Podcasts

25 Years of Uninterrupted Persistence

Hazel, Dave and Joe plot to celebrate Bill's 25 years at Talos with stories and a good old fashioned roast.

The team also covers the latest security headlines, including AI-assisted vulnerability research, and why attackers still can’t resist abusing trusted systems (or Roblox).

They also break down the latest Cisco Talos Incident Response Quarterly Trends report, including:

• Phishing’s return as the top initial access vector
• AI-generated credential harvesting pages built in minutes
• Crimson Collective activity and GitHub token exposure
• Pre-ransomware incidents and early disruption
• Why logging (still) matters more than ever

Read the full report at https://blog.talosintelligence.com/ir-trends-q1-2026/

And for more guidance for defenders, check out this episode of The Talos Threat Perspective https://www.youtube.com/watch?v=wppL7JBshK8

Plus: Crossbows, Metasploit nostalgia, and why, despite everything, security fundamentals still win.

The trust paradox: How attackers weaponize legitimate SaaS platforms

In this episode of Talos Takes, Amy Ciminnisi sits down with researcher Diana Brown to discuss the rise of "platform-as-a-proxy" (PAP) attacks. We explore how threat actors are weaponizing legitimate SaaS platforms like GitHub and Jira to deliver phishing campaigns that bypass traditional security filters. By leveraging the platforms' own infrastructure to send authenticated emails, attackers are exploiting the inherent trust employees place in these essential business tools. We break down the mechanics of these campaigns and provide actionable strategies for security teams to move beyond binary trust and implement contextual awareness to better protect their organizations.

Blog: https://blog.talosintelligence.com/weaponizing-saas-notification-pipelines/