What’s Trending: Top Cyber Attacker Techniques, December 2025–February 2026

During Dec 1, 2025–Feb 28, 2026 this report highlights a surge in trust-based attacks: BaoLoader-led drive-by compromises and ClickFix social-engineering dominated malware delivery; RMM tools (including trojanized ScreenConnect) were abused for C2; CVE‑2026‑1731 was weaponized rapidly in ransomware campaigns led by Akira and Qilin; and ShinyHunters scaled identity-first intrusions via AiTM phishing and stolen SSO sessions to enable high-impact data extortion. Defenders are urged to prioritize ClickFix-specific user training, RMM allowlists, emergency patching of internet-facing appliances, and centralized SaaS/identity telemetry and session containment.