This Month in Security with Tony Anscombe – January 2026 Edition

The security landscape is evolving rapidly, with cyber‑fraud now eclipsing ransomware as the primary worry for CEOs worldwide, according to the World Economic Forum. This shift reflects attackers’ focus on exploiting human and financial vulnerabilities rather than purely technical lock‑outs. Companies that continue to allocate resources solely to ransomware mitigation risk overlooking the growing financial impact of sophisticated phishing, business‑email compromise, and other fraud schemes that can drain revenue without a single system breach.

January’s headline incidents illustrate the breadth of modern threats. Nike’s alleged ransomware breach, involving a staggering 1.4 TB of data, underscores the persistent allure of high‑value corporate information. Meanwhile, an unsecured Zendesk support platform became a launchpad for a massive spam operation, highlighting how overlooked third‑party tools can become attack vectors. ServiceNow’s AI‑driven vulnerability, CVE‑2025‑12420, demonstrated the potential for unauthenticated actors to assume admin roles on AI platforms, a scenario that could compromise entire service‑management ecosystems if left unpatched.

For enterprises, the takeaway is clear: security strategies must expand beyond traditional perimeter defenses. Implementing zero‑trust architectures, continuous monitoring of third‑party configurations, and rigorous AI model security testing are essential. Investing in fraud detection analytics, employee awareness programs, and rapid patch management can mitigate both financial and reputational damage. As threat actors blend ransomware tactics with fraud and AI exploitation, a holistic, adaptive security posture becomes a competitive necessity.