Talos Takes

Teaching LLMs to spot malicious PowerShell scripts

How cybercriminals are camouflaging threats as fake AI tool installers

Inside the attack chain: A new methodology for tracking compartmentalized threats

Follow the motive: Rethinking defense against Initial Access Groups

Year in Review special pt. 4: How AI is influencing the threat landscape?

Year in Review special part 3: Identity and MFA attacks

Year in Review special part 2: The biggest ransomware trends

Year in Review special part 1: vulnerabilities, email threats, and adversary tooling

A blueprint for protecting major events

Why attackers are using hidden text salting to evade email filters

How to establish a threat intelligence program (Cisco Live EMEA preview)

Web shell frenzies, the first appearance of Interlock, and why hackers have the worst cybersecurity: IR Trends Q4 2024

Exploring vulnerable Windows drivers

It's the 35th anniversary of ransomware - let's talk about the major shifts and changes

Unwrapping the emerging Interlock ransomware attack

It's Taplunk! Talos and Splunk threat researchers meet to put the security world to rights

The biggest takeaways from Talos IR's new report: New ransomware variants, EDR tool uninstallation, and password spray attacks increasing

How Talos IR and Splunk are teaming up

Why the BlackByte ransomware group may be more active than we initially thought

AI, critical infrastructure dominate conversation at Hacker Summer Camp

A 1-on-1 with Talos VP Matt Watchinski

What should we be doing to better support open-source software?

Threat actor trends and the most prevalent malware from the past quarter

You got a data breach notification. Now what?

What we learned from studying the TTPs of the 14 most active ransomware groups

Time to catch up on the wide-reaching Snowflake incident

Everything we know about denial-of-service attacks in 2024

The many shades of LilacSquid

A mid-year checkin on Volt Typhoon

How much has AI helped bad actors who spread disinformation?

Recapping RSA

Why CoralRaider is looking to steal your login credentials

4 takeaways from what Talos IR is seeing in the field

How to defend against brute force attacks

What are the dangers of enabling sideloading and third-party apps?

Why we need to stop calling as-a-service group takedowns "takedowns"

Turla has been around for 20-plus years at this point, but they're still mixing things up

Why more actors are starting to use Telegram for their communications

Why no one should be relying on passive security in 2024

What's new about GhostSec's ransomware-as-a-service model

Why are "identity attacks" on the rise?

The tl;dr of NIS2

Case study: How Talos IR helped a healthcare tech company avoid a ransomware attack

How are attackers using malicious drivers in Windows to stay undetected?

(XL Edition): Talos IR recaps the top threats of Q4 2023

What's new with CVSS 4.0, and does it really change anything?

XL Edition: Talos' 2023 Year in Review

Year in Review: Why are attackers targeting the telecommunications sector so often?

Year in Review: Why was 2023 the year of data theft extortion?

2023 Year in Review: Everything you need to know about Chinese state-sponsored actors