Lotus Blossom espionage group targets multiple industries with different...
Cisco Talos discovered multiple cyber espionage campaigns that target government, manufacturing, telecommunications and media, delivering Sagerunex and other hacking tools for post-compromise...
View ArticleSellers can get scammed too, and Joe goes off on a rant about imposter syndrome
Welcome to this week’s edition of the Threat Source newsletter. Hello again my friends! Geez, it’s been a year am I right? Lemons its February you say?! Oof. Imposter syndrome. You’ve heard the term...
View ArticleUnmasking the new persistent attacks on Japan
Cisco Talos discovered malicious activities conducted by an unknown attacker since as early as January 2025, predominantly targeting organizations in Japan. The attacker has exploited the...
View ArticleWho is Responsible and Does it Matter?
Welcome to this week’s edition of the Threat Source newsletter.At Talos we bat on behalf of our customers, protecting them against all manner of cyber threats that may affect them. The nature of the...
View ArticleMicrosoft Patch Tuesday for March 2025 — Snort rules and prominent...
Microsoft has released its monthly security update for March of 2025 which includes 57 vulnerabilities affecting a range of products, including 6 that Microsoft marked as “critical”. There are six...
View ArticleAbusing with style: Leveraging cascading style sheets for evasion and tracking
Cisco Talos has identified actors abusing Cascading Style Sheets (CSS) to 1) evade spam filters and detection engines, and 2) track users’ actions and preferences. This blog is a follow-up to our...
View ArticlePatch it up: Old vulnerabilities are everyone’s problems
Welcome to this week’s edition of the Threat Source newsletter.Let's pick up where we left off in my last newsletter. Please mark your calendars: The free support for Windows 10 will end on October 14,...
View ArticleMiniaudio and Adobe Acrobat Reader vulnerabilities
Cisco Talos’ Vulnerability Discovery & Research team recently disclosed a Miniaudio and three Adobe vulnerabilities. The vulnerabilities mentioned in this blog post have been patched by their...
View ArticleUAT-5918 targets critical infrastructure entities in Taiwan
By Jung soo An, Asheer Malhotra, Brandon White, and Vitor Ventura.Cisco Talos discovered a malicious campaign we track under the UAT-5918 umbrella that has been active since at least 2023. UAT-5918, a...
View ArticleTomorrow, and tomorrow, and tomorrow: Information security and the Baseball...
Welcome to this week’s edition of the Threat Source newsletter. “Tomorrow, and tomorrow, and tomorrow / Creeps in this petty pace from day to day / To the last syllable of recorded time.” -...
View ArticleMoney Laundering 101, and why Joe is worried
Welcome to this week’s edition of the Threat Source newsletter. Howdy friends! One of things I learned early on in cyber security is that crime does, in fact, pay. It can pay very well, actually. If it...
View ArticleGamaredon campaign abuses LNK files to distribute Remcos backdoor
Cisco Talos is actively tracking an ongoing campaign targeting users in Ukraine with malicious LNK files, which run a PowerShell downloader, since at least November 2024. The file names use Russian...
View ArticleAvailable now: 2024 Year in Review
Welcome to Cisco Talos’ 2024 Year in Review, available for download now. This report is powered by threat telemetry from over 46 million global devices across 193 countries and regions, amounting to...
View ArticleBeers with Talos: Year in Review episode
Joe, Hazel, Bill and Dave break down Talos' Year in Review 2024 and discuss how and why cybercriminals have been leaning so heavily on attacks that are routed in stealth in simplicity. The team also...
View ArticleOne mighty fine-looking report
Welcome to this week’s edition of the Threat Source newsletter. They say art is subjective, but have you ever seen a well-formatted bar chart? Van Gogh had Starry Night, but Talos’ 2024 Year in Review...
View Article