Ransom is a tactic. Liquidity is the strategy.
Our new forecast asks: will ShinyHunters make more in 2H 2026 by selling SaaS access/data than by getting paid? Signals say yes. 🕵️♂️💸☁️
Iran’s internet goes dark → attackers don’t stop. They speed-run creds and hit post-auth collection the moment connectivity blips back. ⏱️🔑👀
Phishing got a low-code upgrade. 🤖🔑
Copilot Studio links can look “safe” because they’re hosted where users expect… then the OAuth consent click does the rest. 🧯
We’re forecasting the first publicly confirmed Copilot Studio → OAuth → M365 data breach by 12/31/26 (56%).
VoidProxy: AitM Phishing-as-a-Service Quietly Bypasses MFA at Scale
If you haven’t checked out THE eCrime conference, you’re…
How to scale your phishing detection to millions of attacks per day- with just $4,000 and a laptop.
![[FORECAST] ShinyHunters SaaS Data Theft: Why Non-Ransom Monetization Looks Increasingly Attractive](https://images.squarespace-cdn.com/content/v1/54bd1221e4b05e8a3646d021/1770053581353-COX4JWQFSYW6WFHYQYME/z.png)
![[FORECAST] CoPhish: The Microsoft Copilot Link That Hands Over Your OAuth Tokens](https://images.squarespace-cdn.com/content/v1/54bd1221e4b05e8a3646d021/1767717180408-VYZ6N0RRLK0YTQKUGL1P/z.png)
