On May 15, 2025, Coinbase acknowledged its most serious security lapse to date, a breach that could ultimately cost the exchange as much as $400 million and has compromised records for more than 69,000 customers. Investigators traced the incident to an overseas contact center operation: hackers bribed a handful of support agents in Indore, India, to capture screenshots and copies of customer data stored in internal systems.
Those agents worked for TaskUs, a U.S.–headquartered BPO firm that has handled Coinbase support queues since 2017. According to multiple reports, the attackers, described as a loose network of young, English-speaking cybercriminals, offered cash incentives to TaskUs employees willing to leak sensitive information, including names, email addresses, and partial account details.
A Breach Months in the Making
Internal logs show Coinbase first spotted suspicious activity months before the disclosure. By January 2025 the exchange had quietly asked TaskUs to dismiss 226 agents from its Indore office, many of whom were later linked to the leak. When criminals attempted to extort Coinbase on May 11, the company cut the remaining ties, tightened access controls, and publicly confirmed the breach four days later.
Although no passwords, private keys, or crypto balances were exposed, the stolen data is still valuable for targeted phishing and social engineering schemes. In response, Coinbase posted a $20 million reward for information leading to the perpetrators and pledged to reimburse any customers tricked into sending funds to attackers.
The Weak-Link Problem in Outsourced Support
This event underscores how quickly a single compromised vendor can undermine even a well-resourced security program. With call center staff often granted broad view access to resolve user tickets, bribery, extortion, or simple negligence can open the door to large-scale data theft.
How MSPs and MSSPs Can Help Businesses Respond and Prepare
Vendor-Access Hardening
Perform stringent due diligence reviews of every third-party help desk or BPO partner. Enforce least-privilege access, screen for insider-threat indicators, and require periodic audits that map who can see customer data and why.
Zero-Trust Architecture
Implement identity-centric controls so support personnel must re-authenticate for sensitive actions, and isolate customer records behind segmented networks.
24×7 Insider-Threat Monitoring
Deploy behavioral analytics tools that flag unusual data exports, screenshotting, or off-hours access by frontline agents—even if they connect from approved workstations.
Real-Time Data-Leak Detection
Integrate dark web monitoring and breach-intelligence feeds to identify stolen client information quickly, enabling rapid customer notifications and credential resets.
Phishing-Resilience Training
Offer continuous education and simulation campaigns so both vendor staff and end users can recognize and report social engineering attempts spawned by leaked records.
Incident-Response Playbooks
Maintain clear escalation paths that include vendors. Regular tabletop exercises should cover scenarios where outsourced employees become malicious insiders.
Post-Breach Remediation Guidance
After an exposure, MSPs can coordinate forced password rotations, enable or enforce multi-factor authentication, and assist with credit- or identity-protection services for affected users.
Contractual Security Clauses
Help clients renegotiate BPO agreements to include penalties for lapses, mandatory breach reporting within defined timelines, and explicit cybersecurity framework adherence (e.g., SOC 2 or ISO 27001).
By combining preventive controls with rapid detection and a vendor-inclusive response strategy, MSPs and MSSPs can turn the Coinbase incident into a blueprint for stronger, more resilient security across their customer base. To extend this service around the clock, Secucenter has its army ready to assist at all times.
Our SOC monitoring services are designed for MSSPs that offer a complete package of cybersecurity to their customers. We understand the importance of data and privacy, and thus, our proactive approach makes us fit in the cyber market to detect and deter threat actors.
Fortinet has found itself at the center of an unauthorized access wherein the attackers have taken over full device control. The vulnerability detected in the OS was CVE-2025-22252(Missing Authentication for Critical Function) with a critical severity of 9.0 that allows an attacker knowledgeable of an existing admin’s account to access the device and bypass authentication.
It exists in FortiOS, FortiProxy, and FortiSwitchManager TACACS+ configured to use a remote TACACS+ server for authentication. After being discovered by Cam B from Vital and NBS Telecom’s Matheus, Fortinet quickly took action to prevent any further progress by the threat actor.
Under this threat, which products have been affected? Let’s find out.
As per the security advisory, three of the twelve products are affected. Here’s how they’ve summarized the affects and the action we can take.
Affected Products
Remedy
FortiOS 7.6
Upgrade to 7.6.1 or above
FortiOS 7.4 Through 7.4.6
Upgrade to 7.4.7 or above
FortiProxy 7.6.0 Through 7.6.1
Upgrade to 7.6.2 or above
FortiSwitchManager 7.2.5
Upgrade to 7.2.6 or above
FortiNet has assured that the current vulnerability is limited to configurations that require ASCII authentication. PAP, MSCHAP, and CHAP configurations are safe from the impact. Additionally, Fortinet offers two workarounds that do not use ASCII authentication, which can prevent the vulnerability from impacting other devices. This aims towards organizations who may not be able tp make the upgrade sooner.
