Talos Takes

When synthetic logs don’t lie: Generating coherent attack stories for better detection

Are your detection rules failing because your test data lacks the nuance of a real-world network?  In this episode of Talos Takes, Amy sits down with David Bianco to discuss why traditional synthetic data often falls short and how his new open-source project, EvidenceForge, is changing the game. Synthetic datasets often look like telemetry but lack the critical causal links and realistic background noise that define actual adversary activity. EvidenceForge solves this by creating data that tells a coherent, causal story. From simulating complex attack chains to modeling realistic, "bursty" human behavior, this tool helps threat hunters and detection engineers to sharpen their skills with reproducible, high-quality telemetry. EvidenceForge blog: https://blog.talosintelligence.com/introducing-evidenceforge-synthetic-security-logs-that-dont-look-as-fake/ [https://blog.talosintelligence.com/introducing-evidenceforge-synthetic-security-logs-that-dont-look-as-fake/] PEAK Threat Hunting Assistant episode: https://www.buzzsprout.com/2018149/episodes/18825324  [https://www.buzzsprout.com/2018149/episodes/18825324]

The trust paradox: How attackers weaponize legitimate SaaS platforms

In this episode of Talos Takes, Amy Ciminnisi sits down with researcher Diana Brown to discuss the rise of "platform-as-a-proxy" (PAP) attacks. We explore how threat actors are weaponizing legitimate SaaS platforms like GitHub and Jira to deliver phishing campaigns that bypass traditional security filters. By leveraging the platforms' own infrastructure to send authenticated emails, attackers are exploiting the inherent trust employees place in these essential business tools. We break down the mechanics of these campaigns and provide actionable strategies for security teams to move beyond binary trust and implement contextual awareness to better protect their organizations. Blog: https://blog.talosintelligence.com/weaponizing-saas-notification-pipelines/ [https://blog.talosintelligence.com/weaponizing-saas-notification-pipelines/]

It's not you, it's your printer: State-sponsored and phishing threats in 2025

In this episode, we unpack state-sponsored and phishing trends from the 2025 Talos Year in Review. Amy and Martin Lee explore the alarming rise of internal phishing campaigns that bypass traditional perimeter defenses, including the widespread weaponization of Microsoft 365's Direct Send feature. Beyond simple phishing, we analyze the aggressive, blended operations of state-sponsored actors from China and North Korea who are combining high-level zero-day exploits with sophisticated social engineering. From the "Dear Leader" interview test to the reality of fake developer personas, we break down exactly how these adversaries are infiltrating modern organizations.  2025 Year in Review report: https://blog.talosintelligence.com/2025yearinreview/ [https://blog.talosintelligence.com/2025yearinreview/]

2025's ransomware trends and zombie vulnerabilities

In this episode, Amy and Pierre Cadieux unpack the ransomware and vulnerability trends that defined 2025. From the persistent ransomware threats targeting the manufacturing sector to the rise of stealthy "living off the land" tactics, we break down what these shifts mean for your defense strategy. Why are attackers are increasingly targeting your management infrastructure? How do you spot the difference between a system admin and a threat actor? Tune in to hear Talos' insights on how to move beyond reacting to threats and start building a more resilient, proactive security posture for the year ahead.  View the 2025 Year in Review here: https://blog.talosintelligence.com/2025yearinreview/ [https://blog.talosintelligence.com/2025yearinreview/]

Cybersecurity’s double-header: 2025 insights from Talos and Splunk

In this episode of Talos Takes, Amy is joined by William Largent (Cisco Talos) and Lou Stella (Splunk) for a "double-header" discussion. With the recent release of the Cisco Talos 2025 Year in Review and the Splunk Top 50 Cybersecurity Threats report, we’re breaking down the most critical trends that shaped the security landscape last year — all based on Cisco telemetry, Talos' original research, and Talos Incident Response engagements. From the professionalization of ransomware-as-a-service to the persistent challenge of decade-old vulnerabilities, this episode moves beyond the headlines to provide a practical roadmap for defenders. You’ll get tips on how to prioritize your defenses and reduce your attack surface for the year ahead. Talos 2025 Year in Review: https://blog.talosintelligence.com/2025yearinreview/ [https://blog.talosintelligence.com/2025yearinreview/] Splunk Top 50 Cybersecurity Threats: https://www.splunk.com/en_us/campaigns/top-50-security-threats.html [https://www.splunk.com/en_us/campaigns/top-50-security-threats.html]