TTPwire Vol. 1 · MITRE ATT&CK·Tagged

← All stories

Cisco Talos Intelligence

Five defender priorities from the Talos Year in Review

Hazel Burton · 2026-04-28 · Read original ↗

ATT&CK techniques detected

4 predictions
T1556.006Multi-Factor Authentication
82%
“bear in mind is that even when attackers move fast, they still don ’ t behave like your normal users. at the end of the day, you ’ re still looking for anomalous behavior – whether that behavior is machine - or human - generated. as we come to the end of our year in review conten…”
T1190Exploit Public-Facing Application
82%
“is how attackers select targets. the rapid exploitation of vulnerabilities such as react2shell and toolshell shows that exploitation can begin immediately after disclosure with readily available proof - of - concepts. attackers then prioritize what is exposed and reachable. attac…”
T1078Valid Accounts
61%
“of this. vpns, active directory controllers ( adcs ), and firewalls are being exploited to steal session tokens, bypass mfa, and impersonate users. however, when attackers successfully authenticate, where they go from there tends not to fall in line with normal user behavior. the…”
T1588.006Vulnerabilities
58%
“five defender priorities from the talos year in review a familiar theme in security right now is that the barrier to entry for attackers is at an all - time low. ai tools can spin up websites within minutes that can easily direct data to disposable external data stores and send a…”

Summary

With attackers moving faster than ever, it’s easy to feel overwhelmed. This blog breaks down five practical priorities from the Cisco Talos 2025 Year in Review to help defenders focus and prioritize, amidst all the noise.