Clik here to view.
Slew of WavLink vulnerabilities
Lilith >_> of Cisco Talos discovered these vulnerabilities. Forty-four vulnerabilities and sixty-three CVEs were discovered across ten .cgi and three .sh files, as well as the static login page,...
View ArticleClik here to view.
Find the helpers
Welcome to this week’s edition of the Threat Source newsletter. “When I was a boy and I would see scary things in the news, my mother would say to me, ‘Look for the helpers. You will always find people...
View ArticleClik here to view.
Everything is connected to security
Welcome to this week’s edition of the Threat Source newsletter.Hello friends! Joe here again! I have just returned from the frozen northern tundra of Fargo, North Dakota. This was my first real visit...
View ArticleClik here to view.
Seasoning email threats with hidden text salting
Cisco Talos observed an increase in the number of email threats leveraging hidden text salting (also known as "poisoning") in the second half of 2024.Hidden text salting is a simple yet effective...
View ArticleClik here to view.
New TorNet backdoor seen in widespread campaign
Cisco Talos discovered an ongoing malicious campaign operated by a financially motivated threat actor since as early as July 2024 targeting users, predominantly in Poland and Germany, based on the...
View ArticleClik here to view.
Whatsup Gold, Observium and Offis vulnerabilities
Cisco Talos’ Vulnerability Research team recently disclosed three vulnerabilities in Observium, three vulnerabilities in Offis, and four vulnerabilities in Whatsup Gold. These vulnerabilities exist...
View ArticleClik here to view.
Talos IR trends Q4 2024: Web shell usage and exploitation of public-facing...
Threat actors increasingly deployed web shells against vulnerable web applications and primarily exploited vulnerable or unpatched public-facing applications to gain initial access in Q4, a notable...
View ArticleClik here to view.
Defeating Future Threats Starts Today
Welcome to this week’s edition of the Threat Source newsletter. You don’t need me to tell you that security is constantly changing and that more change is on its way. The enthusiastic adoption of new...
View ArticleClik here to view.
Google Cloud Platform Data Destruction via Cloud Build
Background & Public ResearchGoogle Cloud Platform (GCP) Cloud Build is a Continuous Integration/Continuous Deployment (CI/CD) service offered by Google that is utilized to automate the building,...
View ArticleClik here to view.
Changing the tide: Reflections on threat data from 2024
“Enough Ripples, And You Change The Tide. For The Future Is Never Truly Set.” X-Men: Days of Future PastIn January, I dedicated some time to examine threat data from 2024, comparing it with the...
View ArticleClik here to view.
Small praise for modern compilers - A case of Ubuntu printing vulnerability...
By Aleksandar NikolichEarlier this year, we conducted code audits of the macOS printing subsystem, which is heavily based on the open-source CUPS package. During this investigation, IPP-USB protocol...
View ArticleClik here to view.
Microsoft Patch Tuesday for February 2025 — Snort rules and prominent...
Microsoft has released its monthly security update for February of 2025 which includes 63 vulnerabilities affecting a range of products, including 4 that Microsoft marked as “critical” and one marked...
View ArticleClik here to view.
Changing the narrative on pig butchering scams
Welcome to this week’s edition of the Threat Source Newsletter.Love is in the air this week. Wait, is that love? Or is it some tech bro with a housing development company (that would totally love to...
View ArticleClik here to view.
ClearML and Nvidia vulns
Cisco Talos’ Vulnerability Discovery & Research team recently disclosed two vulnerabilities in ClearML and four vulnerabilities in Nvidia. The vulnerabilities mentioned in this blog post have been...
View ArticleClik here to view.
Weathering the storm: In the midst of a Typhoon
SummaryCisco Talos has been closely monitoring reports of widespread intrusion activity against several major U.S. telecommunications companies. The activity, initially reported in late 2024 and later...
View ArticleClik here to view.
Efficiency? Security? When the quest for one grants neither.
Welcome to this week’s edition of the Threat Source newsletter. Benjamin Franklin once said, "Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty...
View ArticleClik here to view.
Your item has sold! Avoiding scams targeting online sellers
There are many risks associated with selling items on online marketplaces that individuals and organizations should be aware of when conducting business on these platforms. Many of the general...
View ArticleClik here to view.
Lotus Blossom espionage group targets multiple industries with different...
Cisco Talos discovered multiple cyber espionage campaigns that target government, manufacturing, telecommunications and media, delivering Sagerunex and other hacking tools for post-compromise...
View ArticleClik here to view.
Sellers can get scammed too, and Joe goes off on a rant about imposter syndrome
Welcome to this week’s edition of the Threat Source newsletter. Hello again my friends! Geez, it’s been a year am I right? Lemons its February you say?! Oof. Imposter syndrome. You’ve heard the term...
View ArticleClik here to view.
Unmasking the new persistent attacks on Japan
Cisco Talos discovered malicious activities conducted by an unknown attacker since as early as January 2025, predominantly targeting organizations in Japan. The attacker has exploited the...
View Article