Initial-access handoff time drops to 22 seconds across Mandiant investigations
Trend
Summary
Hide ▲
Show ▼
Across Mandiant investigations, the time from initial access to handoff to a secondary threat group has collapsed to 22 seconds, sharply reducing defenders’ window to detect brokered intrusions. The shift points to tighter coordination and more automation in cybercrime pipelines. It raises risk for organizations because access can now be monetized before responders can react.
Related Happenings
Oracle E-Business Suite unauth HTTP takeover security flaw (CVE-2026-46817)
Vulnerability
H score52
First: 29.06.2026 16:46
Last: 29.06.2026 16:46
Sources 1
About this happening:
**Oracle E-Business Suite** **CVE-2026-46817** is under **active exploitation**, putting **Oracle Payments** deployments at takeover risk. The flaw allows **unauthenticated HTTP a...
Oracle E-Business Suite unauth HTTP takeover security flaw (CVE-2026-46817)
VulnerabilityAbout this happening: **Oracle E-Business Suite** **CVE-2026-46817** is under **active exploitation**, putting **Oracle Payments** deployments at takeover risk. The flaw allows **unauthenticated HTTP a...
Oracle E-Business Suite May 2026 Critical Security Patch Update (CVE-2026-46817)
Security Patch Release
H score53
First: 29.06.2026 16:46
Last: 29.06.2026 16:46
Sources 1
About this happening:
**Oracle**'s **May 2026 Critical Security Patch Update** addressed **CVE-2026-46817** in **Oracle E-Business Suite**, a **critical** flaw in **Oracle Payments** that could let an...
Oracle E-Business Suite May 2026 Critical Security Patch Update (CVE-2026-46817)
Security Patch ReleaseAbout this happening: **Oracle**'s **May 2026 Critical Security Patch Update** addressed **CVE-2026-46817** in **Oracle E-Business Suite**, a **critical** flaw in **Oracle Payments** that could let an...
Oracle PeopleSoft PeopleTools zero-day RCE (CVE-2026-35273)
Vulnerability
H score58
First: 11.06.2026 22:39
Last: 11.06.2026 22:39
Sources 1
About this happening:
**Oracle PeopleSoft PeopleTools CVE-2026-35273** is a critical **zero-day RCE** affecting **PeopleSoft Enterprise PeopleTools 8.61 and 8.62**. Oracle released **emergency mitigati...
Oracle PeopleSoft PeopleTools zero-day RCE (CVE-2026-35273)
VulnerabilityAbout this happening: **Oracle PeopleSoft PeopleTools CVE-2026-35273** is a critical **zero-day RCE** affecting **PeopleSoft Enterprise PeopleTools 8.61 and 8.62**. Oracle released **emergency mitigati...
Latest development: 29.06.2026 23:40
Nissan says it suffered a data breach affecting current and former employees after attackers exploited an Oracle PeopleSoft zero-day associated with CVE-2026-35273. Oracle informed Nissan that personnel records of hundreds of companies may have been obtained and that Nissan was specifically targeted, with potentially exposed data including contact details, banking information, Social Security numbers, Social Insurance Numbers, National Identification Numbers, financial and tax information, and dependent and beneficiary data for employees in the United States, Canada, Mexico, and Brazil.
Low-severity enterprise alerts hiding confirmed incidents
Trend
H score28
First: 08.05.2026 13:30
Last: 08.05.2026 13:30
Sources 1
About this happening:
A recent enterprise telemetry analysis found that **low-severity** and **informational alerts** are hiding real compromises across live environments, creating a measurable missed-...
Low-severity enterprise alerts hiding confirmed incidents
TrendAbout this happening: A recent enterprise telemetry analysis found that **low-severity** and **informational alerts** are hiding real compromises across live environments, creating a measurable missed-...
AI-assisted cyber trend driving more malicious packages, faster exploit development, and slower remediation
Trend
H score89
First: 04.05.2026 14:58
Last: 04.05.2026 14:58
Sources 1
About this happening:
**AI-assisted cybercrime** is lowering the barrier to entry while **malicious package counts**, **exploit speed**, and **remediation lag** all worsen across software supply chains...
AI-assisted cyber trend driving more malicious packages, faster exploit development, and slower remediation
TrendAbout this happening: **AI-assisted cybercrime** is lowering the barrier to entry while **malicious package counts**, **exploit speed**, and **remediation lag** all worsen across software supply chains...
Timeline
-
23.03.2026 17:00 2 articles · 3mo ago
Google publishes M-Trends 2026 findings
Initial DisclosureGoogle publishes M-Trends 2026 based on more than 500,000 hours of Mandiant incident investigations in 2025, and the benchmark shows the median time from initial access to handoff to a secondary threat group has fallen to 22 seconds from more than 8 hours in 2022. The report also says exploits were the top initial infection vector at 32%, with CVE-2025-31324 in SAP NetWeaver, CVE-2025-61882 in Oracle EBS, and CVE-2025-53770 (ToolShell) in SharePoint the most often exploited flaws.
Show sources
- M-Trends 2026: Initial Access Handoff Shrinks From Hours to 22 Seconds — www.securityweek.com — 23.03.2026 17:00
- M-Trends 2026: Initial Access Handoff Shrinks From Hours to 22 Seconds — www.securityweek.com — 23.03.2026 17:00