Threat actors are eschewing traditional malware-driven attacks in order to bypass security tools and socially engineer their victims, according to a new study from Bridewell.
The consulting specialist made the claims in its Cyber Threat Intelligence Report 2026, published on May 18. The report draws on Bridewell's “sustained monitoring of malicious infrastructure, client telemetry, incident response activity, and targeted research.”
Attack techniques like ClickFix, FileFix and ConsentFix trick users into copying commands, approving fake authentication prompts and completing legitimate login processes to bypass endpoint security, multifactor authentication (MFA) and other controls, it said.
Because attacks take place within the browser or trusted identity workflows, they’re much harder to spot, the firm warned.
Earlier this month, the Australian Cyber Security Centre (ACSC) was forced to alert users about a ClickFix campaign designed to spread the Vidar Stealer infostealing malware.
Read more on ClickFix: ClickFix Attacks Surge 517% in 2025.
In fact, Bridewell warned that infostealers have become a critical enabler in the cybercrime landscape, harvesting data that can be used for ransomware, fraud and other campaigns.
It added that the ransomware landscape continues to evolve and fragment, with rapid data theft becoming the main mechanism for extortion, rather than lengthier encryption-focused attacks.
The idea is to reduce response time and increase pressure on victims, it said.
Meanwhile, traditional barriers between cybercrime and nation state activity continue to erode increasing the scale, sophistication and unpredictability of attacks, especially those targeting critical infrastructure sectors.
Continued Growth in Supply Chain Compromise
Bridewell urged cybersecurity leaders to look out for the following threats over the coming year:
- Increased exploitation of edge devices and identity infrastructure
- Continued growth in supply chain compromise
- Rising activity linked to North Korea and other state-aligned actors
- Ongoing convergence between cybercrime and nation-state operations
“As attackers continue to exploit trusted systems and human behaviour, organizations must move beyond traditional security approaches and focus on identity protection, user awareness and threat-informed defence,” argued Gavin Knapp, head of cyber threat intelligence at Bridewell.
“While the structure of the threat landscape remains familiar, the speed, scale, and resilience of adversary operations continue to increase. As attackers place greater emphasis on identity abuse, edge infrastructure and data‑exfiltration‑driven extortion models, organizations must adapt defensive strategies accordingly.”