Cisco Talos Blog

Featured

Available now: 2024 Year in Review

Download Talos' 2024 Year in Review now, and access key insights on the top targeted vulnerabilities of the year, network-based attacks, email threats, adversary toolsets, identity attacks, multi-factor authentication (MFA) abuse, ransomware and AI-based attacks.

March 28, 2025 06:00

Gamaredon campaign abuses LNK files to distribute Remcos backdoor

Cisco Talos is actively tracking an ongoing campaign, targeting users in Ukraine with malicious LNK files which run a PowerShell downloader since at least November 2024.

March 27, 2025 14:01

Money Laundering 101, and why Joe is worried

In this blog post, Joe covers the very basics of money laundering, how it facilitates ransomware cartels, and what the regulatory future holds for cybercrime.

March 20, 2025 06:00

UAT-5918 targets critical infrastructure entities in Taiwan

UAT-5918, a threat actor believed to be motivated by establishing long-term access for information theft, uses a combination of web shells and open-sourced tooling to conduct post-compromise activities to establish persistence in victim environments for information theft and credential harvesting.

Recent
March 20, 2025 14:00

Tomorrow, and tomorrow, and tomorrow: Information security and the Baseball Hall of Fame

In this week’s Threat Source newsletter, William pitches a fun comparison between baseball legend Ichiro Suzuki and the unsung heroes of information security, highlights newly released UAT-5918 research, and shares an exciting new Talos video.

March 13, 2025 14:23

Miniaudio and Adobe Acrobat Reader vulnerabilities

Cisco Talos’ Vulnerability Discovery & Research team recently disclosed a Miniaudio and three Adobe vulnerabilities.   The vulnerabilities mentioned in this blog post have been patched by their respective vendors, all in adherence to Cisco’s third-party vulnerability disclos

March 13, 2025 14:04

Patch it up: Old vulnerabilities are everyone’s problems

Thorsten picks apart some headlines, highlights Talos’ report on an unknown attacker predominantly targeting Japan, and asks, “Where is the victim, and does it matter?”

March 13, 2025 06:00

Abusing with style: Leveraging cascading style sheets for evasion and tracking

Cascading Style Sheets (CSS) are ever present in modern day web browsing, however its far from their own use. This blog will detail the ways adversaries use CSS in email campaigns for evasion and tracking.