Lucene search
K
TalosblogRecent

2032 matches found

Talos Blog
Talos Blog
added 2025/12/18 7:0 p.m.9 views

Adios 2025, you won’t be missed

Welcome to this week's edition of the Threat Source newsletter. For us in America, we're in the holiday doldrums and things slow and/or shut down until the new year. At Cisco, we shut down the last week of the year to reset and recharge, and I've grown to be quite fond of it. I've worked plenty o...

9.8CVSS7.7AI score0.65825EPSS
Exploits1
Talos Blog
Talos Blog
added 2025/12/17 9:2 p.m.5 views

Libbiosig, Grassroot DiCoM, Smallstep step-ca vulnerabilities

Cisco Talos' Vulnerability Discovery & Research team recently disclosed vulnerabilities in Biosig Project Libbiosig, Grassroot DiCoM, and Smallstep step-ca. The vulnerabilities mentioned in this blog post have been patched by their respective vendors, all in adherence to Cisco 's third-party...

10CVSS7.8AI score0.0326EPSS
Exploits4
Talos Blog
Talos Blog
added 2025/12/17 4:55 p.m.12 views

UAT-9686 actively targets Cisco Secure Email Gateway and Secure Email and Web Manager

Cisco Talos recently discovered a campaign targeting Cisco AsyncOS Software for Cisco Secure Email Gateway, formerly known as Cisco Email Security Appliance ESA, and Cisco Secure Email and Web Manager, formerly known as Cisco Content Security Management Appliance SMA. We assess with moderate...

7.7AI score
Exploits0
Talos Blog
Talos Blog
added 2025/12/17 11:0 a.m.5 views

Lexi DiScola’s guide to global teamwork and overflowing TBRs

Welcome back to Humans of Talos. This month, Amy chats with Senior Cyber Threat Analyst Lexi DiScola from the Strategic Analysis team. Lexi's journey into cybersecurity is anything but traditional -- she brings a background in political science and French to her work tracking global cyber threats...

6.5AI score
Exploits0
Talos Blog
Talos Blog
added 2025/12/11 7:0 p.m.6 views

One newsletter to rule them all

Welcome to this week's edition of the Threat Source newsletter. " It's a dangerous business, going out your door. You step onto the road, and if you don't keep your feet, there's no knowing where you might be swept off to." -- Bilbo Baggins It's almost the end of the year, which feels like the...

3.8CVSS8.8AI score0.0047EPSS
Exploits1
Talos Blog
Talos Blog
added 2025/12/09 11:29 p.m.15 views

Microsoft Patch Tuesday for December 2025 — Snort rules and prominent vulnerabilities

The Patch Tuesday for December of 2025 includes 57 vulnerabilities, including two that Microsoft marked as "critical." The remaining vulnerabilities listed are classified as "important." Microsoft assessed that exploitation of the two "critical" vulnerabilities is "less likely." CVE ‑2025‑62562 i...

8.8CVSS8.6AI score0.02342EPSS
Exploits2
Talos Blog
Talos Blog
added 2025/12/09 11:0 a.m.23 views

New BYOVD loader behind DeadLock ransomware attack

While tracking ransomware activities, Cisco Talos uncovered new tactics, techniques, and procedures TTPs linked to a financially motivated threat actor targeting victims with DeadLock ransomware. The actor used the Bring Your Own Vulnerable Driver BYOVD technique with a previously unknown loader ...

3.8CVSS8.7AI score0.0047EPSS
Exploits1
Talos Blog
Talos Blog
added 2025/12/09 11:0 a.m.12 views

New in Snort3: Enhanced rule grouping for greater flexibility and control

Today, Cisco Talos is introducing new capabilities for Snort3 users within Cisco Secure Firewall. These enhancements are designed to give you greater flexibility in how you manage, organize, and prioritize detection rules. They also make it easier to align SNORT® rules with your organization's...

6.8AI score
Exploits0
Talos Blog
Talos Blog
added 2025/12/04 8:23 p.m.8 views

Socomec DIRIS Digiware M series and Easy Config, PDF XChange Editor vulnerabilities

Cisco Talos' Vulnerability Discovery & Research team recently disclosed an out-of-bounds read vulnerability in PDF XChange Editor, and ten vulnerabilities in Socomec DIRIS Digiware M series and Easy Config products. The vulnerabilities mentioned in this blog post have been patched by their...

