + “trusted” apps. We already got the trailer with the Salesloft/Drift OAuth blast radius. And the browser? Yeah, it’s part of the perimeter now. 😬🔑💬

Will hackers actually turn off a city’s water, or is that just conference-slide horror fiction? 💧🤔

We put a number on it: ~10% odds of a 48+ hour, 500k+ outage by end of 2026.

Dark LLMs are writing per-host pwsh one-liners, self-rewriting droppers, and hiding in model APIs you approved. If you’re not policing AI egress, you’re not doing detection. 😬🤖

AI just ran most of an espionage op, and regulators are still in “interesting case study” mode. 😏

We’re forecasting: 55% odds that by 2026, someone will force signed AI connectors + agent logs by default.

Anthropic just showed what happens when your “helpful” AI agents become C2: 80–90% of an espionage op automated, humans just clicking approve.

Lock down identity + connectors or you’re renting your SaaS to someone else’s botnet. 🤖🚨