- Mycomputerspot Security Newsletter
- Posts
- Market & Momentum - 01/12/2026
Market & Momentum - 01/12/2026
Early January is when latent risk becomes visible. This week’s momentum shows attackers leaning into trust abuse, operational pressure, and delayed enforcement... not technical novelty.
J.W. Croley
January 12, 2026
In partnership with
Modernize your marketing with AdQuick
AdQuick unlocks the benefits of Out Of Home (OOH) advertising in a way no one else has. Approaching the problem with eyes to performance, created for marketers with the engineering excellence you’ve come to expect for the internet.
Marketers agree OOH is one of the best ways for building brand awareness, reaching new customers, and reinforcing your brand message. It’s just been difficult to scale. But with AdQuick, you can easily plan, deploy and measure campaigns just as easily as digital ads, making them a no-brainer to add to your team’s toolbox.
The past several days reinforce a consistent executive signal: risk is accumulating in the gaps between policy and practice. While organizations resume normal operations, attackers are capitalizing on over-trusted user tooling, ransomware economics, and slow control re-enforcement after year-end freezes.
This is not a week defined by “new threats.” It is defined by known weaknesses being exercised at scale while teams reset priorities.
Trend (Macro) | Likelihood | Direction | What to expect this week |
|---|---|---|---|
User-trust abuse (extensions, productivity tooling) | 74% | 🔺 Rising | Legitimate-looking tools harvesting sessions, data, and context. |
Ransomware operational pressure | 71% | 🔺 Rising | Faster intrusion-to-impact timelines driven by affiliate efficiency. |
Post-incident fraud & impersonation | 63% | ➡ Stable | Follow-on scams leveraging recycled breach data. |
Third-party and supply-chain trust failures | 59% | 🔺 Rising | Attackers riding normal business workflows instead of exploiting systems. |
Control drift after change freezes | 68% | 🔺 Rising | Policies exist, but enforcement lags as operations normalize. |
Malicious browser extensions continue targeting meeting and collaboration data
Threat actors are abusing trusted browser ecosystems by distributing extensions that quietly collect meeting URLs, IDs, and related metadata under the guise of productivity features. See Zoom Stealer extensions.High-install browser add-ons used as large-scale data-harvesting infrastructure
Recent reporting highlights campaigns where extensions with millions of installs perform background collection and redirection, turning browsers into persistent surveillance tools. See extension abuse analysis.Ransomware groups refine operations rather than malware
Coverage this week underscores how ransomware outcomes increasingly depend on operational access, insider knowledge, and negotiation leverage — not exploit sophistication. See ransomware sentencing case.Sustained ransomware growth driven by business-sector targeting
Trend reporting shows continued concentration on commercial organizations where downtime sensitivity and insurance dynamics favor quick payouts. See ransomware growth analysis.Threat intelligence reporting confirms broad, non-selective targeting
Weekly intelligence summaries indicate affiliates are prioritizing ease of access over industry specialization, increasing cross-sector exposure. See weekly intelligence report.
The Future of Shopping? AI + Actual Humans.
AI has changed how consumers shop, but people still drive decisions. Levanta’s research shows affiliate and creator content continues to influence conversions, plus it now shapes the product recommendations AI delivers. Affiliate marketing isn’t being replaced by AI, it’s being amplified.
Trust is being exploited faster than systems
Browser extensions and “helper tools” bypass many technical controls because they inherit user trust and visibility gaps.
Ransomware is an execution problem, not a malware problem
Affiliates are optimizing speed, access, and leverage — meaning governance and response readiness matter more than signatures.
Transition periods amplify control failures
The shift from holiday posture back to normal operations consistently exposes exceptions, stale access, and unmonitored tooling.
Attackers are choosing reliability over creativity
Repeated use of proven methods indicates adversaries value predictability and scale more than novelty.
Extension risk: Enforce an enterprise extension allowlist, audit installs from the last 14 days, and remove unapproved productivity add-ons.
Session and identity abuse: Increase monitoring for unusual session reuse, token persistence, and anomalous authentication patterns.
Ransomware readiness: Validate backup restoration, confirm EDR isolation works operationally, and tighten privileged access pathways.
Fraud prevention: Brief finance, HR, and service desks on verification-based scams tied to recycled breach data.
Control re-enforcement: Identify temporary exceptions created during year-end and formally close or justify them this week.
Most January incidents aren’t caused by what changed… they’re caused by what didn’t get put back.
Security posture doesn’t reset with the calendar. Attackers count on that.
J.W.
(P.S. Share with executive leadership or include in your weekly risk briefing!)
Attention spans are shrinking. Get proven tips on how to adapt:
Mobile attention is collapsing.
In 2018, mobile ads held attention for 3.4 seconds on average.
Today, it’s just 2.2 seconds.
That’s a 35% drop in only 7 years. And a massive challenge for marketers.
The State of Advertising 2025 shows what’s happening and how to adapt.
Get science-backed insights from a year of neuroscience research and top industry trends from 300+ marketing leaders. For free.