Lucene search
K
TalosblogRecent

2032 matches found

Talos Blog
Talos Blog
added 2025/05/22 10:0 a.m.38 views

UAT-6382 exploits Cityworks zero-day vulnerability to deliver malware

Cisco Talos has observed exploitation of CVE-2025-0994, a remote-code-execution vulnerability in Cityworks, a popular asset management system. The Cybersecurity and Infrastructure Security Agency CISA and Trimble have both released advisories pertaining to this vulnerability, with Trimble's...

9.8CVSS8.9AI score0.27426EPSS
Exploits1
Talos Blog
Talos Blog
added 2025/05/20 10:0 a.m.22 views

Duping Cloud Functions: An emerging serverless attack vector

Summary and background Google Cloud Platform GCP Cloud Functions are event-triggered, serverless functions that automatically scale and execute code in response to specific events like Hypertext Transfer Protocol HTTP requests or data changes. Tenable Research published an article discussing a...

8.1AI score
Exploits0
Talos Blog
Talos Blog
added 2025/05/15 6:1 p.m.16 views

Xoxo to Prague

Welcome to this week's edition of the Threat Source newsletter. I haven't been to Prague in a while, which is a pity. It's a wonderful city -- great people, amazing food. I've visited customers there, held team meetings at the local office shoutout to Petr! and spent some memorable summer days of...

7.6AI score
Exploits0
Talos Blog
Talos Blog
added 2025/05/13 8:38 p.m.28 views

Microsoft Patch Tuesday for May 2025 — Snort rules and prominent vulnerabilities

Microsoft has released its monthly security update for May of 2025 which includes 78 vulnerabilities affecting a range of products, including 11 that Microsoft marked as "critical". Microsoft noted five vulnerabilities that have been observed to be exploited in the wild. CVE-2025-30397 is a remot...

9.9CVSS9.5AI score0.57672EPSS
Exploits9
Talos Blog
Talos Blog
added 2025/05/13 10:0 a.m.16 views

Defining a new methodology for modeling and tracking compartmentalized threats

In the evolving cyberthreat landscape, Cisco Talos is witnessing a significant shift towards compartmentalized attack kill chains, where distinct stages -- such as initial compromise and subsequent exploitation -- are executed by multiple threat actors. This trend complicates traditional threat...

7.7AI score
Exploits0
Talos Blog
Talos Blog
added 2025/05/13 10:0 a.m.12 views

Redefining IABs: Impacts of compartmentalization on threat tracking and modeling

Cisco Talos has observed a growing trend of attack kill chains being split into two stages -- initial compromise and subsequent exploitation -- executed by separate threat actors. This compartmentalization increases the complexity and difficulty of performing threat modeling and actor profiling...

7.7AI score
Exploits0
Talos Blog
Talos Blog
added 2025/05/08 6:1 p.m.9 views

The IT help desk kindly requests you read this newsletter

Welcome to this week's edition of the Threat Source newsletter. Authority bias is one of the many things that shape how we think. Taking the advice of someone with recognized authority is often far easier and usually leads to a better outcome than spending time and effort in researching the...

7.5AI score
Exploits0
Talos Blog
Talos Blog
added 2025/05/08 10:0 a.m.8 views

Spam campaign targeting Brazil abuses Remote Monitoring and Management tools

Cisco Talos identified a spam campaign targeting Brazilian users with commercial remote monitoring and management RMM tools since at least January 2025. Talos observed the use of PDQ Connect and N-able remote access tools in this campaign. The spam message uses the Brazilian electronic invoice...

7.7AI score
Exploits0
Talos Blog
Talos Blog
added 2025/05/06 10:0 a.m.12 views

Proactive threat hunting with Talos IR

At Cisco Talos, we understand that effective cybersecurity isn't just about responding to incidents -- it's about preventing them from happening in the first place. One of the most powerful ways we do this is through proactive threat hunting. Our Talos Incident Response Talos IR team works closel...

7.3AI score
Exploits0
Talos Blog
Talos Blog
added 2025/05/01 6:1 p.m.16 views

Understanding the challenges of securing an NGO

Welcome to this week's edition of the Threat Source newsletter. Recently, I was invited to sit on a panel at the CIO4Good Conference here in Washington D.C., where I talked about incident response and cyber preparedness to a room full of CIOs who help lead wonderful missions to help others. I'm...

