Talos’ weekly recap of the top cybersecurity news and our latest research. Weekly editions appear on the blog, or readers can subscribe to have the email delivered to their inbox every Thursday.
The art of being ungovernable
In this edition of the Threat Source newsletter, William explores the value of being "ungovernable" in a professional setting, sharing how challenging the status quo and seeking out the smartest people in the room can lead to a more fulfilling and successful career.
The time of much patching is coming
In this week’s newsletter, Martin reflects on what the next iteration of AI tools means for vulnerability discovery and our ability to manage large-scale patch releases.
Unplug your way to better code
Cybersecurity concepts — logs, packets, DNS exfiltration, and more — are usually intangible, and its practitioners are prone to mental fatigue, Amy takes a second to yell at you to go touch grass.
Great responsibility, without great power
In this week’s newsletter, Hazel uses International Superhero Day as a springboard to explore why empathy — rather than just technical prowess — is the most essential, underrated superpower for navigating the human side of cybersecurity.
It pays to be a forever student
In this newsletter, Joe discusses why understanding other disciplines can often flow back into the macro and micro of cybersecurity, especially in a world of AI.
The Q1 vulnerability pulse
Thor provides an overview of the Q1 2026 vulnerability statistics, highlighting key trends in legacy CVEs and the evolving impact of AI on the threat landscape.
The threat hunter’s gambit
Bill discusses why obsessing over strategy games is actually a secret weapon to outsmart threat actors.
The democratisation of business email compromise fraud
This week, Martin tells the story of a crime he encountered and how it shows that the threat landscape is changing.
A puppet made me cry and all I got was this t-shirt
In this week's newsletter, Amy draws parallels between the collaborative themes of "Project Hail Mary" and the massive team effort behind the newly released Talos Year in Review report.
You have to invite them in
While a garlic and wooden stakes keep the vampires at bay in movies, they won’t save your network once an attacker has been "invited in." Discover why identity is the new frontier of cyber horror in this week’s edition.
This one’s for you, Mom
This week, Joe talks about allyship and how being aware of an issue is the first step in helping to fix it.
Patch, track, repeat: The 2025 CVE retrospective
Thor analyzes CVE data from 2025 and provides recommendations for where and how organizations should strengthen their defenses.
Henry IV, Hotspur, Hal, and hallucinations
In this edition of the Threat Source newsletter, William draws parallels between Shakespeare’s Hotspur and the challenges of cybersecurity and AI, emphasizing the importance of risk-taking, learning from failure, and surrounding yourself with smart people.
Using AI to defeat AI
In this week’s newsletter Martin considers how defenders can turn offensive AI tools against themselves.
Hand over the keys for Shannon’s shenanigans
In this week’s newsletter, Amy examines the rise of Shannon, an autonomous AI penetration testing tool, and what it means for security teams and risk management.
All gas, no brakes: Time to come to AI church
This week, Joe cautions the rush to adopt AI tools rife with truly awful security vulnerabilities.
I'm locked in!
Hazel reflects on how to find balance while staying informed, then delivers practical updates and insights on the latest cybersecurity threats.
I scan, you scan, we all scan for... knowledge?
In this week's newsletter, Bill hammers home the old adage, "Know your environment" — even throughout alert fatigue.
Predicting 2026
In this week’s newsletter, Martin examines the evolving landscape for 2026, highlighting key threats, emerging trends like AI-driven risks, and the continued importance of addressing familiar vulnerabilities.
Resolutions, shmesolutions (and what’s actually worked for me)
Talos' editor ditches the pressure of traditional New Year’s resolutions in favor of practical, in-the-moment changes, and finds more success by letting go of perfection. Plus, we break down the latest on UAT-7290, a newly disclosed threat actor targeting critical infrastructure.
Adios 2025, you won’t be missed
This week, Joe laments on 2025, and what we can think of in 2026 in the wild world of cybersecurity.
One newsletter to rule them all
Hazel embarks on a creative fitness journey, virtually crossing Middle-earth via The Conqueror app while sharing key cybersecurity insights.
Your year-end infosec wrapped
Bill explores how our biggest mistakes can be the catalysts for growth that we need. This week’s newsletter promises stories, lessons, and a fresh perspective on failure.
Care that you share
This holiday season, as teams run lean and cyber threats rise, being open with what — and how — you share can protect both information and relationships.
It’s not personal, it’s just business
Martin muses on how agentic AI is bringing efficiency improvements to the business of cyber crime.
Viasat and the terrible, horrible, no good, very bad day
In this week’s newsletter, Amy recounts her journey from Halloween festivities to unraveling the story of the 2022 Viasat satellite hack, with plenty of cybersecurity surprises along the way.
