Category: Cisco Talos Blog

Responding to a state-sponsored threat is nothing like responding to ransomware, and the differences can make or break the outcome. Learn why your IR plan might need revisiting, and the factors you should consider. This article has been indexed from Cisco Talos Blog…

Read more →

Cybersecurity concepts — logs, packets, DNS exfiltration, and more — are usually intangible, and its practitioners are prone to mental fatigue, Amy takes a second to yell at you to go touch grass. This article has been indexed from Cisco…

Read more →

Talos has recently started to collect and gather intelligence around phone numbers within emails as an additional indicator of compromise (IOC). In this blog, we discuss new insights into in-the-wild phone number reuse in scam emails. This article has been indexed from Cisco Talos Blog Read the original article: Insights into the…

Read more →

Cisco Talos discovered an intrusion, active since at least January 2026, where an unknown attacker implanted a CloudZ remote access tool (RAT) and a previously undocumented plugin called “Pheno.” This article has been indexed from Cisco Talos Blog Read the original article: CloudZ RAT potentially steals OTP messages using Pheno plugin

Read more →

Cisco Talos is disclosing UAT-8302, a sophisticated, China-nexus advanced persistent threat (APT) group targeting government entities in South America since at least late 2024 and government agencies in southeastern Europe in 2025. This article has been indexed from Cisco Talos…

Read more →

In this week’s newsletter, Hazel uses International Superhero Day as a springboard to explore why empathy — rather than just technical prowess — is the most essential, underrated superpower for navigating the human side of cybersecurity. This article has been…

Read more →

Just as AI brings time-saving advantages to our lives, it brings similar advantages to threat actors. We can take the advantage back. This blog shows how generative AI can be used to rapidly deploy adaptive honeypot systems. This article has been…

Read more →

With attackers moving faster than ever, it’s easy to feel overwhelmed. This blog breaks down five practical priorities from the Cisco Talos 2025 Year in Review to help defenders focus and prioritize, amidst all the noise. This article has been…

Read more →

In this newsletter, Joe discusses why understanding other disciplines can often flow back into the macro and micro of cybersecurity, especially in a world of AI. This article has been indexed from Cisco Talos Blog Read the original article: It…

Read more →

Cisco Talos is aware of UAT-4356’s continued active targeting of Cisco Firepower devices’ Firepower eXtensible Operating System (FXOS). UAT-4356 exploited n-day vulnerabilities (CVE-2025-20333 and CVE-2025-20362) to gain unauthorized access to vulnerable devices. This article has been indexed from Cisco Talos…

Read more →

Phishing reemerged as the most observed means of gaining initial access, accounting for over a third of the engagements where initial access could be determined. Phishing has not been the top vertical for initial access since Q2 2025. This article has been indexed from Cisco…

Read more →

In this episode of Talos Takes, Amy and Martin Lee unpack state-sponsored and phishing trends from the 2025 Talos Year in Review. This article has been indexed from Cisco Talos Blog Read the original article: [Podcast] It’s not you, it’s…

Read more →

In 2025, attackers increasingly targeted weaknesses in multi-factor authentication (MFA) workflows, and phishing attacks leveraged valid, compromised credentials to launch lures from trusted accounts. The trends focused entirely on trust, or the lack thereof, in everyday business operations. This article…

Read more →

Cisco Talos documents several macOS living-off-the-land (LOTL) techniques, demonstrating that native pathways for movement and execution remain accessible to those who understand the underlying architecture. This article has been indexed from Cisco Talos Blog Read the original article: Bad Apples:…

Read more →

Cisco Talos’ Vulnerability Discovery & Research team recently disclosed one Foxit Reader vulnerability, and six LibRaw file reader vulnerabilities. The vulnerabilities mentioned in this blog post have been patched by their respective vendors, all in adherence to Cisco’s third-party vulnerability…

Read more →

Thor provides an overview of the Q1 2026 vulnerability statistics, highlighting key trends in legacy CVEs and the evolving impact of AI on the threat landscape. This article has been indexed from Cisco Talos Blog Read the original article: The…

Read more →

Wendy shares the unique challenges and rewards of bridging the gap between artistic expression and highly technical research. This article has been indexed from Cisco Talos Blog Read the original article: More than pretty pictures: Wendy Bishop on visual storytelling…

Read more →

Cisco Talos discovered an ongoing malicious campaign, operating since at least December 2025, affecting a broader workforce in the Czech Republic with a previously undocumented botnet we call “PowMix.” This article has been indexed from Cisco Talos Blog Read the original article: PowMix botnet targets Czech…

Read more →

Cisco Talos research has uncovered agentic AI workflow automation platform abuse in emails. Recently, we identified an increase in the number of emails that abuse n8n, one of these platforms, from as early as October 2025 through March 2026. This article has been indexed from Cisco Talos Blog Read the original article:…

Read more →

Overview of patch tuesday release from Microsoft for April 2026. This article has been indexed from Cisco Talos Blog Read the original article: Microsoft Patch Tuesday for April 2026 – Snort Rule and Prominent Vulnerabilities

Read more →