Overview
- Mandiant’s M‑Trends 2026 report, released Monday by Google Cloud’s Mandiant and Threat Intelligence Group, measures a median 22‑second handoff from initial access to a second operator.
- Exploited software flaws led 32% of intrusions, with SAP NetWeaver (CVE‑2025‑31324), Oracle E‑Business Suite (CVE‑2025‑61882), and Microsoft SharePoint/ToolShell (CVE‑2025‑53770) most abused for entry.
- Attackers shifted to interactive social engineering as voice phishing reached 11% of cases and email phishing fell to 6%, while “ClickFix” tricks pushed users to run commands by faking fixes or CAPTCHA checks.
- Median dwell time rose to 14 days in 2025 as stealthy campaigns camped on under‑instrumented edge devices like firewalls, routers, and VPNs, enabling months‑long persistence and credential theft.
- High‑tech companies were the top targets at 17% of investigations, and researchers tracked 714 new malware families with GoldVein most observed, highlighting a larger and faster‑evolving threat landscape.