Category: Cisco Talos Blog

A look at 2025 state-sponsored threats, exploring how actors linked to China, Russia, North Korea, and Iran use vulnerabilities, identity, and trusted access paths to achieve their goals. This article has been indexed from Cisco Talos Blog Read the original…

Read more →

In this episode of The Talos Threat Perspective, we discuss how vulnerability exploitation is accelerating, and why attacker speed, AI, and exposed systems are affecting the patch window. This article has been indexed from Cisco Talos Blog Read the original…

Read more →

Bill discusses why obsessing over strategy games is actually a secret weapon to outsmart threat actors. This article has been indexed from Cisco Talos Blog Read the original article: The threat hunter’s gambit

Read more →

The Year in Review distills Talos IR’s observations into structured intelligence, but defenders should also be feeding this report back into their own preparation cycles. Here’s how. This article has been indexed from Cisco Talos Blog Read the original article:…

Read more →

Cisco Talos uncovered a cluster of activity we track as UAT-10362 conducting spear-phishing campaigns against Taiwanese non-governmental organizations (NGOs) and suspected universities to deliver a newly identified malware family, “LucidRook.” This article has been indexed from Cisco Talos Blog Read the original article: New Lua-based malware…

Read more →

In this episode of Talos Takes, Amy and Pierre Cadieux unpack the ransomware and vulnerability trends that defined 2025. This article has been indexed from Cisco Talos Blog Read the original article: Talos Takes: 2025’s ransomware trends and zombie vulnerabilities

Read more →

The year was characterized by an unending beat-down on infrastructure that relied on older enmeshed dependencies (e.g., Log4j and PHPUnit), while React2Shell rocketed to the highest percentage of attacks for the entire year within the last three weeks of 2025. This article has been…

Read more →

Cisco Talos has recently observed an increase in activity that is leveraging notification pipelines in popular collaboration platforms to deliver spam and phishing emails. This article has been indexed from Cisco Talos Blog Read the original article: The Trojan horse of cybercrime: Weaponizing SaaS…

Read more →

Overview of the recent Axios NPM supply chain incident including details of the payloads delivered from actor-controlled infrastructure. This article has been indexed from Cisco Talos Blog Read the original article: Axios NPM supply chain incident

Read more →

In the span of just a few weeks, we have observed a dizzying array of major supply chain attacks. Prominent examples include the malicious modification of Axios, a popular HTTP client library for JavaScript, as well as cascading compromises from…

Read more →

Overview of the recent Axios NPM supply chain incident including details of the payloads delivered from actor-controlled infrastructure. This article has been indexed from Cisco Talos Blog Read the original article: Axois NPM Supply Chain Incident

Read more →

This week, Martin tells the story of a crime he encountered and how it shows that the threat landscape is changing. This article has been indexed from Cisco Talos Blog Read the original article: The democratisation of business email compromise…

Read more →

An episode of the Talos Threat Perspective on the 2025 Year in Review trends. We explore how identity is being used to gain, extend, and maintain access inside environments. This article has been indexed from Cisco Talos Blog Read the…

Read more →

There were 134 ransomware incidents reported in Japan in 2025, representing a 17.5% year-over-year increase from 2024. This article has been indexed from Cisco Talos Blog Read the original article: An overview of ransomware threats in Japan in 2025 and…

Read more →

A conversation between Cisco Talos and Cisco Security leaders on the 2025 threat landscape, from identity attacks and legacy vulnerabilities to AI-driven threats, and what defenders should prioritize now. This article has been indexed from Cisco Talos Blog Read the…

Read more →

This blog provides an in-depth analysis of the malicious “msimg32.dll” used in Qilin ransomware attacks, which is a multi-stage infection chain targeting EDR systems. This article has been indexed from Cisco Talos Blog Read the original article: Qilin EDR killer…

Read more →

Talos is disclosing a large-scale automated credential harvesting campaign carried out by a threat cluster we currently track as UAT-10608. The campaign is primarily leveraging a collection framework dubbed “NEXUS Listener.” This article has been indexed from Cisco Talos Blog Read the original article: UAT-10608: Inside a…

Read more →

A summary of the top ransomware trends from the Talos 2025 Year in Review, with a focus on identity, attacker tactics, and practical defenses. This article has been indexed from Cisco Talos Blog Read the original article: Ransomware in 2025:…

Read more →

Cisco Talos’ Vulnerability Discovery & Research team recently disclosed a vulnerability in HikVision, as well as 10 in TP-Link, and 19 in Canva. The vulnerabilities mentioned in this blog post have been patched by their respective vendors, all in adherence…

Read more →

In this week’s newsletter, Amy draws parallels between the collaborative themes of “Project Hail Mary” and the massive team effort behind the newly released Talos Year in Review report. This article has been indexed from Cisco Talos Blog Read the…

Read more →