Inside the Talos 2025 Year in Review: A discussion on what the data means for defenders

Every year, the Cisco Talos Year in Review captures the patterns shaping the threat landscape. The 2025 report paints a clear picture: Attackers are moving faster than ever, while using identity-related attacks as the primary battleground. To unpack the biggest takeaways and what they mean for...

You have to invite them in

Welcome to this week's edition of the Threat Source newsletter. I found myself watching the Oscars ceremony in its entirety for the first time in a few years. I'm in the U.K., so I watched it the following day. With next week's Year in Review launch looming and several pieces of content still to...

SpyCloud Report: 2/3 Orgs Extremely Concerned About Identity Attacks Yet Major Blind Spots Persist

Austin, Texas, USA, 23rd September 2025, CyberNewsWire...

Beaches and breaches

Welcome to this week's edition of the Threat Source newsletter. I took a two-week vacation thanks to Bill for covering my author shift last week and made the deliberate choice to leave my laptop behind. No emails, IMs, no IT at all. Thank you, European work culture! It was a complete break. Well,...

Defending against evolving identity attack techniques

In today’s evolving cyber threat landscape, threat actors are committed to advancing the sophistication of their attacks. The increasing adoption of essential security features like multifactor authentication MFA, passwordless solutions, and robust email protections has changed many aspects of th...

Year in Review: Attacks on identity and MFA

For our third focussed topic for Talos' 2024 Year in Review, we tell the story of how identity has become the pivot point for adversarial campaigns. The main themes of this story are credential abuse, Active Directory attacks, and MFA workarounds. Valid account usage was the 1 way attackers got i...

Microsoft’s Secure by Design journey: One year of success

Cybersecurity is one of the top risks facing businesses. Organizations are struggling to navigate the ever-evolving cyberthreat landscape in which 600 million identity attacks are carried out daily.1 The median time for a cyberattacker to access private data from phishing is 1 hour and 12 minutes...

Year in Review: In conversation with the report's authors

🎥 Talos Year in Review 2024: Part 1 & 2 - Watch Now! Another year, another mountain of malicious telemetry to sift through. I spoke with a few of Talos' Year in Review authors, freshly out of the sandbox, to discuss the how's and why's of our biggest findings. 👉 Part 1: The major theme of 2024, t...

Available now: 2024 Year in Review

Welcome to Cisco Talos' 2024 Year in Review, available for download now. This report is powered by threat telemetry from over 46 million global devices across 193 countries and regions, amounting to more than 886 billion security events per day. Explore key insights in topics including the top...

The $10 Cyber Threat Responsible for the Biggest Breaches of 2024

You can tell the story of the current state of stolen credential-based attacks in three numbers: Stolen credentials were the 1 attacker action in 2023/24, and the breach vector for 80% of web app attacks. Source: Verizon. Cybersecurity budgets grew again in 2024, with organizations now spending...

Where to find Talos at BlackHat 2024

With Black Hat just a week away, Cisco Talos is gearing up for another year of heading to Las Vegas to share in some of the latest major cybersecurity announcements, research and news. This year marks the 10th anniversary of Cisco Talos, as the Talos brand was officially launched in August 2014 a...

Snowflake isn’t an outlier, it’s the canary in the coal mine

By Nick Biasini with contributions from Kendall McKay and Guilherme Venere Headlines continue to roll in about the many implications and follow-on attacks originating from leaked and/or stolen credentials for the Snowflake cloud data platform. Adversaries obtained stolen login credentials for...

5 ways to secure identity and access for 2024

The security landscape is changing fast. In 2023, we saw a record-high 30 billion attempted password attacks per month, a 35% increase in demand for cybersecurity experts, and a 23% annual rise in cases processed by the Microsoft Security Response Center and Security Operations Center teams.1 Thi...

Microsoft named a Leader in 2023 Gartner® Magic Quadrant™ for Access Management for the 7th year​​

Protecting identity from compromise is top of mind for security professionals as identity attacks continue to intensify. Earlier this year we reported that we had observed a nearly three-fold increase in password attacks per second in the last two years, from 579 in 2021 to 4,000 in 2023.1 Identi...

Using the Manager Attribute in Active Directory (AD) for Password Resets

Creating workflows around verifying password resets can be challenging for organizations, especially since many have shifted work due to the COVID-19 global pandemic. With the numbers of cyberattacks against businesses exploding and compromised credentials often being the culprit, companies have ...

Microsoft Intelligent Security Association grows to more than 80 members

Sometimes an idea sparks, and it feels so natural, so organic, that it takes on a life of its own and surprises you by how fast it grows. The Microsoft Intelligent Security Association MISA was one of these ideas. It was born out of a desire to be easy to do business with and be a better partner ...