10CVSS7.4AI score0.99359EPSS
Exploits18
Talos Blog
Talos Blog
added 2025/05/01 10:0 a.m.13 views

State-of-the-art phishing: MFA bypass

Cybercriminals are bypassing multi-factor authentication MFA using adversary-in-the-middle AiTM attacks via reverse proxies, intercepting credentials and authentication cookies. The developers behind Phishing-as-a-Service PhaaS kits like Tycoon 2FA and Evilproxy have added features to make them...

7.3AI score
Exploits0
Talos Blog
Talos Blog
added 2025/04/29 9:47 a.m.14 views

Year in Review: AI based threats

2024 wasn't the year that AI rewrote the cybercrime playbook -- but it did turbocharge some of the old tricks. In Cisco Talos' 2024 Year in Review, with the help of our friends at Robust Intelligence now a Cisco company, we dissect how cybercriminals used generative AI to scale up social...

7.1AI score
Exploits0
Talos Blog
Talos Blog
added 2025/04/28 10:0 a.m.16 views

IR Trends Q1 2025: Phishing soars as identity-based attacks persist

Phishing attacks spiked this quarter as threat actors leveraged this method of initial access in half of all engagements, a vast increase from previous quarters. Conversely, the use of valid accounts for initial access was rarely seen this quarter, despite being the top observed method in 2024,...

8.3AI score
Exploits0
Talos Blog
Talos Blog
added 2025/04/24 6:0 p.m.13 views

Lessons from Ted Lasso for cybersecurity success

Welcome to this week's edition of the Threat Source newsletter. "Be curious, not judgmental," Ted Lasso says, misattributing Walt Whitman. We forgive Ted because... well, he's Ted Lasso. If you've not watched the first season of Ted Lasso, there is a defining moment where Ted confronts a nefariou...

7.8AI score
Exploits0
Talos Blog
Talos Blog
added 2025/04/23 10:0 a.m.31 views

Introducing ToyMaker, an initial access broker working in cahoots with double extortion gangs

In 2023, Cisco Talos discovered an extensive compromise in a critical infrastructure enterprise consisting of a combination of threat actors. From initial access to double extortion, these actors slowly and steadily compromised a multitude of hosts in the network using a combination of various...

8.1AI score
Exploits0
Talos Blog
Talos Blog
added 2025/04/22 10:3 a.m.13 views

Year in Review: Attacks on identity and MFA

For our third focussed topic for Talos' 2024 Year in Review, we tell the story of how identity has become the pivot point for adversarial campaigns. The main themes of this story are credential abuse, Active Directory attacks, and MFA workarounds. Valid account usage was the 1 way attackers got i...

7.3AI score
Exploits0
Talos Blog
Talos Blog
added 2025/04/17 6:1 p.m.7 views

Care what you share

Welcome to this week's edition of the Threat Source newsletter. As we navigate our daily routines, certain tasks become second nature to us, especially if they are integral to our professions. However, what feels instinctive to one person might be foreign to another. This disparity is akin to a...

7.3AI score
Exploits0
Talos Blog
Talos Blog
added 2025/04/17 10:0 a.m.16 views

Unmasking the new XorDDoS controller and infrastructure

Cisco Talos observed an existing distributed denial-of-service DDoS malware known as XorDDoS, continuing to spread globally between November 2023 and February 2025. A significant finding shows that over 70 percent of attacks using XorDDoS targeted the United States from Nov. 2023 to Feb. 2025. Th...

8.5AI score
Exploits0
Talos Blog
Talos Blog
added 2025/04/16 12:0 p.m.16 views

Eclipse and STMicroelectronics vulnerabilities

Cisco Talos' Vulnerability Discovery & Research team recently disclosed three vulnerabilities found in Eclipse ThreadX and four vulnerabilities in the STMicroelectronics fork of ThreadX called X-CUBE-AZRTOS. The vulnerabilities mentioned in this blog post have been patched by their respective...

7.1CVSS7.6AI score0.00989EPSS
Exploits7
Talos Blog
Talos Blog
added 2025/04/15 9:50 a.m.8 views

Year in Review: The biggest trends in ransomware

This week, our Year in Review spotlight is on ransomware --where low-profile tactics led to high-impact consequences. Ransomware operators often prioritized stealth over complexity for initial access. They also focused on slipping past defenses with minimal noise--uninstalling security tools,...

