Lucene search
K
TalosblogRecent

2032 matches found

Talos Blog
Talos Blog
added 2 days ago3 views

Catan and Mouse

Welcome to this week's edition of the Threat Source newsletter. " I do not know everything; still many things I understand." ― Madeleine L'Engle, A Wrinkle in Time " Don't try to comprehend with your mind. Your minds are very limited. Use your intuition." ― Madeleine L'Engle, A Wind in the Door T...

10CVSS6.2AI score0.0116EPSS
Exploits1
Talos Blog
Talos Blog
added 3 days ago5 views

Martin Lee: Running through the Arctic (and the threat landscape)

Ever wonder how someone goes from studying human viruses to leading cybersecurity teams? In this Humans of Talos, we're joined by Martin Lee, EMEA Lead, to talk about his journey into the industry. Martin takes us back to the early days of the internet, explaining how he made the leap from academ...

5.7AI score
Exploits0
Talos Blog
Talos Blog
added 3 days ago26 views

ARToken: Inside an EvilTokens affiliate panel targeting Microsoft 365

Cisco Talos identified a fully-featured phishing-as-a-service PhaaS operator panel, branded "ARToken," that shares infrastructure, API contracts, and operational patterns with the EvilTokens platform documented by Sekoia and Microsoft in early 2026. The ARToken panel exposes 80+ API endpoints for...

5.7AI score
Exploits0
Talos Blog
Talos Blog
added 2026/06/25 6:0 p.m.11 views

Beyond IOCs: AI-enabled threat intelligence

Welcome to this week's Threat Source newsletter. The issue of AI in cybersecurity is often portrayed as a binary choice: either a force multiplier for our adversaries, or a tool bringing professional obsolescence. The reality is more nuanced. While AI certainly brings some advantage to attackers,...

6AI score
Exploits0
Talos Blog
Talos Blog
added 2026/06/25 10:0 a.m.15 views

Introduction to COM usage by Windows threats

Component Object Model COM is a fundamental Windows technology used by legitimate applications for object activation, inter-process communication, automation and language-independent component reuse. Those same qualities make it useful to threat actors. Malware frequently uses COM interfaces for...

5.7AI score
Exploits0
Talos Blog
Talos Blog
added 2026/06/18 6:0 p.m.14 views

Close Encounters of the Human Kind

Welcome to this week's Threat Source newsletter. I love a Spielberg summer. His ability to imbue a sense of wonder, awe, curiosity, and connection means he's in a league of his own. Granted, I haven't felt that from him in a while, but when he hits? Oof. I feel like I need somebody to reach acros...

5.5AI score
Exploits0
Talos Blog
Talos Blog
added 2026/06/18 10:0 a.m.8 views

Scripting the disassembler: Local agentic reverse engineering through vbdec’s live COM object model

Analysis tools do not need AI built in to support agentic workflows; they simply need to expose their data through an external scripting interface. Even traditional graphical user interface GUI applications can be made AI-accessible by publishing their internal object models, allowing agents to...

5.6AI score
Exploits0
Talos Blog
Talos Blog
added 2026/06/11 6:0 p.m.11 views

A tale of two eras

Welcome to this week's edition of the Threat Source newsletter. To the surprise of absolutely no one who has seen my face, I'm one of the younger employees at Talos. As my industry veteran colleagues were buying the first iPods, navigating the switch from dial-up to broadband, saying goodbye to...

5.8AI score
Exploits0
Talos Blog
Talos Blog
added 2026/06/09 9:21 p.m.11 views

Microsoft Patch Tuesday for June 2026 — Snort rules and prominent vulnerabilities

Microsoft has released its monthly security update for June 2026, which includes 206 vulnerabilities affecting a range of products, including 32 that Microsoft marked as "critical". Out of 32 "critical" entries, 28 are remote code execution RCE vulnerabilities in Microsoft Windows services and...

9.8CVSS8.3AI score0.21506EPSS
Exploits1
Talos Blog
Talos Blog
added 2026/06/04 6:0 p.m.13 views

Reporting from Vegas: Networking, AI, and good boys

Welcome to this week's edition of the Threat Source newsletter. Howdy friends, and hello from Cisco Live U.S., here in sunny and very hot Las Vegas! An interesting quirk of being sent to one of these events is you learn to understand your limits as a person. Cisco Live is a three-day event, and i...

