Threat Source newsletter - Cisco Talos Blog Blog Talos’ weekly recap of the top cybersecurity news and our latest research. Weekly editions appear on the blog, or readers can subscribe to have the email delivered to their inbox every Thursday. May 14, 2026 14:00 The time of much patching is coming In this week’s newsletter, Martin reflects on what the next iteration of AI tools means for vulnerability discovery and our ability to manage large-scale patch releases.
Martin Lee Threat Source newsletter May 7, 2026 14:00 Unplug your way to better code Cybersecurity concepts — logs, packets, DNS exfiltration, and more — are usually intangible, and its practitioners are prone to mental fatigue, Amy takes a second to yell at you to go touch grass. Amy Ciminnisi April 30, 2026 14:00 Great responsibility, without great power In this week’s newsletter, Hazel uses International Superhero Day as a springboard to explore why empathy — rather than just technical prowess — is the most essential, underrated superpower for navigating the human side of cybersecurity.
Hazel Burton April 23, 2026 14:00 It pays to be a forever student In this newsletter, Joe discusses why understanding other disciplines can often flow back into the macro and micro of cybersecurity, especially in a world of AI. Joe Marshall April 16, 2026 14:00 The Q1 vulnerability pulse Thor provides an overview of the Q1 2026 vulnerability statistics, highlighting key trends in legacy CVEs and the evolving impact of AI on the threat landscape.
Thorsten Rosendahl April 9, 2026 14:00 The threat hunter’s gambit Bill discusses why obsessing over strategy games is actually a secret weapon to outsmart threat actors. William Largent April 2, 2026 14:00 The democratisation of business email compromise fraud This week, Martin tells the story of a crime he encountered and how it shows that the threat landscape is changing. March 26, 2026 14:00 A puppet made me cry and all I got was this t-shirt In this week's newsletter, Amy draws parallels between the collaborative themes of "Project Hail Mary" and the massive team effort behind the newly released Talos Year in Review report.
March 19, 2026 14:00 You have to invite them in While a garlic and wooden stakes keep the vampires at bay in movies, they won’t save your network once an attacker has been "invited in." Discover why identity is the new frontier of cyber horror in this week’s edition. March 12, 2026 14:00 This one’s for you, Mom This week, Joe talks about allyship and how being aware of an issue is the first step in helping to fix it.
March 5, 2026 14:00 Patch, track, repeat: The 2025 CVE retrospective Thor analyzes CVE data from 2025 and provides recommendations for where and how organizations should strengthen their defenses. February 26, 2026 14:00 Henry IV, Hotspur, Hal, and hallucinations In this edition of the Threat Source newsletter, William draws parallels between Shakespeare’s Hotspur and the challenges of cybersecurity and AI, emphasizing the importance of risk-taking, learning from failure, and surrounding yourself with smart people.
February 19, 2026 14:00 Using AI to defeat AI In this week’s newsletter Martin considers how defenders can turn offensive AI tools against themselves. February 12, 2026 14:00 Hand over the keys for Shannon’s shenanigans In this week’s newsletter, Amy examines the rise of Shannon, an autonomous AI penetration testing tool, and what it means for security teams and risk management. February 5, 2026 14:00 All gas, no brakes: Time to come to AI church This week, Joe cautions the rush to adopt AI tools rife with truly awful security vulnerabilities.
January 29, 2026 14:00 I'm locked in! Hazel reflects on how to find balance while staying informed, then delivers practical updates and insights on the latest cybersecurity threats. January 22, 2026 14:00 I scan, you scan, we all scan for... knowledge? In this week's newsletter, Bill hammers home the old adage, "Know your environment" — even throughout alert fatigue. January 15, 2026 14:00 Predicting 2026 In this week’s newsletter, Martin examines the evolving landscape for 2026, highlighting key threats, emerging trends like AI-driven risks, and the continued importance of addressing familiar vulnerabilities.
January 8, 2026 14:00 Resolutions, shmesolutions (and what’s actually worked for me) Talos' editor ditches the pressure of traditional New Year’s resolutions in favor of practical, in-the-moment changes, and finds more success by letting go of perfection. Plus, we break down the latest on UAT-7290, a newly disclosed threat actor targeting critical infrastructure. December 18, 2025 14:00 Adios 2025, you won’t be missed This week, Joe laments on 2025, and what we can think of in 2026 in the wild world of cybersecurity.
