← All stories

Cisco Talos Intelligence

The Q1 vulnerability pulse

Thorsten Rosendahl · 2026-04-16 · Read original ↗

ATT&CK techniques detected

7 predictions

T1204.002Malicious File

86%

"##c457376 talos rep : https : / / talosintelligence. com / talos _ file _ reputation? s = a31f222fc283227f5e7988d1ad9c0aecd66d58bb7b4d8518ae23e110308dbf91 example filename : d4aa3e7010220ad1b458fac17039c274 _ 62 _ exe. exe detection name : win. dropper. miner : : 95. sbx. tg * * …"

Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.

No matches for .

Loading techniques…

T1566.002Spearphishing Link

74%

"the platform ’ s url - exposed webhooks to create phishing lures that bypass traditional security filters by leveraging trusted, legitimate infrastructure. by masking malicious payloads as standard data streams, these campaigns effectively turn productivity tools into delivery ve…"

Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.

No matches for .

Loading techniques…

T1525Implant Internal Image

74%

") google api keys in android apps expose gemini endpoints to unauthorized access armed with the key, an attacker could access private files and cached content, make arbitrary gemini api calls, exhaust api quotas and disrupt legitimate services, and access any data on gemini ’ s f…"

Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.

No matches for .

Loading techniques…

T1055.001Dynamic-link Library Injection

66%

"1201 * * sha256 : 96fa6a7714670823c83099ea01d24d6d3ae8fef027f01a4ddac14f123b1c9974 md5 : aac3165ece2959f39ff98334618d10d9 talos rep : https : / / talosintelligence. com / talos _ file _ reputation? s = 96fa6a7714670823c83099ea01d24d6d3ae8fef027f01a4ddac14f123b1c9974 example filen…"

Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.

No matches for .

Loading techniques…

T1204.002Malicious File

60%

"s = 38d053135ddceaef0abb8296f3b0bf6114b25e10e6fa1bb8050aeecec4ba8f55 example filename : content. js detection name : w32. 38d053135d - 95. sbx. tg sha256 : 3c1dbc3f56e91cc79f0014850e773a7f12bbfef06680f08f883b2bf12873eccc md5 : d749e0f8f2cd4e14178a787571534121 talos rep : https : …"

Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.

No matches for .

Loading techniques…

T1190Exploit Public-Facing Application

40%

"exploited zero - day that lingered for months adobe patched an arbitrary code execution vulnerability in the latest versions of its acrobat and reader for windows and macos, nearly four months after an attacker first appeared to have begun exploiting it. ( dark reading ) fake cla…"

Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.

No matches for .

Loading techniques…

T1598Phishing for Information

32%

"the platform ’ s url - exposed webhooks to create phishing lures that bypass traditional security filters by leveraging trusted, legitimate infrastructure. by masking malicious payloads as standard data streams, these campaigns effectively turn productivity tools into delivery ve…"

Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.

No matches for .

Loading techniques…

Summary

Thor provides an overview of the Q1 2026 vulnerability statistics, highlighting key trends in legacy CVEs and the evolving impact of AI on the threat landscape.