5.9AI score
Exploits0
Talos Blog
Talos Blog
added 2026/06/04 12:5 p.m.10 views

Winning the cyber marathon with Tony Giandomenico

In the high-speed world of cybersecurity, the difference between a breach and a breakthrough often comes down to endurance. Tony Giandomenico, Senior Director of Product Management with Cisco Talos, joins me to discuss how he balances the intensity of leading major product launches with the...

5.7AI score
Exploits0
Talos Blog
Talos Blog
added 2026/06/04 12:5 p.m.9 views

Hypotheses, telemetry, and human judgment: Inside Cisco Talos Threat Hunting

By Ron Scott-Adams Most security tools operate on a simple principle: If a known-bad pattern appears, fire an alert. This works well enough for many threats, but it fails against adversaries who closely study detection thresholds and deliberately stay under them. Cisco Talos Threat Hunting operat...

5.7AI score
Exploits0
Talos Blog
Talos Blog
added 2026/05/28 6:0 p.m.11 views

Less panic patching, more precision

Welcome to this week's edition of the Threat Source newsletter. Recently, Martin closed his introduction with a warning: Ready or not, the time of much patching is coming. I've been chewing on that one for a while because I'm rethinking my own enrichment pipelines along these lines, and the...

5.9AI score
Exploits0
Talos Blog
Talos Blog
added 2026/05/28 10:0 a.m.18 views

DICOM, Pydicom, GDCM, and Orthanc: A technical tour of what really happens in the heap

Over the last decade, DICOM parsing has become an active research topic. The reason is simple: DICOM is both critical and complicated. Hospitals rely on DICOM-based PACS systems, and those systems often automatically ingest files received over the network. That means malformed data could directly...

5.9AI score
Exploits0
Talos Blog
Talos Blog
added 2026/05/27 2:0 p.m.11 views

MediaArea heap-based buffer overflow vulnerabilities

Cisco Talos' Vulnerability Discovery & Research team recently disclosed four vulnerabilities in MediaArea MediaInfoLib library. The vulnerabilities mentioned in this blog post have been patched by their respective vendor, in adherence to Cisco 's third-party vulnerability disclosure policy. For...

7.8CVSS6.3AI score0.00207EPSS
Exploits1
Talos Blog
Talos Blog
added 2026/05/27 10:0 a.m.10 views

Introducing EvidenceForge: Synthetic security logs that don’t look (as) fake

Security teams need high-quality, labeled datasets to train threat hunters and incident responders, validate detection logic, and develop robust analytic models. EvidenceForge helps teams overcome the limitations of anonymized or stale public datasets, while avoiding the cost and complexity of...

5.6AI score
Exploits0
Talos Blog
Talos Blog
added 2026/05/21 6:0 p.m.9 views

The art of being ungovernable

Welcome to this week's edition of the Threat Source newsletter. " It takes very little to govern good people. Very little. And bad people can't be governed at all. Or if they could, I never heard of it." ― Cormac McCarthy, No Country for Old Men Most of my career has been built on dichotomy:...

6.5AI score
Exploits0
Talos Blog
Talos Blog
added 2026/05/19 3:39 p.m.12 views

TP-Link, Photoshop, OpenVPN, Norton VPN vulnerabilities

Cisco Talos' Vulnerability Discovery & Research team recently disclosed eight vulnerabilities in TP-Link, and one each in Adobe Photoshop, OpenVPN, and Gen Digital's Norton VPN. The vulnerabilities mentioned in this blog post have been patched by their respective vendors, in adherence to Cisco 's...

8.8CVSS7.8AI score0.01232EPSS
Exploits0
Talos Blog
Talos Blog
added 2026/05/19 10:0 a.m.8 views

From PDB strings to MaaS: Tracking a commodity BadIIS ecosystem used by Chinese-speaking threat

Cisco Talos has uncovered a BadIIS variant -- identifiable by its embedded "demo.pdb" strings -- that functions as commodity malware. This variant is likely sold or shared among multiple Chinese-speaking cybercrime groups that operate under a malware-as-a-service MaaS model for continuous...

5.9AI score
Exploits0
Talos Blog
Talos Blog
added 2026/05/14 6:0 p.m.7 views

The time of much patching is coming

Welcome to this week's edition of the Threat Source newsletter. Many solutions have been proposed to reduce software bugs: zero-defect mandates, pair programming, formal methods, and mathematical software proofs. The reality is that software engineering is hard. Identifying and fixing bugs before...