December 11, 2025 14:00 One newsletter to rule them all Hazel embarks on a creative fitness journey, virtually crossing Middle-earth via The Conqueror app while sharing key cybersecurity insights. December 4, 2025 14:00 Your year-end infosec wrapped Bill explores how our biggest mistakes can be the catalysts for growth that we need. This week’s newsletter promises stories, lessons, and a fresh perspective on failure.
November 26, 2025 12:00 Care that you share This holiday season, as teams run lean and cyber threats rise, being open with what — and how — you share can protect both information and relationships. November 20, 2025 14:00 It’s not personal, it’s just business Martin muses on how agentic AI is bringing efficiency improvements to the business of cyber crime. November 13, 2025 14:00 Viasat and the terrible, horrible, no good, very bad day In this week’s newsletter, Amy recounts her journey from Halloween festivities to unraveling the story of the 2022 Viasat satellite hack, with plenty of cybersecurity surprises along the way.
November 6, 2025 14:00 Remember, remember the fifth of November This edition, Hazel explores the origins of Guy Fawkes Day and how heeding an anonymous warning prevented an assassination. October 30, 2025 14:00 Trick, treat, repeat Thor gets into the Halloween spirit, sharing new CVE trends, a “treat” for European Windows 10 users, and a reminder that patching is your best defense against zombie vulnerabilities.
October 23, 2025 14:00 Strings in the maze: Finding hidden strengths and gaps in your team In this week’s newsletter, Bill explores how open communication about your skills and experience can help your security team uncover hidden gaps, strengthen your defenses, and better prepare for ever-present threats. October 16, 2025 14:00 Ransomware attacks and how victims respond This edition highlights the detailed studies that have been recently published on how ransomware attacks affect victims, from PTSD to burnout, and discusses ways to help deal with the fallout of victimization.
October 9, 2025 14:00 Why don’t we sit around this computer console and have a sing-along? Martin muses on why computers are less fun than campfires, why their dangers seem less real, and why he’s embarking on a lengthy research project to study this. October 2, 2025 14:00 Family group chats: Your (very last) line of cyber defense Amy gives an homage to parents in family group chats everywhere who want their children to stay safe in this wild world.
September 25, 2025 14:00 Great Scott, I’m tired Hazel celebrates unseen effort in cybersecurity and shares some PII. Completely unrelated, but did you know “Back to the Future” turns 40 this year? September 18, 2025 14:00 Put together an IR playbook — for your personal mental health and wellbeing This edition pulls the curtain aside to show the realities of the VPNFilter campaign. Joe reflects on the struggle to prevent burnout in a world constantly on fire.
September 11, 2025 14:00 Beaches and breaches Thor examines why supply chain and identity attacks took center stage in this week’s headlines, rather than AI and ransomware. September 4, 2025 14:02 From summer camp to grind season Bill takes thoughtful look at the transition from summer camp to grind season, explores the importance of mental health and reflects on AI psychiatry. August 28, 2025 14:00 Link up, lift up, level up This week, Joe encourages you to find your community in cybersecurity and make the effort to grow, network and hack stuff together.
August 21, 2025 14:00 Cherry pie, Douglas firs and the last trip of the summer Amy (ahem, Special Agent Dale Cooper) shares lessons from their trip to the Olympic Peninsula and cybersecurity travel tips for your last-minute adventures. August 14, 2025 14:00 What happened in Vegas (that you actually want to know about) Hazel braves Vegas, overpriced water and the Black Hat maze to bring you Talos’ latest research — including a deep dive into the PS1Bot malware campaign.
August 7, 2025 14:00 AI wrote my code and all I got was this broken prototype Can AI really write safer code? Martin dusts off his software engineer skills to put it it to the test. Find out what AI code failed at, and what it was surprisingly good at. Also, we discuss new research on how AI LLM models can be used to assist in the reverse engineering of malware. July 31, 2025 14:00 The Booker Prize Longlist and Hacker Summer Camp This week Bill connects the hype of literary awards to cybersecurity conference season.
