Threat Environment Report

As of July 11, 2026

Threat level: Elevated

This week’s headlines: A large coordinated botnet — a network of hijacked computers — was detected probing our systems, originating from over 13.2K distinct locations worldwide. Credential theft attempts rose 34.1% compared to last week.

Total intrusion attempts detected

607.4K

In the past 24 hours

Distinct attacker locations identified

13.2K

Unique networks worldwide

Countries of attack origin

88

Across 6 continents

Password-theft attempts, week over week

34.1%

Highest category increase

Where attacks are coming from

Percentage of all detected intrusion attempts by country of origin. A country appearing here does not mean a government is involved — most attacks originate from privately-owned compromised machines.

US

56%

GB

9%

NL

6%

DE

6%

CN

3%

How attackers are getting in

Breakdown of attack methods observed this week, expressed as a share of total activity.

607.4K
Total Intrusion Attempts
Brute Force 572.8K 94.3%
Credential Theft 34K 5.6%
Exploiting Weakness 356 0.1%
AI Probing 186 0%

Notable signals from the sensor network this week

Our automated sensors flagged three patterns that security teams are monitoring closely.

Stolen credentials reused across multiple services

Sensors detected a single set of stolen login credentials being used to attempt access across three separate cloud services within 90 minutes — a pattern consistent with organized, automated account takeover.

Systematic mapping of software supply chains

An actor was observed methodically cataloguing third-party software dependencies — a reconnaissance technique often used to identify which vendors or tools to target upstream before attacking the final organization.

Mass scanning of remote access infrastructure

Large-scale automated scanning targeted known-vulnerable remote access gateways. Organizations that have not applied recent security patches to their remote access tools are at elevated exposure.

Published weekly. Data collected via distributed honeytoken network. Not for redistribution.

This report is for situational awareness only. It does not constitute legal, compliance, or security advice.