As an experienced cyber expert, Secucenter has seen how large-scale cybersecurity companies and their products are targeted to access client data for many negative reasons. Staying secure is not a one-time thing, but a recurrent requirement that needs attention. If you are an MSSP, then our dedicated SOC services are here to provide that extra layer of protection to your clients from current and future threats.
A critical vulnerability score of 10/10 is a very rare circumstance, and Microsoft seems to have caught itself in one of those.
Recently, Microsoft confirmed that their core cloud services were impacted by several critical vulnerabilities, one rated at 10, while the others were rated at 9.9 and 9.1, respectively. As users, what do you do in this situation? Well, nothing! That’s right; Microsoft has also confirmed all their users are protected from the vulnerability and their information is secured tightly.
So, what are these vulnerabilities, and how can we categorize their severity? Four of them were detected and we can understand the scale they fall into.
CVE-2025-29813: Azure DevOps Elevation of Privilege Vulnerability
Visual Studio has a significant elevation of privilege vulnerability triggered by inappropriate handling of pipeline job tokens.. It could allow an attacker with access to a project to swap a short-term token for a long-term one, thereby gaining extended access. With a CVSS score of 10.0, the vulnerability is exploitable over the network without requiring privileges or user interaction, and it poses a high risk to confidentiality, integrity, and availability.
A critical spoofing vulnerability involving Server-Side Request Forgery (SSRF) in Azure. It allows an authorized attacker with low privileges to send unauthorized requests over a network, potentially spoofing internal services. With a CVSS score of 9.9, the vulnerability is easy to exploit, requires no user interaction, and can significantly impact confidentiality, integrity, and availability.
CVE-2025-29827: Azure Automation Elevation of Privilege Vulnerability
A critical elevation of privilege vulnerability in Azure Automation was caused by improper authorization controls. It enables an attacker with low-level access to escalate their privileges over the network. With a CVSS score of 9.9, this vulnerability poses a high risk to confidentiality and integrity, with moderate impact on availability. It requires no user interaction and is low in complexity to exploit.
CVE-2025-47733: Microsoft Power Apps Information Disclosure Vulnerability
This vulnerability ranges to a critical scale of 9.1 that allows an attacker to disclose information over the network. It is a high-severity information disclosure vulnerability in Microsoft Power Apps, stemming from a Server-Side Request Forgery (SSRF) issue.
Though this was a security concern for many individuals and businesses working with Microsoft cloud services, it proved the swiftness of Microsoft to immediately safeguard its customers. As a cybersecurity expert, Secucenter offers a second layer of cyber protection for every organization. We understand the importance of protecting important data from threat actors who are as advanced as the tools that are being invented. Thus, to ensure long-term operations, an organization can always utilize an additional agent of cybersecurity.
Cybersecurity and threats are terms that affect not just businesses but also people and their privacy. Now that we know what the subject is, let’s get into the actual part- its growth and effect amongst internet users. SOC trends for 2026 have evolved in sophistication based on these factors . A compiled and comprehensive report from CrowdStrike showed the following statistics:
30+ adversaries newly discovered and named,
The fastest recorded eCrime timed at 2 minutes and 7 seconds, and
75% increase in cloud intrusions.
Cybercriminals are after your information mainly to gain access to financial information and/or use personal information to extort something. In the business world, it’s usually the latter for financial gain. In 2024, there was a substantial increase in reports against cyberattacks made by businesses and MSPs which only shows an upward graph of how they’ll be demanded more in 2026.
Furthermore, SOC trends in the industry are predicted to create an uproar as it will be added as an extension to basic cybersecurity products.
Top Security Operation Center (SOC) Trends To Look Forward To In 2026
The future of Security Operations Centers (SOC)is evolving rapidly with advancements in automation, AI, and cybersecurity frameworks. Here are the key SOC trends in 2026:
Cloud Native SOC Services
Security Orchestration, Automation, and Response
AI and Automation
Zero Trust Architecture
Quantum Computing and SOC Integration
Proactive Threat Intelligence
Redefining Human Roles in SOC
Managed Detection Response
eXtended Detection and Response (XDR)
1.Cloud Native SOC Services
What is it?: Businesses are shifting their work and data to a more accessible and remote location like the cloud. With such a shift comes innovation in SOC trends to introduce and develop cloud-based SOC services.
Cloud-native SOC services offer an expansive service to monitor, detect, alert, and respond to unusual activities spotted on the cloud. These services concentrate on the scalability, accessibility, and security of distributed IT environments while ensuring vulnerability is minimized to zero.
Why Does It Matter in 2026?: The work environment has drastically changed, and moving forward, it will be more flexible, i.e., completely cloud-based, and communicated. With such a revelation, here are all the reasons why cloud-native SOC services matter in 2026.
