Intelligence Insights: February 2026

Red Canary’s January 2026 threat report details prevalent active threats observed across customer environments: legitimate remote monitoring tools (ScreenConnect, NetSupport Manager) are being abused following phishing and paste-and-run lures, ClearFake is delivering malware via drive-by downloads, and PS1Bot infostealer is spreading through SEO poisoning and malvertising—reporting specific indicators (e.g., malicious MSI/ZIP/JS filenames and domains) and increased activity for several clusters.