- Phishing reemerged as the most observed means of gaining initial access, accounting for over a third of the engagements where initial access could be determined. Phishing has not been the top vector for initial access since Q2 2025.
- Public administration and health care tied as the most targeted industry verticals, each accounting for 24 percent of all engagements. This is the third consecutiv...
This report highlights a shift in threat actor tactics, with phishing reclaiming dominance as initial access vectors evolve. The use of AI tools like Softr in phishing campaigns lowers the barrier for less sophisticated actors, accelerating credential harvesting. The emergence of Crimson Collective underscores the growing trend of abusing legitimate tools (e.g., TruffleHog, Microsoft Graph API) to evade detection, blending malicious activity with normal operations. The decline in ransomware depl...