Cisco Talos Intelligence Blog


New Horabot campaign targets the Americas

Cisco Talos has observed a threat actor deploying a previously unidentified botnet program Talos is calling “Horabot,” which delivers a known banking trojan and spam tool onto victim machines in a campaign that has been ongoing since at least November 2020.

June 1, 2023 14:06

Legislation alone isn’t enough to stop spyware

The latest on a newly discovered phishing botnet and the latest headlines regarding how countries use spyware.

May 26, 2023 08:05

What is a web shell?

What are web shells? And why are attackers increasingly using them in their campaigns? We break it down in this blog.

May 25, 2023 08:05

Mercenary mayhem: A technical analysis of Intellexa's PREDATOR spyware

Commercial spyware use is on the rise, with actors leveraging these sophisticated tools to conduct surveillance operations against a growing number of targets. Cisco Talos has new details of a commercial spyware product sold by the spyware firm Intellexa (formerly known as Cytrox).

May 26, 2023 17:05

Threat Roundup for May 19 to May 26

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between May 19 and May 26. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral

May 26, 2023 15:05

Memory corruption vulnerability in Mitsubishi PLC could lead to DoS, code execution

A vulnerability, TALOS-2023-1727 (CVE-2023-1424), exists in the device’s MELSOFT Direct functionality that is triggered if an adversary sends the targeted device a specially crafted network packet.

May 25, 2023 14:05

It’s apparently hip to still be using Windows 7

Steam, the most popular video game storefront on PCs, only recently announced that it was ending support for Windows 7 and 8, and even then, it won’t be official until January.

May 18, 2023 14:05

It’s really OK to take a break sometimes, especially in security

The work is always going to be there, whether you take a day or a week off. Unfortunately, the cybersecurity community at large is not going to stop cybercrime overnight.

May 15, 2023 08:05

Newly identified RA Group compromises companies in U.S. and South Korea with leaked Babuk source code

Cisco Talos recently discovered a new ransomware actor called RA Group that has been operating since at least April 22, 2023.