We highlight key insights from the Q2 2025 IR Trends report, including phishing trends, new ransomware strains, and top targeted sectors. Finally, check out all the places Talos will be at Black Hat. July 24, 2025 14:00 BRB, pausing for a "Sanctuary Moon" marathon Get to know the real people behind cybersecurity’s front lines. In this week’s newsletter, sci-fi meets reality, humanity powers technology and a few surprises are waiting to be discovered.
July 17, 2025 14:00 This is your sign to step away from the keyboard This week, Martin shows how stepping away from the screen can make you a stronger defender, alongside an inside scoop on emerging malware threats. July 10, 2025 14:00 Patch, track, repeat Thorsten takes stock of a rapidly evolving vulnerability landscape: record-setting CVE publication rates, the growing fragmentation of reporting systems, and why consistent tracking and patching remain critical as we move through 2025.
July 3, 2025 14:00 A message from Bruce the mechanical shark This Fourth of July, Bruce, the 25-foot mechanical shark from Jaws, shares how his saltwater struggles mirror the need for real-world cybersecurity stress testing. June 26, 2025 14:00 Getting a career in cybersecurity isn’t easy, but this can help This week, Joe reflects on his unique path into cybersecurity and shares honest advice for breaking into the field.
Plus, learn how cybercriminals are abusing AI to launch more sophisticated attacks and what you can do to stay protected. June 18, 2025 14:00 A week with a "smart" car In this edition, Thor shares how a week off with a new car turned into a crash course in modern vehicle tech. Surprisingly, it offers many parallels to cybersecurity usability. June 12, 2025 14:01 Know thyself, know thy environment In this week's edition, Bill explores the importance of self-awareness and building repeatable processes to better secure your environment.
June 5, 2025 14:00 Everyone's on the cyber target list In this week's newsletter, Martin emphasizes that awareness, basic cyber hygiene and preparation are essential for everyone, and highlights Talos' discovery of the new PathWiper malware. May 29, 2025 14:00 A new author has appeared Talos Content Manager Amy introduces themself, shares her unconventional journey into cybersecurity and reports on threats masquerading as AI installers.
May 22, 2025 14:00 Ghosted by a cybercriminal Hazel observes that cybercriminals often fumble teamwork, with fragile alliances crumbling over missed messages. Plus, how UAT-6382 is exploiting Cityworks and what you can do to stay secure. May 15, 2025 14:01 Xoxo to Prague In this week’s newsletter, Thor inspects the LockBit leak, finding $10,000 “security tips,” ransom negotiations gone wrong and a rare glimpse into the human side of cybercrime.
May 8, 2025 14:01 The IT help desk kindly requests you read this newsletter How do attackers exploit authority bias to manipulate victims? Martin shares proactive strategies to protect yourself and others in this must-read edition of the Threat Source newsletter. May 1, 2025 14:01 Understanding the challenges of securing an NGO Joe talks about how helping the helpers can put a fire in you and the importance of keeping nonprofits cybersecure.
April 24, 2025 14:00 Lessons from Ted Lasso for cybersecurity success In this edition, Bill explores how intellectual curiosity drives success in cybersecurity, shares insights on the IAB ToyMaker’s tactics, and covers the top security headlines you need to know. April 17, 2025 14:01 Care what you share In this week’s newsletter, Thorsten muses on how search engines and AI quietly gather your data while trying to influence your buying choices.
Explore privacy-friendly alternatives and get the scoop on why it's important to question the platforms you interact with online. April 10, 2025 14:02 Threat actors thrive in chaos Martin delves into how threat actors exploit chaos, offering insights from Talos' 2024 Year in Review on how to fortify defenses against evolving email lures and frequently targeted vulnerabilities, even amidst economic disruption.
April 3, 2025 14:03 One mighty fine-looking report Hazel highlights the key findings within Cisco Talos’ 2024 Year in Review (now available for download) and details our active tracking of an ongoing campaign targeting users in Ukraine with malicious LNK files. March 27, 2025 14:01 Money Laundering 101, and why Joe is worried In this blog post, Joe covers the very basics of money laundering, how it facilitates ransomware cartels, and what the regulatory future holds for cybercrime.
