Lucene search
K
TalosblogRecent

2032 matches found

Talos Blog
Talos Blog
added 2026/04/07 10:0 a.m.6 views

Year in Review: Vulnerabilities old and new and something React2

Speed and age shouldn't be allowed to pair up, but that is the theme of the Talos 2025 Year in Review vulnerability findings. Figure 1. React/React2Shell 2025 at the top, with PHPUnit 2017 and Log4j 2021 following up. The year was characterized by an unending beat-down on infrastructure that reli...

6.3AI score
Exploits0
Talos Blog
Talos Blog
added 2026/04/03 5:31 p.m.4 views

Do not get high(jacked) off your own supply (chain)

In the span of just a few weeks, we have observed a dizzying array of major supply chain attacks. Prominent examples include the malicious modification of Axios, a popular HTTP client library for JavaScript, as well as cascading compromises from TeamPCP, a "chaos-as-a-service" group that injected...

5.9AI score
Exploits0
Talos Blog
Talos Blog
added 2026/04/03 5:0 p.m.6 views

Axios NPM supply chain incident

Cisco Talos is actively investigating the March 31, 2026 supply chain attack on the official Axios node package manager npm package during which two malicious versions v1.14.1 and v0.30.4 were deployed. Axios is one of the more popular JavaScript libraries with as many as 100 million downloads pe...

6.1AI score
Exploits0
Talos Blog
Talos Blog
added 2026/04/02 6:0 p.m.7 views

The democratisation of business email compromise fraud

Welcome to this week's edition of the Threat Source newsletter. Last weekend, I witnessed a crime. Not a notable crime that you might read about in the press, but an unremarkable fraud attempt that nevertheless illustrates how new threat actor capabilities are emerging. I imagine that most people...

10CVSS7.3AI score0.99562EPSS
Exploits372
Talos Blog
Talos Blog
added 2026/04/02 1:6 p.m.5 views

[Video] The TTP Ep 21: When Attackers Become Trusted Users

!\Video\ The TTP Ep 21: When Attackers Become Trusted Usershttps://storage.ghost.io/c/af/a0/afa04ee3-414f-4481-8d23-7e7c146f192e/content/images/2026/04/YiR2025cover2x1.jpg In this episode of the Talos Threat Perspective, we explore how identity is being used to gain, extend, and maintain access...

5.9AI score
Exploits0
Talos Blog
Talos Blog
added 2026/04/02 10:0 a.m.8 views

UAT-10608: Inside a large-scale automated credential harvesting operation targeting web applications

Cisco Talos is disclosing a large-scale automated credential harvesting campaign carried out by a threat cluster we are tracking as "UAT-10608." Post-compromise, UAT-10608 leverages automated scripts for extracting and exfiltrating credentials from a variety of applications, that are then posted ...

10CVSS7.6AI score0.99562EPSS
Exploits372
Talos Blog
Talos Blog
added 2026/04/02 10:0 a.m.4 views

Qilin EDR killer infection chain

Endpoint detection and response EDR tools are widely deployed and far more capable than traditional antivirus. As a result, attackers use EDR killers to disable or bypass them. Disabling telemetry collection process, memory, network activity limits what defenders can see and analyze. As defenders...

6.3AI score
Exploits0
Talos Blog
Talos Blog
added 2026/04/02 10:0 a.m.8 views

Inside the Talos 2025 Year in Review: A discussion on what the data means for defenders

Every year, the Cisco Talos Year in Review captures the patterns shaping the threat landscape. The 2025 report paints a clear picture: Attackers are moving faster than ever, while using identity-related attacks as the primary battleground. To unpack the biggest takeaways and what they mean for...

5.9AI score
Exploits0
Talos Blog
Talos Blog
added 2026/04/02 10:0 a.m.7 views

An overview of ransomware threats in Japan in 2025 and early detection insights from Qilin cases

In 2025, a total of 134 ransomware incidents were reported in Japan, marking a 17.5% increase compared to 2024. Among these, 22 incidents were attributed to Qilin, representing 16.4% of the total. In 2025, Qilin ransomware was highly active. Looking ahead to 2026, unless there is significant...

6AI score
Exploits0
Talos Blog
Talos Blog
added 2026/03/31 10:0 a.m.6 views

Ransomware in 2025: Blending in is the strategy

Ransomware attacks aren't smash-and-grab anymore. They're built on access that already looks legitimate -- closer to positioning chess pieces than breaking the door down. That's the big trend that comes through in the ransomware data from the Talos 2025 Year in Review. Once attackers have initial...

