2025 Talos Year in Review: Speed, scale, and staying power
The 2025 Talos Year in Review is now available to view online. The pace and scale of adversary activity in 2025 placed sustained pressure on security…
Category: VendorResearch
CTI-REALM: A new benchmark for end-to-end detection rule generation with AI agents
Excerpt: CTI-REALM is Microsoft’s open-source benchmark for evaluating AI agents on real-world detection engineering—turning cyber threat intelligence (CTI) into validated detections. Instead of measuring “CTI…
New tools and guidance: Announcing Zero Trust for AI
Over the past year, I have had conversations with security leaders across a variety of disciplines, and the energy around AI is undeniable. Organizations are…
2025 Year in Review: Malicious, Infrastructure
Executive Summary In 2025, Insikt Group significantly expanded its tracking of malicious infrastructure, broadeningcoverage across additional malware families and threat categories spanning cybercriminal and APT…
Navigating Security Tradeoffs of AI Agents
The agentic AI future is upon us, and it poses age-old tradeoffs between security and productivity with higher stakes than ever. In early 2026, the…
Introducing Cyber Threat Exposure Bundle: A Unified Approach to External Risk
The expanding attack surface Organizations today defend an ever-expanding attack surface. The rapid integration of technology, including software as a service (SaaS) and customer-facing digital…
LABScon25 Replay | Your Apps May Be Gone, But the Hackers Made $9 Billion and They’re Still Here
In this LABScon 25 talk, Andrew MacPherson dives deep into the high-stakes world of crypto crime, which has amassed approximately $9 billion in illicit funds.…
New Microsoft Purview innovations for Fabric to safely accelerate your AI transformation
As organizations adopt AI, security and governance remain core primitives for safe AI transformation and acceleration. After all, data leaders are aware of the notion…
CVE-2026-20127: Critical Cisco SD-WAN vulnerability exploited in wild
Introduction CVE-2026-20127 is an improper authentication vulnerability impacting Cisco Catalyst SD-WAN Controller, formerly vSmart, and SD-WAN Manager, formerly vManage, components. The two solutions respectively serve…
From MBR Wipers to Identity Weaponization
Recent cyberattacks attributed to Iranian threat actors extend beyond typical network disruption. Rather than an isolated incident of sabotage, this type of attack sits within…
Threat Intelligence & the C-Suite
From Defensive Maneuvering to Proactive Decision-Making Threat intelligence is undergoing fundamental changes in both the breadth of its capabilities and its applications. We are seeing…
Third-Party Risk Statistics
Key Takeaways Third-party risk is escalating. In 2024, 30% of breaches involved a third-party vendor, twice as much as the previous year. Static assessments are…