Talos Takes

In this episode of Talos Takes, Amy is joined by William Largent (Cisco Talos) and Lou Stella (Splunk) for a "double-header" discussion. With the recent release of the Cisco Talos 2025 Year in Review and the Splunk Top 50 Cybersecurity Threats report, we’re breaking down the most critical trends that shaped the security landscape last year — all based on Cisco telemetry, Talos' original research, and Talos Incident Response engagements.From the professionalization of ransomware-as-a-service to the persistent challenge of decade-old vulnerabilities, this episode moves beyond the headlines to provide a practical roadmap for defenders. You’ll get tips on how to prioritize your defenses and reduce your attack surface for the year ahead.Talos 2025 Year in Review: https://blog.talosintelligence.com/2025yearinreview/Splunk Top 50 Cybersecurity Threats: https://www.splunk.com/en_us/campaigns/top-50-security-threats.html

In this episode of Talos Takes, David Bianco from Cisco Foundation AI joins Amy to demystify the world of proactive cyber defense. We explore the evolution of the PEAK Threat Hunting framework and talk through how security teams can modernize their approach to identifying risks before they escalate. David also provides an exclusive look at a new open-source tool designed to help hunters navigate the "prepare" phase of PEAK with ease. Whether you are building a new program from scratch or looking to refine your existing strategy, take a listen for actionable advice to help you take that next step in your security journey.PEAK Threat Hunting Assistant: https://blogs.cisco.com/security/introducing-peak-threat-hunting-assistantGitHub: https://github.com/cisco-foundation-ai/PEAK-Assistant

Service providers are the backbone of modern connectivity — but why are they such attractive targets for cyber actors, and what happens when critical networks go down? In this episode, Martin Lee joins Amy to explore the shifting threat landscape for service providers, asking how defenders can spot silent intrusions, what trade-offs must be considered when patching, and how industry collaboration helps prevent widespread disruptions. Join us as we unpack real-world examples and offer practical insights into protecting the infrastructure that keeps our world connected.Video: Footholds in Infrastructure: Protecting Service Providers

What separates organizations that successfully fend off ransomware from those that don’t? What were the top threats facing organizations? Can we (pretty please) get a sneak peek into the 2025 Year in Review?Amy is joined by Dave Liebenberg, Strategic Analysis Team Lead, to break down key findings from Q4 2025's Cisco Talos Incident Response Quarterly Trends Report. From the top threats facing organizations — like the persistent exploitation of public-facing applications and the rise of new vulnerabilities such as Oracle EBS and React2Shell — to the unexpected drop in ransomware cases, this episode is packed with useful info. Episode resources:Q4 2025 Quarterly Trends Report: https://blog.talosintelligence.com/ir-trends-q4-2025/Qilin blog: https://blog.talosintelligence.com/uncovering-qilin-attack-methods-exposed-through-multiple-cases/Cybersecurity on a Budget blog: https://blog.talosintelligence.com/cybersecurity-on-a-budget-strategies-for-an-economic-downturn/

Step into the fascinating world of cryptography. Host Amy Ciminnisi sits down with Yuri Kramarz from Cisco Talos Incident Response and Tim Wadhwa-Brown from Cisco Customer Experience to learn what encryption really accomplishes, where it leaves gaps, and when defenders need to take proactive measures.Whether you’re picturing classic codebreakers or the latest quantum-proof ciphers, this episode unpacks the essentials: what encryption and hashing actually mean, why key management is a make-or-break factor, and how even the best algorithms can fall short if the basics aren’t handled right.G7's "Coordinating the Transition to Post-Quantum Cryptography in the Financial Sector" roadmap: https://home.treasury.gov/news/press-releases/sb0355

Get ready for a brand-new era of Talos Takes! In the first episode of the year, Amy Ciminnisi, Talos’ Content Manager and new podcast host, steps up to the mic with Joe Marshall to explore certifications, one of cybersecurity’s overwhelming (and sometimes most controversial) topics. We dive into the world of vendor-specific and vendor-agnostic certs, the value they can bring to your career, and the barriers people often face to getting certified.Whether you’re a newcomer facing the sea of choices and feeling some analysis paralysis or a seasoned pro plotting your next move, this episode may just motivate you to tackle your next certification with confidence.Cybersecurity certification roadmap: https://pauljerimy.com/security-certification-roadmap/

In this special, end-of-year episode (and Hazel’s final show as host) Talos Takes goes on a time-travel adventure: What would a defender from 2015 think of the cybersecurity realities of 2025? Joined by Talos teammates Pierre Cadieux, Alex Ryan, and Joe Marshall, we compare the threats, tools, and challenges of 2015 with those of 2025. The team recalls where they were in their careers a decade ago, then dives deep into how ransomware has evolved, how APTs and state sponsored attacks have shifted, and why identity has become the new battleground for attackers and defenders alike. They discuss the impact of AI on both sides of the security equation, share what they miss from “the good old days,” of 2015, and offer practical advice for defenders facing the challenges of 2026 and beyond.