8.8CVSS7.3AI score0.00825EPSS
Exploits1
Talos Blog
Talos Blog
added 2025/12/04 7:0 p.m.5 views

Your year-end infosec wrapped

Welcome to this week's edition of the Threat Source newsletter. " They say that a person's personality is the sum of their experiences. But that isn't true, at least not entirely, because if our past was all that defined us, we'd never be able to put up with ourselves. We need to be allowed to...

7.2AI score
Exploits0
Talos Blog
Talos Blog
added 2025/12/04 11:0 a.m.5 views

Spy vs. spy: How GenAI is powering defenders and attackers

Generative AI GenAI is reshaping cybersecurity for both attackers and defenders, but its future capabilities are difficult to measure as techniques and models are evolving rapidly. Adversaries continue to use GenAI with varying levels of reliance. State-sponsored groups continue to take advantage...

7.7AI score
Exploits0
Talos Blog
Talos Blog
added 2025/11/26 6:36 p.m.16 views

Dell ControlVault, Lasso, GL.iNet vulnerabilities

Cisco Talos' Vulnerability Discovery & Research team recently disclosed five vulnerabilities in Dell ControlVault 3 firmware and its associated Windows software, four vulnerabilities in Entr'ouvert Lasso, and one vulnerability in GL.iNet Slate AX. The vulnerabilities mentioned in this blog post...

9.8CVSS8.9AI score0.00824EPSS
Exploits4
Talos Blog
Talos Blog
added 2025/11/26 5:0 p.m.6 views

Care that you share

Welcome to this week's edition of the Threat Source newsletter. Back in April, I wrote about the risks of unintentionally leaking information while using search engines. Since then, I've been thinking: Life doesn't just happen in front of a keyboard. There's a social side, too or so I'm told. Wit...

6.9AI score
Exploits0
Talos Blog
Talos Blog
added 2025/11/20 7:0 p.m.6 views

It’s not personal, it’s just business

Welcome to this week's edition of the Threat Source newsletter. This week, we explore how advances in agentic AI are rapidly transforming the cyber crime business. Agentic AI programming gives AI agents autonomy, allowing them to interact with external systems to collect information, make decisio...

7.1AI score
Exploits0
Talos Blog
Talos Blog
added 2025/11/18 11:0 a.m.7 views

Bill Largent: On epic reads, lifelong learning, and empathy

Welcome to another episode of Humans of Talos! This week, Amy sits down with William Bill Largent from the Strategic Planning and Communications team. Bill's role as Senior Security Researcher spans from threat research to communicating Talos's critical work to internal teams, partners, and...

7AI score
Exploits0
Talos Blog
Talos Blog
added 2025/11/13 7:0 p.m.8 views

Viasat and the terrible, horrible, no good, very bad day

Welcome to this week's edition of the Threat Source newsletter. A year ago, fresh off a layoff, I never would have guessed I'd be spending Halloween weekend bouncing between conversations about space policy, satellite hacking, and wedding plans. That's exactly what happened when my space analyst...

6.9AI score
Exploits0
Talos Blog
Talos Blog
added 2025/11/13 11:0 a.m.10 views

Unleashing the Kraken ransomware group

In August 2025, Cisco Talos observed big-game hunting and double extortion attacks carried out by Kraken, a Russian-speaking group that has emerged from the remnants of the HelloKitty ransomware cartel. Talos observed in one intrusion that the Kraken actor exploited Server Message Block SMB...

7.5AI score
Exploits0
Talos Blog
Talos Blog
added 2025/11/11 6:19 p.m.7 views

Microsoft Patch Tuesday for November 2025 — Snort rules and prominent vulnerabilities

Microsoft has released its monthly security update for November 2025, which includes 63 vulnerabilities affecting a range of products, including 5 that Microsoft marked as "critical." Current intelligence shows that one of the important vulnerabilities, CVE-2025-62215, has already been detected i...

9.8CVSS7.4AI score0.061EPSS
Exploits6
Talos Blog
Talos Blog
added 2025/11/06 7:0 p.m.7 views

Remember, remember the fifth of November

Welcome to this week's edition of the Threat Source newsletter. Ever heard the phrase in this week's title? For our non-British readers, here's the quick version: Every year on November 5, people across the U.K. gather for bonfires, sparklers, fireworks, and attempting to literally handle a hot...

7.1AI score
Exploits0
Talos Blog
Talos Blog
added 2025/11/06 11:0 a.m.7 views

Do robots dream of secure networking? Teaching cybersecurity to AI systems

This blog explores how to equip autonomous AI agents with cybersecurity knowledge, enabling them to make informed decisions about internet safety, such as identifying trustworthy links and websites. It demonstrates a proof of concept using LangChain and OpenAI, integrated with the Cisco Umbrella...