6AI score
Exploits0
Talos Blog
Talos Blog
added 2026/03/26 6:34 p.m.14 views

TP-Link, Canva, HikVision vulnerabilities

Cisco Talos' Vulnerability Discovery & Research team recently disclosed a vulnerability in HikVision, as well as 10 in TP-Link, and 19 in Canva. The vulnerabilities mentioned in this blog post have been patched by their respective vendors, all in adherence to Cisco 's third-party vulnerability...

8.8CVSS8AI score0.00548EPSS
Exploits19
Talos Blog
Talos Blog
added 2026/03/26 6:0 p.m.3 views

A puppet made me cry and all I got was this t-shirt

Welcome to this week's edition of the Threat Source newsletter. Anyone who spoke with me in the last several weeks has had to deal with me loudly waiting in anticipation for the long-awaited "Project Hail Mary" movie adaptation. I read and cried over the book by Andy Weir, who's also the author o...

9.8CVSS6.7AI score0.01008EPSS
Exploits1
Talos Blog
Talos Blog
added 2026/03/26 12:48 p.m.3 views

Talos Takes: 2025 insights from Talos and Splunk

In this episode of Talos Takes, Amy is joined by William Largent Cisco Talos and Lou Stella Splunk for a "double-header" discussion. With the recent release of the Cisco Talos 2025 Year in Review and the Splunk Top 50 Cybersecurity Threats report, we're breaking down the most critical trends that...

5.9AI score
Exploits0
Talos Blog
Talos Blog
added 2026/03/23 12:55 p.m.4 views

Beers with Talos breaks down the 2025 Talos Year in Review

The Beers with Talos B team that's Hazel, Bill, Joe and Dave break down sometimes in the literal sense the 2025 Talos Year in Review which is available now. The team dives into the biggest cybersecurity trends of the year, including: The rapid weaponization of new vulnerabilities Why identity abu...

5.9AI score
Exploits0
Talos Blog
Talos Blog
added 2026/03/23 12:1 p.m.10 views

2025 Talos Year in Review: Speed, scale, and staying power

The 2025 Talos Year in Review is now available to view online. The pace and scale of adversary activity in 2025 placed sustained pressure on security teams across industries. As with each annual report, our goal at Talos is to provide the security community with a clear analysis of the tactics,...

5.9AI score
Exploits0
Talos Blog
Talos Blog
added 2026/03/19 6:0 p.m.5 views

You have to invite them in

Welcome to this week's edition of the Threat Source newsletter. I found myself watching the Oscars ceremony in its entirety for the first time in a few years. I'm in the U.K., so I watched it the following day. With next week's Year in Review launch looming and several pieces of content still to...

6.5AI score
Exploits0
Talos Blog
Talos Blog
added 2026/03/19 10:0 a.m.4 views

Everyday tools, extraordinary crimes: the ransomware exfiltration playbook

Data exfiltration activity increasingly leverages legitimate native utilities, commonly deployed third-party tools, and cloud service clients, reducing the effectiveness of static indicators of compromise IOCs and tool-based blocking strategies. The Exfiltration Framework systematically normalize...

6.1AI score
Exploits0
Talos Blog
Talos Blog
added 2026/03/18 10:0 a.m.5 views

Transparent COM instrumentation for malware analysis

COM automation is a core Windows technology that allows code to access external functionality through well-defined interfaces. It is similar to traditionally loading a DLL, but is class-based rather than function-based. Many advanced Windows capabilities are exposed through COM, such as Windows...

6.1AI score
Exploits0
Talos Blog
Talos Blog
added 2026/03/12 6:0 p.m.6 views

This one’s for you, Mom

Welcome to this week's edition of the Threat Source newsletter. I am the product of a single parent, my mom, who along with my grandparents helped raise me into the man I am today. I cannot fathom what it took for my mom, who worked three jobs to put herself through college to be a teacher, to...

6AI score
Exploits0
Talos Blog
Talos Blog
added 2026/03/11 8:26 p.m.8 views

DirectX, OpenFOAM, Libbiosig vulnerabilities

Cisco Talos' Vulnerability Discovery & Research team recently disclosed vulnerabilities in the BioSig Project Libbiosig library and OpenCFD OpenFOAM, as well as an unpatched vulnerability in Microsoft DirectX. The vulnerabilities mentioned in this blog post have been patched by their respective...