5.9AI score
Exploits0
Talos Blog
Talos Blog
added 2026/05/14 4:2 p.m.9 views

Ongoing exploitation of Cisco Catalyst SD-WAN vulnerabilities

Cisco Talos is tracking the active exploitation of CVE-2026-20182, an authentication bypass vulnerability in Cisco Catalyst SD-WAN Controller, formerly SD-WAN vSmart, and Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage. Successful exploitation of CVE-2026-20182 allows an unauthenticated,...

10CVSS7.6AI score0.87693EPSS
Exploits13
Talos Blog
Talos Blog
added 2026/05/13 10:0 a.m.7 views

Breaking things to keep them safe with Philippe Laulheret

In the latest Humans of Talos, Amy sits down with Senior Vulnerability Researcher Philippe Laulheret to demystify the world of ethical hacking. Philippe shares his unique journey from French engineering school to the front lines of cybersecurity, explaining how his lifelong love for solving puzzl...

5.9AI score
Exploits0
Talos Blog
Talos Blog
added 2026/05/12 7:57 p.m.15 views

Microsoft Patch Tuesday for May 2026 — Snort rules and prominent vulnerabilities

By Jaeson Schultz Microsoft has released its monthly security update for May 2026, which includes 137 vulnerabilities affecting a range of products, including 31 that Microsoft marked as "critical". In this month's release, Microsoft has not observed any of the included vulnerabilities being...

9.9CVSS6.8AI score0.72253EPSS
Exploits39
Talos Blog
Talos Blog
added 2026/05/12 10:0 a.m.10 views

State-sponsored actors, better known as the friends you don’t want

State-sponsored actors don't break in. They log in, and they use your own tools to stay invisible for months. Responding to a state-sponsored threat is nothing like responding to ransomware, and the differences can make or break the outcome. From logging and baselines to OT segmentation and suppl...

5.9AI score
Exploits0
Talos Blog
Talos Blog
added 2026/05/07 6:0 p.m.12 views

Unplug your way to better code

Welcome to this week's edition of the Threat Source newsletter. Hey, you. Yeah, you! The person endlessly scrolling or typing away at their computer. Did you touch grass today? It's just an expression, but if nature's your thing, that works just fine. What I do mean is that due to the nature of t...

5.9AI score
Exploits0
Talos Blog
Talos Blog
added 2026/05/06 10:0 a.m.7 views

Insights into the clustering and reuse of phone numbers in scam emails

Cisco Talos has recently started to collect and gather intelligence around phone numbers within emails as an additional indicator of compromise IOC. In this blog, we discuss new insights into in-the-wild phone number reuse in scam emails. According to Talos' observations, the ease of API-driven...

5.7AI score
Exploits0
Talos Blog
Talos Blog
added 2026/05/05 10:0 a.m.10 views

UAT-8302 and its box full of malware

Cisco Talos is disclosing UAT-8302, a sophisticated, China-nexus advanced persistent threat APT group targeting government entities in South America since at least late 2024 and government agencies in southeastern Europe in 2025. After successful compromises, UAT-8302 deploys multiple custom-made...

8.8CVSS7.4AI score0.27426EPSS
Exploits0
Talos Blog
Talos Blog
added 2026/05/05 10:0 a.m.19 views

CloudZ RAT potentially steals OTP messages using Pheno plugin

Cisco Talos discovered an intrusion, active since at least January 2026, where an unknown attacker implanted a CloudZ remote access tool RAT and a previously undocumented plugin called "Pheno." According to the functionalities of the CloudZ RAT and Pheno plugin, this was with the intention of...

6.1AI score
Exploits0
Talos Blog
Talos Blog
added 2026/04/30 6:0 p.m.7 views

Great responsibility, without great power

Welcome to this week's edition of the Threat Source newsletter. As I'm writing this, today April 28 is International Superhero Day. If you don't know the origin story behind this, perhaps you would assume that this day was dreamed up by Marvel. And… you would be correct. However, it's not a pure...

9.8CVSS6.7AI score0.86607EPSS
Exploits7
Talos Blog
Talos Blog
added 2026/04/29 10:0 a.m.5 views

AI-powered honeypots: Turning the tables on malicious AI agents

Generative AI allows defenders to instantly create diverse honeypots, like Linux shells or Internet of Things IoT devices, using simple text prompts. This makes deploying complex, convincing deceptive environments much easier and more scalable than traditional methods. AI-driven attacks often...

10CVSS8.8AI score0.99999EPSS
Exploits130
Talos Blog
Talos Blog
added 2026/04/28 1:23 p.m.6 views

Five defender priorities from the Talos Year in Review

A familiar theme in security right now is that the barrier to entry for attackers is at an all-time low. AI tools can spin up websites within minutes that can easily direct data to disposable external data stores and send alerts for new captures -- all without code. One such case was recently...

