Category: Cisco Talos Blog

Thor examines why supply chain and identity attacks took center stage in this week’s headlines, rather than AI and ransomware. This article has been indexed from Cisco Talos Blog Read the original article: Beaches and breaches

Read more →

The Cyber Threat Intelligence Capability Maturity Model (CTI-CMM) helps organizations assess and improve their threat intelligence programs by outlining 11 key areas and specific missions where CTI can support decision-making. This article has been indexed from Cisco Talos Blog Read…

Read more →

Microsoft has released its monthly security update for September 2025, which includes 86 vulnerabilities affecting a range of products. This article has been indexed from Cisco Talos Blog Read the original article: Microsoft Patch Tuesday for September 2025 – Snort…

Read more →

Explore lessons learned from over two years of Talos IR pre-ransomware engagements, highlighting the key security measures, indicators and recommendations that have proven effective in stopping ransomware attacks before they begin. This article has been indexed from Cisco Talos Blog…

Read more →

Bill takes thoughtful look at the transition from summer camp to grind season, explores the importance of mental health and reflects on AI psychiatry. This article has been indexed from Cisco Talos Blog Read the original article: From summer camp…

Read more →

This week, Joe encourages you to find your community in cybersecurity and make the effort to grow, network and hack stuff together. This article has been indexed from Cisco Talos Blog Read the original article: Link up, lift up, level…

Read more →

Cisco Talos’ Vulnerability Discovery & Research team recently disclosed ten vulnerabilities in BioSig Libbiosig, nine in Tenda AC6 Router, eight in SAIL, two in PDF-XChange Editor, and one in a Foxit PDF Reader. The vulnerabilities mentioned in this blog post…

Read more →

Amy (ahem, Special Agent Dale Cooper) shares lessons from their trip to the Olympic Peninsula and cybersecurity travel tips for your last-minute adventures. This article has been indexed from Cisco Talos Blog Read the original article: Cherry pie, Douglas firs…

Read more →

A Russian state-sponsored group, Static Tundra, is exploiting an old Cisco IOS vulnerability to compromise unpatched network devices worldwide, targeting key sectors for intelligence gathering. This article has been indexed from Cisco Talos Blog Read the original article: Russian state-sponsored…

Read more →

Get an inside look at how JJ Cummings helped build and lead one of Cisco Talos’ most impactful security teams, and discover what drives him to stay at the forefront of threat intelligence. This article has been indexed from Cisco…

Read more →

Ransomware attackers continue to primarily target small and medium-sized manufacturing businesses in Japan. This article has been indexed from Cisco Talos Blog Read the original article: Ransomware incidents in Japan during the first half of 2025

Read more →

Cisco Talos discovered UAT-7237, a Chinese-speaking advanced persistent threat (APT) group active since at least 2022, which has significant overlaps with UAT-5918. This article has been indexed from Cisco Talos Blog Read the original article: UAT-7237 targets Taiwanese web hosting…

Read more →

Hazel braves Vegas, overpriced water and the Black Hat maze to bring you Talos’ latest research — including a deep dive into the PS1Bot malware campaign. This article has been indexed from Cisco Talos Blog Read the original article: What…

Read more →

Microsoft has released its monthly security update for August 2025, which includes 111 vulnerabilities affecting a range of products, including 13 that Microsoft marked as “critical”.   In this month's release, Microsoft observed none of the included vulnerabilities being actively exploited…

Read more →

Cisco Talos has observed an ongoing malware campaign that seeks to infect victims with a multi-stage malware framework, implemented in PowerShell and C#, which we are referring to as “PS1Bot.” This article has been indexed from Cisco Talos Blog Read…

Read more →

Talos reported 5 vulnerabilities to Broadcom and Dell affecting both the ControlVault3 Firmware and its associated Windows APIs that we are calling “ReVault”. This article has been indexed from Cisco Talos Blog Read the original article: ReVault! When your SoC…

Read more →

Can AI really write safer code? Martin dusts off his software engineer skills to put it it to the test. Find out what AI code failed at, and what it was surprisingly good at. Also, we discuss new research on…