Remember, remember the fifth of November
This edition, Hazel explores the origins of Guy Fawkes Day and how heeding an anonymous warning prevented an assassination.
Trick, treat, repeat
Thor gets into the Halloween spirit, sharing new CVE trends, a “treat” for European Windows 10 users, and a reminder that patching is your best defense against zombie vulnerabilities.
Strings in the maze: Finding hidden strengths and gaps in your team
In this week’s newsletter, Bill explores how open communication about your skills and experience can help your security team uncover hidden gaps, strengthen your defenses, and better prepare for ever-present threats.
Ransomware attacks and how victims respond
This edition highlights the detailed studies that have been recently published on how ransomware attacks affect victims, from PTSD to burnout, and discusses ways to help deal with the fallout of victimization.
Why don’t we sit around this computer console and have a sing-along?
Martin muses on why computers are less fun than campfires, why their dangers seem less real, and why he’s embarking on a lengthy research project to study this.
Family group chats: Your (very last) line of cyber defense
Amy gives an homage to parents in family group chats everywhere who want their children to stay safe in this wild world.
Great Scott, I’m tired
Hazel celebrates unseen effort in cybersecurity and shares some PII. Completely unrelated, but did you know “Back to the Future” turns 40 this year?
Put together an IR playbook — for your personal mental health and wellbeing
This edition pulls the curtain aside to show the realities of the VPNFilter campaign. Joe reflects on the struggle to prevent burnout in a world constantly on fire.
Beaches and breaches
Thor examines why supply chain and identity attacks took center stage in this week’s headlines, rather than AI and ransomware.
From summer camp to grind season
Bill takes thoughtful look at the transition from summer camp to grind season, explores the importance of mental health and reflects on AI psychiatry.
Link up, lift up, level up
This week, Joe encourages you to find your community in cybersecurity and make the effort to grow, network and hack stuff together.
Cherry pie, Douglas firs and the last trip of the summer
Amy (ahem, Special Agent Dale Cooper) shares lessons from their trip to the Olympic Peninsula and cybersecurity travel tips for your last-minute adventures.
What happened in Vegas (that you actually want to know about)
Hazel braves Vegas, overpriced water and the Black Hat maze to bring you Talos’ latest research — including a deep dive into the PS1Bot malware campaign.
AI wrote my code and all I got was this broken prototype
Can AI really write safer code? Martin dusts off his software engineer skills to put it it to the test. Find out what AI code failed at, and what it was surprisingly good at. Also, we discuss new research on how AI LLM models can be used to assist in the reverse engineering of malware.
The Booker Prize Longlist and Hacker Summer Camp
This week Bill connects the hype of literary awards to cybersecurity conference season. We highlight key insights from the Q2 2025 IR Trends report, including phishing trends, new ransomware strains, and top targeted sectors. Finally, check out all the places Talos will be at Black Hat.
BRB, pausing for a "Sanctuary Moon" marathon
Get to know the real people behind cybersecurity’s front lines. In this week’s newsletter, sci-fi meets reality, humanity powers technology and a few surprises are waiting to be discovered.
This is your sign to step away from the keyboard
This week, Martin shows how stepping away from the screen can make you a stronger defender, alongside an inside scoop on emerging malware threats.
Patch, track, repeat
Thorsten takes stock of a rapidly evolving vulnerability landscape: record-setting CVE publication rates, the growing fragmentation of reporting systems, and why consistent tracking and patching remain critical as we move through 2025.
A message from Bruce the mechanical shark
This Fourth of July, Bruce, the 25-foot mechanical shark from Jaws, shares how his saltwater struggles mirror the need for real-world cybersecurity stress testing.
Getting a career in cybersecurity isn’t easy, but this can help
This week, Joe reflects on his unique path into cybersecurity and shares honest advice for breaking into the field. Plus, learn how cybercriminals are abusing AI to launch more sophisticated attacks and what you can do to stay protected.
A week with a "smart" car
In this edition, Thor shares how a week off with a new car turned into a crash course in modern vehicle tech. Surprisingly, it offers many parallels to cybersecurity usability.
Know thyself, know thy environment
In this week's edition, Bill explores the importance of self-awareness and building repeatable processes to better secure your environment.
Everyone's on the cyber target list
In this week's newsletter, Martin emphasizes that awareness, basic cyber hygiene and preparation are essential for everyone, and highlights Talos' discovery of the new PathWiper malware.
A new author has appeared
Talos Content Manager Amy introduces themself, shares her unconventional journey into cybersecurity and reports on threats masquerading as AI installers.
