Your Quarterly Cybersecurity Intelligence Briefing from Onecom Partners
Welcome to the March edition of CyberScope, your go-to quarterly update on the ever-evolving cybersecurity landscape. Designed for our Partner Channel, this blog delivers the latest news, trends and insights, along with a practical starting point for your customers.
In the News: Breaches, Phishing and the Dark Web
Info stealers – Credentials leak
A significant incident reported in January revealed one of the largest credential leaks seen to date after security researcher Jeremiah Fowler uncovered an exposed online database containing more than 149 million stolen usernames and passwords. The 96 GB repository held logins for Instagram, Gmail, OnlyFans and many other major platforms, including an estimated 48 million Gmail accounts, 6.5 million Instagram accounts and 100,000 OnlyFans accounts.
The database was left completely unprotected, with no encryption or access control, and researchers observed the number of records increasing while attempts were made to have it taken offline. This indicated that infected devices were still feeding new credentials into the system through active infostealer malware.
Because the stolen data came from compromised user devices rather than breaches of the service providers themselves, many of the credentials remain valid. This leaves users at heightened risk of account takeover, targeted phishing and identity fraud.
Crunchbase breach
In early January, the ShinyHunters ransomware group leaked more than two million Crunchbase records after the company refused to pay ransom. The stolen data included company files, business intelligence records and relationship-sensitive information that could facilitate account takeovers and further phishing activity. Crunchbase was the only organisation to publicly confirm an active breach at that time.
Match Group platforms targeted (Match, Hinge, OkCupid)
ShinyHunters continued their January campaign by stealing data from several major dating platforms belonging to Match Group. The attackers reportedly extracted more than ten million records using voice-based social engineering to break into a third-party analytics provider, AppsFlyer. Stolen information included user IDs, dating profiles, transactional details and internal corporate documents.
Onecom Partners to release penetration testing for channel partners
Onecom Partners is preparing to launch PenX, a new penetration testing service built specifically for the channel and designed for the needs of SME customers. Traditional annual penetration testing was created for a static era that no longer reflects how businesses operate today. Environments now change constantly, and attackers test defences continuously rather than during narrow assessment windows. PenX combines human-led expertise with AI-driven automation to deliver faster, more frequent and more cost-effective security assurance. By running monthly vulnerability scans alongside quarterly penetration tests, PenX adapts in real time as customers add new domains, IP addresses or cloud services. This approach ensures weaknesses are identified as soon as they emerge rather than many months later, helping partners deliver ongoing, measurable security value and significantly improving resilience across the mid-market.
Cyber Threat Trends
Credential theft continues to be the attacker’s favourite weapon
We said it last quarter and it remains true: hackers do not break in, they log in. Stolen credentials, session cookies and MFA tokens continue to circulate widely among threat actors. Attack groups are combining credentials with unpatched systems to gain deep access without ever deploying malware, making detection harder and allowing breaches to escalate quietly.
Phishing in 2026: smarter, faster and harder to spot
We have spoken before about phishing and smishing, but the landscape has changed dramatically even in the last quarter. Phishing still relies on tricking users into handing over credentials or sensitive information, and smishing simply shifts the tactic to SMS. In 2026, phishing has evolved far beyond suspicious emails and poor grammar. It has become a multi-channel, AI-powered discipline, and the tactics now being deployed resemble psychological profiling more than simple fraud.
New data shows phishing now initiates up to 42 per cent of all global breaches, with attackers using AI to produce highly personalised, context-aware lures that mimic internal communication patterns, reference real projects and bypass traditional red flags. What were once clumsy attempts are now polished, professional and alarmingly convincing.
We are also seeing the rise of:
Attackers continue to rely heavily on domain lookalikes, including homograph tricks similar to the rnicrosoft.com example highlighted in December. Next generation phishing kits now provide multi-layered evasion, personalised targeting and even capabilities to bypass MFA by relaying authentication tokens in real time. Analysts predict that by the end of 2026, more than 90 per cent of credential compromise attacks will originate from advanced phishing kits.
Critical sectors targeted
Education, government and telecommunications remain among the most aggressively targeted, with the education sector alone facing an average of more than 4,300 attacks per week. This is especially important to be aware of for channel partners supporting these key sectors.
Partner Advice: Where to begin
Guiding customers in a harder environment
With the threat landscape intensifying, your customers need clear, practical steps, and they look to you as the trusted advisor who can help them navigate uncertainty. Here is how to guide them:
Start with Dark Web monitoring and domain impersonation protection
CyberProtect with ID Guard gives businesses the ability to spot credential leaks and impersonation domains early, often before attackers act. Many breaches this quarter stemmed from stolen credentials or lookalike domains, making this one of the fastest ways to reduce real world risk.
Help them build a training culture rather than relying on a one-off webinar
With AI enhanced phishing blending seamlessly into normal communication, users must be trained to recognise behavioural anomalies and suspicious context, not just spelling mistakes.
Encourage MFA everywhere but recommend stronger authentication
Attackers increasingly target MFA itself. Push based MFA risks are reduced by moving customers toward number matching, biometrics or passkeys.
Support regular security and vulnerability assessments
Most breaches in early 2026 exploited misconfigurations, unpatched systems or idle third-party connections. Regular reviews help close these gaps before attackers find them.
Penetration testing will help your customers spot key vulnerabilities and allow them to close them before hackers get in.
CyberProtect and ID Guard: your customers’ first line of defence
As the threat landscape evolves, CyberProtect continues to do the heavy lifting for customers who need immediate, actionable security without additional complexity. Dark Web monitoring identifies leaked credentials early, and ID Guard alerts customers within minutes when suspicious domains are registered. Together, they provide powerful protection against phishing, quishing and brand impersonation.
They offer:
• 24/7 real time alerts
• Early breach detection
• Identity and credential theft protection
• Strong commercial value for partners
If your customers are not using CyberProtect yet, now is the ideal time to introduce it. You can also offer them a no obligation 30-day trial to demonstrate its value.
Get Started Today
Contact your Partner Business Manager or email hello@onecompartners.co.uk to learn more about CyberProtect and ID Guard.
Get Started Today
Contact your Partner Business Manager or email hello@onecompartners.co.uk to learn more about CyberProtect and ID Guard.