Cisco Talos Intelligence Group

A man, identified as Joe Marshall, sits in front of a laptop displaying a black and white image. The background features a booth setup, and the text 'Backdoors & Breaches' is prominently displayed in white on the left side, with 'with Joe Marshall' below it.

Humanitarian organizations are especially vulnerable to cyber attacks, but in 2023, Cisco Talos partnered with NetHope and Cisco Crisis Response to do something about it: cs.co/63327friJv

A digital artwork featuring a stylized armored knight, backgrounded by a fortress at sunset. The image includes text: 'Tales from the Frontlines. Recapping the action and sharing stories from behind the scenes. August 13, 2025. 10:00 a.m. ET/7:00 a.m. PST/2:00 p.m. UTC. Register for the Webex event: cs.co/RTales.'

Join Cisco Talos Incident Response for an off-the-record briefing on how we tackle threats on the frontlines. Real stories, real lessons. Register now: cs.co/IRTales

Cisco Talos Threat Source Newsletter

In this edition of Threat Source, William talks the Booker Prize Longlist and gives a preview of where you can find Talos at hacker summer camp: cs.co/63323fnYN5

On the Radar banner

This blog can help you level up your reverse engineering game. See how large language models (LLMs) can become powerful sidekicks for malware analysis: cs.co/63323fr9Ad

Cisco Talos Incident Response icon, next to "QUARTERLY TRENDS" in all capital letters.

Ransomware actors are using decades-old PowerShell 1.0 to outsmart modern defenses — a surprising twist revealed in Cisco Talos IR’s latest quarterly trends report. Get the latest on this tactic and recent threats: cs.co/63325fr9Fz

Beers with Talos podcast banner

Leading through cyber-chaos, wrangling exec questions and making sure everyone eats — just another day for new Talos incident commander Alex Ryan! 🍻 Check out the latest Beers with Talos: cs.co/63324fr9ow

Promotional image for Talos at Black Hat, featuring a blue shield logo. Text includes 'Join Talos at Black Hat!' and 'Booth 2726', with event dates 'August 6 - 7, Las Vegas, NV'. Background has geometric shapes and a dark theme.

Whether you're a Black Hat veteran or this is your first time, here's a quick guide on what to expect and where to find Talos during the week: cs.co/63327fr9LH

The Need to Know with Cisco Talos banner

Curious how ENISA’s 2025 NIS2 Technical Implementation Guidance will impact your compliance strategy? Follow along with Talos IR for insights on the new requirements and practical steps to update your processes: cs.co/63322fRAJk

Join Talos at Black Hat! Booth 2726. August 6-7 in Las Vegas, NV

Coming to Black Hat next week? Don’t miss Cisco Talos at booth 2726. Hear talks on our newest research, meet our experts and join the conversation.

Join Talos at Black Hat! Booth 2726. August 6-7 in Las Vegas, NV

The countdown to Black Hat is on! Swing by booth 2726 to chat with Cisco Talos experts, catch live talks on current research and connect with the team.

YouTube video by Cisco Talos Intelligence Group How Cisco Talos Uses AI to Detect DNS Tunnelling and Stop Data Exfiltration

Learn how the Cisco Talos DNS Security service uses neural networks to uncover DNS tunneling attempts in real time, setting a new standard for DNS security: www.youtube.com/watch?v=zfRO...

Cisco Talos logo above the text 'THREAT SOURCE NEWSLETTER.' Below it states: 'All the security news you need to know – hitting your inbox every Thursday.' The background has a gradient from black to blue.

Amy shares her thoughts on what makes advanced technologies fascinating in this week’s Threat Source newsletter. In return, readers get two fantastic sci-fi recommendations: cs.co/63329fJOOB

Image of green hand pulling a devil mask off of a skeleton in a suit.