March 20, 2025 14:00 Tomorrow, and tomorrow, and tomorrow: Information security and the Baseball Hall of Fame In this week’s Threat Source newsletter, William pitches a fun comparison between baseball legend Ichiro Suzuki and the unsung heroes of information security, highlights newly released UAT-5918 research, and shares an exciting new Talos video. March 13, 2025 14:04 Patch it up: Old vulnerabilities are everyone’s problems Thorsten picks apart some headlines, highlights Talos’ report on an unknown attacker predominantly targeting Japan, and asks, “Where is the victim, and does it matter?” March 6, 2025 14:03 Who is Responsible and Does it Matter?
Martin Lee dives into to the complexities of defending our customers from threat actors and covers the latest Talos research in this week's newsletter. February 27, 2025 14:03 Sellers can get scammed too, and Joe goes off on a rant about imposter syndrome Joe has some advice for anyone experiencing self doubt or wondering about their next career move. Plus, catch up on the latest Talos research on scams targeting sellers, and the Lotus Blossom espionage group.
February 20, 2025 14:02 Efficiency? Security? When the quest for one grants neither. William discusses what happens when security is an afterthought rather than baked into processes and highlights the latest of Talos' security research. February 13, 2025 14:05 Changing the narrative on pig butchering scams Hazel discusses Interpol’s push to rename pig butchering scams as ‘romance baiting’. Plus, catch up on the latest vulnerability research from Talos, and why a recent discovery is a “rare industry win”.
February 6, 2025 14:03 Changing the tide: Reflections on threat data from 2024 Thorsten examines last year’s CVE list and compares it to recent Talos Incident Response trends. Plus, get all the details on the new vulnerabilities disclosed by Talos’ Vulnerability Research Team. January 30, 2025 14:05 Defeating Future Threats Starts Today Martin discusses how defenders can use threat intelligence to equip themselves against AI-based threats.
Plus check out his introductory course to threat intelligence. January 23, 2025 14:05 Everything is connected to security Joe shares his recent experience presenting at the 32nd Crop Insurance Conference and how it's important to stay curious, be a forever student, and keep learning. January 16, 2025 14:15 Find the helpers Bill discusses how to find 'the helpers' and the importance of knowledge sharing.
Plus, there's a lot to talk about in our latest vulnerability roundup. January 9, 2025 14:15 Do we still have to keep doing it like this? Hazel gets inspired by watching Wendy Nather’s recent keynote, and explores ways to challenge security assumptions. December 19, 2024 14:02 Welcome to the party, pal! In the last newsletter of the year, Thorsten recalls his tech-savvy gift to his family and how we can all incorporate cybersecurity protections this holiday season.
December 12, 2024 14:05 Something to Read When You Are On Call and Everyone Else is at the Office Party Its mid-December, if you’re on-call or working to defend networks, this newsletter is for you. Martin discusses the widening gap between threat and defences as well as the growing problem of home devices being recruited to act as proxy servers for criminals. December 5, 2024 14:02 The adventures of an extroverted cyber nerd and the people Talos helps to fight the good fight Ever wonder what an extroverted strategy security nerd does?
Wonder no longer! This week, Joe pontificates on his journey at Talos, and then is inspired by the people he gets to meet and help. November 21, 2024 14:02 Bidirectional communication via polyrhythms and shuffles: Without Jon the beat must go on The Threat Source Newsletter is back! William Largent discusses bidirectional communication in the SOC, and highlights new Talos research including the discovery of PXA Stealers.
October 17, 2024 14:00 What I’ve learned in my first 7-ish years in cybersecurity Plus, a zero-day vulnerability in Qualcomm chips, exposed health care devices, and the latest on the Salt Typhoon threat actor. Jonathan Munshaw October 10, 2024 14:00 What NIST’s latest password standards mean, and why the old ones weren’t working Rather than setting a regular cadence for changing passwords, users only need to change their passwords if there is evidence of a breach.
October 3, 2024 14:00 CISA is warning us (again) about the threat to critical infrastructure networks Despite what lessons we thought we learned from Colonial Pipeline, none of those lessons have been able to be put into practice. September 26, 2024 14:00 Are hardware supply chain attacks “cyber attacks?” It shouldn’t just be viewed as a cybersecurity issue, because for a hardware supply chain attack, an adversary would likely need to physically infiltrate or tamper with the manufacturing process.
September 19, 2024 14:00 Talk of election security is good, but we still need more money to solve the problem This year, Congress only allocated $55 million in federal grant dollars to states for security and other election improvements. September 12, 2024 14:00 We can try to bridge the cybersecurity skills gap, but that doesn’t necessarily mean more jobs for defenders A June report from CyberSeek found that there are only enough skilled workers to fill 85 percent of cybersecurity jobs in America.
