From the field to the report and back again: How incident responders can use the Year in Review

Cisco Talos' Year in Review distills IR engagements and telemetry into prioritized trends and operational guidance: identity-based attacks (60% of Talos IR cases) and Active Directory abuse are dominant, MFA bypass and device compromise are rising, specific vulnerabilities (e.g., React2Shell, ToolShell) are heavily exploited, ransomware (notably Qilin) and evolving phishing/AI-enabled threats remain major risks; the report emphasizes validating detections, mapping to MITRE ATT&CK, and exercising response plans.