Cyber threats in 2026: Expert reveals what comes next

Investigators and researchers are still learning of the scope of the cyberattack which has hit US government agencies and other victims around the world – AFP

Across 2025, even the biggest corporations and governmental institutions, including the U.S., were not immune to hacks. According to Cyble’s latest Global Cybersecurity Report 2025, almost 15,000 incidents related to data breaches and leaks were reported.

One of the biggest hacks happened to the Australian airline Quantas. Hackers exposed data of 5 million customers, including names, birth dates, email addresses, and a few months ago started selling it on the dark web. There were many more similar cases involving companies like Oracle, Volvo, and SK Telecom, which led to data leaks or frozen business operations.

In the summer, security researchers uncovered the biggest data breach in history that exposed 16 billion passwords, including those from Apple, Facebook, Google, Telegram, and many more. Some attacks affected governmental institutions, where, recently, the US Congressional Budget Office was hacked. According to Cyble’s report, government institutions were the Top 3 in the overall threat activity.

Cybercriminals also targeted users directly. Recently, more than 120,000 cameras were hacked for so-called “sexploitation” footage in South Korea.

After what has become a record year of data breaches in 2025, cybersecurity experts warn that threats will escalate in 2026, driven by AI-powered attacks, advanced deepfakes, and a new risk called “digital body snatching,” where hackers target personal data from wearables and connected health devices.

Many fear that 2026 will be the year when autonomous AI cybercriminals launch their first attack, video deepfakes will cause headaches for banks, and hackers will start attacks on users’ medical data.

Konstantin Levinzon, co-founder and CEO of Planet VPN, tells Digital Journal this trend will pose even bigger risks in 2026.

“Even though AI improves our daily lives and strengthens cybersecurity, it is also widely used by hackers. Now, even those without technical expertise can buy tools on the dark web that target thousands of users with a single click. The rise of AI-powered tools will amplify all kinds of attacks, including phishing scams, ransomware, and exploiting vulnerabilities, and can even create attacks on its own,” Levinzon says.

Prediction 1: AI cybercriminals

Up until now, AI has been just a tool for cybercriminals, allowing them to organise and speed up attacks, he says. However, with rising agentic AI capabilities, AI will inevitably start attacking autonomously.

In its recent report, Anthropic has already described a hacking campaign that carried out around 80-90% part of the operation on its own using the company’s Claude tools.

“AI tools will scan for weaknesses and exploit zero-day flaws – security gaps that are unknown to vendors – without a human touching a keyboard. As our homes, workplaces, and infrastructure are increasingly run by AI, any security gap becomes a potential attack vector. We will almost certainly see such autonomous attacks next year,” Levinzon observes.

Prediction 2: Hyper-realistic deepfakes

Deepfakes – AI-generated fake videos, audio files, or images used to impersonate people – are becoming a headache for banks and other businesses, as they allow bypassing online verification. Recently, an insurance company, sensing a lucrative opportunity, even started offering coverage for incidents where AI deepfakes cause reputational harm for companies.

Individual users are also at risk, Levinzon emphasises. The FBI has recently warned users that criminals are generating fake images of kidnapping and using them for scams. According to Levinzon, the real rising threat is fake video-generated content: “In 2025, video generators such as OpenAI’s Sora showed how easy it is to create highly realistic videos, and cybercriminals will use them to their advantage. As a result, banks and other financial institutions will likely take precautions to enhance their security measures to protect video verification processes. Regulations will likely follow quickly. For users, this may mean additional steps to confirm their identity”.

Prediction 3: Digital body snatching

Millions of smartwatches, rings, AI wearables, and even new mattresses come equipped with large amounts of sensors that collect everything – from your location, to heart rate data, and stress levels. As the number of these sensors increases, they become attractive targets for cybercriminals.

According to Levinzon, once hackers get access to a smartwatch or any device, they can exfiltrate data easily, especially if the devices are not purely secured. Such data can also be gathered via cloud or app data leaks, exploiting Bluetooth attacks, and more.

“Potential wearable hacks, deepfakes, and autonomous AI systems mean that next year, users will need to take extra steps and security measures. Aside from staying vigilant, we also recommend enabling two-factor authentication, updating software regularly, and using a VPN, which adds an essential layer of defence against hackers,” Levinzon warns.