FirstWatch INTSUM Report: A Threat Research Series (Part 2/3) – Exploitation at Machine Speed: Why Security Teams Need Faster Correlation

Threat actors are no longer waiting for slow response cycles.

In 2025, exploitation activity increasingly targeted the systems enterprises already trust: collaboration platforms, VPN appliances, security infrastructure, business-critical applications, and internet-facing edge systems. Once compromised, these systems gave attackers a path to persistence, credential theft, lateral movement, data staging, and extortion.

What This Report Covers

Part 1 of this series explored how trusted access can make intrusions appear legitimate. Part 2 looks at the next major challenge: exploitation is moving faster than many security operations workflows can investigate.

This report analyzes four high-signal developments from the threat landscape:

  • SharePoint ToolShell exploitation and the risks created by compromised collaboration infrastructure
  • Ivanti Connect Secure exploitation and RESURGE activity tied to edge-appliance compromise
  • Oracle E-Business Suite exploitation and extortion campaigns targeting enterprise applications
  • AI-assisted intrusion operations and the growing response gap created by faster adversary workflows

What you’ll learn:

This report explains how defenders can better align their response priorities to modern exploitation speed.

  • Treat exposed infrastructure as high-risk assets
  • Pair patching with retrospective threat hunting
  • Rotate exposed machine keys, credentials, tokens, and secrets after compromise
  • Improve monitoring for appliances and systems without conventional endpoint coverage
  • Detect chains of weak signals before they turn into major incidents
  • Consolidate distributed telemetry into investigation-ready context

Download “Exploitation at Machine Speed: Edge Infrastructure, Enterprise Platforms, and AI-Assisted Operations” to understand how exploitation patterns are reshaping threat detection, response, and investigation priorities.

Download the Report! →

Accelerate Your Threat Detection and Response Today! 

Leaving Without The Ransomware Intel?

See which groups are targeting enterprises in 2026 and how to prepare before they strike.