Read more →

Cisco Talos’ Vulnerability Discovery & Research team recently disclosed seven vulnerabilities in WWBN AVideo, four in MedDream, and one in an Eclipse ThreadX module. The vulnerabilities mentioned in this blog post have been patched by their respective vendors, all in…

Read more →

Talos reported 5 vulnerabilities to Broadcom and Dell affecting both the ControlVault3 Firmware and its associated Windows APIs that we are calling “ReVault”. This article has been indexed from Cisco Talos Blog Read the original article: ReVault! When your SoC…

Read more →

In 2023, Cisco Talos and partners created a special Backdoors & Breaches card deck to help NGOs improve their cybersecurity skills with practical, easy-to-use training tailored to their needs. This article has been indexed from Cisco Talos Blog Read the…

Read more →

In this edition of the Threat Source newsletter, William explores This article has been indexed from Cisco Talos Blog Read the original article: The Booker Prize Longlist and Hacker Summer Camp

Read more →

Phishing remained the top initial access method in Q2 2025, while ransomware incidents see the emergence of new Qilin tactics. This article has been indexed from Cisco Talos Blog Read the original article: IR Trends Q2 2025: Phishing attacks persist…

Read more →

LLMs may serve as powerful assistants to malware analysts to streamline workflows, enhance efficiency, and provide actionable insights during malware analysis. This article has been indexed from Cisco Talos Blog Read the original article: Using LLMs as a reverse engineering…

Read more →

Cisco Talos is back at Black Hat with new research, threat detection overviews and opportunities to connect with our team. Whether you’re interested in what we’re seeing in the threat landscape, detection engineering or real-world incident response, here’s where and…

Read more →

ENISA’s 2025 NIS2 guidance makes compliance more complex, but Talos IR’s services directly align with new requirements for reporting, logging and incident response. This article has been indexed from Cisco Talos Blog Read the original article: Insights from Talos IR:…

Read more →

Get to know the real people behind cybersecurity’s front lines. In this week’s newsletter, sci-fi meets reality, humanity powers technology and a few surprises are waiting to be discovered. This article has been indexed from Cisco Talos Blog Read the…

Read more →

Cisco Talos’ Vulnerability Discovery & Research team recently disclosed five vulnerabilities in Bloomberg Comdb2.   Comdb2 is an open source, high-availability database developed by Bloomberg. It supports features such as clustering, transactions, snapshots, and isolation. The implementation of the database utilizes…

Read more →

Cisco Talos Incident Response (Talos IR) recently observed attacks by Chaos, a relatively new ransomware-as-a-service (RaaS) group conducting big-game hunting and double extortion attacks. This article has been indexed from Cisco Talos Blog Read the original article: Unmasking the new…

Read more →

In the first Humans of Talos, Amy sits with Hazel Burton — storyteller, security advocate, and all-around Talos legend. Hazel shares her journey from small business entrepreneurship to leading content programs at Talos. This article has been indexed from Cisco…

Read more →

Cisco Talos is aware of the ongoing exploitation of CVE-2025-53770 and CVE-2025-53771 in the wild. These are path traversal vulnerabilities affecting SharePoint Server Subscription Edition, SharePoint Server 2016, and SharePoint Server 2019. This article has been indexed from Cisco Talos…

Read more →

Cisco Talos is aware of the ongoing exploitation of CVE-2025-53770 and CVE-2025-53771 in the wild. These are path traversal vulnerabilities affecting SharePoint Server Subscription Edition, SharePoint Server 2016, and SharePoint Server 2019. This article has been indexed from Cisco Talos…

Read more →

This week, Martin shows how stepping away from the screen can make you a stronger defender, alongside an inside scoop on emerging malware threats. This article has been indexed from Cisco Talos Blog Read the original article: This is your…

Read more →

Cisco Talos uncovered a stealthy Malware-as-a-Service (MaaS) operation that used fake GitHub accounts to distribute a variety of dangerous payloads and evade security defenses. This article has been indexed from Cisco Talos Blog Read the original article: MaaS operation using…

