A new Bridewell report reveals that cybercriminals are increasingly abandoning traditional malware in favor of social engineering tactics that exploit trusted browser workflows and identity authentication processes to bypass security.

Key Points

• Bridewell’s Cyber Threat Intelligence Report 2026 highlights the rise of ClickFix, FileFix, and ConsentFix techniques to manipulate user behavior.
• Attackers are shifting toward data-exfiltration-driven extortion models, prioritizing rapid data theft over time-consuming encryption-based ransomware attacks.
• The Australian Cyber Security Centre recently issued warnings regarding ClickFix campaigns actively distributing the Vidar Stealer infostealing malware.
• Threat actors are increasingly targeting edge devices and identity infrastructure while blurring the lines between independent cybercrime and state-aligned operations.

Why it Matters

These evolving tactics render traditional endpoint security tools less effective by operating within legitimate user workflows and trusted authentication systems. Organizations must shift their defensive strategies toward identity protection and enhanced user awareness to mitigate the growing risks of sophisticated social engineering and data theft.