7.3AI score
Exploits0
Talos Blog
Talos Blog
added 2025/04/10 6:2 p.m.13 views

Threat actors thrive in chaos

Welcome to this week's edition of the Threat Source newsletter. If there's one thing that threat actors love, it's chaos. Headlines in the news that provoke an emotional response make excellent phishing lures because the intense feelings invoked by a provocative subject line cause our critical...

7.3AI score
Exploits0
Talos Blog
Talos Blog
added 2025/04/10 2:30 p.m.6 views

Unraveling the U.S. toll road smishing scams

Cisco Talos has observed a widespread and ongoing financial theft SMS phishing smishing campaign since October 2024 that targets toll road users in the United States of America. We observed that the campaign targets people across several states in the U.S. according to the domain names used in th...

7.5AI score
Exploits0
Talos Blog
Talos Blog
added 2025/04/08 6:53 p.m.24 views

Microsoft Patch Tuesday for April 2025 — Snort rules and prominent vulnerabilities

Microsoft has released its monthly security update for April of 2025 which includes 126 vulnerabilities affecting a range of products, including 11 that Microsoft marked as "critical". In this month's release, none of the included vulnerabilities have been observed by Microsoft to be exploited in...

8.8CVSS9.4AI score0.16014EPSS
Exploits2
Talos Blog
Talos Blog
added 2025/04/08 10:50 a.m.13 views

Year in Review: Key vulnerabilities, tools, and shifts in attacker email tactics

Over the next few weeks, we're breaking down the most critical sections of our 2024 Year in Review. This week, we examine the most frequently targeted vulnerabilities--particularly those affecting network infrastructure. We also detail a noticeable shift in adversary behavior, as threat actors mo...

7.2AI score
Exploits0
Talos Blog
Talos Blog
added 2025/04/07 1:51 p.m.12 views

Year in Review: In conversation with the report's authors

🎥 Talos Year in Review 2024: Part 1 & 2 - Watch Now! Another year, another mountain of malicious telemetry to sift through. I spoke with a few of Talos' Year in Review authors, freshly out of the sandbox, to discuss the how's and why's of our biggest findings. 👉 Part 1: The major theme of 2024, t...

7.3AI score
Exploits0
Talos Blog
Talos Blog
added 2025/04/03 6:3 p.m.11 views

One mighty fine-looking report

Welcome to this week's edition of the Threat Source newsletter. They say art is subjective, but have you ever seen a well-formatted bar chart? Van Gogh had Starry Night , but Talos' 2024 Year in Review available now! has color-coded data with perfect labels. True beauty. If you haven't yet had a...

7.1AI score
Exploits0
Talos Blog
Talos Blog
added 2025/03/31 11:0 a.m.6 views

Beers with Talos: Year in Review episode

Joe, Hazel, Bill and Dave break down Talos' Year in Review 2024 and discuss how and why cybercriminals have been leaning so heavily on attacks that are routed in stealth in simplicity. The team also provide insights into some of the topics of the report, including the top-targeted vulnerabilities...

7.8AI score
Exploits0
Talos Blog
Talos Blog
added 2025/03/31 9:53 a.m.10 views

Available now: 2024 Year in Review

Welcome to Cisco Talos' 2024 Year in Review, available for download now. This report is powered by threat telemetry from over 46 million global devices across 193 countries and regions, amounting to more than 886 billion security events per day. Explore key insights in topics including the top...

7.8AI score
Exploits0
Talos Blog
Talos Blog
added 2025/03/28 10:0 a.m.12 views

Gamaredon campaign abuses LNK files to distribute Remcos backdoor

Cisco Talos is actively tracking an ongoing campaign targeting users in Ukraine with malicious LNK files, which run a PowerShell downloader, since at least November 2024. The file names use Russian words related to the movement of troops in Ukraine as a lure. The PowerShell downloader contacts...

8AI score
Exploits0
Talos Blog
Talos Blog
added 2025/03/27 6:1 p.m.11 views

Money Laundering 101, and why Joe is worried

Welcome to this week's edition of the Threat Source newsletter. Howdy friends! One of things I learned early on in cyber security is that crime does, in fact, pay. It can pay very well, actually. If it didn't, we wouldn't have ransomware cartels raking in obscene amounts of money year after year...