7.3AI score
Exploits0
Talos Blog
Talos Blog
added 2025/11/04 2:26 p.m.9 views

TruffleHog, Fade In and BSAFE Crypto-C vulnerabilities

Cisco Talos' Vulnerability Discovery & Research team recently disclosed three vulnerabilities in Dell BSAFE, two in Fade In screenwriting software, and one in Trufflehog. The vulnerabilities mentioned in this blog post have been patched by their respective vendors, all in adherence to Cisco 's...

7.8CVSS8.4AI score0.02385EPSS
Exploits2
Talos Blog
Talos Blog
added 2025/10/30 6:0 p.m.11 views

Trick, treat, repeat

Welcome to this week's edition of the Threat Source newsletter. This one is pretty much an updated, Halloween-themed version of my newsletter from July, including data up through Q3. October 14th has passed, so free support for Windows 10 has come to an end, leaving you with no more fixes unless...

9.8CVSS8.2AI score0.99962EPSS
Exploits24
Talos Blog
Talos Blog
added 2025/10/30 9:59 a.m.25 views

Dynamic binary instrumentation (DBI) with DynamoRio

This blog introduces dynamic binary instrumentation DBI and guides you through building your own DBI tool with the open-source DynamoRIO framework on Windows 11. DBI enables powerful runtime analysis and modification of binaries critical for malware analysis, security auditing, reverse engineerin...

7.1AI score
Exploits0
Talos Blog
Talos Blog
added 2025/10/29 10:0 a.m.10 views

Cybersecurity on a budget: Strategies for an economic downturn

During economic uncertainty, businesses face the challenge of maintaining strong cybersecurity while managing tightened budgets. Cyber threats can become more numerous, motivated, and persistent during economic downturns, making the need for resilient, cost-effective security measures critical...

6.8AI score
Exploits0
Talos Blog
Talos Blog
added 2025/10/27 2:0 a.m.32 views

Uncovering Qilin attack methods exposed through multiple cases

In the second half of 2025, the ransomware group Qilin has continued to publish victim information on its leak site at a pace of more than 40 cases per month, making it one of the most impactful ransomware groups worldwide. The manufacturing sector has been the most affected, followed by...

7.8AI score
Exploits0
Talos Blog
Talos Blog
added 2025/10/24 10:0 a.m.6 views

Think passwordless is too complicated? Let's clear that up

By Janet Ho, Cisco Duo Why passwords are still a problem We've relied on passwords for years to protect our online accounts, but they've also become one of the easiest ways attackers get in. Many people reuse or simplify passwords, or even write them down because it's hard to remember so many. Th...

6.7AI score
Exploits0
Talos Blog
Talos Blog
added 2025/10/23 6:0 p.m.12 views

Strings in the maze: Finding hidden strengths and gaps in your team

Welcome to this week's edition of the Threat Source newsletter. "The truth about the world, he said, is that anything is possible... For existence has its own order and that no man's mind can compass, that mind itself being but a fact among others." ― Cormac McCarthy, "Blood Meridian" Earlier thi...

6.5CVSS9.2AI score0.01613EPSS
Exploits1
Talos Blog
Talos Blog
added 2025/10/23 10:0 a.m.15 views

IR Trends Q3 2025: ToolShell attacks dominate, highlighting criticality of segmentation and rapid response

Threat actors predominately exploited public-facing applications for initial access this quarter, with this tactic appearing in over 60 percent of Cisco Talos Incident Response Talos IR engagements - a notable increase from less than 10 percent last quarter. This spike is largely attributable to ...

9.8CVSS9.7AI score0.99982EPSS
Exploits43
Talos Blog
Talos Blog
added 2025/10/21 10:0 a.m.10 views

Reducing abuse of Microsoft 365 Exchange Online’s Direct Send

Overview Microsoft 365 Exchange Online's Direct Send is designed to solve an enterprise-scale operational challenge: certain devices and legacy applications such as multifunction printers, scanners, building systems, and older line‑of‑business apps, need to send email into the tenant but lack the...

6.8AI score
Exploits0
Talos Blog
Talos Blog
added 2025/10/16 6:0 p.m.7 views

Ransomware attacks and how victims respond

Welcome to this week's edition of the Threat Source newsletter. I count myself fortunate that I have never been on the receiving end of a ransomware attack. My experiences have been from research and response, never as a victim. It's a tough scenario: One day you are working or minding your own...

7AI score
Exploits0
Talos Blog
Talos Blog
added 2025/10/16 10:0 a.m.7 views

BeaverTail and OtterCookie evolve with a new Javascript module

Cisco Talos has uncovered a new attack linked to Famous Chollima, a threat group aligned with North Korea DPRK. This group is known for impersonating hiring organizations to target job seekers, tricking them into installing information-stealing malware to obtain cryptocurrency and user credential...

8.1AI score
Exploits0
Talos Blog
Talos Blog
added 2025/10/16 10:0 a.m.10 views

Laura Faria: Empathy on the front lines

What does it take to lead through chaos and keep organizations safe in the digital age? This week, Amy sat down with Laura Faria, an incident commander at Cisco Talos Incident Response, to explore a career built on empathy, collaboration, and a passion for cybersecurity. Laura opens up about her...

6.8AI score
Exploits0
Talos Blog
Talos Blog
added 2025/10/15 5:39 p.m.6 views

Open PLC and Planet vulnerabilities

Cisco Talos' Vulnerability Discovery & Research team recently disclosed one vulnerability in the OpenPLC logic controller and four vulnerabilities in the Planet WGR-500 router. For Snort coverage that can detect the exploitation of these vulnerabilities, download the latest rule sets from...

8.8CVSS8.2AI score0.04385EPSS
Exploits7
Talos Blog
Talos Blog
added 2025/10/14 8:39 p.m.11 views

Microsoft Patch Tuesday for October 2025 — Snort rules and prominent vulnerabilities

Microsoft has released its monthly security update for October 2025, addressing 175 Microsoft CVEs and 21 non-Microsoft CVEs. Among these, 17 vulnerabilities are considered critical and 11 are flagged as important and considered more likely to be exploited. Current intelligence shows that three o...

7.8CVSS8.5AI score0.05117EPSS
Exploits1
Talos Blog
Talos Blog
added 2025/10/09 6:0 p.m.6 views

Why don’t we sit around this computer console and have a sing-along?

Harnessing fire is one of mankind's earliest technological advances. A controlled, tame fire offers us warmth, light and succulent cooked food. Yet, allow the controlled fire to burn too fiercely and it risks becoming an uncontained fire. The unexpected smell of smoke or the sight of tall flames...

6.4AI score
Exploits0
Talos Blog
Talos Blog
added 2025/10/09 10:0 a.m.12 views

Velociraptor leveraged in ransomware attacks

Cisco Talos has confirmed that ransomware operators are leveraging Velociraptor, an open-source digital forensics and incident response DFIR tool that had not previously been definitively tied to ransomware incidents. We assess with moderate confidence that this activity can be attributed to thre...

5.5CVSS9.9AI score0.00963EPSS
Exploits2
Talos Blog
Talos Blog
added 2025/10/08 10:0 a.m.6 views

What to do when you click on a suspicious link

October is Cybersecurity Awareness Month, and as the tech-savvy friend or family member, people probably come to you for advice. One of the most common questions is: "I clicked a suspicious link. What do I do now?" Don't worry -- panic won't help, but a calm, step-by-step response will. Share thi...

7.1AI score
Exploits0
Talos Blog
Talos Blog
added 2025/10/07 10:0 a.m.5 views

Too salty to handle: Exposing cases of CSS abuse for hidden text salting

Cisco Talos has been closely monitoring the abuse of cascading style sheets CSS properties to include irrelevant content or salt in different parts of messages, a technique known as hidden text salting. This blog is a follow-up to our previous reports in January and March 2025 on CSS abuse in...

6.9AI score
Exploits0
Talos Blog
Talos Blog
added 2025/10/02 6:0 p.m.6 views

Family group chats: Your (very last) line of cyber defense

Welcome to this week's edition of the Threat Source newsletter, and happy Cybersecurity Awareness Month. Like everyone under the age of 35 who has at least one father, my dad sends me advice on online safety at least once a week. Does he work in information security? No. He's a recently retired...

7AI score
Exploits0
Talos Blog
Talos Blog
added 2025/10/02 10:0 a.m.6 views

UAT-8099: Chinese-speaking cybercrime group targets high-value IIS for SEO fraud

Cisco Talos is disclosing details on UAT-8099, a Chinese-speaking cybercrime group mainly involved in search engine optimization SEO fraud and theft of high-value credentials, configuration files, and certificate data. Cisco's file census and DNS analysis show affected Internet Information Servic...

7.6AI score
Exploits0
Talos Blog
Talos Blog
added 2025/10/01 6:37 p.m.10 views

Nvidia and Adobe vulnerabilities

Cisco Talos' Vulnerability Discovery & Research team recently disclosed five vulnerabilities in Nvidia and one in Adobe Acrobat. The vulnerabilities mentioned in this blog post have been patched by their respective vendors, all in adherence to Cisco 's third-party vulnerability disclosure policy...

7.8CVSS8.6AI score0.00331EPSS
Exploits1
Talos Blog
Talos Blog
added 2025/09/25 6:0 p.m.5 views

Great Scott, I’m tired

Welcome to this week's edition of the Threat Source newsletter. "Back to the Future" is 40 years old this year, and at the risk of giving away sensitive information to an audience of hackers… so am I. I don't really know what 40 is supposed to feel like. Honestly, I don't feel all that different...

6.7AI score
Exploits0
Talos Blog
Talos Blog
added 2025/09/24 10:0 a.m.6 views

What happens when you engage Cisco Talos Incident Response?

In today's world, cybersecurity incidents are not a matter of if, but when and how. From ransomware attacks to data breaches exposing sensitive information, organizations face a changing threat landscape. As a result of cybersecurity attacks, organizations can experience downtime, financial losse...

7.1AI score
Exploits0
Talos Blog
Talos Blog
added 2025/09/23 6:0 p.m.9 views

How RainyDay, Turian and a new PlugX variant abuse DLL search order hijacking

Cisco Talos discovered a new campaign active since 2022, targeting the telecommunications and manufacturing sectors in Central and South Asian countries, delivering a new variant of PlugX. Talos discovered that the new variant's features overlap with both the RainyDay and Turian backdoors,...

7.5AI score
Exploits0
Talos Blog
Talos Blog
added 2025/09/18 6:0 p.m.6 views

Put together an IR playbook — for your personal mental health and wellbeing

Welcome to this week's edition of the Threat Source newsletter. This is gonna be a tough read. I'm sorry. Believe it or not, it's even tougher for me to write. I want to talk about what it costs to be in the cybersecurity profession. Not money or time, but potentially your health, both mentally a...

6.9AI score
Exploits0
Talos Blog
Talos Blog
added 2025/09/18 10:0 a.m.7 views

Alex Ryan: From zero chill to quiet confidence

Welcome to another episode of Humans of Talos, our ongoing video interview series that celebrates the people powering Cisco's threat intelligence efforts. In each episode, we dive deep into the personal journeys, motivations and lessons learned from the team members who help keep the internet saf...

6.9AI score
Exploits0
Talos Blog
Talos Blog
added 2025/09/17 10:0 a.m.4 views

Why a Cisco Talos Incident Response Retainer is a game-changer

In today's hyper-connected world, cyber attacks are not a matter of if but when. Ransomware, phishing and data breaches dominate headlines. For any organization, the stakes are high and the impact can be wide. A cybersecurity breach can impact your organization's ability to conduct normal busines...

6.8AI score
Exploits0
Talos Blog
Talos Blog
added 2025/09/11 6:0 p.m.7 views

Beaches and breaches

Welcome to this week's edition of the Threat Source newsletter. I took a two-week vacation thanks to Bill for covering my author shift last week and made the deliberate choice to leave my laptop behind. No emails, IMs, no IT at all. Thank you, European work culture! It was a complete break. Well,...

7AI score
Exploits0
Talos Blog
Talos Blog
added 2025/09/10 10:0 a.m.6 views

Maturing the cyber threat intelligence program

The Cyber Threat Intelligence Capability Maturity Model CTI-CMM helps organizations assess and improve their threat intelligence programs by outlining 11 key areas and specific missions where CTI can support decision-making. The model describes four levels of maturity, guiding teams from basic, a...

6.7AI score
Exploits0
Talos Blog
Talos Blog
added 2025/09/09 7:12 p.m.7 views

Microsoft Patch Tuesday for September 2025 – Snort rules and prominent vulnerabilities

Microsoft has released its monthly security update for September 2025, which includes 86 vulnerabilities affecting a range of products. In this month's release, Microsoft observed none of the included vulnerabilities being exploited in the wild. However, there are eight vulnerabilities where...

8.8CVSS8.7AI score0.18706EPSS
Exploits3
Total number of security vulnerabilities2032