{"id":14856,"date":"2026-03-26T06:00:27","date_gmt":"2026-03-26T10:00:27","guid":{"rendered":"https:\/\/www.netwitness.com\/?post_type=resource&#038;p=14856"},"modified":"2026-03-30T14:58:34","modified_gmt":"2026-03-30T18:58:34","slug":"firstwatch-intsum-report-a-threat-research-series-part-1-3","status":"publish","type":"resource","link":"https:\/\/www.netwitness.com\/ja\/resources\/reports\/when-trust-becomes-the-attack-surface\/","title":{"rendered":"FirstWatch INTSUM Report: A Threat Research Series (Part 1\/3)"},"content":{"rendered":"\t\t<div data-elementor-type=\"wp-post\" data-elementor-id=\"14856\" class=\"elementor elementor-14856\" data-elementor-post-type=\"resource\">\n\t\t\t\t<div class=\"elementor-element elementor-element-90c05a4 e-con-full e-flex e-con e-parent\" data-id=\"90c05a4\" data-element_type=\"container\" data-e-type=\"container\">\n\t\t<div class=\"elementor-element elementor-element-3cfe7ed e-con-full e-flex e-con e-child\" data-id=\"3cfe7ed\" data-element_type=\"container\" data-e-type=\"container\">\n\t\t\t\t<div class=\"elementor-element elementor-element-5ad1798 elementor-widget elementor-widget-text-editor\" data-id=\"5ad1798\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t\t\t\t\t\t<p>In 2025, many major intrusions did not begin with malware or zero-days.<br \/>They began with trusted access.<\/p><p>Compromised OAuth tokens, exposed CI\/CD secrets, and stolen software supply chain identities enabled attackers to move through enterprise environments using legitimate workflows, often without triggering traditional detection signals.<\/p><p>As SaaS integrations, automation pipelines, and developer ecosystems become more interconnected, identity and authorization artifacts are emerging as the new security perimeter.<\/p><p>This intelligence summary explores how adversaries are exploiting trust relationships on a scale and what security teams must prioritize to detect and contain these attacks before they spread.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-ef9e341 elementor-widget elementor-widget-heading\" data-id=\"ef9e341\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">In this report, you will discover <\/h2>\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-66939d3 elementor-widget elementor-widget-text-editor\" data-id=\"66939d3\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t\t\t\t\t\t<ul><li>Key threat patterns that shaped identity-driven intrusions in 2025.<\/li><li>Real-world campaign insights across SaaS, CI\/CD, and open-source ecosystems.<\/li><li>Practical detection and hunting considerations for modern <a href=\"https:\/\/www.netwitness.com\/blog\/why-soc-teams-struggle\/\" target=\"_blank\" rel=\"noopener\">SOC teams<\/a>.<\/li><li>Strategic response priorities to reduce exposure from compromised tokens and secrets.<\/li><\/ul><p>Download the report to learn how trust is being exploited and how to stay ahead.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t<div class=\"elementor-element elementor-element-66927eb e-con-full e-flex e-con e-child\" data-id=\"66927eb\" data-element_type=\"container\" data-e-type=\"container\" data-settings=\"{&quot;background_background&quot;:&quot;classic&quot;}\">\n\t\t\t\t<div class=\"elementor-element elementor-element-5708aa6 elementor-widget elementor-widget-heading\" data-id=\"5708aa6\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">Download Now! \u2192<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-b12fa30 elementor-widget elementor-widget-html\" data-id=\"b12fa30\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"html.default\">\n\t\t\t\t\t<iframe src=\"https:\/\/www2.netwitness.com\/l\/934283\/2026-03-26\/dv4fj\" height=\"700\" type=\"text\/html\" frameborder=\"0\" allowtransparency=\"true\" style=\"border: 0px; overflow: hidden; height: 548px;\" id=\"iFrameResizer0\" scrolling=\"no\"><\/iframe>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t","protected":false},"excerpt":{"rendered":"<p>In 2025, many major intrusions did not begin with malware or zero-days. They began with trusted access. Compro [&hellip;]<\/p>\n","protected":false},"featured_media":14858,"template":"","tags":[],"class_list":["post-14856","resource","type-resource","status-publish","has-post-thumbnail","hentry","resource_type-reports"],"acf":[],"_links":{"self":[{"href":"https:\/\/www.netwitness.com\/ja\/wp-json\/wp\/v2\/resource\/14856","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.netwitness.com\/ja\/wp-json\/wp\/v2\/resource"}],"about":[{"href":"https:\/\/www.netwitness.com\/ja\/wp-json\/wp\/v2\/types\/resource"}],"version-history":[{"count":0,"href":"https:\/\/www.netwitness.com\/ja\/wp-json\/wp\/v2\/resource\/14856\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.netwitness.com\/ja\/wp-json\/wp\/v2\/media\/14858"}],"wp:attachment":[{"href":"https:\/\/www.netwitness.com\/ja\/wp-json\/wp\/v2\/media?parent=14856"}],"wp:term":[{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.netwitness.com\/ja\/wp-json\/wp\/v2\/tags?post=14856"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}