Talos Takes
Technology
About
Every two weeks, host Amy Ciminnisi brings on a new guest from Talos or the broader Cisco Security world to break down a complicated security topic. We cover everything from breaking news to attacker trends and emerging threats.
Episodes
- The trust paradox: How attackers weaponize legitimate SaaS platforms
In this episode of Talos Takes, Amy Ciminnisi sits down with researcher Diana Brown to discuss the rise of "platform-as-a-proxy" (PAP) attacks. We explore how threat actors are weaponizing legitimate SaaS platforms like GitHub and Jira to…
- It's not you, it's your printer: State-sponsored and phishing threats in 2025
In this episode, we unpack state-sponsored and phishing trends from the 2025 Talos Year in Review. Amy and Martin Lee explore the alarming rise of internal phishing campaigns that bypass traditional perimeter defenses, including the widesp…
- 2025's ransomware trends and zombie vulnerabilities
In this episode, Amy and Pierre Cadieux unpack the ransomware and vulnerability trends that defined 2025. From the persistent ransomware threats targeting the manufacturing sector to the rise of stealthy "living off the land" tactics, we b…
- Cybersecurity’s double-header: 2025 insights from Talos and Splunk
In this episode of Talos Takes, Amy is joined by William Largent (Cisco Talos) and Lou Stella (Splunk) for a "double-header" discussion. With the recent release of the Cisco Talos 2025 Year in Review and the Splunk Top 50 Cybersecurity Thr…
- Modernizing your threat hunt
In this episode of Talos Takes, David Bianco from Cisco Foundation AI joins Amy to demystify the world of proactive cyber defense. We explore the evolution of the PEAK Threat Hunting framework and talk through how security teams can modern…
- Holding the line: Service provider security
Martin Lee and Amy discuss the cybersecurity challenges facing service providers, who are critical infrastructure targets. They cover methods for detecting intrusions, the complexities of patching, and the role of industry cooperation in m…
- IR Trends Q4 2025: Ransomware chills and phishing heats up
This Talos Takes episode discusses Q4 2025 cybersecurity trends with Dave Liebenberg, Strategic Analysis Team Lead. It covers defenses against ransomware, top organizational threats like exploited public-facing applications and new vulnera…
- Cracking the code: What encryption can (and can’t) do for you
This episode of Talos Takes features Amy Ciminnisi, Yuri Kramarz from Cisco Talos Incident Response, and Tim Wadhwa-Brown from Cisco Customer Experience discussing encryption. They cover what cryptography accomplishes, its limitations, and…
- Cybersecurity certifications and you
In the latest Talos Takes episode, host Amy Ciminnisi and Joe Marshall discuss cybersecurity certifications, including vendor-specific and vendor-agnostic options, their career benefits, and the challenges individuals face in pursuing them.
- 2015 vs 2025: What the Last Decade of Threats Taught Us
In this episode of Talos Takes, host Hazel and teammates Pierre Cadieux, Alex Ryan, and Joe Marshall compare cybersecurity threats, tools, and challenges of 2015 with 2025. They discuss the evolution of ransomware, shifts in APTs, the impo…
- When You’re Told “No Budget”: The Blueprint for Staying Secure
Three Cisco Talos Incident Response experts join Hazel to discuss cybersecurity strategies for organizations facing budget constraints, rising threats, and limited staff. The episode covers optimizing existing resources, open-source soluti…
- How Attackers Use Your Own Tools Against You (IR trends Q3 2025)
In this episode of Talos Takes, Bill Largent and Craig Jackson discuss the Q3 2025 Cisco Talos Incident Response Quarterly Trends Report. The discussion covers Toolsell events, increased post-exploitation phishing, and the misuse of tools…
- Passwordless Security: Debunking the Biggest Myths
Hazel hosts Cisco Duo experts Steven Leung and Tess Mishoe on Talos Takes to discuss passwordless security. They address common myths, compare MFA methods, and explore passwordless solutions
- You Can't Patch Burnout: When Cybersecurity Takes a Toll
Every October, Cybersecurity Awareness Month brings a wave of tips: update your software, enable MFA, use strong passwords. But what good is any of that if the people behind the defenses are feeling burned out? In this episode of Talos Tak…
- Tampered Chef: When Malvertising Serves Up Infostealers
Imagine downloading a PDF Editor tool from the internet that works great...until nearly two months later, when it quietly steals your credentials. That’s the reality of “Tampered Chef,” a malvertising campaign that preyed on users searchin…
- Inside the Black Hat NOC: Lessons in Securing One of the Wildest Networks
How do you build and defend a network where attacks are not just expected-they're part of the curriculum? In this episode, Hazel talks with Jessica Oppenheimer, Director of Security Operations at Cisco, about the ten years she's spent in t…
- Breaking Down Chaos: Tactics and Origins of a New RaaS Operation