Read more →

The decision between immediate action and delayed response made the difference between ransomware prevention and complete encryption in these two real-world Talos IR engagements. This article has been indexed from Cisco Talos Blog Read the original article: Talos IR ransomware…

Read more →

Thorsten takes stock of a rapidly evolving vulnerability landscape: record-setting CVE publication rates, the growing fragmentation of reporting systems, and why consistent tracking and patching remain critical as we move through 2025. This article has been indexed from Cisco Talos…

Read more →

Cisco Talos’ Vulnerability Discovery & Research team recently disclosed two vulnerabilities each in Asus Armoury Crate and Adobe Acrobat products.   The vulnerabilities mentioned in this blog post have been patched by their respective vendors, all in adherence to Cisco’s third-party…

Read more →

Microsoft has released its monthly security update for July 2025, which includes 132 vulnerabilities affecting a range of products, including 14 that Microsoft marked as “critical.” This article has been indexed from Cisco Talos Blog Read the original article: Microsoft…

Read more →

This Fourth of July, Bruce, the 25-foot mechanical shark from Jaws, shares how his saltwater struggles mirror the need for real-world cybersecurity stress testing. This article has been indexed from Cisco Talos Blog Read the original article: A message from…

Read more →

A popular social engineering technique returns: callback phishing, or TOAD attacks, which leverage PDFs, VoIP anonymity and even QR code tricks. This article has been indexed from Cisco Talos Blog Read the original article: PDFs: Portable documents, or perfect deliveries…

Read more →

This week, Joe reflects on his unique path into cybersecurity and shares honest advice for breaking into the field. Plus, learn how cybercriminals are abusing AI to launch more sophisticated attacks and what you can do to stay protected. This…

Read more →

Cisco Talos uncovered and analyzed two critical vulnerabilities in ASUS’ AsIO3.sys driver, highlighting serious security risks and the importance of robust driver design. This article has been indexed from Cisco Talos Blog Read the original article: Decrement by one to…

Read more →

Cybercriminals are increasingly gravitating towards uncensored LLMs, cybercriminal-designed LLMs and jailbreaking legitimate LLMs. This article has been indexed from Cisco Talos Blog Read the original article: Cybercriminal abuse of large language models

Read more →

In this edition, Thor shares how a week off with a new car turned into a crash course in modern vehicle tech. Surprisingly, it offers many parallels to cybersecurity usability. This article has been indexed from Cisco Talos Blog Read…

Read more →

Attackers are increasingly hiding in plain sight, using the same tools IT and security teams rely on for daily operations. This blog breaks down common techniques and provides recommendations to defenders. This article has been indexed from Cisco Talos Blog…

Read more →

Learn how the North Korean-aligned Famous Chollima is using the a new Python-based RAT, “PylangGhost,” to target cryptocurrency and blockchain jobseekers in a campaign affecting users primarily in India. This article has been indexed from Cisco Talos Blog Read the…

Read more →

In this week’s edition, Bill explores the importance of self-awareness and building repeatable processes to better secure your environment. This article has been indexed from Cisco Talos Blog Read the original article: Know thyself, know thy environment

Read more →

Cisco Talos’ Vulnerability Discovery & Research team recently disclosed three zero-day vulnerabilities in catdoc, as well as vulnerabilities in Parallel, NVIDIA and High-Logic FontCreator 15. This article has been indexed from Cisco Talos Blog Read the original article: catdoc zero-day,…

Read more →

Microsoft has released its monthly security update for June 2025, which includes 66 vulnerabilities affecting a range of products, including 10 that Microsoft marked as “critical.” This article has been indexed from Cisco Talos Blog Read the original article: Microsoft…

Read more →

In this week’s newsletter, Martin emphasizes that awareness, basic cyber hygiene and preparation are essential for everyone, and highlights Talos’ discovery of the new PathWiper malware. This article has been indexed from Cisco Talos Blog Read the original article: Everyone’s…