Scalable For Small and Medium Enterprises: MSSPs looking to offer their services to small and medium enterprises are shifting toward offering this SOC service. They offer flexibility without compromising security when the range of data and personnel is under a controlled cloud.
Remote Management: As mentioned above, the remote environment of businesses urges MSSPs to offer secure and safe cloud management through SOCs.
2.Security Orchestration, Automation, and Response
What is it?:SOAR platforms are becoming a crucial part of SOC services. They define a definite path, protocol, and routine that helps engineers streamline their security processes efficiently.
Moreover, it effectively automates routine tasks and incident response, empowering human analysts to prioritize and tackle more complex and strategic activities.
Why Does It Matter in 2026?: SOAR is highly relevant in 2026 due to the evolving complexity and volume of cyber threats, as well as the growing demand for efficiency in SOCs.
Automation of incident responses: SOAR platforms are dedicated to simplifying tasks such as incident investigation, management, threat containment, and termination. With automation, more than half of manual tasks through every step are reduced.
Streamline operations: SOAR platforms implement diverse security tools and systems into a simplified ecosystem, streamlining operations and improving efficiency. By consolidating data and performing advanced threat analysis, they enhance an organization’s security posture, improving visibility and enabling effective threat detection and response.
3. AI and Automation
What is it?: As we know the prominence of artificial intelligence has entered every industry, including SOCs. AI has been part of SOC trends and is fully fledged to operate multiple tasks at a time.
Through machine learning and automation, SOC services are looking at an optimistic, efficient, and minimal manual error.
Why Does It Matter in 2026?: Organizations who have implemented AI and automation into their SOC services already reported seeing more than a 50% reduction in response times and improved threat mitigation.
AI technologies can scan through vast amounts of data and networks to derive information about various anomalies that need to be addressed and through automation, these anomalies can be mitigated efficiently, reducing delay at every step of the process.
3. Zero Trust Architecture
What is it?:Zero-Trust Architecture is highly being demanded within the MSSP industry turning into a SOC requirement ready to take centre stage.
This system assumes all networks to be hostile, enabling verification for every access made. It is designed to reduce the risk of data breaches and unauthorized access to sensitive data from known and unknown sources.
Why Does It Matter in 2026?: Threats don’t limit themselves to the size of an enterprise, they attack in every way possible. Zero-trust architecture, thus, becomes a crucial SOC tool that will help MSSPs assure their clients’ safety and security in the long run.
Constant verification: Threats can be internal and external. Continuous verification of users across all networks ensures all who access the system’s database are authorized users and free to use it.
Strengthen overall security: ZTA micro-segments the network which reduces the potential impact of breach. Since each segment acts independently, a breach is bound to not affect the entire network.
4.Quantum Computing and SOC Integration
What is it?: One of the most innovative approaches in the SOC industry is quantum computing and resistive security. A method developed with cryptography to disable attacks from quantum computers.
These systems use post-quantum algorithms that are resistant to the immense computational power of quantum machines, ensuring secure encryption, authentication, and data protection.
Why Does It Matter in 2026?: We can’t stress enough how hackers and attackers can go to any length to bring down an organization by accessing their sensitive information. In 2026, the growth of this system will grow in demand mostly from large enterprises.
Resistant Algorithms: Implementing quantum-resistant algorithms will become a key focus for SOCs, ensuring that encrypted data remains protected against the advanced capabilities of quantum computers. These algorithms are designed to safeguard sensitive information and prevent potential breaches in a post-quantum era.
What is it?:Proactive Threat Intelligence is a form of identifying threats through predictive insights. These are gathered and analyzed through sophisticated tools that are developed to mitigate real-time and quickly growing cyberattacks.
Why Does It Matter in 2026?: To act upon cyberthreats, SOC services enable advanced SOC monitoring that works as intelligent and proactive threat mitigation.
Real-time threat identification: 2026 is looking at evolving variants of cyberattacks that are more dubious to deal with. Through proactive threat intelligence, the system can scour cyberattacks, respond to it and offer immediate remediation. This act helps in ensuring organizational networks, systems and servers don’t end up in unexpected situations.
Proactive Threat Strategies: Considering the level of threats every organization deals with, having reactive measures can only do a little help. By having objectives that are sector-specific, SOC engineers can concentrate and customize their services accordingly.
7. Redefining Human Roles in SOC
What is it?: As cyberthreats evolve, AI and human analysts are foresighted to work side by work and not replace one over the other.
A future of streamlining, speeding and redefining the roles of human analysts in the SOC industry will shape their purpose in the coming years.
Why Does It Matter in 2026?: The evolution of AI and machine learning has brought the presumption that human analysts might get replaced but this is far from the truth.
