Originally reported by Dark Reading, Infosecurity Magazine
TL;DR
RSA Conference 2026 featured EU officials taking the lead on cybersecurity policy while US government participation remained minimal. Meanwhile, AI emerged as both the dominant attack vector and defensive solution, with researchers warning of industrial-scale identity exploitation campaigns.
The most severe component involves Iranian ransomware group re-emergence and industrial-scale identity exploitation campaigns, representing active threats to enterprise security.
While US government officials remained largely absent from this year's RSA Conference, EU representatives stepped into the leadership void, driving conversations around today's most pressing cybersecurity challenges. According to Dark Reading, European officials took an active role in San Francisco, highlighting a potential shift in global cybersecurity leadership dynamics.
Artificial intelligence dominated the RSAC Innovation Sandbox, with ten finalists showcasing AI-driven security solutions. Geordie AI emerged victorious in the competition for most innovative young security company. This trend mirrors the threat landscape, where SANS Institute's annual report identified five top attack techniques that all share a common thread: AI integration.
Security researchers at Halcyon and Beazley Security have tracked the re-emergence of Pay2Key, an Iran-linked ransomware group that had previously gone quiet. The group's return adds another state-nexus threat actor to an already crowded ransomware ecosystem.
SentinelOne's annual report warns of a "mass-marketed impersonation crisis" where attackers systematically abuse legitimate enterprise credentials at unprecedented scale. The research highlights how threat actors have industrialized identity-based attacks, moving beyond opportunistic credential theft to organized, large-scale operations.
Phishing campaigns impersonating Palo Alto Networks recruiters have operated since August, targeting job candidates with sophisticated psychological manipulation tactics. The attackers scrape LinkedIn profiles to craft convincing recruitment approaches, highlighting the intersection of social engineering and OSINT collection.
Threat actors increasingly leverage cloud-based Android phone services to conduct financial fraud while evading traditional detection mechanisms. This infrastructure enables the creation of "dropper accounts" that can bypass standard fraud prevention measures.
The National Crime Agency issued warnings about surging invoice fraud targeting UK construction firms, with losses reaching millions of pounds. The sector's complex supply chain relationships and payment structures create favorable conditions for business email compromise attacks.
Security experts warn that publicly attributing cyberattacks to specific threat actors or nations can generate unintended consequences that organizations should carefully evaluate before making public accusations. The analysis suggests that attribution announcements may escalate conflicts or invite retaliation.
Industry experts propose creating databases of cybersecurity "near misses" to improve threat intelligence sharing. Unlike post-breach disclosures, documenting close calls could provide early warning indicators without the stigma associated with successful attacks.
Experts at Nvidia's GTC conference emphasized that defending against AI-powered attacks requires AI-native security solutions. As artificial intelligence agents become standard attack tools, defenders must adopt the same technological foundation to maintain effectiveness.
Originally reported by Dark Reading, Infosecurity Magazine