Cisco Talos Blog

Featured

Introducing ToyMaker, an initial access broker working in cahoots with double extortion gangs

Cisco Talos discovered a sophisticated attack on critical infrastructure by ToyMaker and Cactus, using the LAGTOY backdoor to orchestrate a relentless double extortion scheme.

April 24, 2025 14:00

Lessons from Ted Lasso for cybersecurity success

In this edition, Bill explores how intellectual curiosity drives success in cybersecurity, shares insights on the IAB ToyMaker’s tactics, and covers the top security headlines you need to know.

April 22, 2025 06:03

Year in Review: Attacks on identity and MFA

For the third topic for Talos' 2024 Year in Review, we tell the story of how identity has become the pivot point for adversarial campaigns.

April 17, 2025 06:00

Unmasking the new XorDDoS controller and infrastructure

Cisco Talos observed the ongoing global spread of the XorDDoS malware, predominantly targeting the United States, with evidence suggesting Chinese-speaking operators are using sophisticated tools to orchestrate widespread attacks.

Recent
April 17, 2025 14:01

Care what you share

In this week’s newsletter, Thorsten muses on how search engines and AI quietly gather your data while trying to influence your buying choices. Explore privacy-friendly alternatives and get the scoop on why it's important to question the platforms you interact with online.

April 16, 2025 08:00

Eclipse and STMicroelectronics vulnerabilities

Cisco Talos’ Vulnerability Discovery & Research team recently disclosed three vulnerabilities found in Eclipse ThreadX and four vulnerabilities in the STMicroelectronics fork of ThreadX called X-CUBE-AZRTOS.    The vulnerabilities mentioned in this blog post have been patche

April 15, 2025 05:50

Year in Review: The biggest trends in ransomware

This week, our Year in Review spotlight is on ransomware—where low-profile tactics led to high-impact consequences. Download our 2 page ransomware summary, or watch our 55 second video.

April 10, 2025 14:02

Threat actors thrive in chaos

Martin delves into how threat actors exploit chaos, offering insights from Talos' 2024 Year in Review on how to fortify defenses against evolving email lures and frequently targeted vulnerabilities, even amidst economic disruption.

April 10, 2025 10:30

Unraveling the U.S. toll road smishing scams

Cisco Talos has observed a widespread and ongoing financial theft SMS phishing (smishing) campaign since October 2024 that targets toll road users in the United States of America.