Ghosted by a cybercriminal
Hazel observes that cybercriminals often fumble teamwork, with fragile alliances crumbling over missed messages. Plus, how UAT-6382 is exploiting Cityworks and what you can do to stay secure.
Xoxo to Prague
In this week’s newsletter, Thor inspects the LockBit leak, finding $10,000 “security tips,” ransom negotiations gone wrong and a rare glimpse into the human side of cybercrime.
The IT help desk kindly requests you read this newsletter
How do attackers exploit authority bias to manipulate victims? Martin shares proactive strategies to protect yourself and others in this must-read edition of the Threat Source newsletter.
Understanding the challenges of securing an NGO
Joe talks about how helping the helpers can put a fire in you and the importance of keeping nonprofits cybersecure.
Lessons from Ted Lasso for cybersecurity success
In this edition, Bill explores how intellectual curiosity drives success in cybersecurity, shares insights on the IAB ToyMaker’s tactics, and covers the top security headlines you need to know.
Care what you share
In this week’s newsletter, Thorsten muses on how search engines and AI quietly gather your data while trying to influence your buying choices. Explore privacy-friendly alternatives and get the scoop on why it's important to question the platforms you interact with online.
Threat actors thrive in chaos
Martin delves into how threat actors exploit chaos, offering insights from Talos' 2024 Year in Review on how to fortify defenses against evolving email lures and frequently targeted vulnerabilities, even amidst economic disruption.
One mighty fine-looking report
Hazel highlights the key findings within Cisco Talos’ 2024 Year in Review (now available for download) and details our active tracking of an ongoing campaign targeting users in Ukraine with malicious LNK files.
Money Laundering 101, and why Joe is worried
In this blog post, Joe covers the very basics of money laundering, how it facilitates ransomware cartels, and what the regulatory future holds for cybercrime.
Tomorrow, and tomorrow, and tomorrow: Information security and the Baseball Hall of Fame
In this week’s Threat Source newsletter, William pitches a fun comparison between baseball legend Ichiro Suzuki and the unsung heroes of information security, highlights newly released UAT-5918 research, and shares an exciting new Talos video.
Patch it up: Old vulnerabilities are everyone’s problems
Thorsten picks apart some headlines, highlights Talos’ report on an unknown attacker predominantly targeting Japan, and asks, “Where is the victim, and does it matter?”
Who is Responsible and Does it Matter?
Martin Lee dives into to the complexities of defending our customers from threat actors and covers the latest Talos research in this week's newsletter.
Sellers can get scammed too, and Joe goes off on a rant about imposter syndrome
Joe has some advice for anyone experiencing self doubt or wondering about their next career move. Plus, catch up on the latest Talos research on scams targeting sellers, and the Lotus Blossom espionage group.
Efficiency? Security? When the quest for one grants neither.
William discusses what happens when security is an afterthought rather than baked into processes and highlights the latest of Talos' security research.
Changing the narrative on pig butchering scams
Hazel discusses Interpol’s push to rename pig butchering scams as ‘romance baiting’. Plus, catch up on the latest vulnerability research from Talos, and why a recent discovery is a “rare industry win”.
Changing the tide: Reflections on threat data from 2024
Thorsten examines last year’s CVE list and compares it to recent Talos Incident Response trends. Plus, get all the details on the new vulnerabilities disclosed by Talos’ Vulnerability Research Team.
Defeating Future Threats Starts Today
Martin discusses how defenders can use threat intelligence to equip themselves against AI-based threats. Plus check out his introductory course to threat intelligence.
Everything is connected to security
Joe shares his recent experience presenting at the 32nd Crop Insurance Conference and how it's important to stay curious, be a forever student, and keep learning.
Find the helpers
Bill discusses how to find 'the helpers' and the importance of knowledge sharing. Plus, there's a lot to talk about in our latest vulnerability roundup.
Do we still have to keep doing it like this?
Hazel gets inspired by watching Wendy Nather’s recent keynote, and explores ways to challenge security assumptions.
Welcome to the party, pal!
In the last newsletter of the year, Thorsten recalls his tech-savvy gift to his family and how we can all incorporate cybersecurity protections this holiday season.
Something to Read When You Are On Call and Everyone Else is at the Office Party
Its mid-December, if you’re on-call or working to defend networks, this newsletter is for you. Martin discusses the widening gap between threat and defences as well as the growing problem of home devices being recruited to act as proxy servers for criminals.
The adventures of an extroverted cyber nerd and the people Talos helps to fight the good fight
Ever wonder what an extroverted strategy security nerd does? Wonder no longer! This week, Joe pontificates on his journey at Talos, and then is inspired by the people he gets to meet and help.
