Cisco's Talos threat intelligence report found that attackers are increasingly using AI tools to boost their phishing attacks, which is the most common initial access method by hackers in the first quarter of 2026, reports Cybersecurity Dive.The early phases of a ransomware attack accounted for over 20% of Cisco's incident-response engagements, which is a substantial decrease from 50% during the first two quarters of last year. According to Cisco, it was reasonably certain that attackers had been using Softr AI platform for credential-harvesting websites since May 2023, "and have done so with increasing frequency to date.""This incident demonstrates how AI tools can lower the barrier to entry for less sophisticated actors and/or accelerate the speed of phishing and credential-harvesting campaigns," said Cisco researchers. The report also revealed that in the first quarter of 2026, healthcare organizations and government agencies were the two most popular targets, followed by the professional, scientific, and technical services sector. Cisco also found that inadequate multi-factor authentication was the most prevalent security flaw during the first three months of the year.
You can skip this ad in 5 seconds