Alerte

The Cert-IST 2026 annual report on vulnerabilities and attacks in 2025 is now available (only in French for the moment).

Alerte

Cert-IST 2026 report on attacks and vulnerabilities in 2025

Date : March 06, 2026

The aim of this report is to highlight the general tendencies and threat evolution to help the community to enhance their protections.

This document is available:

In English: Cert-IST 2026 report on attacks and vulnerabilities in 2025
In French: The report will soon be available in English

It begins with an analysis of the three most significant events of 2025:

The ToolShell Crisis: SharePoint Red Alert
Targeting the “Guardians”: F5 and Red Hat Consulting
Delegated Identity Compromise: The Salesforce Wave

The report continues with an analysis of specific points:

Focus on the state-sponsored threat
An analysis of cybercrime
A focus on hacktivism
An examination of the increasingly blurred boundaries between these actors