7.1AI score
Exploits0
Talos Blog
Talos Blog
added 2025/03/20 6:0 p.m.7 views

Tomorrow, and tomorrow, and tomorrow: Information security and the Baseball Hall of Fame

Welcome to this week's edition of the Threat Source newsletter. "Tomorrow, and tomorrow, and tomorrow / Creeps in this petty pace from day to day / To the last syllable of recorded time." - Shakespeare's Macbeth "But I am very poorly today and very stupid and I hate everybody and everything. One...

6.6AI score
Exploits0
Talos Blog
Talos Blog
added 2025/03/20 10:0 a.m.14 views

UAT-5918 targets critical infrastructure entities in Taiwan

By Jung soo An, Asheer Malhotra, Brandon White, and Vitor Ventura. Cisco Talos discovered a malicious campaign we track under the UAT-5918 umbrella that has been active since at least 2023. UAT-5918, a threat actor believed to be motivated by establishing long-term access for information theft,...

8.3AI score
Exploits0
Talos Blog
Talos Blog
added 2025/03/13 6:23 p.m.20 views

Miniaudio and Adobe Acrobat Reader vulnerabilities

Cisco Talos' Vulnerability Discovery & Research team recently disclosed a Miniaudio and three Adobe vulnerabilities. The vulnerabilities mentioned in this blog post have been patched by their respective vendors, all in adherence to Cisco 's third-party vulnerability disclosure policy. For Snort...

7.8CVSS8.2AI score0.00671EPSS
Exploits1
Talos Blog
Talos Blog
added 2025/03/13 6:4 p.m.25 views

Patch it up: Old vulnerabilities are everyone’s problems

Welcome to this week's edition of the Threat Source newsletter. Let's pick up where we left off in my last newsletter. Please mark your calendars: The free support for Windows 10 will end on October 14, 2025. When a software loses vendor support, it no longer receives patches or updates. As...

9.8CVSS10AI score0.99987EPSS
Exploits64
Talos Blog
Talos Blog
added 2025/03/13 10:0 a.m.35 views

Abusing with style: Leveraging cascading style sheets for evasion and tracking

Cisco Talos has identified actors abusing Cascading Style Sheets CSS to 1 evade spam filters and detection engines, and 2 track users' actions and preferences. This blog is a follow-up to our previous report on how threat actors could abuse CSS using a technique called "hidden text salting" to...

6.8AI score
Exploits0
Talos Blog
Talos Blog
added 2025/03/11 9:55 p.m.32 views

Microsoft Patch Tuesday for March 2025 — Snort rules and prominent vulnerabilities

Microsoft has released its monthly security update for March of 2025 which includes 57 vulnerabilities affecting a range of products, including 6 that Microsoft marked as "critical". There are six vulnerabilities that Microsoft has observed being exploited in the wild. CVE-2025-26633 is a Remoted...

8.8CVSS9.6AI score0.31894EPSS
Exploits9
Talos Blog
Talos Blog
added 2025/03/06 7:3 p.m.7 views

Who is Responsible and Does it Matter?

Welcome to this week's edition of the Threat Source newsletter. At Talos we bat on behalf of our customers, protecting them against all manner of cyber threats that may affect them. The nature of the threat actor and their origin or affiliation makes no difference; if they are attacking or planni...

7.5AI score
Exploits0
Talos Blog
Talos Blog
added 2025/03/06 11:0 a.m.18 views

Unmasking the new persistent attacks on Japan

Cisco Talos discovered malicious activities conducted by an unknown attacker since as early as January 2025, predominantly targeting organizations in Japan. The attacker has exploited the vulnerability CVE-2024-4577, a remote code execution RCE flaw in the PHP-CGI implementation of PHP on Windows...

9.8CVSS8.5AI score0.99987EPSS
Exploits64
Talos Blog
Talos Blog
added 2025/02/27 7:3 p.m.8 views

Sellers can get scammed too, and Joe goes off on a rant about imposter syndrome

Welcome to this week's edition of the Threat Source newsletter. Hello again my friends! Geez, it's been a year am I right? Lemons its February you say?! Oof. Imposter syndrome. You've heard the term I'm sure, but what is it? Basically: imposter syndrome is the persistent feeling of self-doubt and...

6.8AI score
Exploits0
Talos Blog
Talos Blog
added 2025/02/27 11:0 a.m.11 views

Lotus Blossom espionage group targets multiple industries with different versions of Sagerunex and hacking tools

Cisco Talos discovered multiple cyber espionage campaigns that target government, manufacturing, telecommunications and media, delivering Sagerunex and other hacking tools for post-compromise activities. Talos attributes these attacks to the threat actor known as Lotus Blossom. Lotus Blossom has...

