Q2 2026 Attack Techniques Trend Report

Q2 2026 Attack Techniques Trend Report

Overview.


The second quarter of 2026 was marked by a notable increase in actual exploits that targeted public assets, identities, and AI stacks.
The number of CISA KEV listings reached 75, an increase of approximately 27% compared to the same period in 2025.
Primary targets included web and server applications, endpoints, network perimeter devices, and remote management tools, and also included vulnerabilities related to AI and the supply chain.
The percentage of listings associated with ransomware rose from 8.5% In the same period of 2025 to 16.0%.

Analysis.


Threat actors frequently used the T1190 (Exploit Public-Facing Application) method to bypass authentication and infiltrate publicly exposed applications and perimeter devices.
Vulnerabilities related to SimpleHelp, Check Point, Ivanti Sentry, Oracle PeopleSoft, Cisco, and Splunk were included in the KEV.
In the identity and credentials domain, OAuth device code phishing, AiTM (man-in-the-middle attacks), and the exploitation of stolen tokens and sessions were prominent.
Device code phishing that targets Microsoft Entra ID and PhaaS (Phishing-as-a-Service) activities, such as Kali365, were mentioned.
In terms of evasion techniques, three zero-day vulnerabilities related to Microsoft Defender were listed in the KEV, and threat actors attempted to hide by blocking legitimate processes and telemetry.
AI-related attacks also expanded.
SearchLeak (CVE-2026-42824) is a data exfiltration vulnerability targeting M365 Copilot Enterprise, and while CVE-2026-26030 and CVE-2026-25592 in the Microsoft Semantic Kernel demonstrated that prompt injection could lead to remote code execution.
CVE-2026-42271 in BerriAI LiteLLM was also listed in KEV as an actual exploit.
Malicious skill supply chain attacks, such as OpenClaw and ClawHub, also continued.

Prevention and Detection Information.


Defenses need to shift from signature-based detection to IoA (Indicators of Behavior)-based detection.
In particular, attention should be focused on behaviors such as memory injection, disconnection of security sensor telemetry, abnormal authentication sessions, and abnormal token issuance.
To protect identities, the use of short-lived tokens, gateway MFA, conditional access, session token binding, and ITDR (Identity Threat Detection and Response) was emphasized.
AI systems require input/output validation and sanitization, least privilege, restrictions on tool invocation scope, human-in-the-loop approval for high-risk operations, and verification of MCPs and dependency supply chains.
Public-facing applications, perimeter devices, and identity infrastructure should be assessed and prioritized based on CISA’s KEV and EPSS standards.
It was also recommended to verify the ATT&CK coverage of existing EDR/XDR solutions and to check the log-to-alert conversion rate.