Blog
Featured

ARToken: Inside an EvilTokens affiliate panel targeting Microsoft 365

Talos has identified "ARToken," a phishing-as-a-service platform that targets Microsoft 365. The ARToken panel exposes 80+ API endpoints for device code phishing, Primary Refresh Token persistence, email access, BEC operations, and SharePoint exfiltration.

July 9, 2026 14:00

Winning 54% of the time

With Wimbledon's help, Hazel argues against the popular myth that "Attackers only need to be right once, but defenders need to be right 100% of the time."

July 7, 2026 06:00

UAT-7810 continues building ORB networks using new malware

Talos’ latest findings on UAT-7810 indicate that the threat actor continues to develop their custom-made malware.

July 1, 2026 06:00

Martin Lee: Running through the Arctic (and the threat landscape)

Ever wonder how someone goes from studying human viruses to leading cybersecurity teams? In this Humans of Talos, we’re joined by Martin Lee, EMEA Lead, to talk about his journey into the industry.

Recent
July 9, 2026 14:52

WolfSSL, GeoVision, VTK vulnerabilities

Cisco Talos’ Vulnerability Discovery & Research team recently disclosed three vulnerabilities in WolfSSF, fourteen in GeoVision, and one vulnerability in VTK-DICOM. The vulnerabilities mentioned in this blog post have been patched by their respective vendors, in adherence to

July 2, 2026 14:00

Catan and Mouse

What do board games and cybersecurity have in common? Pattern recognition. Strategy. Adaptation. In this week’s Threat Source Bill explores why curiosity may be a defender’s most valuable skill.

June 25, 2026 14:00

Beyond IOCs: AI-enabled threat intelligence

In this week’s newsletter, Martin considers how AI will help threat intelligence by creating an easily queryable data source of intelligence reports.

June 25, 2026 06:00

Introduction to COM usage by Windows threats

Component Object Model (COM) is a fundamental Windows technology used by legitimate applications for object activation, inter-process communication, automation and language-independent component reuse. Those same qualities make it useful to threat actors.

June 18, 2026 14:00

Close Encounters of the Human Kind

In the latest Threat Source, Hazel channels her inner Spielberg to explore why humans are delightfully irrational, reminding us that while security best practices are simple in theory, they’re a lot harder to pull off when you’re busy dealing with real life.