6AI score
Exploits0
Talos Blog
Talos Blog
added 2026/04/23 6:0 p.m.7 views

It pays to be a forever student

Welcome to this week's edition of the Threat Source newsletter. If I haven't said it in a newsletter before, I'll say it now: If you want to be good at cybersecurity, be a forever student. Cultivating and feeding your desire to know how things work is one of the key ingredients to being a hacker...

7.7AI score
Exploits0
Talos Blog
Talos Blog
added 2026/04/23 3:10 p.m.10 views

UAT-4356's Targeting of Cisco Firepower Devices

Cisco Talos is aware of UAT-4356's continued active targeting of Cisco Firepower devices' Firepower eXtensible Operating System FXOS. UAT-4356 exploited n-day vulnerabilities CVE-2025-20333 and CVE-2025-20362 to gain unauthorized access to vulnerable devices, where the threat actor deployed their...

9.9CVSS9.5AI score0.85543EPSS
Exploits1
Talos Blog
Talos Blog
added 2026/04/22 10:0 a.m.6 views

IR Trends Q1 2026: Phishing reemerges as top initial access vector, as attacks targeting public administration persist

Phishing reemerged as the most observed means of gaining initial access, accounting for over a third of the engagements where initial access could be determined. Phishing has not been the top vector for initial access since Q2 2025. Public administration and health care tied as the most targeted...

6.2AI score
Exploits0
Talos Blog
Talos Blog
added 2026/04/21 12:29 p.m.6 views

[Podcast] It's not you, it's your printer: State-sponsored and phishing threats in 2025

!\Podcast\ It's not you, it's your printer: State-sponsored and phishing threats in 2025https://storage.ghost.io/c/af/a0/afa04ee3-414f-4481-8d23-7e7c146f192e/content/images/2026/04/YiR2025cover2x1-2-1.jpg In this episode, we unpack state-sponsored and phishing trends from the 2025 Talos Year in...

5.7AI score
Exploits0
Talos Blog
Talos Blog
added 2026/04/21 12:0 p.m.13 views

Phishing and MFA exploitation: Targeting the keys to the kingdom

In 2025, attackers increasingly targeted weaknesses in multi-factor authentication MFA workflows, and phishing attacks leveraged valid, compromised credentials to launch lures from trusted accounts. The trends focused entirely on trust, or the lack thereof, in everyday business operations. Phishi...

5.8AI score
Exploits0
Talos Blog
Talos Blog
added 2026/04/21 10:0 a.m.5 views

Bad Apples: Weaponizing native macOS primitives for movement and execution

As macOS adoption grows among developers and DevOps, it has become a high value target; however, native "living-off-the-land" LOTL techniques for the platform remain significantly under-documented compared to Windows. Adversaries can bypass security controls by repurposing native features like...

6.9AI score
Exploits0
Talos Blog
Talos Blog
added 2026/04/16 7:0 p.m.7 views

Foxit, LibRaw vulnerabilities

Cisco Talos' Vulnerability Discovery & Research team recently disclosed one Foxit Reader vulnerability, and six LibRaw file reader vulnerabilities. The vulnerabilities mentioned in this blog post have been patched by their respective vendors, all in adherence to Cisco 's third-party vulnerability...

9.8CVSS6.6AI score0.00746EPSS
Exploits5
Talos Blog
Talos Blog
added 2026/04/16 6:0 p.m.8 views

The Q1 vulnerability pulse

Welcome to this week's edition of the Threat Source newsletter. The first quarter of 2026 passed faster than a misconfigured firewall rule gets exploited -- and the last few weeks have been firmly stamped with the "software supply chain compromise" label, with headlines surrounding incidents...

6.3AI score
Exploits0
Talos Blog
Talos Blog
added 2026/04/16 10:0 a.m.7 views

PowMix botnet targets Czech workforce

Cisco Talos discovered an ongoing malicious campaign, operating since at least December 2025, affecting a broader workforce in the Czech Republic with a previously undocumented botnet we call "PowMix." PowMix employs randomized command-and-control C2 beaconing intervals, rather than persistent...