Hazel is joined by threat intelligence researcher James Nutland to discuss Cisco Talos’ latest findings on the newly emerged Chaos ransomware group. Based on real-world incident response engagements, James breaks down Chaos’ fast, multi-th…
- Why Attackers Love Your Remote Access Tools
Attackers are increasingly abusing the same remote access tools that IT teams rely on every day. In this episode, Hazel sits down with Talos security researcher Pierre Cadieux to unpack why these legitimate tools have become such an effect…
- Teaching LLMs to spot malicious PowerShell scripts
Hazel welcomes back Ryan Fetterman from the SURGe team to explore his new research on how large language models (LLMs) can assist those who work in security operations centers to identify malicious PowerShell scripts. From teaching LLMs th…
- How cybercriminals are camouflaging threats as fake AI tool installers
Chetan Raghuprasad joins Hazel to discuss his threat hunting research into fake AI tool installers, which criminals are using to distribute ransomware, RATS, stealers and other destructive malware. He discusses the attack chain of three di…
- Inside the attack chain: A new methodology for tracking compartmentalized threats
Edmund Brumaghin joins Hazel to discuss how threat actors (including state sponsored attackers), are increasingly compartmentalizing their attacks i.e they're bringing in specialist skillsets from other groups to handle different aspects o…
- Follow the motive: Rethinking defense against Initial Access Groups
In this episode, Hazel welcomes Talos researcher Ashley Shen to discuss the evolution of initial access brokers (IABs) and the importance of distinguishing between different types of IABs. We talk about the need for a new taxonomy to categ…
- Year in Review special pt. 4: How AI is influencing the threat landscape?
A jam packed episode of guests means a slightly longer Talos Takes for your feed today! We welcome Amy Chang and Omar Santos from Cisco, Vitor Ventura from Talos, and Ryan Fetterman from Splunk. Together, we discuss how AI isn't rewriting…
- Year in Review special part 3: Identity and MFA attacks
Steven Leung from Cisco Duo joins Hazel to discuss the prevalence of identity-based attacks, why they're happening, and the various methods attackers are using to circumvent MFA (Multi-Factor Authentication), based on data in Talos' 2024 Y…
- Year in Review special part 2: The biggest ransomware trends
Azim Khodjibaev and Lexi DiScola join Hazel to discuss some of the most prolific ransomware groups (and why LockBit may end this year very differently to how they ended 2024). They also discuss the dominant techniques of ransomware actors,…
- Year in Review special part 1: vulnerabilities, email threats, and adversary tooling
Talos researchers Martin Lee and Thorsten Rosendahl join Hazel for the first of our dedicated episodes on the top findings from Talos' 2024 Year in Review. We discuss the vulnerabilities that attackers most targeted, how this compares with…
- A blueprint for protecting major events
Have you ever wondered what it takes to put on a major event like a World Cup or the Olympics, and all the cybersecurity and threat intelligence that needs to be done beforehand? Today’s episode is all about that. Hazel is joined by one of…
- Why attackers are using hidden text salting to evade email filters
In this episode Hazel chats with Omid Mirzaei, a security research lead in the email threat research team at Cisco Talos. Omid and several Talos teammates recently released a blog on hidden text salting (or poisoning) within emails and how…
- How to establish a threat intelligence program (Cisco Live EMEA preview)
It's an European takeover this week, as Hazel sits down with Talos EMEA threat researchers Martin Lee and Thorsten Rosendahl. They're heading to Cisco Live EMEA next week (February 9-14) to deliver a four hour session on how to establish a…
- Web shell frenzies, the first appearance of Interlock, and why hackers have the worst cybersecurity: IR Trends Q4 2024
Joe Marshall and Craig Jackson join Hazel to discuss the biggest takeaways from Cisco Talos Incident Response's latest Quarterly Trends report. This time the spotlight is on web shells and targeted web applications – both have seen large i…
- Exploring vulnerable Windows drivers
Hazel sits down with Vanja Svajcer from Talos' threat research team. Vanja is a prolific malware hunter and this time he's here to talk about vulnerable Windows drivers. We've been covering these drivers quite a bit on the Talos blog over…
- It's the 35th anniversary of ransomware - let's talk about the major shifts and changes
Ransomware is 35 years old this month, which isn't exactly something to celebrate. But in any case, do join Hazel and special guest Martin Lee to discuss what happened in the very first ransomware incident in December 1989 and why IT "wasn…
- Unwrapping the emerging Interlock ransomware attack
Chetan Raghuprasad is our guest today as he breaks down the relatively new Interlock ransomware attack. Cisco Talos Incident Response recently observed this attacker conducting big-game hunting and double extortion attacks. Chetan talks ab…
