Threat actor abuses Gophish to deliver new PowerRAT and DCRAT
Cisco Talos recently discovered a phishing campaign using an open-source phishing toolkit called Gophish by an unknown threat actor.
Akira ransomware continues to evolve
As the Akira ransomware group continues to evolve its operations, Talos has the latest research on the group's attack chain, targeted verticals, and potential future TTPs.
UAT-5647 targets Ukrainian and Polish entities with RomCom malware variants
Cisco Talos has observed a new wave of attacks active since at least late 2023, from a Russian speaking group we track as “UAT-5647”, against Ukrainian government entities and unknown Polish entities
Protecting major events: An incident response blueprint
Go behind the scenes with Talos incident responders and learn from what we've seen in the field.
What I’ve learned in my first 7-ish years in cybersecurity
Plus, a zero-day vulnerability in Qualcomm chips, exposed health care devices, and the latest on the Salt Typhoon threat actor.
What NIST’s latest password standards mean, and why the old ones weren’t working
Rather than setting a regular cadence for changing passwords, users only need to change their passwords if there is evidence of a breach.
Ghidra data type archive for Windows driver functions
Cisco Talos is releasing a GDT file on GitHub that contains various definitions for functions and data types.
Vulnerability in popular PDF reader could lead to arbitrary code execution; Multiple issues in GNOME project
Talos also discovered three vulnerabilities in Veertu’s Anka Build, a suite of software designed to test macOS or iOS applications in CI/CD environments.
Largest Patch Tuesday since July includes two exploited in the wild, three critical vulnerabilities
The two vulnerabilities that Microsoft reports have been actively exploited in the wild and are publicly known are both rated as only being of “moderate” severity.