9.8CVSS6.5AI score0.00589EPSS
Exploits3
Talos Blog
Talos Blog
added 2026/03/11 10:0 a.m.11 views

Agentic AI security: Why you need to know about autonomous agents now

Agentic AI is making headlines worldwide for its potential force-multiplying capabilities, and organizations are understandably intrigued by how it can improve throughput and capabilities. However, as with any technological revolution, unforeseen issues are inevitable, and agentic AI is no...

5.9AI score
Exploits0
Talos Blog
Talos Blog
added 2026/03/11 10:0 a.m.8 views

Spinning complex ideas into clear docs with Kri Dontje

Welcome back! This week, we're shining a spotlight on Kri Dontje, a technical writer who's become an essential voice in making Cisco Talos' work understandable for a wide audience. With a background in technical communications and a career that began at a small startup, Kri discusses the importan...

5.8AI score
Exploits0
Talos Blog
Talos Blog
added 2026/03/10 10:23 p.m.7 views

Microsoft Patch Tuesday for March 2026 — Snort rules and prominent vulnerabilities

Microsoft has released its monthly security update for March 2026 which includes 79 vulnerabilities, including three that Microsoft marked as "critical." The remaining vulnerabilities listed are classified as "important." Microsoft assessed that exploitation of the three "critical" vulnerabilitie...

8.8CVSS6.4AI score0.04491EPSS
Exploits7
Talos Blog
Talos Blog
added 2026/03/05 7:0 p.m.10 views

Patch, track, repeat: The 2025 CVE retrospective

Welcome to this week's edition of the Threat Source newsletter. It's time to look back at a year that pushed the vulnerability landscape to new heights. I'll admit this retrospective is arriving a bit later than planned. With 48,196 CVEs in 2025 a stunning 132 vulnerabilities per day, the analysi...

7.8CVSS6AI score0.01068EPSS
Exploits3
Talos Blog
Talos Blog
added 2026/03/05 11:0 a.m.51 views

UAT-9244 targets South American telecommunication providers with three new malware implants

Cisco Talos is disclosing UAT-9244, who we assess with high confidence is a China-nexus advanced persistent threat APT actor closely associated with Famous Sparrow. Since 2024, UAT-9244 has targeted critical telecommunications infrastructure, including Windows and Linux-based endpoints and edge...

6AI score
Exploits0
Talos Blog
Talos Blog
added 2026/03/03 12:55 a.m.6 views

Update, March 13: Talos on the developing situation in the Middle East

Update history Date | Description of updates ---|--- March 13, 2026 | Talos' assessment of the cyber attack on Stryker and the elevated threat landscape. Key findings and background on Handala, the Iranian-linked threat group. March 10, 2026 | Updated guidance and recommendations, IOCs, and...

6.4AI score
Exploits0
Talos Blog
Talos Blog
added 2026/02/26 7:0 p.m.8 views

Henry IV, Hotspur, Hal, and hallucinations

Welcome to this week's edition of the Threat Source newsletter. " 'Tis dangerous to take a cold, to sleep, to drink; but I tell you, my lord fool, out of this nettle, danger, we pluck this flower, safety." - Hotspur, Shakespeare's Henry IV, Part 1: Act 2 Scene 3 I get it. Hotspur is the...

10CVSS6AI score0.57793EPSS
Exploits9
Talos Blog
Talos Blog
added 2026/02/26 11:0 a.m.15 views

New Dohdoor malware campaign targets education and health care

Cisco Talos discovered an ongoing malicious campaign since at least as early as December 2025 by a threat actor we track as "UAT-10027," delivering a previously undisclosed backdoor dubbed "Dohdoor." Dohdoor utilizes the DNS-over-HTTPS DoH technique for command-and-control C2 communications and h...

6.4AI score
Exploits0
Talos Blog
Talos Blog
added 2026/02/25 4:13 p.m.28 views

Active exploitation of Cisco Catalyst SD-WAN by UAT-8616

Cisco Talos is tracking the active exploitation of CVE-2026-20127, a vulnerability in Cisco Catalyst SD-WAN Controller, formerly vSmart, that allows an unauthenticated remote attacker to bypass authentication and obtain administrative privileges on the affected system by sending a crafted request...

10CVSS6.1AI score0.57793EPSS
Exploits10
Talos Blog
Talos Blog
added 2026/02/19 7:0 p.m.9 views

Using AI to defeat AI

Welcome to this week's edition of the Threat Source newsletter. Generative AI and agentic AI are here to stay. Although I believe that the advantages that AI brings to bad guys may be overstated, these new technologies allow threat actors to conduct attacks at a faster rate than before. One...

