The Cisco post summarizes the main findings of the Talos 2025 Year in Review and argues that defenders are now facing two overlapping problems: attackers are exploiting new vulnerabilities much faster, while still succeeding with very old ones. In the discussion highlighted by Cisco, Talos says the recently disclosed “React2Shell” issue became one of the most targeted vulnerabilities within weeks, showing how quickly exploitation can now be industrialized. At the same time, a 12-year-old flaw still ranked among the top exploited vulnerabilities, and Talos says 40% of the top 100 exploited vulnerabilities remained effective because organizations were still running end-of-life devices. The article frames this as a story of operational complexity and technical debt: defenders struggle with patching and infrastructure lifecycles, while attackers take advantage of those delays.

The second major theme is that identity has become the central battlefield. Cisco says identity-based techniques were deeply involved in lateral movement, privilege escalation, and persistence throughout 2025, with one especially notable statistic being a 178% year-over-year increase in fraudulent device registration. In many cases, attackers reportedly used vishing to trick administrators into registering devices for them, and they targeted administrator-managed flows far more often than user-driven ones. The article also says that more than a third of observed phishing incidents involved messages sent from already compromised internal accounts, allowing attackers to hide within normal communication channels while creating mailbox rules, exploring shared storage, and extending access. The overall conclusion is that identity security can no longer be treated as a login problem alone; it now requires continuous monitoring, behavioral detection, and stronger governance across the environment.

‍

Source: https://blogs.cisco.com/security/inside-the-talos-2025-year-in-review?utm_medium=feed&utm_source=feedpress.me&utm_campaign=Feed%3A+CiscoSecurity