Bidirectional communication via polyrhythms and shuffles: Without Jon the beat must go on
The Threat Source Newsletter is back! William Largent discusses bidirectional communication in the SOC, and highlights new Talos research including the discovery of PXA Stealers.
What I’ve learned in my first 7-ish years in cybersecurity
Plus, a zero-day vulnerability in Qualcomm chips, exposed health care devices, and the latest on the Salt Typhoon threat actor.
What NIST’s latest password standards mean, and why the old ones weren’t working
Rather than setting a regular cadence for changing passwords, users only need to change their passwords if there is evidence of a breach.
CISA is warning us (again) about the threat to critical infrastructure networks
Despite what lessons we thought we learned from Colonial Pipeline, none of those lessons have been able to be put into practice.
Are hardware supply chain attacks “cyber attacks?”
It shouldn’t just be viewed as a cybersecurity issue, because for a hardware supply chain attack, an adversary would likely need to physically infiltrate or tamper with the manufacturing process.
Talk of election security is good, but we still need more money to solve the problem
This year, Congress only allocated $55 million in federal grant dollars to states for security and other election improvements.
We can try to bridge the cybersecurity skills gap, but that doesn’t necessarily mean more jobs for defenders
A June report from CyberSeek found that there are only enough skilled workers to fill 85 percent of cybersecurity jobs in America.
The best and worst ways to get users to improve their account security
In my opinion, mandatory enrollment is best enrollment.
What kind of summer has it been?
As we head into the final third of 2024, we caught up with Talos' Nick Biasini to ask him about the biggest shifts and trends in the threat landscape so far. Turns out, he has two major areas of concern.
No, not every Social Security number in the U.S. was stolen
It’s not unusual for a threat actor to exaggerate the extent of a hack or breach to drum up interest, and hopefully, the eventual purchase or ransom price.
AI, election security headline discussions at Black Hat and DEF CON
Voting Village co-founder Harri Hursti told Politico the list of vulnerabilities ran “multiple pages.”
The top stories coming out of the Black Hat cybersecurity conference
As with everything nowadays, politics are sure to come into play.
There is no real fix to the security issues recently found in GitHub and other similar software
The lesson for users, especially if you’re a private company that primarily uses GitHub, is just to understand the inherent dangers of using open-source software.
The massive computer outage over the weekend was not a cyber attack, and I’m not sure why we have to keep saying that
Seeing a “blue screen of death,” often with code that looks indecipherable, has been ingrained into our heads that it’s a “hack."
It's best to just assume you’ve been involved in a data breach somehow
Telecommunications provider AT&T disclosed earlier this month that adversaries stole a cache of data that contained the phone numbers and call records of “nearly all” of its customers.
Checking in on the state of cybersecurity and the Olympics
Even if a threat actor isn’t successful in some widespread breach that makes international headlines, even smaller-scale threats and actors are just hoping to cause chaos.
We’re not talking about cryptocurrency as much as we used to, but there are still plenty of scammers out there
A report in March found that 72% of cryptocurrency projects had died since 2020, with crypto trading platform FTX’s downfall taking out many of them in one fell swoop.
Tabletop exercises are headed to the next frontier: Space
More on the recent Snowflake breach, MFA bypass techniques and more.
How we can separate botnets from the malware operations that rely on them
A botnet is a network of computers or other internet-connected devices that are infected by malware and controlled by a single threat actor or group.
The sliding doors of misinformation that come with AI-generated search results
AI’s integration into search engines could change the way many of us interact with the internet.
Attackers are impersonating a road toll payment processor across the U.S. in phishing attacks
Drivers from New York to Georgia and Pennsylvania have received these types of texts with equally convincing phishing text messages and lure pages.
Apple and Google are taking steps to curb the abuse of location-tracking devices — but what about others?
Plus, SS7 vulnerabilities are being exploited and BreachForums is taken down again.
Rounding up some of the major headlines from RSA
Here’s a rundown of some things you may have missed if you weren’t able to stay on top of the things coming out of the conference.
A new alert system from CISA seems to be effective — now we just need companies to sign up
Under a pilot program, CISA has sent out more than 2,000 alerts to registered organizations regarding the existence of any unpatched vulnerabilities in CISA’s KEV catalog.
What can we learn from the passwords used in brute-force attacks?
There are some classics on this list — the ever-present “Password” password, Passw0rd (with a zero, not an “O”) and “123456.”
The private sector probably isn’t coming to save the NVD
Plus, new details emerge on the Scattered Spider cybercrime network and ArcaneDoor.
Could the Brazilian Supreme Court finally hold people accountable for sharing disinformation?
At most, someone who intentionally or repeatedly shares information on their social platform that’s misleading or downright false may have their account blocked, suspended or deleted.