6.5AI score
Exploits0
Talos Blog
Talos Blog
added 2026/04/16 10:0 a.m.6 views

More than pretty pictures: Wendy Bishop on visual storytelling in tech

In this episode of Humans of Talos, Amy sits down with Wendy Bishop, Head of Creative, to explore the vital role of design in the world of cybersecurity. From her early beginnings in web design and journalism to leading the creative vision for Talos, Wendy shares the unique challenges and rewards...

5.8AI score
Exploits0
Talos Blog
Talos Blog
added 2026/04/15 10:0 a.m.6 views

The n8n n8mare: How threat actors are misusing AI workflow automation

Cisco Talos research has uncovered agentic AI workflow automation platform abuse in emails. Recently, we identified an increase in the number of emails that abuse n8n, one of these platforms, from as early as October 2025 through March 2026. In this blog, Talos provides concrete examples of how...

5.9AI score
Exploits0
Talos Blog
Talos Blog
added 2026/04/14 8:27 p.m.7 views

Microsoft Patch Tuesday for April 2026 - Snort Rule and Prominent Vulnerabilities

Microsoft has released its monthly security update for April 2026, which includes 165 vulnerabilities affecting a wide range of products, including eight Microsoft marked as "critical." CVE-2026-23666 is a critical Denial of Service DoS vulnerability that affects the .NET framework. Successful...

9.8CVSS6.8AI score0.64095EPSS
Exploits13
Talos Blog
Talos Blog
added 2026/04/14 1:49 p.m.10 views

State-sponsored threats: Different objectives, similar access paths

Across the Talos 2025 Year in Review, state-sponsored threat activity from China, Russia, North Korea, and Iran all had varying motivations, such as espionage, disruption, financial gain, and geopolitical influence. But when you look at how these operations actually unfold, similar tactics,...

6AI score
Exploits0
Talos Blog
Talos Blog
added 2026/04/10 3:29 p.m.6 views

[Video] The TTP Ep. 22: The Collapse of the Patch Window

!\Video\ The TTP Ep. 22: The Collapse of the Patch Windowhttps://storage.ghost.io/c/af/a0/afa04ee3-414f-4481-8d23-7e7c146f192e/content/images/2026/04/YiR2025cover2x1-3.jpg One of the clearest trends in the 2025 Talos Year in Review is just how quickly vulnerabilities are now being turned into...

5.9AI score
Exploits0
Talos Blog
Talos Blog
added 2026/04/09 6:0 p.m.10 views

The threat hunter’s gambit

Welcome to this week's edition of the Threat Source newsletter. " Study hard what interests you the most in the most undisciplined, irreverent and original manner possible." ― Richard Feynman " I had discovered that learning something, no matter how complex, wasn't hard when I had a reason to wan...

9.9CVSS7.9AI score0.86091EPSS
Exploits11
Talos Blog
Talos Blog
added 2026/04/09 10:0 a.m.12 views

From the field to the report and back again: How incident responders can use the Year in Review

Every year, Cisco Talos publishes Year in Review, a comprehensive look at the previous year's threat landscape. It's drawn from an enormous volume of telemetry, such as endpoint detections, network traffic, email data, and boots-on-the-ground Cisco Talos Incident Response Talos IR engagements. As...

6AI score
Exploits0
Talos Blog
Talos Blog
added 2026/04/08 10:0 a.m.4 views

New Lua-based malware “LucidRook” observed in targeted attacks against Taiwanese organizations

Cisco Talos uncovered a cluster of activity we track as UAT-10362 conducting spear-phishing campaigns against Taiwanese non-governmental organizations NGOs and suspected universities to deliver a newly identified malware family, "LucidRook." LucidRook is a sophisticated stager that embeds a Lua...

6.4AI score
Exploits0
Talos Blog
Talos Blog
added 2026/04/07 12:3 p.m.5 views

Talos Takes: 2025's ransomware trends and zombie vulnerabilities

Join Amy and Pierre Cadieux as they unpack the ransomware and vulnerability trends that defined 2025. From the persistent ransomware threats targeting the manufacturing sector to the rise of stealthy living-off-the-land tactics, we break down what these shifts mean for your defense strategy. Why...

5.9AI score
Exploits0
Talos Blog
Talos Blog
added 2026/04/07 10:0 a.m.10 views

The Trojan horse of cybercrime: Weaponizing SaaS notification pipelines

By Diana Brown Cisco Talos has recently observed an increase in activity that is leveraging notification pipelines in popular collaboration platforms to deliver spam and phishing emails. These emails are transmitted using the legitimate mail delivery infrastructure associated with GitHub and Jira...

5.9AI score
Exploits0
Total number of security vulnerabilities2032