Phishing — sometimes with AI’s help — topped initial-access methods in Q1, Cisco says

Phishing — sometimes with AI’s help — topped initial-access methods in Q1, Cisco says

Hackers can now spin up fake login pages without writing a single line of code.

IR Trends Q1 2026: Phishing reemerges as top initial access vector, as attacks targeting public administration persist

Phishing reemerged as the most observed means of gaining initial access, accounting for over a third of the engagements where initial access could be determined. Phishing has not been the top vector for initial access si…

Phishing reclaims the top initial access spot, attackers experiment with AI tools

Phishing returned as the leading method attackers used to break into organizations in the first quarter of 2026, accounting for over a third of engagements where initial access could be determined, according to Cisco Talos. It is the first quarter phishing has led the category since Q2 2025, when exploitation of public-facing applications took over following widespread attacks against on-premises Microsoft SharePoint servers. That SharePoint exp…