New threat actor, UAT-9921, leverages VoidLink framework in campaigns
Cisco Talos recently discovered a new threat actor, UAT-9221, leveraging VoidLink in campaigns. Their activities may go as far back as 2019, even without VoidLink.
Using AI to defeat AI
In this week’s newsletter Martin considers how defenders can turn offensive AI tools against themselves.
“Good enough” emulation: Fuzzing a single thread to uncover vulnerabilities
A Talos researcher used targeted emulation of the Socomec DIRIS M-70 gateway’s Modbus thread to uncover six patched vulnerabilities, showcasing efficient tools and methods for IoT security testing.
Ryan Liles, master of technical diplomacy
Ryan Liles reveals how he bridges the gap between Cisco’s product teams and third-party testing labs, mastering the art of technical diplomacy while driving industry standards forward and keeping the internet’s defenders ahead of the game.
Hand over the keys for Shannon’s shenanigans
In this week’s newsletter, Amy examines the rise of Shannon, an autonomous AI penetration testing tool, and what it means for security teams and risk management.
Microsoft Patch Tuesday for February 2026 — Snort rules and prominent vulnerabilities
Microsoft has released its monthly security update for February 2026, which includes 55 vulnerabilities affecting a range of products, including one (CVE-2025-59498) that Microsoft marked as “Critical”.
All gas, no brakes: Time to come to AI church
This week, Joe cautions the rush to adopt AI tools rife with truly awful security vulnerabilities.
Knife Cutting the Edge: Disclosing a China-nexus gateway-monitoring AitM framework
Cisco Talos uncovered “DKnife,” a fully featured gateway-monitoring and adversary-in-the-middle (AitM) framework comprising seven Linux-based implants.
I'm locked in!
Hazel reflects on how to find balance while staying informed, then delivers practical updates and insights on the latest cybersecurity threats.