Cisco Talos' Q1 2026 incident response trends highlight a resurgence in phishing as the primary initial access vector, augmented by AI tools like Softr for rapid credential harvesting. Threat actors are increasingly abusing legitimate tools such as TruffleHog to discover exposed secrets, while specific campaigns like UAT-4356 have been observed exploiting n-day vulnerabilities to deploy custom backdoors on network devices.