Introduction to COM usage by Windows threats
Component Object Model (COM) is a fundamental Windows technology used by legitimate applications for object activation, inter-process communication, automation and language-independent component reuse. Those same qualities make it useful to threat actors.
Beyond IOCs: AI-enabled threat intelligence
In this week’s newsletter, Martin considers how AI will help threat intelligence by creating an easily queryable data source of intelligence reports.
Scripting the disassembler: Local agentic reverse engineering through vbdec’s live COM object model
Cisco Talos detailed a new approach to reverse engineering that pairs local AI agents with traditional analysis tools like the VB6 disassembler vbdec. Instead of awkwardly bolting AI onto the software, vbdec exposes its parsed data through a live COM interface.
Microsoft Patch Tuesday for June 2026 — Snort rules and prominent vulnerabilities
Microsoft Patch Tuesday details for June 2026.
Close Encounters of the Human Kind
In the latest Threat Source, Hazel channels her inner Spielberg to explore why humans are delightfully irrational, reminding us that while security best practices are simple in theory, they’re a lot harder to pull off when you’re busy dealing with real life.
A tale of two eras
In this week’s newsletter, Amy reminisces on the tech toys of their childhood, inspired by a hilarious lesson about why your digital privacy shouldn't be left on an open channel.
Reporting from Vegas: Networking, AI, and good boys
Joe’s on-the-ground report from Cisco Live U.S. is here, complete with therapy dog pictures and tips on handling conference overstimulation.
Winning the cyber marathon with Tony Giandomenico
Tony Giandomenico, Senior Director of Product Management, joins Amy to discuss the Talos Threat Hunting launch what he's excited about for the future of cybersecurity, and, of course, his Ironman triathlons.
Hypotheses, telemetry, and human judgment: Inside Cisco Talos Threat Hunting
Learn how Cisco Talos Threat Hunting uses hypothesis-driven methods and multi-domain telemetry correlation to find stealthy threats operating below automated detection thresholds.