8AI score
Exploits0
Talos Blog
Talos Blog
added 2025/02/25 11:17 a.m.12 views

Your item has sold! Avoiding scams targeting online sellers

There are many risks associated with selling items on online marketplaces that individuals and organizations should be aware of when conducting business on these platforms. Many of the general recommendations related to the use of these platforms are tailored towards purchasing items; however,...

7AI score
Exploits0
Talos Blog
Talos Blog
added 2025/02/20 7:2 p.m.6 views

Efficiency? Security? When the quest for one grants neither.

Welcome to this week's edition of the Threat Source newsletter. Benjamin Franklin once said, "Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety." In much the same way, those who rush for efficiency without taking into account...

7.5AI score
Exploits0
Talos Blog
Talos Blog
added 2025/02/20 1:0 p.m.28 views

Weathering the storm: In the midst of a Typhoon

Summary Cisco Talos has been closely monitoring reports of widespread intrusion activity against several major U.S. telecommunications companies. The activity, initially reported in late 2024 and later confirmed by the U.S. government, is being carried out by a highly sophisticated threat actor...

10CVSS10AI score0.99571EPSS
Exploits30
Talos Blog
Talos Blog
added 2025/02/14 4:55 p.m.26 views

ClearML and Nvidia vulns

Cisco Talos' Vulnerability Discovery & Research team recently disclosed two vulnerabilities in ClearML and four vulnerabilities in Nvidia. The vulnerabilities mentioned in this blog post have been patched by their respective vendors, all in adherence to Cisco 's third-party vulnerability disclosu...

9CVSS7.7AI score0.00874EPSS
Exploits1
Talos Blog
Talos Blog
added 2025/02/13 7:5 p.m.9 views

Changing the narrative on pig butchering scams

Welcome to this week's edition of the Threat Source Newsletter. Love is in the air this week. Wait, is that love? Or is it some tech bro with a housing development company that would totally love to meet in person but can't this week emailing you about an investment opportunity in his...

6.5AI score
Exploits0
Talos Blog
Talos Blog
added 2025/02/11 7:24 p.m.23 views

Microsoft Patch Tuesday for February 2025 — Snort rules and prominent vulnerabilities

Microsoft has released its monthly security update for February of 2025 which includes 63 vulnerabilities affecting a range of products, including 4 that Microsoft marked as "critical" and one marked as "moderate." There are two notable "critical" vulnerabilities. The first is CVE-2025-21376, whi...

9CVSS9.4AI score0.29778EPSS
Exploits0
Talos Blog
Talos Blog
added 2025/02/10 1:30 p.m.10 views

Small praise for modern compilers - A case of Ubuntu printing vulnerability that wasn’t

By Aleksandar Nikolich Earlier this year, we conducted code audits of the macOS printing subsystem, which is heavily based on the open-source CUPS package. During this investigation, IPP-USB protocol caught our attention. IPP over USB specification defines how printers that are available over USB...

8.3AI score
Exploits0
Talos Blog
Talos Blog
added 2025/02/06 7:3 p.m.12 views

Changing the tide: Reflections on threat data from 2024

"Enough Ripples, And You Change The Tide. For The Future Is Never Truly Set." X-Men: Days of Future Past In January, I dedicated some time to examine threat data from 2024, comparing it with the previous years to identify anomalies, spikes, and changes. As anticipated, the number of Common...

7.3AI score
Exploits0
Talos Blog
Talos Blog
added 2025/02/06 11:0 a.m.16 views

Google Cloud Platform Data Destruction via Cloud Build

Background & Public Research Google Cloud Platform GCP Cloud Build is a Continuous Integration/Continuous Deployment CI/CD service offered by Google that is utilized to automate the building, testing and deployment of applications. Orca Security published an article describing certain aspects of...

7.4AI score
Exploits0
Talos Blog
Talos Blog
added 2025/01/30 7:5 p.m.7 views

Defeating Future Threats Starts Today

Welcome to this week's edition of the Threat Source newsletter. You don't need me to tell you that security is constantly changing and that more change is on its way. The enthusiastic adoption of new AI systems will inevitably lead to more demands on cybersecurity teams. Not only will these syste...

7.5AI score
Exploits0
Total number of security vulnerabilities2032