ReliaQuest Blog - Threat Hunting, Security Operations, and More

Manufacturing customer incident volume nearly quadrupled between Q4 2025 and Q1 2026—the largest single-quarter spike of any sector ReliaQuest tracks. During that same window, ransomware claimed 442 manufacturing victims, credential exposure surged past half of all digital risk alerts, and removable media techniques doubled.

The SOCs that absorbed this without adding h...

Customer incident volume in hospitality nearly doubled last quarter. More than half of all attack techniques observed were phishing—the highest concentration of any sector we track. Nine in ten digital risk alerts trace to

Every software engineering org adopted Shadow IT incrementally—one unsanctioned SaaS tool at a time, until the average enterprise ran 3–4x more applications than IT knew about. Shadow AI is following the same trajectory on a compressed timescale. Developer teams route code through AI assistants, QA teams spin up LLM-powered testing tools, product managers feed proprietary roa...

Attackers entering retail environments in Q1 2026 abandoned the technique most defenses are optimized for. The sector's incident volume nearly tripled quarter-over-quarter, even as phishing fell from 22% to 9% of observed initial access methods. It was replaced by systematic network reconnaissance, IP address enumeration, and External Remote Services exploitation that collect...

Phishing infrastructure targeting financial services has tripled in a single quarter—now accounting for half of all observed threat activity against the sector. Brand-impersonating domains have overtaken credential exposure as the dominant digital risk signal, feeding account-takeover pipelines at scale.

Nearly 150 financial organizations hit by ransomware in 90 days, w...