Read more →

Cisco Talos observed a destructive attack on a critical infrastructure entity within Ukraine, using a previously unknown wiper we are calling “PathWiper.” This article has been indexed from Cisco Talos Blog Read the original article: Newly identified wiper malware “PathWiper”…

Read more →

Talos Content Manager Amy introduces themself, shares her unconventional journey into cybersecurity and reports on threats masquerading as AI installers. This article has been indexed from Cisco Talos Blog Read the original article: A new author has appeared

Read more →

Cisco Talos has uncovered new threats, including ransomware like CyberLock and Lucky_Gh0$t, and a destructive malware called Numero, all disguised as legitimate AI tool installers to target victims. This article has been indexed from Cisco Talos Blog Read the original…

Read more →

Talos analyzed six months of PowerShell network telemetry and found that rare domains are over three times more likely to be malicious compared to frequently contacted ones. This article has been indexed from Cisco Talos Blog Read the original article:…

Read more →

Hazel observes that cybercriminals often fumble teamwork, with fragile alliances crumbling over missed messages. Plus, how UAT-6382 is exploiting Cityworks and what you can do to stay secure. This article has been indexed from Cisco Talos Blog Read the original…

Read more →

Talos has observed exploitation of CVE-2025-0994 in the wild by UAT-6382, a Chinese-speaking threat actor, who then deployed malware payloads via TetraLoader. This article has been indexed from Cisco Talos Blog Read the original article: UAT-6382 exploits Cityworks zero-day vulnerability…

Read more →

Cisco Talos built on Tenable’s discovery of a Google Cloud Platform vulnerability to uncover how attackers could exploit similar techniques across AWS and Azure. This article has been indexed from Cisco Talos Blog Read the original article: Duping Cloud Functions:…

Read more →

In this week’s newsletter, Thor inspects the LockBit leak, finding $10,000 “security tips,” ransom negotiations gone wrong and a rare glimpse into the human side of cybercrime. This article has been indexed from Cisco Talos Blog Read the original article:…

Read more →

Microsoft has released its monthly security update for May of 2025 which includes 78 vulnerabilities affecting a range of products, including 11 that Microsoft marked as “critical”.   Microsoft noted five vulnerabilities that have been observed to be exploited in the…

Read more →

Threat actors are teaming up, splitting attacks into stages and making defense harder than ever. In Part 1, Cisco Talos examines their tactics and defines their motivations. This article has been indexed from Cisco Talos Blog Read the original article:…

Read more →

How do you profile actors and defend your systems when multiple threat actors are working together? In Part 2, Cisco Talos proposes an extended Diamond Model to analyze complex relationships between attackers. This article has been indexed from Cisco Talos…

Read more →

How do attackers exploit authority bias to manipulate victims? Martin shares proactive strategies to protect yourself and others in this must-read edition of the Threat Source newsletter. This article has been indexed from Cisco Talos Blog Read the original article:…

Read more →

A new spam campaign is targeting Brazilian users with a clever twist — abusing the free trial period of trusted remote monitoring tools and the country’s electronic invoice system to spread malicious agents. This article has been indexed from Cisco…

Read more →

Learn more about the framework Talos IR uses to conduct proactive threat hunts, and how we can help you stay one step ahead of emerging threats. This article has been indexed from Cisco Talos Blog Read the original article: Proactive…

Read more →

Joe talks about how helping the helpers can put a fire in you and the importance of keeping nonprofits cybersecure. This article has been indexed from Cisco Talos Blog Read the original article: Understanding the challenges of securing an NGO

Read more →

Threat actors are bypassing MFA with adversary-in-the-middle attacks via reverse proxies. Phishing-as-a-Service tools like Evilproxy make these threats harder to detect. This article has been indexed from Cisco Talos Blog Read the original article: State-of-the-art phishing: MFA bypass

Read more →

2024 wasn’t the year that AI rewrote the cybercrime playbook — but it did turbocharge some of the old tricks. Read this summary of AI-based threats, from Talos’ 2024 Year in Review. This article has been indexed from Cisco Talos…