5.7AI score
Exploits0
Talos Blog
Talos Blog
added 2026/02/18 11:0 a.m.9 views

“Good enough” emulation: Fuzzing a single thread to uncover vulnerabilities

A Cisco Talos researcher worked around the limitations of hardware-level Code Read-out Protection RDP on the Socomec DIRIS M-70 gateway by pivoting from physical debugging to a "good enough" emulation approach. By focusing on emulating only the single thread responsible for Modbus protocol handli...

8.6CVSS6AI score0.0037EPSS
Exploits0
Talos Blog
Talos Blog
added 2026/02/12 7:0 p.m.10 views

Hand over the keys for Shannon’s shenanigans

Welcome to this week's edition of the Threat Source newsletter. Last week, yet another security AI tool made the rounds on social media: Shannon, a fully autonomous AI penetration testing tool created by Keygraph. It "autonomously hunts for attack vectors in your code, then uses its built-in...

6AI score
Exploits0
Talos Blog
Talos Blog
added 2026/02/12 11:0 a.m.8 views

Ryan Liles, master of technical diplomacy

Cisco Talos is back with another inside look at the people who keep the internet safe. This time, Amy chats with Ryan Liles, who bridges the gap between Cisco's product teams and the third-party testing labs that put Cisco products through their paces. Ryan pulls back the curtain on the delicate...

5.7AI score
Exploits0
Talos Blog
Talos Blog
added 2026/02/11 12:0 a.m.8 views

New threat actor, UAT-9921, leverages VoidLink framework in campaigns

Cisco Talos recently discovered a new threat actor, UAT-9921, leveraging VoidLink in campaigns. Their activities may go as far back as 2019, even without VoidLink. The VoidLink compile-on-demand feature lays down the foundations for AI-enabled attack frameworks, which can create tools on-demand f...

6.1AI score
Exploits0
Talos Blog
Talos Blog
added 2026/02/10 11:54 p.m.9 views

Microsoft Patch Tuesday for February 2026 — Snort rules and prominent vulnerabilities

Microsoft has released its monthly security update for February 2026, which includes 59 vulnerabilities affecting a range of products, including two that Microsoft marked as "Critical". CVE-2026-21522 is a critical elevation of privilege vulnerability affecting Microsoft ACI Confidential...

8.8CVSS6.8AI score0.25835EPSS
Exploits18
Talos Blog
Talos Blog
added 2026/02/05 7:0 p.m.7 views

All gas, no brakes: Time to come to AI church

Welcome to this week's edition of the Threat Source newsletter. Brothers and sisters, gather close for a moment. We are all security followers here gathered in fellowship and community, with one joyful spirit to fight the good fight and do good out there in the security world. It is with that...

6AI score
Exploits0
Talos Blog
Talos Blog
added 2026/02/05 11:0 a.m.14 views

Knife Cutting the Edge: Disclosing a China-nexus gateway-monitoring AitM framework

Cisco Talos uncovered "DKnife," a fully featured gateway-monitoring and adversary-in-the-middle AitM framework comprising seven Linux-based implants that perform deep-packet inspection, manipulate traffic, and deliver malware via routers and edge devices. Based on the artifact metadata, DKnife ha...

6.1AI score
Exploits0
Talos Blog
Talos Blog
added 2026/01/29 7:0 p.m.8 views

I'm locked in!

Welcome to this week's edition of the Threat Source newsletter. I've struggled a lot over the last few years with balance. I want to follow the news closely, but at the same time, I want to block everything out for self-preservation. Add in the fact that I love history and I'm an empath, and you'...

6.2AI score
Exploits0
Talos Blog
Talos Blog
added 2026/01/29 2:43 p.m.8 views

Microsoft releases update to address zero-day vulnerability in Microsoft Office

Microsoft has published three out-of-band OOB updates so far in January 2026. One of these updates was released to address a vulnerability, CVE-2026-21509, affecting Microsoft Office that has been reportedly exploited in the wild. Additional OOB updates have been published to resolve operational...

7.8CVSS5.8AI score0.72152EPSS
Exploits12
Talos Blog
Talos Blog
added 2026/01/29 11:0 a.m.9 views

Dissecting UAT-8099: New persistence mechanisms and regional focus

Cisco Talos has identified a new campaign by UAT-8099, active from late 2025 to early 2026, that is targeting vulnerable Internet Information Services IIS servers across Asia with a specific focus on victims in Thailand and Vietnam. Analysis confirms significant operational overlaps between this...

