Cloudflare's 2026 Threat Report details a shift from brute-force attacks to high-trust exploitation, measured by attacker Measure of Effectiveness (MOE).
- •MOE prioritizes stolen session tokens and legitimate cloud tools over costly zero-day exploits
- •AI enables low-skill actors to automate network mapping, exploit development, and deepfake creation
- •Nation-state groups abuse Google Calendar, GitHub, and Dropbox to disguise C2 communications
- •Infostealers harvest active session tokens to bypass MFA entirely
- •Telemetry shows 63% of logins use compromised credentials; DDoS baseline reached 31.4 Tbps
The Cloudflare Blog 