Read more →

This quarter, phishing attacks surged as the primary method for initial access. Learn how you can detect and prevent pre-ransomware attacks. This article has been indexed from Cisco Talos Blog Read the original article: IR Trends Q1 2025: Phishing soars…

Read more →

In this edition, Bill explores how intellectual curiosity drives success in cybersecurity, shares insights on the IAB ToyMaker’s tactics, and covers the top security headlines you need to know. This article has been indexed from Cisco Talos Blog Read the…

Read more →

Cisco Talos discovered a sophisticated attack on critical infrastructure by ToyMaker and Cactus, using the LAGTOY backdoor to orchestrate a relentless double extortion scheme. This article has been indexed from Cisco Talos Blog Read the original article: Introducing ToyMaker, an…

Read more →

Cisco Talos discovered a sophisticated attack on critical infrastructure by ToyMaker and Cactus, using the LAGTOY backdoor to orchestrate a relentless double extortion scheme. This article has been indexed from Cisco Talos Blog Read the original article: Introducing ToyMaker, an…

Read more →

For the third topic for Talos’ 2024 Year in Review, we tell the story of how identity has become the pivot point for adversarial campaigns. This article has been indexed from Cisco Talos Blog Read the original article: Year in…

Read more →

In this week’s newsletter, Thorsten muses on how search engines and AI quietly gather your data while trying to influence your buying choices. Explore privacy-friendly alternatives and get the scoop on why it’s important to question the platforms you interact…

Read more →

Cisco Talos observed the ongoing global spread of the XorDDoS malware, predominantly targeting the United States, with evidence suggesting Chinese-speaking operators are using sophisticated tools to orchestrate widespread attacks. This article has been indexed from Cisco Talos Blog Read the…

Read more →

Cisco Talos’ Vulnerability Discovery & Research team recently disclosed three vulnerabilities found in Eclipse ThreadX and four vulnerabilities in STMicroelectronics.    The vulnerabilities mentioned in this blog post have been patched by their respective vendors, all in adherence to Cisco’s third-party…

Read more →

This week, our Year in Review spotlight is on ransomware—where low-profile tactics led to high-impact consequences. Download our 2 page ransomware summary, or watch our 55 second video. This article has been indexed from Cisco Talos Blog Read the original article: Year in…

Read more →

Martin delves into how threat actors exploit chaos, offering insights from Talos’ 2024 Year in Review on how to fortify defenses against evolving email lures and frequently targeted vulnerabilities, even amidst economic disruption. This article has been indexed from Cisco…

Read more →

Cisco Talos has observed a widespread and ongoing financial theft SMS phishing (smishing) campaign since October 2024 that targets toll road users in the United States of America. This article has been indexed from Cisco Talos Blog Read the original…

Read more →

Microsoft has released its monthly security update for April of 2025 which includes 126 vulnerabilities affecting a range of products, including 11 that Microsoft has marked as “critical”. This article has been indexed from Cisco Talos Blog Read the original…

Read more →

From Talos’ 2024 Year in Review, here are some findings from the top targeted network device vulnerabilities. We also explore how threat actors are moving away from time sensitive lures in their emails. And finally we reveal the tools that…

Read more →

Want to know the most notable findings in Talos’ Year in Review directly from our report’s authors? Watch our two part video series. This article has been indexed from Cisco Talos Blog Read the original article: Year in Review: In…

Read more →

Hazel highlights the key findings within Cisco Talos’ 2024 Year in Review (now available for download) and details our active tracking of an ongoing campaign targeting users in Ukraine with malicious LNK files. This article has been indexed from Cisco…

Read more →

In this podcast, Joe, Hazel, Bill and Dave break down Talos’ Year in Review 2024 and discuss how and why cybercriminals have been leaning so heavily on attacks that are routed in stealth in simplicity. This article has been indexed…

Read more →

Download Talos’ 2024 Year in Review now, and access key insights on the top targeted vulnerabilities of the year, network-based attacks, email threats, adversary toolsets, identity attacks, multi-factor authentication (MFA) abuse, ransomware and AI-based attacks. This article has been indexed…

