Tag: Cisco Talos Blog

Talos analyzed six months of PowerShell network telemetry and found that rare domains are over three times more likely to be malicious compared to frequently contacted ones. This article has been indexed from Cisco Talos Blog Read the original article:…

Read more →

Hazel observes that cybercriminals often fumble teamwork, with fragile alliances crumbling over missed messages. Plus, how UAT-6382 is exploiting Cityworks and what you can do to stay secure. This article has been indexed from Cisco Talos Blog Read the original…

Read more →

Talos has observed exploitation of CVE-2025-0994 in the wild by UAT-6382, a Chinese-speaking threat actor, who then deployed malware payloads via TetraLoader. This article has been indexed from Cisco Talos Blog Read the original article: UAT-6382 exploits Cityworks zero-day vulnerability…

Read more →

Cisco Talos built on Tenable’s discovery of a Google Cloud Platform vulnerability to uncover how attackers could exploit similar techniques across AWS and Azure. This article has been indexed from Cisco Talos Blog Read the original article: Duping Cloud Functions:…

Read more →

In this week’s newsletter, Thor inspects the LockBit leak, finding $10,000 “security tips,” ransom negotiations gone wrong and a rare glimpse into the human side of cybercrime. This article has been indexed from Cisco Talos Blog Read the original article:…

Read more →

Microsoft has released its monthly security update for May of 2025 which includes 78 vulnerabilities affecting a range of products, including 11 that Microsoft marked as “critical”.   Microsoft noted five vulnerabilities that have been observed to be exploited in the…

Read more →

Threat actors are teaming up, splitting attacks into stages and making defense harder than ever. In Part 1, Cisco Talos examines their tactics and defines their motivations. This article has been indexed from Cisco Talos Blog Read the original article:…

Read more →

How do you profile actors and defend your systems when multiple threat actors are working together? In Part 2, Cisco Talos proposes an extended Diamond Model to analyze complex relationships between attackers. This article has been indexed from Cisco Talos…

Read more →

How do attackers exploit authority bias to manipulate victims? Martin shares proactive strategies to protect yourself and others in this must-read edition of the Threat Source newsletter. This article has been indexed from Cisco Talos Blog Read the original article:…

Read more →

A new spam campaign is targeting Brazilian users with a clever twist — abusing the free trial period of trusted remote monitoring tools and the country’s electronic invoice system to spread malicious agents. This article has been indexed from Cisco…

Read more →

Learn more about the framework Talos IR uses to conduct proactive threat hunts, and how we can help you stay one step ahead of emerging threats. This article has been indexed from Cisco Talos Blog Read the original article: Proactive…

Read more →

Joe talks about how helping the helpers can put a fire in you and the importance of keeping nonprofits cybersecure. This article has been indexed from Cisco Talos Blog Read the original article: Understanding the challenges of securing an NGO

Read more →

Threat actors are bypassing MFA with adversary-in-the-middle attacks via reverse proxies. Phishing-as-a-Service tools like Evilproxy make these threats harder to detect. This article has been indexed from Cisco Talos Blog Read the original article: State-of-the-art phishing: MFA bypass

Read more →

2024 wasn’t the year that AI rewrote the cybercrime playbook — but it did turbocharge some of the old tricks. Read this summary of AI-based threats, from Talos’ 2024 Year in Review. This article has been indexed from Cisco Talos…

Read more →

This quarter, phishing attacks surged as the primary method for initial access. Learn how you can detect and prevent pre-ransomware attacks. This article has been indexed from Cisco Talos Blog Read the original article: IR Trends Q1 2025: Phishing soars…

Read more →

In this edition, Bill explores how intellectual curiosity drives success in cybersecurity, shares insights on the IAB ToyMaker’s tactics, and covers the top security headlines you need to know. This article has been indexed from Cisco Talos Blog Read the…

Read more →

Cisco Talos discovered a sophisticated attack on critical infrastructure by ToyMaker and Cactus, using the LAGTOY backdoor to orchestrate a relentless double extortion scheme. This article has been indexed from Cisco Talos Blog Read the original article: Introducing ToyMaker, an…

Read more →

Cisco Talos discovered a sophisticated attack on critical infrastructure by ToyMaker and Cactus, using the LAGTOY backdoor to orchestrate a relentless double extortion scheme. This article has been indexed from Cisco Talos Blog Read the original article: Introducing ToyMaker, an…

Read more →

For the third topic for Talos’ 2024 Year in Review, we tell the story of how identity has become the pivot point for adversarial campaigns. This article has been indexed from Cisco Talos Blog Read the original article: Year in…

Read more →

In this week’s newsletter, Thorsten muses on how search engines and AI quietly gather your data while trying to influence your buying choices. Explore privacy-friendly alternatives and get the scoop on why it’s important to question the platforms you interact…

Read more →