Human analysts have the capabilities to offer their services higher level tasks and are often stuck with routine daily works. These repetitive works can be automated with AI while human analysts can take on more advanced tasks.
8. Managed Detection Response
What is it?:MDR basically assembles a team, apart from automation, to detect, analyze, and resolve any cyber threat on the network, endpoints, and systems.
Relying services solely on AI is not a matter of present or future, it is a constant requirement to have human assistance side by side.
Why Does It Matter in 2026?: MDR offers various benefits that take cybersecurity a long way.
24/7 monitoring and response: Managed security service providers and SOC engineers ensure your networks and systems are constantly watched for potential threats and respond to them immediately.
Bridging cybersecurity skill gaps: With the growing needs of cybersecurity, there are few professionals and engineers in the market. Rather than contemplating the skill gap, get them managed through MSPs who offer quality MDR services.
What is it?: XDRis gaining quite the popularity for its holistic approach to enabling cybersecurity. Extended Detection and Response is a system where endpoints, networks, servers, and devices are connected to a single platform.
As a whole, it helps in detecting, investigating, and narrowing down the source of threat in a unified manner.
Why Does It Matter in 2026?: There are multiple reasons why XDR is a growing SOC trend that will continue to evolve.
Unified threat management: Cyberthreats attack from every direction. Through XDR, a unified platform can smartly detect cyberthreats’ routes and mitigate them efficiently without having to run around to find the source.
Automation for alerts: SOC engineers are often hung up on regular and time-consuming regular tasks. Through EDR, these tasks get automated and alert fatigue can be resolved easily.
Secucenter’s Contribution To SOC Trends
As a budding SOC company, we are on the radar to onboard the latest innovation in our tools. We provide advanced SOC monitoring and SOC staffing to our clients who wish to add that extra layer of protection along with their current suite of cybersecurity.
In 2026, we forecast a vertical expansion of SOC trends with new tools in the industry to aid our customers with a strong wall of defense and ensure their safety through and through.
Frequently Asked Questions
1. How does AI impact SOC operations in 2026?
AI will streamline major and minor SOC operations making cybersecurity even more efficient and reliable. It enhances threat intelligence, finds threat pathways, provides intelligent threat response, and many more.
2. What challenges do businesses face in modern SOC technologies?
One of the main challenges in the skill gap that was discussed above. Apart from that, modern businesses find difficulty with high implementation costs, keeping track of technological changes, and the wariness of cyber threats wandering the digital world. These concerns can be tackled by utilizing managed service providers who offer cybersecurity such as us.
3. How do you choose the right SOC service provider?
Choosing the right SOC service provider involves evaluating their expertise in threat detection and response, 24/7 monitoring, and the use of advanced tools like AI and SOAR. Their experience with your industry, scalability, reporting transparency, compliance support, and ability to integrate with your existing security infrastructure effortlessly.
Fortinet issues warning on a new Zero-Day attack on Fortinet Fortigate firewall devices with management interfaces exposed to the public. The campaign began around mid-November 2024 by accessing management interfaces, creating new admin accounts, changing configurations, and bypassing SSL VPN for lateral movement. The threat actors are unknown and they have taken advantage of this vulnerability to extract credentials using DCSync.
For context, a Zero-Day is an unknown software vulnerability exploited by hackers to gain entry into vulnerable networks, servers, and systems. It is called Zero-Day because it occurs before an organization becomes aware of it, giving them zero days to address the issue.
The firmware devices that were impacted and still underway on recovery range between 7.0.14 and 7.0.16, which were released in February and October of 2024.
Fortinet has confirmed that the attacks came in four waves:
Scanning and reconnaissance.
Configuration changes (e.g., enabling new admin accounts).
Creating local user accounts with VPN access.
Credential extraction for lateral movement.
Currently, Fortinet has given their response to update their firmware and minimize public-facing interfaces for controlling future threats.
Simply put, a fault in a firewall was used to gain bigger access, create an entryway for hackers, and move deeper into their networks. As a SOC service provider, we’d agree no security is too much security. If you harbor confidential data that can put an entire organization or a chain of clients at risk, then having 24/7 SOC monitoring can save you potentially costly losses and lawsuits.
Protect Your Business Today To Scale Tomorrow
Most breaches begin with a gap no one was watching. Tell us what you're protecting and our SOC analysts will pressure-test your defenses and show you exactly where you stand.
Follow us on
Email
sales@secucenter.com
Phone
+1 800 555 0100
Sales Office - United States
651, N Broad St, Middletown Delaware-19709
Operations Center- India
Level 17, TransAsia Cyber Park Kochi, Kerala-682030
Data privacy notice.
All submissions are protected via TLS 1.3 encryption in transit and
processed within our secure, air-gapped data environment. We never resell your data.