What happens when your to-do list keeps growing but your budget doesn’t? Hazel is joined by three Cisco Talos Incident Response experts to talk about the reality many organizations face: rising threats, aging infrastructure, and fewer people to defend it all.From configuring what you already have, to open-source strategies, to the impact of cybersecurity layoffs, this episode is packed with practical guidance for securing your organization during an economic downturn.Resources mentioned:https://blog.talosintelligence.com/cybersecurity-on-a-budget-strategies-for-an-economic-downturn/https://blogs.cisco.com/news/doubling-down-on-resilient-infrastructurehttps://talosintelligence.com/incident_response

In this episode of Talos Takes Hazel sits down with Talos' Bill Largent and Craig Jackson to discuss the latest Cisco Talos Incident Response Quarterly Trends Report (Q3 2025). From a wave of Toolshell events, to a rise in post-exploitation phishing, and the misuse of legitimate tools like Velociraptor, this quarter’s cases all point to a theme: attackers are getting very good at living off what’s already in your environment. Read the full report at https://blog.talosintelligence.com/ir-trends-q3-2025/

On this episode of Talos Takes, Hazel welcomes Cisco Duo experts Steven Leung and Tess Mishoe to bust the most common myths around passwordless security and multi-factor authentication (MFA). Discover why not all MFA is created equal, why passwordless doesn't mean less security, and the most seamless way to adopt passwordless solutions. Plus, learn the truth about how passwordless may affect compliance and audits, and whether passwordless really is more vulnerable to phishing.

Every October, Cybersecurity Awareness Month brings a wave of tips: update your software, enable MFA, use strong passwords. But what good is any of that if the people behind the defenses are feeling burned out?In this episode of Talos Takes, Hazel sits down with Joe Marshall for a candid, vulnerable conversation about the human cost of cybersecurity. Joe opens up about his experience during the VPNFilter campaign — months of secrecy, long hours, immense pressure, and the trauma it left behind. Hazel shares her own journey with burnout, and together they talk about how to recognise the warning signs.They close with practical steps: building a personal “incident response playbook” that includes boundaries, peer support, and self-care. Because at the end of the day, you can’t patch a system if you're burned out.

Imagine downloading a PDF Editor tool from the internet that works great...until nearly two months later, when it quietly steals your credentials. That’s the reality of “Tampered Chef,” a malvertising campaign that preyed on users searching for everyday software.In this episode, Nick Biasini explains how cybercriminals are investing in "malvertising", why enterprises are prime targets, and why there are additional challenges when it comes to defending against time-delayed attacks.

How do you build and defend a network where attacks are not just expected-they're part of the curriculum? In this episode, Hazel talks with Jessica Oppenheimer, Director of Security Operations at Cisco, about the ten years she's spent in the Black Hat Network Operations Center (NOC).Explore the technical challenges of segmenting and monitoring a network designed for experimentation, live hacking, and hands-on training, including how malicious and benign behaviors are distinguished in real time. Jessica shares how the NOC leverages Cisco technologies like the new machine learning-powered SnortML engine to detect zero-days, outliers, and advanced attack patterns that traditional rule sets miss.Learn how automation, contextual analysis, and collaborative response drive decision-making in this high-stakes environment, and how those lessons now influence security at global events like the Olympics and the Super Bowl.For more details, check out the Cisco blog wrap detailing all our Black Hat NOC activity https://blogs.cisco.com/security/bhusa-2025-noc

Hazel is joined by threat intelligence researcher James Nutland to discuss Cisco Talos’ latest findings on the newly emerged Chaos ransomware group. Based on real-world incident response engagements, James breaks down Chaos’ fast, multi-threaded encryption, their use of social engineering and remote access tools like Quick Assist, and the group’s likely connections to former BlackSuit operators. James also shares what defenders should be watching for and how to stay ahead of evolving ransomware tactics.Read the full research blog: https://blog.talosintelligence.com/new-chaos-ransomware

Attackers are increasingly abusing the same remote access tools that IT teams rely on every day. In this episode, Hazel sits down with Talos security researcher Pierre Cadieux to unpack why these legitimate tools have become such an effective tactic for adversaries.Pierre explains how the flexibility, legitimacy, and built-in capabilities of remote access management tools make them ideal for attackers who want to stay under the radar. They discuss trends Talos Incident Response is seeing in the field, examples of commonly abused tools, and the challenges defenders face when trying to detect misuse.You'll also hear practical advice on what defenders and IT teams can do today to better secure their environments — and what the rise of remote access management tool abuse tells us about attacker behavior and the current state of cybercrime.Resources mentioned:Talos Incident Response Quarterly Trends ReportWhen Legitimate Tools Go Rogue (Talos Blog)

Hazel welcomes back Ryan Fetterman from the SURGe team to explore his new research on how large language models (LLMs) can assist those who work in security operations centers to identify malicious PowerShell scripts. From teaching LLMs through examples, to using retrieval-augmented generation and fine-tuning specialized models, Ryan walks us through three distinct approaches, with surprising performance gains. For the full research, head to https://www.splunk.com/en_us/blog/security/guiding-llms-with-security-context.html