- It's Taplunk! Talos and Splunk threat researchers meet to put the security world to rights
What happens when two sets of threat researchers from Talos and Splunk's SURGe team meet? Aside from some highly controversial opinions and omissions about the best horror movie, the team discuss what security trends are FUD, and what's ac…
- The biggest takeaways from Talos IR's new report: New ransomware variants, EDR tool uninstallation, and password spray attacks increasing
The Talos IR Quarterly Trends Q3 2024 is out now! In this episode Hazel Burton, Craig Jackson and Bill Largent discuss three big themes: some new ransomware players, the 'Bring Your Own Vulnerable Driver' trend, and why password spray atta…
- How Talos IR and Splunk are teaming up
Hazel Burton steps in as guest host this week to talk to Brad Garnett, the head of Cisco Talos Incident Response, and JK Lialias, the head of cybersecurity product marketing for Splunk. Brad and JK share two exciting in which Talos is bein…
- Why the BlackByte ransomware group may be more active than we initially thought
James Nutland from Talos' Threat Intelligence team joins the show this week to talk to Jon about his report on the BlackByte ransomware group . They cover why this group is actually more active than we initially thought, and check on the g…
- AI, critical infrastructure dominate conversation at Hacker Summer Camp
It's quite the gang for Talos Takes this week with Joe Marshall, Nick Biasini and Mick Baccio (from Splunk's SURGe team) joining Jon this week to recap Black Hat and DEF CON. They share all the conversations and talking points they heard a…
- A 1-on-1 with Talos VP Matt Watchinski
He's been here since the beginning, and now he's ready to reflect on the past 10 years of Cisco Talos. Matt Watchinski, the Vice President of Talos for Cisco, joins Jon this week to talk about Talos' recently celebrated 10th birthday and t…
- What should we be doing to better support open-source software?
People who maintain, create and update open-source software are the unsung heroes of the internet. Their work keeps much of our networks running on a daily basis, and the vast majority of them do it for free! While there are some security…
- Threat actor trends and the most prevalent malware from the past quarter
Hazel Burton guest hosts this week to recap the top threats observed by Cisco Talos Incident Response (Talos IR) in the second quarter of 2024. She’s then joined by Talos’ Joe Marshall and Craig Jackson to pick out some of the most interes…
- You got a data breach notification. Now what?
Joe Marshall, Talos' resident ICS and IoT expert, and Pierre Cadieux from Talos Incident Response join Jon this week to discuss data breaches. Between Snowflake, AT&T, Ticketmaster and more, we should probably assume our data has been part…
- What we learned from studying the TTPs of the 14 most active ransomware groups
Fresh off an analysis of the 14 most active ransomware groups , James Nutland joins Jon this week to discuss his findings. They talk about the most common TTPs shared among these groups, and the potential outliers among these gangs and how…
- Time to catch up on the wide-reaching Snowflake incident
Over 160 companies have been affected by a data breach at data storage company Snowflake, including Ticketmaster, Nieman Marcus and more. But the issue wasn't a security vulnerability or some sophisticated malware — it was just someone who…
- Everything we know about denial-of-service attacks in 2024
You may think a DDoS attack is so early aughts. But some of the largest attacks of this type have occurred in just the past few years. Talos recently updated our advice for how to best mitigate and prepare for this threat, so Aliza Johnson…
- The many shades of LilacSquid
Anna Bennett, one of Talos' threat hunters, joins the show this week to talk about one of her recent findings — the LilacSquid APT . This is a newly discovered threat actor that Talos found hiding on networks for months and years at a time…
- A mid-year checkin on Volt Typhoon
The Volt Typhoon threat actor is one of the longest-running cybersecurity storylines this year. The Chinese state-sponsored actor has already been accused of a range of attacks, specifically targeting critical infrastructure and U.S. milit…
- How much has AI helped bad actors who spread disinformation?
Inspired by his quotes in a recent CNBC article, Jon Munshaw wanted to have Martin Lee on the show this week to discuss AI and how adversaries can use these tools to create deepfakes and disinformation. Martin shares why he thinks the thre…
- Recapping RSA
Nicole Hoffman, fresh off her trip to the RSA Conference, joins host Jon Munshaw this week to talk about her major takeaways from the week in San Francisco. Nicole talks about how most of the discussions on the floor centered around AI, an…
- Why CoralRaider is looking to steal your login credentials
Joey Chen from Talos' Outreach team is here to tell us all about his research into the CoralRaider threat actor. He's helped write two posts on the recently discovered APT, disclosing new information about how this Vietnamese-based actor i…