Threat Landscape Intelligence
Security Pulse
Real-time tracking of CISA Known Exploited Vulnerabilities (KEV), critical vendor advisories, incident trends, and threat actor activity affecting SaaS-first businesses.
Incident Trends
Recent patterns across phishing, identity compromise, and ransomware targeting SaaS ecosystems.
47
Phishing Campaigns
12
Identity Breaches
5
Ransomware Events
8
MFA Bypass Events
Increase in sophisticated phishing campaigns leveraging AI-generated content. MFA fatigue attacks rising.
CISA Known Exploited Vulnerabilities (KEV)
ActiveCatalog entries added within the last 90 days. Remediate within the required timeframes.
Microsoft Exchange Server Remote Code Execution
Active exploitation of RCE vulnerability in Exchange Server. Apply patches immediately.
Added: 2026-06-20
Affected Products
Remediation
Apply June 2026 security updates.
VMware vCenter Server Authentication Bypass
Authentication bypass allowing unauthorized admin access. Patching required within 48 hours.
Added: 2026-06-18
Affected Products
Remediation
Upgrade to patched versions immediately.
Atlassian Confluence RCE
Remote code execution in Confluence Data Center. Exploitation observed in the wild.
Added: 2026-06-15
Affected Products
Remediation
Apply vendor patches or restrict network access.
Vendor Advisories
Critical security advisories for platforms commonly used by our clients.
Conditional Access Token Validation Issue
2026-06-22
OAuth Scope Elevation in Admin SDK
2026-06-21
Sign-In Widget XSS (Patched)
2026-06-19
Workspace Invite Enumeration
2026-06-17
Threat Actor Activity
Groups actively targeting SaaS infrastructure and identity systems.
APT29 (Cozy Bear)
The Dukes, Nobelium
Target: SaaS platforms, diplomatic orgs
Techniques:
Lapsus$
Lapsus$
Target: Tech companies, telecoms
Techniques:
Scattered Spider
UNC3944
Target: Help desks, identity systems
Techniques:
Immediate Actions
Priority recommendations based on current threat landscape.
Enforce phishing-resistant MFA
Use FIDO2 security keys or platform authenticators for all admin and privileged accounts.
Review OAuth app permissions
Audit and restrict third-party app access to mail, files, and admin APIs.
Enable Conditional Access policies
Require compliant devices, block legacy auth, and enforce sign-in risk policies.
Monitor for token anomalies
Set alerts for unusual token lifetimes, atypical geographies, or impossible travel.
Assess Your Exposure
Start with the free Posture Self-Check to see where you stand against the current threat landscape.
Free Posture Self-Check