Inside the Talos 2025 Year in Review: A discussion on what the data means for defenders

A conversation between Cisco Talos and Cisco Security leaders on the 2025 threat landscape, from identity attacks and legacy vulnerabilities to AI-driven threats, and what defenders should prioritize now.

Every year, the  Cisco   Talos Year in Review  captures the patterns shaping the threat landscape.  The 2025 report paints a clear picture: Attackers are moving faster than ever, while using identity-related attacks as the primary battleground.    To unpack the biggest takeaways and what they mean for security teams, we brought together Christopher Marshall, VP of Cisco Talos, and Peter Bailey, SVP and GM of Cisco Security.   Here’s their conversation.

  Old vulnerabilities, new speed  Marshall: 
 One of the clearest trends in this year’s data is the contrast in how vulnerabilities are being exploited. We saw React2Shell disclosed in December and within weeks it became the most targeted vulnerability we tracked.   At the same time, a 12-year-old vulnerability still appeared in the top 10 most exploited list.

 So we’re seeing very rapid weaponization (likely fuelled by AI given the compressed timeline from initial proof of concept to large-scale exploitation, across multiple languages and platforms) alongside continued success with legacy flaws.    Bailey: 
 There’s always a lot of focus on the latest zero-day, and rightly so. The industrialization of vulnerability exploitation is extremely concerning. But at the same time, many attacks are still leveraging vulnerabilities that have been around for years. Organizations are dealing with complexity.

Large environments. Long device lifecycles. Change management processes that take time. But attackers don’t care about those constraints.  They actually count on them.   This is where we need to repeat that the fundamentals still matter. Patch management, asset visibility, lifecycle discipline...  We still have work to do there as an industry.