12+ hour, 26+ min ago  (872+ words) A familiar theme in security right now is that the barrier to entry for attackers is at an all-time low. AI tools can spin up websites within minutes that can easily'direct data to disposable external data stores and send alerts…...

5+ day, 7+ hour ago  (210+ words) Welcome to this week's edition of the Threat Source newsletter." As much as we tend to be myopic as security professionals and focus on our tradecraft, we are all part of a series of interconnected systems that"lets"humanity function....

5+ day, 14+ hour ago  (439+ words) In early 2024, Cisco Talos attributed Arcane Door, a state-sponsored campaign focused on gaining access to network perimeter devices for espionage, to UAT-4356. Customers are advised to refer to Cisco's Security Advisory for mitigation and detection guidance, indicators of compromise (IOCs),…...

6+ day, 19+ hour ago  (680+ words) The tables'below'represent'the MITRE ATT&CK techniques'observed'in this quarter's IR engagements and'includes'relevant examples and the number of times seen. Given that some techniques can fall under multiple tactics, we grouped them under the most relevant tactic based on the way they…...

1+ week, 13+ hour ago  (414+ words) In 2025, attackers increasingly targeted weaknesses in multi-factor authentication (MFA) workflows, and phishing attacks leveraged valid, compromised credentials to launch lures from trusted accounts. The trends focused entirely on trust, or the lack thereof, in everyday business operations. In 2025, phishing attacks…...

1+ week, 15+ hour ago  (991+ words) mac OS is no longer a niche operating system. According to the'Stack Overflow 2024 Developer Survey, a third of professional developers use mac OS as their primary platform. These machines'represent'high-value pivot points, often holding source code repositories, cloud credentials, and SSH…...

1+ week, 6+ day ago  (561+ words) This blog describes how n8n, one of the most popular AI workflow automation platforms, has been abused to deliver malware and fingerprint devices by sending automated emails. When the URL receives a request, the subsequent workflow steps are triggered, returning results…...

2+ week, 12+ hour ago  (519+ words) Across the'Talos 2025 Year in Review, state-sponsored threat activity from China, Russia, North Korea, and Iran all had varying motivations, such as espionage, disruption, financial gain, and geopolitical influence. But when you look at how these operations actually unfold, similar tactics,…...

2+ week, 4+ day ago  (263+ words) One of the clearest trends in the 2025 Talos Year in Review is just how quickly vulnerabilities are now being turned into working exploits. What used to take weeks or months is now happening in days, sometimes hours " and in some…...

2+ week, 5+ day ago  (601+ words) Welcome to this week's edition of the Threat Source newsletter." "Study hard what interests you the most in the most undisciplined, irreverent and original manner possible." " Richard Feynman" "I had discovered that learning something, no matter how complex, wasn't hard…...