- Mycomputerspot Security Newsletter
- Posts
- Market & Momentum - 02/02/2026
Market & Momentum - 02/02/2026
The biggest risk this week isn’t a single zero-day, it’s attackers abusing trust and tempo: voice phishing that defeats MFA, mobile management flaws with high blast radius, and security blind spots inside “normal” user workflows.
J.W. Croley
February 02, 2026
In partnership with
Dictate prompts and tag files automatically
Stop typing reproductions and start vibing code. Wispr Flow captures your spoken debugging flow and turns it into structured bug reports, acceptance tests, and PR descriptions. Say a file name or variable out loud and Flow preserves it exactly, tags the correct file, and keeps inline code readable. Use voice to create Cursor and Warp prompts, call out a variable like user_id, and get copy you can paste straight into an issue or PR. The result is faster triage and fewer context gaps between engineers and QA. Learn how developers use voice-first workflows in our Vibe Coding article at wisprflow.ai. Try Wispr Flow for engineers.
Over the last 72 hours, the signal is tight and consistent: attackers are leaning into identity-first intrusion paths (vishing + MFA fatigue), high-leverage enterprise platforms (mobile device management), and psychological pressure campaigns (billing and account “renewal” scams).
This is a week where executive outcomes hinge on one thing: how fast your org can enforce controls, not how well you can explain them.
Trend (Macro) | Likelihood | Direction | What to expect this week |
|---|---|---|---|
Social engineering that bypasses MFA (voice + workflow abuse) | 78% | 🔺 Rising | More “helpdesk / IT” vishing, credential capture, session theft. |
Mobile management / device fleet risk (EPMM/MDM-class platforms) | 72% | 🔺 Rising | Exploitation attempts against orgs with exposed management services. |
Consumer breach fallout → credential reuse | 64% | ➡ Stable | More credential stuffing + targeted phishing using fresh datasets. |
Payment/renewal scams impersonating cloud services | 70% | 🔺 Rising | High-volume email campaigns aimed at card capture + account takeover. |
APT tradecraft blending macros + cloud services | 62% | ➡ Stable | Targeted lures using modern cloud tooling for stealth and persistence. |
Vishing attacks steal MFA to break into SaaS platforms
Threat intel reporting highlights a surge in voice-phishing operations that trick users into handing over MFA or approving login flows, enabling rapid SaaS compromise and extortion-style pressure. See ShinyHunters-style vishing.Actively exploited Ivanti EPMM zero-days (mobile fleet exposure)
Ivanti disclosed and patched actively exploited vulnerabilities in Endpoint Manager Mobile (EPMM), a high-impact platform if exposed or poorly segmented. See Ivanti EPMM zero-days.Fortinet FortiCloud SSO flaw: patching momentum + exploitation pressure
Recent reporting indicates Fortinet customers are seeing exploitation activity tied to FortiCloud SSO paths, reinforcing the need for urgent version validation and admin account review. See FortiCloud SSO zero-day patching.Cloud storage “payment failed” renewal scam flooding inboxes
A large-scale email scam is pushing fake renewal/payment alerts to drive credential capture, card theft, and account takeover — often targeting corporate users who manage shared storage. See cloud storage payment scam.Match Group breach reporting increases credential reuse and impersonation risk
Breach coverage involving major consumer platforms increases the likelihood of recycled credential attacks, targeted phishing, and identity-based fraud against corporate services. See Match Group breach.
What 100K+ Engineers Read to Stay Ahead
Your GitHub stars won't save you if you're behind on tech trends.
That's why over 100K engineers read The Code to spot what's coming next.
Get curated tech news, tools, and insights twice a week
Learn about emerging trends you can leverage at work in just 10 mins
Become the engineer who always knows what's next
Identity is the primary battlefield again. Attackers are increasingly winning by manipulating humans and workflows rather than “hacking” infrastructure directly.
Mobile management platforms are high-blast-radius targets. If an attacker gains leverage over device policy and configuration, the enterprise perimeter stops mattering.
“Billing urgency” scams are outperforming generic phishing. When the email threatens disruption to storage or access, users act fast — and attackers know it.
Consumer breaches become enterprise problems within days. The reuse window is immediate: credentials, lures, and impersonation campaigns follow quickly.
Patch velocity is not enough — verification is the differentiator. If you don’t confirm versions and exposure paths, “patched” can still mean vulnerable.
Vishing/MFA theft: Tighten helpdesk verification, require phishing-resistant MFA for privileged accounts, and alert on “new device + MFA approved” sequences.
Ivanti EPMM: Validate patch levels and isolate EPMM from internet exposure; monitor for admin authentication anomalies and suspicious configuration changes.
Fortinet SSO exposure: Confirm FortiOS versions and review for rogue admin creation; alert on config exports and unusual auth patterns.
Renewal scam defense: Add banner warnings for external billing/renewal emails, block common lure domains, and train finance/IT admins on “payment failure” social engineering.
Credential reuse: Increase detection for password spraying, credential stuffing, and anomalous logins tied to consumer breach reuse patterns.
The attacker advantage isn’t skill…
It’s speed and pressure.
Your advantage has to be enforcement and clarity.
If your controls depend on users “doing the right thing under stress,” they aren’t controls… they’re wishful thinking.
J.W.
(P.S. Forward this to IAM + Service Desk + Mobile/Endpoint owners. This week is about trust choke points !)
Voice-first code workflows with auto file tagging and variable recognition. Dictate reproductions and prompts and paste clean, code-friendly text into GitHub, Jira, or your editor. Try Wispr Flow for engineers.