Cisco Talos released its 2025 Year in Review report utilizing vast telemetry and incident data to analyze global threats. The Strategic Analysis team synthesized findings into a comprehensive report undergoing rigorous review before launch. Talos maintains an open access policy to keep the community safe without gating critical information.
React2Shell became the top targeted critical vulnerability in 2025. ToolShell ranked third, released in June but appearing frequently on the list of exploited critical common weaknesses.
Supply chain risks persist, as 25 percent of top 100 vulnerabilities affect widely used frameworks. Nearly one-third of MFA spray attacks targeted identity and access management applications specifically.
Phishing remains the dominant initial access vector, observed in 40 percent of all incident response cases. The Qilin ransomware variant saw over 40 victims monthly throughout the year, excluding January.