6AI score
Exploits0
Talos Blog
Talos Blog
added 2026/01/29 11:0 a.m.13 views

IR Trends Q4 2025: Exploitation remains dominant, phishing campaign targets Native American tribal organizations

Threat actors predominately exploited public-facing applications for the second quarter in a row, with this tactic appearing in nearly 40 percent of Cisco Talos Incident Response Talos IR engagements -- a notable decrease from over 60 percent last quarter, when engagements involving ToolShell...

10CVSS6.3AI score0.99722EPSS
Exploits386
Talos Blog
Talos Blog
added 2026/01/22 7:0 p.m.6 views

I scan, you scan, we all scan for... knowledge?

Welcome to this week's edition of the Threat Source newsletter. " Upon us all a little rain must fall" -- Led Zeppelin, via Henry Wadsworth Longfellow I recently bumped into a colleague with whom I spent several years working in an MSSP environment. We had very different roles within the...

5.9AI score
Exploits0
Talos Blog
Talos Blog
added 2026/01/22 1:54 p.m.6 views

Foxit, Epic Games Store, MedDreams vulnerabilities

Cisco Talos' Vulnerability Discovery & Research team recently disclosed three vulnerabilities in Foxit PDF Editor, one in the Epic Games Store, and twenty-one in MedDream PACS. The vulnerabilities mentioned in this blog post have been patched by their respective vendors, all in adherence to Cisco...

9.6CVSS5.8AI score0.00436EPSS
Exploits22
Talos Blog
Talos Blog
added 2026/01/15 7:0 p.m.6 views

Predicting 2026

Welcome to this week's edition of the Threat Source newsletter. It's become traditional at this time of year to make predictions about cybersecurity for the coming year. Obviously, no one has a crystal ball to predict the future, and if they did, they would be quietly making a fortune rather than...

7.3AI score
Exploits0
Talos Blog
Talos Blog
added 2026/01/15 11:0 a.m.11 views

UAT-8837 targets critical infrastructure sectors in North America

Cisco Talos is closely tracking UAT-8837, a threat actor we assess with medium confidence is a China-nexus advanced persistent threat APT actor based on overlaps in tactics, techniques, and procedures TTPs with those of other known China-nexus threat actors. Based on UAT-8837's TTPs and...

9CVSS7.6AI score0.26308EPSS
Exploits3
Talos Blog
Talos Blog
added 2026/01/14 11:0 a.m.3 views

Brushstrokes and breaches with Terryn Valikodath

Cisco Talos is kicking off the new year with a behind-the-scenes look at incident response through the eyes of Terryn Valikodath, Senior Incident Response Consultant at Talos. In this episode, Amy sits down with Terryn to explore the realities of a job that blends technical know-how with...

6.8AI score
Exploits0
Talos Blog
Talos Blog
added 2026/01/13 6:29 p.m.8 views

Microsoft Patch Tuesday for January 2026 — Snort rules and prominent vulnerabilities

Microsoft has released its monthly security update for January 2026, which includes 112 vulnerabilities affecting a range of products, including 8 that Microsoft marked as "critical". In this month's release, Microsoft observed one of the included "important" vulnerabilities, CVE-2026-20805, as...

8.4CVSS8.3AI score0.07983EPSS
Exploits5
Talos Blog
Talos Blog
added 2026/01/08 7:0 p.m.4 views

Resolutions, shmesolutions (and what’s actually worked for me)

Welcome to this week's edition of the Threat Source newsletter. I went to bed at 8:30 p.m. on New Year's Eve, and I think that's pretty indicative of how I approach the whole idea of New Year's resolutions. I love to count down to the new year with loved ones as much as the next person, but I hav...

7.6AI score
Exploits0
Talos Blog
Talos Blog
added 2026/01/08 11:0 a.m.13 views

UAT-7290 targets high value telecommunications infrastructure in South Asia

Cisco Talos is disclosing a sophisticated threat actor we track as UAT-7290, who has been active since at least 2022. UAT-7290 is tasked with gaining initial access as well as conducting espionage focused intrusions against critical infrastructure entities in South Asia. UAT-7290's arsenal includ...

7.9AI score
Exploits0
Talos Blog
Talos Blog
added 2026/01/07 11:0 a.m.7 views

How Cisco Talos powers the solutions protecting your organization

Cisco Talos is Cisco's threat intelligence and security research organization that powers Cisco's product portfolio with that intelligence. While we are well known for the security research in our blog, vulnerability discoveries, and our open-source software, you may not be aware of exactly how o...

6.9AI score
Exploits0
Total number of security vulnerabilities2032