It pays to be a forever student

This Talos Threat Source newsletter summarizes Q1 2026 incident response trends and recent headlines: phishing has returned as the top initial access vector (including use of AI tools to rapidly create credential-harvesting pages), adversaries exploited n-day vulnerabilities (CVE-2025-20333 and CVE-2025-20362) to deploy the FIRESTARTER backdoor, flaws in Lantronix/Silex serial-to-IP converters and unpatched/PoC exploits against Microsoft Defender were highlighted, multiple malware hashes/IOCs are listed, and the newsletter urges defenders to enforce MFA, patch management, and centralized logging.