Lightning-fast exploits make it essential to patch fast, ask questions later

Summary

Strengthen your MFA policies, double-down on anti-phishing training, and for Jobs' sake, patch all your vulns right away. The past year of intelligence collected by Cisco's Talos threat hunters suggests that attackers are moving faster to exploit vulns, and fooling more staff than ever into giving up their credentials. Team Talos published its year in review on Monday, describing 2025 as a year of pace and scale that put sustained pressure on security teams around the world, in part thanks to attackers' use of artificial intelligence. Talos was shocked by how quickly criminals have been moving to exploit newly discovered vulnerabilities, pointing to December's React2Shell as the perfect example. Even though it was disclosed only in December, it quickly became the most-targeted vuln of the year. "The vulnerability's immediate exploitation reflects near-instant weaponization, driven by automated tooling and widespread internet exposure, leaving defenders little to no time between disclosure and active abuse," Talos noted in the report. Talos also noticed that attackers were settling on identity control points as primary targets in 2025, with "the vast majority of top-targeted network infrastructure vulnerabilities" falling into this category. Compromising identity control tech like VPNs or application discovery controllers (ADCs) means attackers can easily move laterally, grant themselves enhanced access, bypass MFA, achieve persistence, and the like. In a similar vein, network management software, like vCenter Server, Cisco Security Manager, and Aria Operations for Networks, is often less tightly monitored than edge appliances, meaning that they're also easier to break into. As for how attackers are actually gaining access, phishing is still where it's at: 40 percent of intrusion response cases Talos investigated in 2025 began with a successful phish. The modern phishing lure is more sophisticated than ever. Gone are the misspellings, poor grammar, and other obvious ...