Blog
Featured

[Video] Where protection starts: Cisco Talos Intelligence Integrations

Every day, defenders make high-consequence decisions with incomplete information. Learn how Cisco Talos Intelligence Integrations help reduce uncertainty by turning the latest threat intelligence into proactive protections across Cisco technologies.

July 14, 2026 06:00

The serpent’s tongue: Luring the Python out of its den

This blog examines the full lifecycle of a Python package, from hosting on repositories such as PyPI or custom web servers, through source and wheel distribution formats, to the final installation into virtual or system-wide Python environments.

July 9, 2026 14:00

Winning 54% of the time

With Wimbledon's help, Hazel argues against the popular myth that "Attackers only need to be right once, but defenders need to be right 100% of the time."

July 7, 2026 06:00

UAT-7810 continues building ORB networks using new malware

Talos’ latest findings on UAT-7810 indicate that the threat actor continues to develop their custom-made malware.

Recent
July 9, 2026 14:52

WolfSSL, GeoVision, VTK vulnerabilities

Cisco Talos’ Vulnerability Discovery & Research team recently disclosed three vulnerabilities in WolfSSF, fourteen in GeoVision, and one vulnerability in VTK-DICOM. The vulnerabilities mentioned in this blog post have been patched by their respective vendors, in adherence to

July 2, 2026 14:00

Catan and Mouse

What do board games and cybersecurity have in common? Pattern recognition. Strategy. Adaptation. In this week’s Threat Source Bill explores why curiosity may be a defender’s most valuable skill.

July 1, 2026 06:00

Martin Lee: Running through the Arctic (and the threat landscape)

Ever wonder how someone goes from studying human viruses to leading cybersecurity teams? In this Humans of Talos, we’re joined by Martin Lee, EMEA Lead, to talk about his journey into the industry.

July 1, 2026 06:00

ARToken: Inside an EvilTokens affiliate panel targeting Microsoft 365

Talos has identified "ARToken," a phishing-as-a-service platform that targets Microsoft 365. The ARToken panel exposes 80+ API endpoints for device code phishing, Primary Refresh Token persistence, email access, BEC operations, and SharePoint exfiltration.

June 25, 2026 14:00

Beyond IOCs: AI-enabled threat intelligence

In this week’s newsletter, Martin considers how AI will help threat intelligence by creating an easily queryable data source of intelligence reports.