Year in Review: Vulnerabilities old and new and something React2

The Talos 2025 Year in Review describes a year where attackers heavily targeted legacy and widely deployed components (React2Shell, PHPUnit, Log4j) and shifted toward identity-centric vectors, with agentic AI accelerating exploit creation and shrinking defenders' patching windows; organizations are advised to prioritize patching of network and identity-adjacent systems and reassess management-plane exposure.