Cisco Talos Blog

February 20, 2024 08:00

Astaroth, Mekotio & Ousaban abusing Google Cloud Run in LATAM-focused malware campaigns

Since September 2023, we have observed a significant increase in the volume of malicious emails leveraging the Google Cloud Run service to infect potential victims with banking trojans.

January 9, 2024 13:58

Microsoft starts off new year with relatively light Patch Tuesday, no zero-days

One of the critical vulnerabilities patched Tuesday is CVE-2024-20674, a security bypass vulnerability in the Windows Kerberos authentication protocol.

August 31, 2023 08:00

SapphireStealer: Open-source information stealer enables credential and data theft

SapphireStealer appears to be delivered as part of a multi-stage infection process, with threat actors leveraging open-source malware downloaders like FUD-Loader to deliver SapphireStealer to potential victims.

April 4, 2023 08:00

Typhon Reborn V2: Updated stealer features enhanced anti-analysis and evasion capabilities

The stealer is for sale on dark web forums for $59 a month, or $540 for a lifetime subscription, which is relatively inexpensive compared to other infostealers.

March 22, 2023 15:41

Emotet resumes spam operations, switches to OneNote

Since returning, Emotet has leveraged several distinct infection chains, indicating that they are modifying their approach based on their perceived success in infecting new systems.

December 13, 2022 14:06

Microsoft Patch Tuesday for December 2022 — Snort rules and prominent vulnerabilities

Microsoft released its monthly security update on Tuesday, disclosing 48 vulnerabilities. Of these vulnerabilities, 6 are classified as “Critical”, 41 are classified as “Important”, with the remaining vulnerability classified as “Moderate.”

November 9, 2022 08:00

Threat Spotlight: Cyber Criminal Adoption of IPFS for Phishing, Malware Campaigns

* The InterPlanetary File System (IPFS) is an emerging Web3 technology that is currently seeing widespread abuse by threat actors. * Cisco Talos has observed multiple ongoing campaigns that leverage the IPFS network to host their malware payloads and phishing kit infrastructure

May 20, 2022 14:26

Threat Roundup for May 13 to May 20

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between May 13 and May 20. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key

April 14, 2022 07:59

Threat Spotlight: "Haskers Gang" Introduces New ZingoStealer

Update (04/14/22): Following the initial publication of this blog, we observed a new post in the Haskers Gang Telegram channel announcing that ownership of the ZingoStealer project is being transferred to a new threat actor. We also observed the malware author offering to sell t