Lucene search
K
TalosblogRecent

2032 matches found

Talos Blog
Talos Blog
added 2025/09/08 10:0 a.m.10 views

Stopping ransomware before it starts: Lessons from Cisco Talos Incident Response

Over the past two and a half years January 2023 through June 2025, Cisco Talos Incident Response Talos IR has responded to numerous engagements that we classified as pre-ransomware incidents. Talos looked back to analyze what key security measures were credited with deterring ransomware deploymen...

8.1AI score
Exploits0
Talos Blog
Talos Blog
added 2025/09/04 6:2 p.m.8 views

From summer camp to grind season

Welcome to this week's edition of the Threat Source newsletter. This is the way the world ends This is the way the world ends This is the way the world ends Not with a bang but a whimper. - T.S. Eliot So this is how Summer Camp 2025 ends, not with a bang but a whimper. We've put the summer behind...

5.4CVSS6.7AI score0.04116EPSS
Exploits1
Talos Blog
Talos Blog
added 2025/08/28 6:0 p.m.5 views

Link up, lift up, level up

Welcome to this week's edition of the Threat Source newsletter. As summer retreats into the rear-view mirror, I'd like to take a moment to reflect on one of my favorite things about the cybersecurity profession: the community. Earlier this month, I attended Black Hat USA 2025 and DEF CON 33 in...

8CVSS7AI score0.02775EPSS
Exploits9
Talos Blog
Talos Blog
added 2025/08/27 6:7 p.m.8 views

Libbiosig, Tenda, SAIL, PDF XChange, Foxit vulnerabilities

Cisco Talos' Vulnerability Discovery & Research team recently disclosed ten vulnerabilities in BioSig Libbiosig, nine in Tenda AC6 Router, eight in SAIL, two in PDF-XChange Editor, and one in a Foxit PDF Reader. The vulnerabilities mentioned in this blog post have been patched by their respective...

9.8CVSS9.6AI score0.01985EPSS
Exploits21
Talos Blog
Talos Blog
added 2025/08/21 6:0 p.m.6 views

Cherry pie, Douglas firs and the last trip of the summer

Welcome to this week's edition of the Threat Source newsletter. Diane, 2:01 p.m., August 21st. I've just returned from a remarkable journey through Seattle and the misty roads of the Olympic Peninsula. If you ever find yourself driving beneath those towering Douglas firs or dragged by your partne...

10CVSS9.8AI score0.9951EPSS
Exploits2
Talos Blog
Talos Blog
added 2025/08/20 1:0 p.m.6 views

Russian state-sponsored espionage group Static Tundra compromises unpatched end-of-life network devices

Static Tundra is a Russian state-sponsored cyber espionage group linked to the FSB's Center 16 unit that has been operating for over a decade, specializing in compromising network devices for long-term intelligence gathering operations. The group actively exploits a seven-year-old vulnerability...

10CVSS10AI score0.9951EPSS
Exploits2
Talos Blog
Talos Blog
added 2025/08/19 10:0 a.m.11 views

Ransomware incidents in Japan during the first half of 2025

In the first half of 2025, the number of ransomware attacks in Japan increased by approximately 1.4 times compared to the previous year. Ransomware attackers continue to primarily target small and medium-sized enterprises in Japan. The most affected industry remains manufacturing, unchanged from...

7.9AI score
Exploits0
Talos Blog
Talos Blog
added 2025/08/19 10:0 a.m.8 views

JJ Cummings: The art of controlling information

Welcome to the second episode of Humans of Talos, our ongoing video interview series that celebrates the people powering Cisco's threat intelligence efforts. In each episode, we dive deep into the personal journeys, motivations and lessons learned from the team members who help keep the internet...

7AI score
Exploits0
Talos Blog
Talos Blog
added 2025/08/15 10:0 a.m.21 views

UAT-7237 targets Taiwanese web hosting infrastructure

Cisco Talos discovered UAT-7237, a Chinese-speaking advanced persistent threat APT group active since at least 2022, which has significant overlaps with UAT-5918. UAT-7237 conducted a recent intrusion targeting web infrastructure entities within Taiwan and relies heavily on the use of open-source...

8.7AI score
Exploits0
Talos Blog
Talos Blog
added 2025/08/14 6:0 p.m.10 views

What happened in Vegas (that you actually want to know about)

Welcome to this week's edition of the Threat Source newsletter. Last week I flew 5,000 miles to Las Vegas for Black Hat USA. After navigating the casino carpet labyrinth and finding the only venue in Nevada that serves a proper English breakfast tea with milk lifesaver, I've decided Black Hat fee...