A new ransomware-as-a-service (RaaS) group operating under the name Chaos is making waves. Learn why Cisco Talos suspects ties to a notorious cybercrime gang: cs.co/63322fKJjy

YouTube video by Cisco Talos Intelligence Group How SnortML Uses Machine Learning to Stop Zero-Day Attacks

SnortML, Cisco’s machine learning-powered detection engine, identifies patterns of exploit attempts — even those it hasn't seen before — without relying on static rules. Stop by the Cisco booth at Black Hat to learn more: www.youtube.com/watch?v=jkxn...

Welcome to our new series, Humans of Talos! Host Amy Ciminnisi kicks the series off chatting with Hazel Burton — storyteller extraordinaire, security advocate and improv enthusiast: blog.talosintelligence.com/humans-of-ta...

Come meet Cisco Talos at Black Hat! From analyzing billions of security events daily to discovering new vulnerabilities, we focus on what matters most: defending our customers, no matter how the threat landscape shifts: www.youtube.com/watch?v=Wx95...

Feeling the cybersecurity burnout? You’re not alone. In this week’s Threat Source newsletter, Martin Lee explores why stepping away from the keyboard might be your best defense: blog.talosintelligence.com/this-is-your...

Cisco Talos has uncovered a Malware-as-a-Service operation that leverages fake GitHub accounts and public repositories to deliver a wide range of malicious payloads: blog.talosintelligence.com/maas-operati...

Jaeson, a qhite man with a moustache and beard, smiles at the camera.

Don’t miss Part 2 of last week's TTP! Talos' Jaeson Schultz breaks down how attackers are using large language models (LLMs) to usher in the next phase of cyber threats by manipulating the data these models rely on: http://cs.co/633204Cuoo

When it comes to ransomware, timing is everything and waiting can be costly. Find out how your response time makes a difference in these real-life Talos IR cases: blog.talosintelligence.com/talos-ir-ran...

Jaeson, a white man with a moustache and beard, smiles at the camera. The "TTP" logo is on a black background on the right half of the screen.

Don't miss the newest TTP! Jaeson Schultz joins Hazel to explore the wild world of cybercriminals scamming each other with fake AI tools, inventing new ways to jailbreak large language models, and so much more: http://cs.co/633204IoEG

We’re halfway through 2025, and vulnerability reporting is evolving fast. Check out the latest Threat Source newsletter as Thorsten breaks down record CVE volumes and new reporting challenges: blog.talosintelligence.com/patch-track-...

Talos discovered two vulnerabilities each in Asus Armoury Crate and Adobe Acrobat products that could put systems at risk of arbitrary code execution, authorization bypass and more. Don't miss the full blog: blog.talosintelligence.com/asus-and-ado...

ICYMI: Microsoft’s July security updates dropped with 132 fixes across a wide range of products, including 14 rated critical. Find more details here: blog.talosintelligence.com/microsoft-pa...

Duh dun... What can the malfunctioning mechanical shark from Jaws teach us about cybersecurity? This week’s newsletter dives into Bruce’s salty struggles and the importance of stress testing your defenses: blog.talosintelligence.com/a-message-fr...

Magnifying class held up to a computer screen with a PDF file icon. The magnifying glass reveals a threat actor behind the PDF.

Did you know PDFs may be the perfect disguise for phishing attacks? Cisco Talos is enhancing email threat detection and uncovering new tactics like callback phishing (aka TOAD) and Adobe abuse: http://cs.co/633204cAzp

For those who know… The real security MVPs have entered the chat.

Did we accidentally take a hiatus? Yes. Is there an underground war on dairy? Maybe. Are conference dogs the heroes we deserve? Absolutely. Tune into the newest Beers with Talos for chaos and (questionable) puns: www.buzzsprout.com/2033817/epis...

Talk bubble that says "We were basically able to blow the performance out of the water compared to all the other methods."

Ryan Fetterman from the SURGe team joins Hazel to explore the research on training LLMs to assist SOC teams. From unexpected performance gains to cutting-edge techniques, this Talos Takes episode might just change how you see AI in cybersecurity: http://cs.co/6332645GNy

Join us for a deep dive into how Cisco Talos uncovered two critical vulnerabilities in the AsIO3.sys driver powering ASUS Armory Crate: blog.talosintelligence.com/decrement-by...