IR Trends Q3 2025: ToolShell attacks dominate, highlighting criticality of segmentation and rapid response

Cisco Talos Incident Response observed a surge in attacks exploiting public-facing applications — mainly via ToolShell targeting SharePoint — for initial access, with post-exploitation phishing and evolving ransomware tactics also persisting this quarter. Learn More

IR Trends Q2 2025: Phishing attacks persist as actors leverage compromised valid accounts to enhance legitimacy

Phishing remained the top initial access method in Q2 2025, while ransomware incidents see the emergence of new Qilin tactics. Learn More

Talos IR ransomware engagements and the significance of timeliness in incident response

The decision between immediate action and delayed response made the difference between ransomware prevention and complete encryption in these two real-world Talos IR engagements. Learn More

Talos Incident Response Services

Talos Incident Response Services

The Talos IR Retainer service provides emergency response services to support you through active incidents and proactive services to assess, strengthen and evolve your incident response readiness. Learn more

Our team is equipped and ready to help you meet your goals.

Reactive Services

  • Emergency Incident Response
  • Emerging and relevant threat information

Proactive Services

  • Assessment of current environment vulnerabilities and IR preparedness
  • Recommendations to prevent possible incidents
  • Detailed playbooks to follow in case of an incident
  • Training and simulations

Intelligence is the root of our approach

We leverage proven incident response processes and methodologies to respond to emergencies as they happen, and prepare your organization for when an incident occurs.

Fortify Your Security Resilience

For questions regarding our Talos IR retainer subscription or to sign up: