2032 matches found
Adios 2025, you won’t be missed
Welcome to this week's edition of the Threat Source newsletter. For us in America, we're in the holiday doldrums and things slow and/or shut down until the new year. At Cisco, we shut down the last week of the year to reset and recharge, and I've grown to be quite fond of it. I've worked plenty o...
Libbiosig, Grassroot DiCoM, Smallstep step-ca vulnerabilities
Cisco Talos' Vulnerability Discovery & Research team recently disclosed vulnerabilities in Biosig Project Libbiosig, Grassroot DiCoM, and Smallstep step-ca. The vulnerabilities mentioned in this blog post have been patched by their respective vendors, all in adherence to Cisco 's third-party...
UAT-9686 actively targets Cisco Secure Email Gateway and Secure Email and Web Manager
Cisco Talos recently discovered a campaign targeting Cisco AsyncOS Software for Cisco Secure Email Gateway, formerly known as Cisco Email Security Appliance ESA, and Cisco Secure Email and Web Manager, formerly known as Cisco Content Security Management Appliance SMA. We assess with moderate...
Lexi DiScola’s guide to global teamwork and overflowing TBRs
Welcome back to Humans of Talos. This month, Amy chats with Senior Cyber Threat Analyst Lexi DiScola from the Strategic Analysis team. Lexi's journey into cybersecurity is anything but traditional -- she brings a background in political science and French to her work tracking global cyber threats...
One newsletter to rule them all
Welcome to this week's edition of the Threat Source newsletter. " It's a dangerous business, going out your door. You step onto the road, and if you don't keep your feet, there's no knowing where you might be swept off to." -- Bilbo Baggins It's almost the end of the year, which feels like the...
Microsoft Patch Tuesday for December 2025 — Snort rules and prominent vulnerabilities
The Patch Tuesday for December of 2025 includes 57 vulnerabilities, including two that Microsoft marked as "critical." The remaining vulnerabilities listed are classified as "important." Microsoft assessed that exploitation of the two "critical" vulnerabilities is "less likely." CVE ‑2025‑62562 i...
New BYOVD loader behind DeadLock ransomware attack
While tracking ransomware activities, Cisco Talos uncovered new tactics, techniques, and procedures TTPs linked to a financially motivated threat actor targeting victims with DeadLock ransomware. The actor used the Bring Your Own Vulnerable Driver BYOVD technique with a previously unknown loader ...
New in Snort3: Enhanced rule grouping for greater flexibility and control
Today, Cisco Talos is introducing new capabilities for Snort3 users within Cisco Secure Firewall. These enhancements are designed to give you greater flexibility in how you manage, organize, and prioritize detection rules. They also make it easier to align SNORT® rules with your organization's...
Socomec DIRIS Digiware M series and Easy Config, PDF XChange Editor vulnerabilities
Cisco Talos' Vulnerability Discovery & Research team recently disclosed an out-of-bounds read vulnerability in PDF XChange Editor, and ten vulnerabilities in Socomec DIRIS Digiware M series and Easy Config products. The vulnerabilities mentioned in this blog post have been patched by their...
Your year-end infosec wrapped
Welcome to this week's edition of the Threat Source newsletter. " They say that a person's personality is the sum of their experiences. But that isn't true, at least not entirely, because if our past was all that defined us, we'd never be able to put up with ourselves. We need to be allowed to...
Spy vs. spy: How GenAI is powering defenders and attackers
Generative AI GenAI is reshaping cybersecurity for both attackers and defenders, but its future capabilities are difficult to measure as techniques and models are evolving rapidly. Adversaries continue to use GenAI with varying levels of reliance. State-sponsored groups continue to take advantage...
Dell ControlVault, Lasso, GL.iNet vulnerabilities
Cisco Talos' Vulnerability Discovery & Research team recently disclosed five vulnerabilities in Dell ControlVault 3 firmware and its associated Windows software, four vulnerabilities in Entr'ouvert Lasso, and one vulnerability in GL.iNet Slate AX. The vulnerabilities mentioned in this blog post...
Care that you share
Welcome to this week's edition of the Threat Source newsletter. Back in April, I wrote about the risks of unintentionally leaking information while using search engines. Since then, I've been thinking: Life doesn't just happen in front of a keyboard. There's a social side, too or so I'm told. Wit...
It’s not personal, it’s just business
Welcome to this week's edition of the Threat Source newsletter. This week, we explore how advances in agentic AI are rapidly transforming the cyber crime business. Agentic AI programming gives AI agents autonomy, allowing them to interact with external systems to collect information, make decisio...
Bill Largent: On epic reads, lifelong learning, and empathy
Welcome to another episode of Humans of Talos! This week, Amy sits down with William Bill Largent from the Strategic Planning and Communications team. Bill's role as Senior Security Researcher spans from threat research to communicating Talos's critical work to internal teams, partners, and...
Viasat and the terrible, horrible, no good, very bad day
Welcome to this week's edition of the Threat Source newsletter. A year ago, fresh off a layoff, I never would have guessed I'd be spending Halloween weekend bouncing between conversations about space policy, satellite hacking, and wedding plans. That's exactly what happened when my space analyst...
Unleashing the Kraken ransomware group
In August 2025, Cisco Talos observed big-game hunting and double extortion attacks carried out by Kraken, a Russian-speaking group that has emerged from the remnants of the HelloKitty ransomware cartel. Talos observed in one intrusion that the Kraken actor exploited Server Message Block SMB...
Microsoft Patch Tuesday for November 2025 — Snort rules and prominent vulnerabilities
Microsoft has released its monthly security update for November 2025, which includes 63 vulnerabilities affecting a range of products, including 5 that Microsoft marked as "critical." Current intelligence shows that one of the important vulnerabilities, CVE-2025-62215, has already been detected i...
Remember, remember the fifth of November
Welcome to this week's edition of the Threat Source newsletter. Ever heard the phrase in this week's title? For our non-British readers, here's the quick version: Every year on November 5, people across the U.K. gather for bonfires, sparklers, fireworks, and attempting to literally handle a hot...
Do robots dream of secure networking? Teaching cybersecurity to AI systems
This blog explores how to equip autonomous AI agents with cybersecurity knowledge, enabling them to make informed decisions about internet safety, such as identifying trustworthy links and websites. It demonstrates a proof of concept using LangChain and OpenAI, integrated with the Cisco Umbrella...
TruffleHog, Fade In and BSAFE Crypto-C vulnerabilities
Cisco Talos' Vulnerability Discovery & Research team recently disclosed three vulnerabilities in Dell BSAFE, two in Fade In screenwriting software, and one in Trufflehog. The vulnerabilities mentioned in this blog post have been patched by their respective vendors, all in adherence to Cisco 's...
Trick, treat, repeat
Welcome to this week's edition of the Threat Source newsletter. This one is pretty much an updated, Halloween-themed version of my newsletter from July, including data up through Q3. October 14th has passed, so free support for Windows 10 has come to an end, leaving you with no more fixes unless...
Dynamic binary instrumentation (DBI) with DynamoRio
This blog introduces dynamic binary instrumentation DBI and guides you through building your own DBI tool with the open-source DynamoRIO framework on Windows 11. DBI enables powerful runtime analysis and modification of binaries critical for malware analysis, security auditing, reverse engineerin...
Cybersecurity on a budget: Strategies for an economic downturn
During economic uncertainty, businesses face the challenge of maintaining strong cybersecurity while managing tightened budgets. Cyber threats can become more numerous, motivated, and persistent during economic downturns, making the need for resilient, cost-effective security measures critical...
Uncovering Qilin attack methods exposed through multiple cases
In the second half of 2025, the ransomware group Qilin has continued to publish victim information on its leak site at a pace of more than 40 cases per month, making it one of the most impactful ransomware groups worldwide. The manufacturing sector has been the most affected, followed by...
Think passwordless is too complicated? Let's clear that up
By Janet Ho, Cisco Duo Why passwords are still a problem We've relied on passwords for years to protect our online accounts, but they've also become one of the easiest ways attackers get in. Many people reuse or simplify passwords, or even write them down because it's hard to remember so many. Th...
Strings in the maze: Finding hidden strengths and gaps in your team
Welcome to this week's edition of the Threat Source newsletter. "The truth about the world, he said, is that anything is possible... For existence has its own order and that no man's mind can compass, that mind itself being but a fact among others." ― Cormac McCarthy, "Blood Meridian" Earlier thi...
IR Trends Q3 2025: ToolShell attacks dominate, highlighting criticality of segmentation and rapid response
Threat actors predominately exploited public-facing applications for initial access this quarter, with this tactic appearing in over 60 percent of Cisco Talos Incident Response Talos IR engagements - a notable increase from less than 10 percent last quarter. This spike is largely attributable to ...
Reducing abuse of Microsoft 365 Exchange Online’s Direct Send
Overview Microsoft 365 Exchange Online's Direct Send is designed to solve an enterprise-scale operational challenge: certain devices and legacy applications such as multifunction printers, scanners, building systems, and older line‑of‑business apps, need to send email into the tenant but lack the...
Ransomware attacks and how victims respond
Welcome to this week's edition of the Threat Source newsletter. I count myself fortunate that I have never been on the receiving end of a ransomware attack. My experiences have been from research and response, never as a victim. It's a tough scenario: One day you are working or minding your own...
BeaverTail and OtterCookie evolve with a new Javascript module
Cisco Talos has uncovered a new attack linked to Famous Chollima, a threat group aligned with North Korea DPRK. This group is known for impersonating hiring organizations to target job seekers, tricking them into installing information-stealing malware to obtain cryptocurrency and user credential...
Laura Faria: Empathy on the front lines
What does it take to lead through chaos and keep organizations safe in the digital age? This week, Amy sat down with Laura Faria, an incident commander at Cisco Talos Incident Response, to explore a career built on empathy, collaboration, and a passion for cybersecurity. Laura opens up about her...
Open PLC and Planet vulnerabilities
Cisco Talos' Vulnerability Discovery & Research team recently disclosed one vulnerability in the OpenPLC logic controller and four vulnerabilities in the Planet WGR-500 router. For Snort coverage that can detect the exploitation of these vulnerabilities, download the latest rule sets from...
Microsoft Patch Tuesday for October 2025 — Snort rules and prominent vulnerabilities
Microsoft has released its monthly security update for October 2025, addressing 175 Microsoft CVEs and 21 non-Microsoft CVEs. Among these, 17 vulnerabilities are considered critical and 11 are flagged as important and considered more likely to be exploited. Current intelligence shows that three o...
Why don’t we sit around this computer console and have a sing-along?
Harnessing fire is one of mankind's earliest technological advances. A controlled, tame fire offers us warmth, light and succulent cooked food. Yet, allow the controlled fire to burn too fiercely and it risks becoming an uncontained fire. The unexpected smell of smoke or the sight of tall flames...
Velociraptor leveraged in ransomware attacks
Cisco Talos has confirmed that ransomware operators are leveraging Velociraptor, an open-source digital forensics and incident response DFIR tool that had not previously been definitively tied to ransomware incidents. We assess with moderate confidence that this activity can be attributed to thre...
What to do when you click on a suspicious link
October is Cybersecurity Awareness Month, and as the tech-savvy friend or family member, people probably come to you for advice. One of the most common questions is: "I clicked a suspicious link. What do I do now?" Don't worry -- panic won't help, but a calm, step-by-step response will. Share thi...