Read more →

Cisco Talos is actively tracking an ongoing campaign, targeting users in Ukraine with malicious LNK files which run a PowerShell downloader since at least November 2024. This article has been indexed from Cisco Talos Blog Read the original article: Gamaredon…

Read more →

In this blog post, Joe covers the very basics of money laundering, how it facilitates ransomware cartels, and what the regulatory future holds for cybercrime. This article has been indexed from Cisco Talos Blog Read the original article: Money Laundering…

Read more →

In this week’s Threat Source newsletter, William pitches a fun comparison between baseball legend Ichiro Suzuki and the unsung heroes of information security, highlights newly released UAT-5918 research, and shares an exciting new Talos video. This article has been indexed…

Read more →

UAT-5918, a threat actor believed to be motivated by establishing long-term access for information theft, uses a combination of web shells and open-sourced tooling to conduct post-compromise activities to establish persistence in victim environments for information theft and credential harvesting.…

Read more →

Cisco Talos’ Vulnerability Discovery & Research team recently disclosed a Miniaudio and three Adobe vulnerabilities.   The vulnerabilities mentioned in this blog post have been patched by their respective vendors, all in adherence to Cisco’s third-party vulnerability disclosure policy.     For Snort…

Read more →

Thorsten picks apart some headlines, highlights Talos’ report on an unknown attacker predominantly targeting Japan, and asks, “Where is the victim, and does it matter?” This article has been indexed from Cisco Talos Blog Read the original article: Patch it…

Read more →

Cascading Style Sheets (CSS) are ever present in modern day web browsing, however its far from their own use. This blog will detail the ways adversaries use CSS in email campaigns for evasion and tracking. This article has been indexed…

Read more →

Microsoft has released its monthly security update for March of 2025 which includes 57 vulnerabilities affecting a range of products, including 6 that Microsoft marked as “critical”. This article has been indexed from Cisco Talos Blog Read the original article:…

Read more →

Martin Lee dives into to the complexities of defending our customers from threat actors and covers the latest Talos research in this week’s newsletter. This article has been indexed from Cisco Talos Blog Read the original article: Who is Responsible…

Read more →

Cisco Talos has discovered an active exploitation of CVE-2024-4577 by an attacker in order to gain access to the victim’s machines and carry out post-exploitation activities. This article has been indexed from Cisco Talos Blog Read the original article: Unmasking…

Read more →

Joe has some advice for anyone experiencing self doubt or wondering about their next career move. Plus, catch up on the latest Talos research on scams targeting sellers, and the Lotus Blossom espionage group. This article has been indexed from…

Read more →

Lotus Blossom espionage group targets multiple industries with different versions of Sagerunex and hacking tools This article has been indexed from Cisco Talos Blog Read the original article: Lotus Blossom espionage group targets multiple industries with different versions of Sagerunex…

Read more →

There are many risks associated with selling items on online marketplaces that individuals and organizations should be aware of when conducting business on these platforms. This article has been indexed from Cisco Talos Blog Read the original article: Your item…

Read more →

William discusses what happens when security is an afterthought rather than baked into processes and highlights the latest of Talos’ security research. This article has been indexed from Cisco Talos Blog Read the original article: Efficiency? Security? When the quest…

Read more →

Cisco Talos has been closely monitoring reports of widespread intrusion activity against several major U.S. telecommunications companies, by a threat actor dubbed Salt Typhoon. This blog highlights our observations on this campaign and identifies recommendations for detection and prevention. This…

Read more →

Cisco Talos’ Vulnerability Discovery & Research team recently disclosed two vulnerabilities in ClearML and four vulnerabilities in Nvidia.  The vulnerabilities mentioned in this blog post have been patched by their respective vendors, all in adherence to Cisco’s third-party vulnerability disclosure…

Read more →

Hazel discusses Interpol’s push to rename pig butchering scams as ‘romance baiting’. Plus, catch up on the latest vulnerability research from Talos, and why a recent discovery is a “rare industry win”. This article has been indexed from Cisco Talos…

Read more →