Attackers Are Handing Off Access In 22 Seconds, Mandiant Finds
Help Net Security, Tuesday, March 24th, 2026
Exploits remain the leading entry point for attackers for the sixth consecutive year, according to Mandiant's M-Trends 2026 report, which draws on more than 500,000 hours of incident response work conducted in 2025.
The data shows attackers speeding up their internal hand-offs, shifting away from email phishing, and targeting backup and virtualization infrastructure with greater precision.
Voice phishing climbed to the second-most common initial infection vector in 2025, appearing in 11% of Mandiant investigations where a vector could be identified. Exploits remained first at 32%. Email phishing, which was the dominant social engineering vector just a few years ago, has seen a sustained decline and now represents a fraction of its former share.