Too salty to handle: Exposing cases of CSS abuse for hidden text salting
Cisco Talos has been closely monitoring the abuse of cascading style sheets CSS properties to include irrelevant content or salt in different parts of messages, a technique known as hidden text salting. This blog is a follow-up to our previous reports in January and March 2025 on CSS abuse in...
Family group chats: Your (very last) line of cyber defense
Welcome to this week's edition of the Threat Source newsletter, and happy Cybersecurity Awareness Month. Like everyone under the age of 35 who has at least one father, my dad sends me advice on online safety at least once a week. Does he work in information security? No. He's a recently retired...
UAT-8099: Chinese-speaking cybercrime group targets high-value IIS for SEO fraud
Cisco Talos is disclosing details on UAT-8099, a Chinese-speaking cybercrime group mainly involved in search engine optimization SEO fraud and theft of high-value credentials, configuration files, and certificate data. Cisco's file census and DNS analysis show affected Internet Information Servic...
Nvidia and Adobe vulnerabilities
Cisco Talos' Vulnerability Discovery & Research team recently disclosed five vulnerabilities in Nvidia and one in Adobe Acrobat. The vulnerabilities mentioned in this blog post have been patched by their respective vendors, all in adherence to Cisco 's third-party vulnerability disclosure policy...
Great Scott, I’m tired
Welcome to this week's edition of the Threat Source newsletter. "Back to the Future" is 40 years old this year, and at the risk of giving away sensitive information to an audience of hackers… so am I. I don't really know what 40 is supposed to feel like. Honestly, I don't feel all that different...
What happens when you engage Cisco Talos Incident Response?
In today's world, cybersecurity incidents are not a matter of if, but when and how. From ransomware attacks to data breaches exposing sensitive information, organizations face a changing threat landscape. As a result of cybersecurity attacks, organizations can experience downtime, financial losse...
How RainyDay, Turian and a new PlugX variant abuse DLL search order hijacking
Cisco Talos discovered a new campaign active since 2022, targeting the telecommunications and manufacturing sectors in Central and South Asian countries, delivering a new variant of PlugX. Talos discovered that the new variant's features overlap with both the RainyDay and Turian backdoors,...
Put together an IR playbook — for your personal mental health and wellbeing
Welcome to this week's edition of the Threat Source newsletter. This is gonna be a tough read. I'm sorry. Believe it or not, it's even tougher for me to write. I want to talk about what it costs to be in the cybersecurity profession. Not money or time, but potentially your health, both mentally a...
Alex Ryan: From zero chill to quiet confidence
Welcome to another episode of Humans of Talos, our ongoing video interview series that celebrates the people powering Cisco's threat intelligence efforts. In each episode, we dive deep into the personal journeys, motivations and lessons learned from the team members who help keep the internet saf...
Why a Cisco Talos Incident Response Retainer is a game-changer
In today's hyper-connected world, cyber attacks are not a matter of if but when. Ransomware, phishing and data breaches dominate headlines. For any organization, the stakes are high and the impact can be wide. A cybersecurity breach can impact your organization's ability to conduct normal busines...
Beaches and breaches
Welcome to this week's edition of the Threat Source newsletter. I took a two-week vacation thanks to Bill for covering my author shift last week and made the deliberate choice to leave my laptop behind. No emails, IMs, no IT at all. Thank you, European work culture! It was a complete break. Well,...
Maturing the cyber threat intelligence program
The Cyber Threat Intelligence Capability Maturity Model CTI-CMM helps organizations assess and improve their threat intelligence programs by outlining 11 key areas and specific missions where CTI can support decision-making. The model describes four levels of maturity, guiding teams from basic, a...
Microsoft Patch Tuesday for September 2025 – Snort rules and prominent vulnerabilities
Microsoft has released its monthly security update for September 2025, which includes 86 vulnerabilities affecting a range of products. In this month's release, Microsoft observed none of the included vulnerabilities being exploited in the wild. However, there are eight vulnerabilities where...