The threat hunter’s gambit

This Talos newsletter highlights several active and high-impact threats: weaponized SaaS notification pipelines used for phishing and credential harvesting, an APT (Fancy Bear) campaign compromising home routers to steal credentials, Storm-1175's rapid deployment of Medusa ransomware exploiting CVE-2026-1731, a North Korean-linked $285M fraud against Drift, and the discovery of LucidRook malware targeting Taiwanese NGOs; it also publishes multiple malware hashes and recommends zero-trust, SIEM ingestion of SaaS logs, and out-of-band verification to mitigate these threats.