UAT-11795 deploys novel Starland RAT and bespoke WLDR C2 implant in financially motivated campaign
Cisco Talos is disclosing UAT-11795, a sophisticated, Russian-speaking, financially motivated adversary that has been conducting a malicious campaign targeting users in the U.S. and Europe since at least June 2025.
The Hunter's Paradox: Is it time to embrace automated threat hunting?
Humans can no longer keep up with the volume and velocity of security data on their own, but AI can't be fully trusted. David discusses the merits of both and muses on what the future might look like.
[Video] Where protection starts: Cisco Talos Intelligence Integrations
Every day, defenders make high-consequence decisions with incomplete information. Learn how Cisco Talos Intelligence Integrations help reduce uncertainty by turning the latest threat intelligence into proactive protections across Cisco technologies.
The serpent’s tongue: Luring the Python out of its den
This blog examines the full lifecycle of a Python package, from hosting on repositories such as PyPI or custom web servers, through source and wheel distribution formats, to the final installation into virtual or system-wide Python environments.
Begun, the Patch Wars have
Long foretold, the Great Patching has begun and it’s a doozy. Buckle in as Joe takes you through the story.
Microsoft Patch Tuesday for July 2026 — Snort rules and prominent vulnerabilities
Microsoft has released its monthly security update for July 2026, which includes 622 vulnerabilities affecting a range of products, including 57 that Microsoft marked as "critical."
WolfSSL, GeoVision, VTK vulnerabilities
Cisco Talos’ Vulnerability Discovery & Research team recently disclosed three vulnerabilities in WolfSSF, fourteen in GeoVision, and one vulnerability in VTK-DICOM. The vulnerabilities mentioned in this blog post have been patched by their respective vendors, in adherence to
Winning 54% of the time
With Wimbledon's help, Hazel argues against the popular myth that "Attackers only need to be right once, but defenders need to be right 100% of the time."
UAT-7810 continues building ORB networks using new malware
Talos’ latest findings on UAT-7810 indicate that the threat actor continues to develop their custom-made malware.