Unsure of what certain cybersecurity topics or terms actually mean? That's what The Need to Know is for. We break down complex themes, and talk about how they sit within the threat landscape.
Agentic AI security: Why you need to know about autonomous agents now
There are many benefits and security risks of deploying agentic AI within organizations. This blog emphasizes the importance of robust risk management and threat modeling to defend against both internal operational errors and potential malicious exploitation.
How Cisco Talos powers the solutions protecting your organization
What happens under the hood of Cisco's security portfolio? Our reputation and detection services apply Talos' real-time intelligence to detect and block threats. Here's how.
Cybersecurity on a budget: Strategies for an economic downturn
This blog offers practical strategies, creative defenses, and talent management advice to help your business stay secure when every dollar counts.
What to do when you click on a suspicious link
As the go-to cybersecurity expert for your friends and family, you’ll want to be ready for those “I clicked a suspicious link — now what?” messages. Share this quick guide to help them know exactly what to do next.
Maturing the cyber threat intelligence program
The Cyber Threat Intelligence Capability Maturity Model (CTI-CMM) helps organizations assess and improve their threat intelligence programs by outlining 11 key areas and specific missions where CTI can support decision-making.
Cisco Talos at Black Hat 2025: Briefings, booth talks and what to expect
Cisco Talos is back at Black Hat with new research, threat detection overviews and opportunities to connect with our team. Whether you're interested in what we’re seeing in the threat landscape, detection engineering or real-world incident response, here's where and how to find us.
Insights from Talos IR: Navigating NIS2 technical implementation
ENISA’s 2025 NIS2 guidance makes compliance more complex, but Talos IR's services directly align with new requirements for reporting, logging and incident response.
When legitimate tools go rogue
Attackers are increasingly hiding in plain sight, using the same tools IT and security teams rely on for daily operations. This blog breaks down common techniques and provides recommendations to defenders.
The 2024 Threat Landscape State of Play
Talos' Nick Biasini discusses the biggest shifts and trends in the threat landscape so far. We also focus on one state sponsored actor that has been particularly active this year, and talk about why defenders need to be paying closer attention to infostealers.
How do cryptocurrency drainer phishing scams work?
In recent months, a surge in cryptodrainer phishing attacks has been observed, targeting cryptocurrency holders with sophisticated schemes aimed at tricking them into divulging their valuable credentials.
What’s the deal with the massive backlog of vulnerabilities at the NVD?
Given the state of the NVD and vulnerability management, we felt it was worth looking at the current state of the NVD, how we got to this point, what it means for security teams, and where we go from here.
The LockBit story: Why the ransomware affiliate model can turn takedowns into disruptions
Talos explores the recent law enforcement takedown of LockBit, a prolific ransomware group that claimed to resume their operations 7 days later.
How are attackers using QR codes in phishing emails and lure documents?
QR code attacks are particularly dangerous because they move the attack vector off a protected computer and onto the target’s personal mobile device, which usually has fewer security protections in place and ultimately has the sensitive information that attackers are after.
What is threat hunting?
Many organizations are curious about the idea of threat hunting, but what does this really entail? In this video, four experienced security professionals from across Cisco recently sat down to discuss the basics of threat hunting, and how to go about searching for the unknown.
What is NIS2, and how can you best prepare for the new cybersecurity requirements in the EU?
Given the increased geopolitical importance of cybersecurity, NIS2 is a logical step in creating more harmonized and stronger defense capabilities across the European Union.
What is Cracktivator software?
Learn about Talos' research into cracked versions of the Microsoft Windows operating system and applications. Discover why the use of cracktivator software is a growing trend.
What is the dark web?
What is the dark web, and how is it different from the deep web?
What is commercial spyware?
As the victims of commercial spyware are highly targeted individuals, the sobering truth is that some attackers have the means to be able to spend six figures to compromise a single target.
Why are there so many malware-as-a-service offerings?
Ransomware-as-a-service is a relatively new version of these commodity groups, such as DarkSide, known for the cyber attack in 2021 that disrupted the Colonial oil pipeline and made gas more expensive for thousands of U.S. consumers.
What does it mean when ransomware actors use “double extortion” tactics?
RA Group also introduces a new wrinkle to double extortion attacks: the threat that it will sell the data on the dark web. Double extortion tactics are known for leaking stolen data, but the sale is a potentially new gambit.
What is a web shell?
What are web shells? And why are attackers increasingly using them in their campaigns? We break it down in this blog.