The Cisco Talos 2025 Year in Review highlights trends in vulnerability exploitation, including rapid weaponization of newly disclosed vulnerabilities (e.g., React2Shell) and continued exploitation of legacy flaws. Attackers are leveraging both new and old vulnerabilities, with 40% of the top 100 exploited vulnerabilities linked to end-of-life devices. Identity-based attacks, such as fraudulent device registration and vishing, are emphasized as a primary focus for attackers.
