April 22, 2026 06:00
IR Trends Q1 2026: Phishing reemerges as top initial access vector, as attacks targeting public administration persist
Phishing reemerged as the most observed means of gaining initial access, accounting for over a third of the engagements where initial access could be determined. Phishing has not been the top vertical for initial access since Q2 2025.
January 29, 2026 06:00
IR Trends Q4 2025: Exploitation remains dominant, phishing campaign targets Native American tribal organizations
A drop in exploitation and ransomware, but a spike in phishing and credential abuse, show why timely patching and robust MFA matter more than ever.
October 23, 2025 06:00
IR Trends Q3 2025: ToolShell attacks dominate, highlighting criticality of segmentation and rapid response
Cisco Talos Incident Response observed a surge in attacks exploiting public-facing applications — mainly via ToolShell targeting SharePoint — for initial access, with post-exploitation phishing and evolving ransomware tactics also persisting this quarter.