September 5, 2024 14:00 The best and worst ways to get users to improve their account security In my opinion, mandatory enrollment is best enrollment. August 29, 2024 14:00 What kind of summer has it been? As we head into the final third of 2024, we caught up with Talos' Nick Biasini to ask him about the biggest shifts and trends in the threat landscape so far. Turns out, he has two major areas of concern.
August 22, 2024 14:00 No, not every Social Security number in the U.S. was stolen It’s not unusual for a threat actor to exaggerate the extent of a hack or breach to drum up interest, and hopefully, the eventual purchase or ransom price. August 15, 2024 14:00 AI, election security headline discussions at Black Hat and DEF CON Voting Village co-founder Harri Hursti told Politico the list of vulnerabilities ran “multiple pages.” August 8, 2024 14:00 The top stories coming out of the Black Hat cybersecurity conference As with everything nowadays, politics are sure to come into play.
August 1, 2024 14:00 There is no real fix to the security issues recently found in GitHub and other similar software The lesson for users, especially if you’re a private company that primarily uses GitHub, is just to understand the inherent dangers of using open-source software. July 25, 2024 14:00 The massive computer outage over the weekend was not a cyber attack, and I’m not sure why we have to keep saying that Seeing a “blue screen of death,” often with code that looks indecipherable, has been ingrained into our heads that it’s a “hack." July 18, 2024 14:00 It's best to just assume you’ve been involved in a data breach somehow Telecommunications provider AT&T disclosed earlier this month that adversaries stole a cache of data that contained the phone numbers and call records of “nearly all” of its customers.
July 11, 2024 14:00 Checking in on the state of cybersecurity and the Olympics Even if a threat actor isn’t successful in some widespread breach that makes international headlines, even smaller-scale threats and actors are just hoping to cause chaos. June 27, 2024 14:00 We’re not talking about cryptocurrency as much as we used to, but there are still plenty of scammers out there A report in March found that 72% of cryptocurrency projects had died since 2020, with crypto trading platform FTX’s downfall taking out many of them in one fell swoop.
June 20, 2024 14:00 Tabletop exercises are headed to the next frontier: Space More on the recent Snowflake breach, MFA bypass techniques and more. June 13, 2024 14:00 How we can separate botnets from the malware operations that rely on them A botnet is a network of computers or other internet-connected devices that are infected by malware and controlled by a single threat actor or group. June 6, 2024 14:00 The sliding doors of misinformation that come with AI-generated search results AI’s integration into search engines could change the way many of us interact with the internet.
May 30, 2024 14:00 Attackers are impersonating a road toll payment processor across the U.S. in phishing attacks Drivers from New York to Georgia and Pennsylvania have received these types of texts with equally convincing phishing text messages and lure pages. May 23, 2024 14:00 Apple and Google are taking steps to curb the abuse of location-tracking devices — but what about others? Plus, SS7 vulnerabilities are being exploited and BreachForums is taken down again.
May 16, 2024 14:00 Rounding up some of the major headlines from RSA Here’s a rundown of some things you may have missed if you weren’t able to stay on top of the things coming out of the conference. May 9, 2024 14:00 A new alert system from CISA seems to be effective — now we just need companies to sign up Under a pilot program, CISA has sent out more than 2,000 alerts to registered organizations regarding the existence of any unpatched vulnerabilities in CISA’s KEV catalog.
May 2, 2024 14:00 What can we learn from the passwords used in brute-force attacks? There are some classics on this list — the ever-present “Password” password, Passw0rd (with a zero, not an “O”) and “123456.” April 25, 2024 14:00 The private sector probably isn’t coming to save the NVD Plus, new details emerge on the Scattered Spider cybercrime network and ArcaneDoor. April 18, 2024 14:00 Could the Brazilian Supreme Court finally hold people accountable for sharing disinformation?
At most, someone who intentionally or repeatedly shares information on their social platform that’s misleading or downright false may have their account blocked, suspended or deleted. April 11, 2024 14:00 The internet is already scary enough without April Fool’s jokes The security community is still reflecting on the “What If” of the XZ backdoor.