In this newsletter, Joe discusses why understanding other disciplines can often flow back into the macro and micro of cybersecurity, especially in a world of AI.
Five defender priorities from the Talos Year in Review
With attackers moving faster than ever, it’s easy to feel overwhelmed. This blog breaks down five practical priorities from the Cisco Talos 2025 Year in Review to help defenders focus and prioritize, amidst all the noise.
AI-powered honeypots: Turning the tables on malicious AI agents
Just as AI brings time-saving advantages to our lives, it brings similar advantages to threat actors. We can take the advantage back. This blog shows how generative AI can be used to rapidly deploy adaptive honeypot systems.
In this week’s newsletter, Hazel uses International Superhero Day as a springboard to explore why empathy — rather than just technical prowess — is the most essential, underrated superpower for navigating the human side of cybersecurity.
CloudZ RAT potentially steals OTP messages using Pheno plugin
Cisco Talos discovered an intrusion, active since at least January 2026, where an unknown attacker implanted a CloudZ remote access tool (RAT) and a previously undocumented plugin called “Pheno.”
Cisco Talos is disclosing UAT-8302, a sophisticated, China-nexus advanced persistent threat (APT) group targeting government entities in South America since at least late 2024 and government agencies in southeastern Europe in 2025.
Insights into the clustering and reuse of phone numbers in scam emails
Talos has recently started to collect and gather intelligence around phone numbers within emails as an additional indicator of compromise (IOC). In this blog, we discuss new insights into in-the-wild phone number reuse in scam emails.
Cybersecurity concepts — logs, packets, DNS exfiltration, and more — are usually intangible, and its practitioners are prone to mental fatigue, Amy takes a second to yell at you to go touch grass.
State-sponsored actors, better known as the friends you don’t want
Responding to a state-sponsored threat is nothing like responding to ransomware, and the differences can make or break the outcome. Learn why your IR plan might need revisiting, and the factors you should consider.
Microsoft Patch Tuesday for May 2026 — Snort rules and prominent vulnerabilities
Microsoft has released its monthly security update for May 2026, which includes 112 vulnerabilities affecting a range of products, including 16 that Microsoft marked as “critical”.
Breaking things to keep them safe with Philippe Laulheret
Philippe shares his unique journey from French engineering school to the front lines of cybersecurity, explaining how his lifelong love for solving puzzles helps him uncover critical security flaws before they can be exploited.
Ongoing exploitation of Cisco Catalyst SD-WAN vulnerabilities
Cisco Talos is tracking the active exploitation of CVE-2026-20182, an authentication bypass vulnerability in Cisco Catalyst SD-WAN Controller, formerly SD-WAN vSmart, and Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage.
In this week’s newsletter, Martin reflects on what the next iteration of AI tools means for vulnerability discovery and our ability to manage large-scale patch releases.
Fragnesia, la nuova falla nel kernel Linux che regala privilegi di root: come difendersi
Una terza vulnerabilità critica in meno di tre settimane colpisce il kernel Linux. Fragnesia consente a qualsiasi utente locale senza privilegi di ottenere accesso root corrompendo la page cache del kernel. Il PoC è già pubblico. Ecco l'analisi tecnica, le distribuzioni coinvolte e le indicazioni operative per mitigare il rischio
Assunzioni nella cyber: pesa il divario di competenze nell’era AI
Il Global Cybersecurity Skills Gap Report 2026 di Fortinet analizza il persistente gap di competenze nella sicurezza informatica nell’attuale panorama di rischio in continua evoluzione, alla luce dei progressi dell'AI. Ecco l'ombra che si allunga sulle assunzioni in cyber security
Quando condividere una notizia diventa un trattamento dati: ecco le responsabilità concrete
Chi prende una notizia, la modifica e la rilancia online, anche senza intenzione di danneggiare, può esporsi a responsabilità penali per diffamazione e, in molti casi, a responsabilità ai sensi del GDPR. Ecco perché il soggetto assume il ruolo di titolare del trattamento e deve rispettare regole precise
La mutazione del GRU nella dottrina russa della guerra cibernetica
L’eclissi di Icaro e la fabbrica degli ufficiali: riorganizzazione strutturale delle potenze avversarie - con la Russia del GRU e la Cina in prima linea - volta a riscrivere le regole della proiezione del potere globale attraverso una guerra invisibile, ma totale. Ecco la mutazione genetica della sovranità digitale
Cyber Journey 2026: servono formazione, confronto e visione per una sicurezza efficace
A Cagliari si svolgerà il Cyber Journey 2026 dove hanno già confermato la presenza speaker di calibro internazionale. Ecco le tre direttrici che guidano l’edizione di quest'anno
Classificare o non classificare, questo è il dilemma!
Classificare gli asset è un passaggio indispensabile soprattutto negli ambienti sempre più virtualizzati e negli ecosistemi complessi in cui possono intervenire più soggetti, al fine di proteggere e creare il valore della sicurezza cyber. Tutto sta nel farlo con metodo
Data manipulation, l’attacco che non si vede: minaccia strutturale dell’industria connessa
A differenza del ransomware, che si annuncia con una nota di riscatto, la Data Manipulation può restare invisibile per settimane o mesi. Ecco perché è la minaccia numero uno rilevata nei sistemi OT e IoT delle organizzazioni italiane e perché per il manifatturiero italiano la visibilità OT non è un investimento opzionale
Mythos trova bug persino in Apple: una sveglia per tutte le aziende
Calif, con Claude Mythos Preview, ha scoperto un exploit su MacOS 26.4.1 su chip M5. Si conferma che con l'AI è urgente un cambio di passo nella cybersecurity
The first timeline of April 2026 brings an evolution in terms of methodology: from now on I will map the initial access techniques with the MITRE ATT&CK model. I also decided to merge the cate…
Your AI Agents Are Creating Identity Chaos (And You Don't Even Know It)
The AI agent explosion is happening whether we're ready or not. The companies that take identity seriously now will save themselves a world of pain later.
Identity Is the New Perimeter: Access, Authentication, and Control That Actually Hold Up
Part 3 of a series on creating information security policies.
Attackers don’t break in…they log in.
That’s a bit of a dramatic exaggeration, and it seems cliché, but it’s not really too far off.
Consider the 2022 Uber breach. The attacker didn’t exploit a sophisticated vulnerability; they obtained a contractor’s credentials and then bombarded the user with MFA push requests until one was approved. That single moment of fatigue opened the door to internal systems and broader access.
Or look a
An introduction to the canine intelligence cell, a volunteer investigative effort focused on exposing the criminal networks exploiting dogs through trafficking, legal loopholes, fraud, violence, and organised abuse.
In April 2026, Cyber Crime continued to lead the Motivations, once again ahead of Cyber Espionage. Cyber Warfare took the third place, ahead of Hacktivism.