9.8CVSS7.3AI score0.09756EPSS
Exploits4
Talos Blog
Talos Blog
added 2025/08/12 8:0 p.m.17 views

Malvertising campaign leads to PS1Bot, a multi-stage malware framework

Cisco Talos has observed an ongoing malware campaign that seeks to infect victims with a multi-stage malware framework, implemented in PowerShell and C, which we are referring to as "PS1Bot." PS1Bot features a modular design, with several modules delivered used to perform a variety of malicious...

7.1AI score
Exploits0
Talos Blog
Talos Blog
added 2025/08/12 7:39 p.m.20 views

Microsoft Patch Tuesday for August 2025 — Snort rules and prominent vulnerabilities

Microsoft has released its monthly security update for August 2025, which includes 111 vulnerabilities affecting a range of products, including 13 that Microsoft marked as "critical". In this month's release, Microsoft observed none of the included vulnerabilities being actively exploited in the...

10CVSS9.3AI score0.36074EPSS
Exploits7
Talos Blog
Talos Blog
added 2025/08/09 1:0 p.m.5 views

ReVault! When your SoC turns against you… deep dive edition

For a high-level overview of this research, you can refer to our Vulnerability Spotlight. This is the in-depth version that shares many more technical details. In this post, we'll be covering the entire research process as well as providing technical explanations of the exploits behind the attack...

8.8CVSS8.2AI score0.02226EPSS
Exploits0
Talos Blog
Talos Blog
added 2025/08/07 6:0 p.m.4 views

AI wrote my code and all I got was this broken prototype

Welcome to this week's edition of the Threat Source newsletter. Vulnerabilities within software are a persistent challenge. Software engineers inadvertently tend to make the same mistakes repeatedly, with the same entries appearing in the annual top 25 list of Common Weakness Enumerations each...

7.2AI score
Exploits0
Talos Blog
Talos Blog
added 2025/08/06 12:0 p.m.6 views

WWBN, MedDream, Eclipse vulnerabilities

Cisco Talos' Vulnerability Discovery & Research team recently disclosed seven vulnerabilities in WWBN AVideo, four in MedDream, and one in an Eclipse ThreadX module. The vulnerabilities mentioned in this blog post have been patched by their respective vendors, all in adherence to Cisco 's...

9.8CVSS7.6AI score0.05304EPSS
Exploits11
Talos Blog
Talos Blog
added 2025/08/05 1:0 p.m.8 views

ReVault! When your SoC turns against you…

Talos reported 5 vulnerabilities to Broadcom and Dell affecting both the ControlVault3 Firmware and its associated Windows APIs that we are calling "ReVault". 100+ models of Dell Laptops are affected by this vulnerability if left unpatched. The ReVault attack can be used as a post-compromise...

8.8CVSS7.3AI score0.02226EPSS
Exploits0
Talos Blog
Talos Blog
added 2025/08/04 4:0 p.m.5 views

Backdoors & Breaches: How Talos is helping humanitarian aid NGOs prepare for cyber attacks

In 2023, Talos collaborated with NetHope and Cisco Crisis Response to create a customized Backdoors & Breaches expansion deck for international humanitarian organizations, addressing their unique cybersecurity challenges. The new expansion deck helps NGOs with constrained budgets improve proactiv...

6.9AI score
Exploits0
Talos Blog
Talos Blog
added 2025/07/31 6:0 p.m.7 views

The Booker Prize Longlist and Hacker Summer Camp

Welcome to this week's edition of the Threat Source newsletter. This week the Booker Prize Longlist was released and it featured several books I've read this year a couple that are on my TBR To Be Read, a couple that I had not heard of, and a couple that make me scratch my head and question why...

7AI score
Exploits0
Talos Blog
Talos Blog
added 2025/07/31 10:0 a.m.12 views

Using LLMs as a reverse engineering sidekick

This research explores how large language models LLMs can complement, rather than replace, the efforts of malware analysts in the complex field of reverse engineering. LLMs may serve as powerful assistants to streamline workflows, enhance efficiency, and provide actionable insights during malware...

7.6AI score
Exploits0
Talos Blog
Talos Blog
added 2025/07/31 10:0 a.m.8 views

IR Trends Q2 2025: Phishing attacks persist as actors leverage compromised valid accounts to enhance legitimacy

Phishing remained the top method of initial access this quarter, appearing in a third of all engagements - a decrease from 50 percent last quarter. Threat actors largely leveraged compromised internal or trusted business partner email accounts to deploy malicious emails, bypassing security contro...

8.4AI score
Exploits0
Talos Blog
Talos Blog
added 2025/07/30 10:0 a.m.16 views

Cisco Talos at Black Hat 2025: Briefings, booth talks and what to expect

Cisco Talos is back at Black Hat with new research, threat detection overviews and opportunities to connect with our team. Whether you're interested in what we're seeing in the threat landscape, detection engineering or real-world incident response, here's where and how to find us: Visit us at th...

7.2AI score
Exploits0
Talos Blog
Talos Blog
added 2025/07/29 10:0 a.m.5 views

Insights from Talos IR: Navigating NIS2 technical implementation

When the NIS2 Directive arrived in 2023, organizations across Europe began preparing for enhanced cybersecurity requirements. Many focused on obligations such as rapid incident notifications and comprehensive security policies. However, while the directive provided the "what," it left the "how"...

7.3AI score
Exploits0
Talos Blog
Talos Blog
added 2025/07/24 6:0 p.m.15 views

BRB, pausing for a "Sanctuary Moon" marathon

Welcome to this week's edition of the Threat Source newsletter. Yesterday, Cisco Talos debuted the first Humans of Talos episode, where I interviewed Hazel Burton, a face and voice you're probably familiar with. In our conversation, Hazel shared not just the story of how she found her way onto th...

9.8CVSS8.9AI score0.99982EPSS
Exploits41
Talos Blog
Talos Blog
added 2025/07/24 2:3 p.m.10 views

Bloomberg Comdb2 null pointer dereference and denial-of-service vulnerabilities

Cisco Talos' Vulnerability Discovery & Research team recently disclosed five vulnerabilities in Bloomberg Comdb2. Comdb2 is an open source, high-availability database developed by Bloomberg. It supports features such as clustering, transactions, snapshots, and isolation. The implementation of the...

7.5CVSS6.7AI score0.00908EPSS
Exploits5
Talos Blog
Talos Blog
added 2025/07/24 10:0 a.m.15 views

Unmasking the new Chaos RaaS group attacks

Cisco Talos Incident Response Talos IR recently observed attacks by Chaos, a relatively new ransomware-as-a-service RaaS group conducting big-game hunting and double extortion attacks. Chaos RaaS actors initiated low-effort spam flooding, escalating to voice-based social engineering for access,...

7.5AI score
Exploits0
Talos Blog
Talos Blog
added 2025/07/23 10:0 a.m.6 views

Meet Hazel Burton

Welcome to the first episode of Humans of Talos, a new video interview series that shines a spotlight on team members across Talos. Featuring their personal stories, career journeys and unique perspectives, you'll get an inside look into what it's like to work in our organization and the people w...

7.1AI score
Exploits0
Talos Blog
Talos Blog
added 2025/07/21 8:33 p.m.15 views

ToolShell: Details of CVEs affecting SharePoint servers

Update 2025/07/22: Microsoft has released a security update for Sharepoint Enterprise Server 2016. The update, with the ID KB5002760, is available in the following link . Cisco Talos is aware of the ongoing exploitation of CVE-2025-53770 and CVE-2025-53771 in the wild. These are path traversal...

9.8CVSS9.8AI score0.99982EPSS
Exploits41
Talos Blog
Talos Blog
added 2025/07/17 6:0 p.m.10 views

This is your sign to step away from the keyboard

Welcome to this week's edition of the Threat Source newsletter. Burnout is a real issue for people in cybersecurity. We protect the systems that allow modern life to function. Our hours are long, our sense of responsibility real and occasionally heavy. Everyone notices when we have a bad day and ...

9.8CVSS7.8AI score0.9671EPSS
Exploits18
Talos Blog
Talos Blog
added 2025/07/17 10:0 a.m.7 views

MaaS operation using Emmenhtal and Amadey linked to threats against Ukrainian entities

In April 2025 Cisco Talos identified a Malware-as-a-Service MaaS operation that utilized Amadey to deliver payloads. The MaaS operators used fake GitHub accounts to host payloads, tools and Amadey plug-ins, likely as an attempt to bypass web filtering and for ease of use. Several operator tactics...

7.6AI score
Exploits0
Talos Blog
Talos Blog
added 2025/07/16 10:0 a.m.7 views

Talos IR ransomware engagements and the significance of timeliness in incident response

Cisco Talos routinely responds to ransomware engagements where the impact could have been mitigated or wholly prevented if the victim organization had initiated remediation efforts earlier in the attack lifecycle. The significance of early intervention in ransomware attacks is particularly...

9.1CVSS9.3AI score0.95151EPSS
Exploits2
Talos Blog
Talos Blog
added 2025/07/10 6:0 p.m.9 views

Patch, track, repeat

Welcome to this week's edition of the Threat Source newsletter. We've made it halfway through 2025 already! It's been a while since I last wrote about CVEs and how free support for Windows 10 will end on October 14, 2025, leaving you with no more security fixes. While the CVE system remains the...

8AI score
Exploits0
Talos Blog
Talos Blog
added 2025/07/10 3:24 p.m.10 views

Asus and Adobe vulnerabilities

Cisco Talos' Vulnerability Discovery & Research team recently disclosed two vulnerabilities each in Asus Armoury Crate and Adobe Acrobat products. The vulnerabilities mentioned in this blog post have been patched by their respective vendors, all in adherence to Cisco 's third-party vulnerability...

8.4CVSS9.2AI score0.00508EPSS
Exploits0
Talos Blog
Talos Blog
added 2025/07/08 8:29 p.m.11 views

Microsoft Patch Tuesday for July 2025 — Snort rules and prominent vulnerabilities

Microsoft has released its monthly security update for July 2025, which includes 132 vulnerabilities affecting a range of products, including 14 that Microsoft marked as "critical." In this month's release, Microsoft observed none of the included vulnerabilities being actively exploited in the...

9.8CVSS9.8AI score0.99907EPSS
Exploits8
Talos Blog
Talos Blog
added 2025/07/03 6:0 p.m.4 views

A message from Bruce the mechanical shark

Welcome to this week's edition of the Threat Source newsletter. Hi, I'm Bruce, the 25-foot mechanical star of "Jaws." This summer marks 50 years since my 4 minutes of screentime kept people out of the water for decades. Maybe this Fourth of July weekend you're planning to sea-shanty your way to a...

7AI score
Exploits0
Talos Blog
Talos Blog
added 2025/07/02 10:0 a.m.9 views

PDFs: Portable documents, or perfect deliveries for phish?

Cisco recently developed and released an update to its brand impersonation detection engine for emails. This new update enhances detection coverage and includes a wider range of brands that are delivered using PDF payloads or attachments. A significant portion of email threats with PDF payloads...

6.5AI score
Exploits0
Talos Blog
Talos Blog
added 2025/06/26 6:0 p.m.6 views

Getting a career in cybersecurity isn’t easy, but this can help

Welcome to this week's edition of the Threat Source newsletter. Happy summer, friends! I hope everyone is staying cool and/or warm. I am fresh back from an exhaustive but great time in San Diego at Cisco Live U.S. It was so good to see colleagues, meet new friends and pet many therapy dogs in the...

7.5AI score
Exploits0
Talos Blog
Talos Blog
added 2025/06/26 10:0 a.m.10 views

Decrement by one to rule them all: AsIO3.sys driver exploitation

Introduction Armoury Crate and AI Suite are applications used to manage and monitor ASUS motherboards and related components such as the processor, RAM or the increasingly popular RGB lighting. These types of applications often install drivers in the system, which are necessary for direct...

8.4CVSS8.5AI score0.00508EPSS
Exploits0
Talos Blog
Talos Blog
added 2025/06/25 10:0 a.m.15 views

Cybercriminal abuse of large language models

Cybercriminals are continuing to explore artificial intelligence AI technologies such as large language models LLMs to aid in their criminal hacking activities. Some cybercriminals have resorted to using uncensored LLMs or even custom-built criminal LLMs for illicit purposes. Advertised features ...

7.9AI score
Exploits0
Talos Blog
Talos Blog
added 2025/06/18 6:0 p.m.7 views

A week with a "smart" car

Welcome to this week's edition of the Threat Source newsletter. June 9 was Whit Monday -- a bank holiday here in Germany -- so I decided to take the whole week off. It turned out to be the perfect opportunity to try out a brand new car. Little did I know, I was about to get a crash course in mode...

8.4AI score
Exploits0
Talos Blog
Talos Blog
added 2025/06/18 10:9 a.m.6 views

When legitimate tools go rogue

Late one Tuesday night, Elena's phone buzzed with an alert from her company's SIEM. Her team had set up a rule to flag when certain system tools -- whoami, nltest and nslookup--were run one after another in quick succession. That exact pattern had just triggered on a computer in the Finance...

8.1AI score
Exploits0
Talos Blog
Talos Blog
added 2025/06/18 10:0 a.m.25 views

Famous Chollima deploying Python version of GolangGhost RAT

In May 2025, Cisco Talos identified a Python-based remote access trojan RAT we call "PylangGhost," used exclusively by a North Korean-aligned threat actor. PylangGhost is functionally similar to the previously documented GolangGhost RAT, sharing many of the same capabilities. In recent campaigns,...

7.7AI score
Exploits0
Talos Blog
Talos Blog
added 2025/06/12 6:1 p.m.8 views

Know thyself, know thy environment

Welcome to this week's edition of the Threat Source newsletter. This week, I'm coming to you from Cisco Live in San Diego where I've just talked to a room that some of you may have been in, so writing this feels a bit surreal. It's really hard to try and write a cogent newsletter with all that's...

8.1AI score
Exploits0
Talos Blog
Talos Blog
added 2025/06/11 1:47 p.m.17 views

catdoc zero-day, NVIDIA, High-Logic FontCreator and Parallel vulnerabilities

Cisco Talos' Vulnerability Discovery & Research team recently disclosed three zero-day vulnerabilities in catdoc, as well as vulnerabilities in Parallel, NVIDIA and High-Logic FontCreator 15. The vulnerabilities mentioned in this blog post have been patched by their respective vendors, in adheren...

8.8CVSS8.2AI score0.01679EPSS
Exploits9
Talos Blog
Talos Blog
added 2025/06/10 9:45 p.m.17 views

Microsoft Patch Tuesday for June 2025 — Snort rules and prominent vulnerabilities

Update 6/12/2025: Microsoft released an additional CVE CVE-2025-32717 . Details and SIDs have been reflected to include this additional vulnerability. Microsoft has released its monthly security update for June 2025, which includes 66 vulnerabilities affecting a range of products, including 10 th...

9.8CVSS9.8AI score0.13548EPSS
Exploits2
Talos Blog
Talos Blog
added 2025/06/05 6:0 p.m.11 views

Everyone's on the cyber target list

Welcome to this week's edition of the Threat Source newsletter. I've discovered that being a rent guarantor for someone is an involved experience. While I'm glad that I can help out a loved one secure a better rental property, the process of verifying my identity and ability to cover any missed...

8.8CVSS9AI score0.06463EPSS
Exploits3
Talos Blog
Talos Blog
added 2025/06/05 10:0 a.m.19 views

Newly identified wiper malware “PathWiper” targets critical infrastructure in Ukraine

Cisco Talos observed a destructive attack on a critical infrastructure entity within Ukraine, using a previously unknown wiper we are calling "PathWiper". The attack was instrumented via a legitimate endpoint administration framework, indicating that the attackers likely had access to the...

7.6AI score
Exploits0
Talos Blog
Talos Blog
added 2025/05/29 6:0 p.m.5 views

A new author has appeared

Welcome to this week's edition of the Threat Source newsletter. In the words of Game Changer host Sam Reich, "And your host, me! I've been here the whole time!" Okay, maybe it's not the whole time, but for the past three months, I've been settling into my role here at Cisco Talos. Editing blogs,...

6.4AI score
Exploits0
Talos Blog
Talos Blog
added 2025/05/29 10:0 a.m.15 views

Cybercriminals camouflaging threats as AI tool installers

Cisco Talos has discovered new threats, including the ransomware CyberLock, LuckyGh0$t, and a newly-discovered malware we call "Numero," all of which masquerade as legitimate AI tool installers. CyberLock ransomware, developed using PowerShell, primarily focuses on encrypting specific files on th...

7.4AI score
Exploits0
Talos Blog
Talos Blog
added 2025/05/23 10:0 a.m.10 views

Scarcity signals: Are rare activities red flags?

By Darin Smith and John Arneson Cisco Talos reviewed six months of network connection telemetry logs spanning June 1, 2024 - Dec. 31, 2024, containing 3,220,829 log events and 742 unique base domains, to explore if domains that PowerShell rarely contacts are more likely to be malicious. Key...

7.5AI score
Exploits0
Talos Blog
Talos Blog
added 2025/05/22 6:0 p.m.13 views

Ghosted by a cybercriminal

Welcome to this week's edition of the Threat Source newsletter. Talos recently published research into how threat actors are increasingly teaming up across the attack chain. Each group handles a slice of the operation, passing the breach along like a relay baton. It's a concerning trend -- one th...

8.8CVSS9.2AI score0.27426EPSS
Exploits0
Total number of security vulnerabilities2032