In this weekβs newsletter, Martin considers how AI will help threat intelligence by creating an easily queryable data source of intelligence reports.
Component Object Model (COM) is a fundamental Windows technology used by legitimate applications for object activation, inter-process communication, automation and language-independent component reuse. Those same qualities make it useful to threat actors.
In the latest Threat Source, Hazel channels her inner Spielberg to explore why humans are delightfully irrational, reminding us that while security best practices are simple in theory, theyβre a lot harder to pull off when youβre busy dealing with real life.
Cisco Talos detailed a new approach to reverse engineering that pairs local AI agents with traditional analysis tools like the VB6 disassembler vbdec. Instead of awkwardly bolting AI onto the software, vbdec exposes its parsed data through a live COM interface.
In this weekβs newsletter, Amy reminisces on the tech toys of their childhood, inspired by a hilarious lesson about why your digital privacy shouldn't be left on an open channel.
A reporter provides on-the-ground coverage from Cisco Live U.S., including photos of therapy dogs and advice on managing conference-related stress and overstimulation.
A senior product manager at Cisco Talos announced the launch of the Talos Threat Hunting platform in an interview, discussing the company's vision for future cybersecurity capabilities.
Cisco Talos describes its hypothesis-driven threat-hunting methodology that uses multi-domain telemetry correlation to identify stealthy threats that evade automated detection systems.
In this newsletter, Thor breaks down why you should stop relying solely on CVSS and start using EPSS and GCVE to focus your patching efforts on the threats that actually matter.
A technical whitepaper outlines a heap overflow vulnerability that could be created through malicious DICOM (Digital Imaging and Communications in Medicine) file formats.
EvidenceForge generates high-quality, realistic, and consistent datasets across multiple log formats, enabling teams to effectively train personnel and validate detection models without the need for complex manual simulations.
In this edition of the Threat Source newsletter, William explores the value of being "ungovernable" in a professional setting, sharing how challenging the status quo and seeking out the smartest people in the room can lead to a more fulfilling and successful career.
Cisco Talos disclosed eight vulnerabilities in TP-Link routers and networking equipment, along with single vulnerabilities in Adobe Photoshop, OpenVPN, and Norton VPN. The affected vendors have already released patches following responsible disclosure practices.
Cisco Talos has uncovered a BadIIS variant β identifiable by its embedded "demo.pdb" strings β that functions as commodity malware, likely sold or shared among multiple Chinese-speaking cyber crime groups operating under a malware-as-a-service (MaaS) model for continuous monetization.
A newsletter column explores how emerging AI tools may influence vulnerability discovery and large-scale software patching workflows in the coming period.
Cisco Talos is tracking active exploitation of an authentication bypass vulnerability (CVE-2026-20182) affecting Cisco Catalyst SD-WAN Controller and SD-WAN Manager, core network management components used widely across enterprise and government environments.
A cybersecurity professional shares his background in French engineering and discusses how his problem-solving skills inform his approach to identifying security vulnerabilities.
Microsoft released its May 2026 security update addressing 137 vulnerabilities across its product portfolio, with 16 classified as critical severity.
An article explains how incident response procedures for state-sponsored cyber attacks differ from those for ransomware attacks, and recommends reviewing IR plans to account for these differences.
A cybersecurity commentator offers a lighthearted reminder that practitioners working with intangible security concepts like logs and DNS exfiltration should step away from their screens and spend time outdoors to combat mental fatigue.
Cisco Talos security researchers have begun systematically collecting phone numbers found in phishing and scam emails as a new indicator of compromise, and published analysis of patterns in phone number reuse across in-the-wild fraud campaigns.
Cisco Talos has identified a sophisticated Chinese state-linked hacking group, UAT-8302, that has been systematically targeting government institutions in South America since late 2024 and southeastern Europe in 2025, in what appears to be a coordinated espionage campaign spanning multiple continents.
Cisco Talos researchers uncovered an active intrusion campaign, running since at least January 2026, in which an unidentified attacker deployed the CloudZ remote access trojan alongside a newly discovered plugin called 'Pheno' β a tool not previously documented by the security community.
A newsletter piece using International Superhero Day to discuss empathy as a critical skill for cybersecurity professionals. The author argues that interpersonal and emotional intelligence are underrated competencies for addressing the human dimensions of security practice.
This copyrighted blog post discusses how generative AI can be leveraged to rapidly deploy adaptive honeypot systems as a defensive cybersecurity measure. The piece emphasizes using AI capabilities to counter similar advantages that threat actors may gain from AI technology.
A Cisco Talos blog post offering five practical cybersecurity priorities from their 2025 Year in Review to help defenders prioritize defensive efforts effectively. The guidance addresses the challenge of rapid attacker evolution and aims to reduce alert fatigue by focusing security teams on the most impactful defensive strategies.
A newsletter discussing how understanding multiple disciplines can enhance cybersecurity approaches at both macro and micro levels, particularly in the context of AI development and deployment. The piece emphasizes the value of cross-disciplinary knowledge in addressing contemporary security challenges.
A threat actor tracked as UAT-4356 is actively exploiting two known vulnerabilities in Cisco Firepower network security devices, gaining unauthorized access to unpatched systems β a campaign flagged by Cisco's Talos intelligence team.
Phishing attacks have reclaimed the top position as the primary method for gaining initial access to target systems, according to the latest analysis. This marks phishing's return to prominence since Q2 2025, accounting for more than a third of engagements where entry method could be determined.
Episode of Talos Takes podcast featuring Amy and Martin Lee discussing state-sponsored and phishing attack trends identified in the 2025 Talos Year in Review. This represents analysis of cybersecurity threat patterns and trends rather than disclosure of specific active threats.
Cybercriminals in 2025 are increasingly targeting vulnerabilities in multi-factor authentication systems and weaponizing legitimate, stolen credentials to launch convincing phishing attacks from trusted business accounts. The shift signals a coordinated focus on exploiting organizational trustβa fundamental weakness in everyday business security workflows.
Cisco Talos has documented several techniques for macOS that abuse native operating system tools and legitimate utilities to conduct lateral movement and command execution without deploying external malwareβa 'living-off-the-land' approach that allows attackers to remain stealthy by using built-in system functionality.
Cisco Talos' vulnerability research team disclosed one vulnerability affecting Foxit Reader and six vulnerabilities in the LibRaw file reader library. All vulnerabilities have been patched by their respective vendors in accordance with Cisco's third-party disclosure policy.
Thor has released Q1 2026 vulnerability statistics, identifying key trends in legacy CVE exploitation and examining how artificial intelligence is reshaping the broader threat environment.
This item references Microsoft's April 2026 Patch Tuesday security update release. Without access to specific vulnerability details, CVE scores, or exploit availability, the actual threat posed cannot be fully determined.