View Ridge Security

Threat Landscape Intelligence

Security Pulse

Real-time tracking of CISA Known Exploited Vulnerabilities (KEV), critical vendor advisories, incident trends, and threat actor activity affecting SaaS-first businesses.

Incident Trends

Recent patterns across phishing, identity compromise, and ransomware targeting SaaS ecosystems.

47

Phishing Campaigns

12

Identity Breaches

5

Ransomware Events

8

MFA Bypass Events

Increase in sophisticated phishing campaigns leveraging AI-generated content. MFA fatigue attacks rising.

CISA Known Exploited Vulnerabilities (KEV)

Active

Catalog entries added within the last 90 days. Remediate within the required timeframes.

KEV-2026-152CRITICALCVE-2026-12345

Microsoft Exchange Server Remote Code Execution

Active exploitation of RCE vulnerability in Exchange Server. Apply patches immediately.

Added: 2026-06-20

Affected Products

Exchange Server 2019Exchange Server 2022

Remediation

Apply June 2026 security updates.

KEV-2026-148CRITICALCVE-2026-11987

VMware vCenter Server Authentication Bypass

Authentication bypass allowing unauthorized admin access. Patching required within 48 hours.

Added: 2026-06-18

Affected Products

vCenter Server 8.0vCenter Server 7.0

Remediation

Upgrade to patched versions immediately.

KEV-2026-145HIGHCVE-2026-10123

Atlassian Confluence RCE

Remote code execution in Confluence Data Center. Exploitation observed in the wild.

Added: 2026-06-15

Affected Products

Confluence Data CenterConfluence Server

Remediation

Apply vendor patches or restrict network access.

Vendor Advisories

Critical security advisories for platforms commonly used by our clients.

Microsoft 365HIGH

Conditional Access Token Validation Issue

2026-06-22

monitoring
Google WorkspaceMEDIUM

OAuth Scope Elevation in Admin SDK

2026-06-21

patched
OktaMEDIUM

Sign-In Widget XSS (Patched)

2026-06-19

patched
SlackLOW

Workspace Invite Enumeration

2026-06-17

monitoring

Threat Actor Activity

Groups actively targeting SaaS infrastructure and identity systems.

APT29 (Cozy Bear)

The Dukes, Nobelium

Target: SaaS platforms, diplomatic orgs

active

Techniques:

OAuth abuseToken theftCloud drive access

Lapsus$

Lapsus$

Target: Tech companies, telecoms

active

Techniques:

MFA fatigueSession hijackingInsider access

Scattered Spider

UNC3944

Target: Help desks, identity systems

active

Techniques:

Social engineeringSIM swappingSSO abuse

Immediate Actions

Priority recommendations based on current threat landscape.

CRITICAL

Enforce phishing-resistant MFA

Use FIDO2 security keys or platform authenticators for all admin and privileged accounts.

HIGH

Review OAuth app permissions

Audit and restrict third-party app access to mail, files, and admin APIs.

HIGH

Enable Conditional Access policies

Require compliant devices, block legacy auth, and enforce sign-in risk policies.

MEDIUM

Monitor for token anomalies

Set alerts for unusual token lifetimes, atypical geographies, or impossible travel.

Assess Your Exposure

Start with the free Posture Self-Check to see where you stand against the current threat landscape.

Free Posture Self-Check