Market & Momentum - 02/09/2026

This week opens with sharpened enterprise risk around remote exploitation, data exposure, and strategic espionage campaigns, underscoring how attackers are combining stealth toolkits with fast-moving compromise techniques.

Author

J.W. Croley
February 09, 2026

In partnership with

Introducing the first AI-native CRM

Connect your email, and you’ll instantly get a CRM with enriched customer insights and a platform that grows with your business.

With AI at the core, Attio lets you:

  • Prospect and route leads with research agents

  • Get real-time insights during customer calls

  • Build powerful automations for your complex workflows

Join industry leaders like Granola, Taskrabbit, Flatfile and more.

Over the last ~72 hours, threat signals have converged on four key patterns: ransomware crews accelerating abuse of internet-facing infrastructure, edge-device compromise enabling traffic hijacking and covert delivery, consumer-platform incidents expanding credential abuse fuel, and state-aligned actors sustaining global-scale reconnaissance and intrusion.

The takeaway is simple: you need speed for exploit defense and discipline for long-horizon risk (inventory, deprecations, third-party dependencies).

📈 Risk Forecast – The Week Ahead 📉

Trend (Macro)

Likelihood

Direction

Signal for the Week

Active exploitation of internet-facing server vulnerabilities

80%

🔺 Rising

Ransomware access paths are consolidating around exposed services and management planes.

Traffic hijacking via compromised edge devices

74%

🔺 Rising

Router-level AitM frameworks are turning “normal” traffic into stealth delivery and collection channels.

Consumer platform data exposure feeding enterprise credential abuse

67%

🔺 Rising

Fresh PII increases phishing realism and credential-stuffing success rates.

Strategic reconnaissance by state-aligned threat actors

63%

➡ Stable

Broad scanning + selective intrusion continues across government and critical sectors.

Legacy dependency risk (email/API deprecations + brittle automations)

60%

➡ Stable

Retirement timelines create blind spots if owners don’t migrate early.

🔎 Key Watchlist Items 🔍

  1. Ransomware actors exploiting SmarterMail RCE (CVE-2026-24423)
    CISA-backed reporting indicates active ransomware use of an unauthenticated RCE path; exposed mail platforms should be treated as “hot” until proven otherwise. (SmarterMail)

  2. Ransomware activity tied to VMware ESXi exploitation signals
    Virtualization infrastructure remains a high-leverage target; if management interfaces were reachable, assume rapid scanning and attempted chaining. (ESXi)

  3. China-linked edge framework enabling traffic hijack + malware delivery 
    A router/gateway adversary-in-the-middle capability with deep packet inspection and traffic manipulation expands the “silent compromise” problem past endpoints. (DKnife)

  4. Photo-sharing platform incident expands phishing and account-takeover risk
    Usernames/emails/IPs/activity exposure increases targeted lures and credential reuse attacks that eventually land on corporate SSO. (Flickr)

  5. Microsoft countdown to disable Exchange Web Services (EWS) in cloud by April 2027
    This is a governance issue disguised as a tech note: legacy integrations and security tooling that rely on EWS can fail quietly if owners don’t migrate. (EWS)

  6. State-aligned “Shadow Campaigns” compromise set spanning 37 countries
    Large-scale scanning and selective compromise across government and critical infrastructure reinforces the need to treat perimeter hygiene as intel-driven priority work. (ShadowCampaigns)

AI-native CRM

“When I first opened Attio, I instantly got the feeling this was the next generation of CRM.”
— Margaret Shen, Head of GTM at Modal

Attio is the AI-native CRM for modern teams. With automatic enrichment, call intelligence, AI agents, flexible workflows and more, Attio works for any business and only takes minutes to set up.

Join industry leaders like Granola, Taskrabbit, Flatfile and more.

📊 Emerging Patterns 📊

Remote exploit avenues are back in the driver’s seat. Mail platforms and virtualization layers remain attacker favorites because they combine exposure with outsized impact.

Edge compromise changes the visibility game. Traffic hijacking at routers/gateways can make “clean endpoints” look normal while data and payloads are being manipulated in transit.

Consumer breaches bleed into corporate reality. PII exposure boosts phishing precision, password reuse success, and “convincing pretext” social engineering.

Espionage doesn’t need novelty to win. Broad scanning plus known-vuln exploitation and persistent tooling is enough when asset ownership and patch governance lag.

Deprecation timelines are security timelines. If you wait until the shutdown window, you’ll be migrating during an outage or incident.

⏰ Call to Action ⏰

Mail platform exploitation defense: Confirm patch level, restrict admin surfaces, and hunt for suspicious API usage, new admin creation, abnormal auth spikes, and webshell-like artifacts.

Virtualization hardening: Isolate management networks, review remote access paths, validate logging coverage, and prioritize patching on hosts with any historical internet reachability.

Edge device hijacking hunts: Baseline routing behavior, watch for unexpected DNS/HTTP proxy behavior, packet inspection anomalies, and unexplained outbound tunnels from gateway networks.

Credential abuse controls: Rate-limit and detect password spraying, enforce MFA everywhere possible, and monitor risky logins tied to newly exposed personal email domains.

EWS dependency audit: Identify every integration using EWS (automation, ticketing, security tools, custom scripts) and build a migration plan now to avoid blind spots.

Espionage posture: Increase TI correlation, validate SSH and remote admin controls on high-value networks, and remove “unknown” externally reachable services from the environment.

⚡ Monday Motivation ⚡

This week blends fast-moving exploitation with longer-term structural risk. The winners won’t be the teams with the most tools…

It’ll be the teams with the cleanest asset ownership, fastest patch validation, and the least mystery infrastructure.

Your defenders must be as adaptive as your adversaries; anticipating not just the next vulnerability, but the behaviors that follow it.

J.W.

(P.S. Forward this to the SOC, CISO council, and infrastructure owners to align urgency and governance.)

How AI Will Actually Change CX in 2026

Most CX leaders agree AI is the future — fewer agree on what actually changes next.

This guide distills six concrete predictions shaping customer experience in 2026, from agentic AI and AI operations to real-time CX experimentation.

Built for enterprise teams navigating scale, complexity, and accountability — not hype.