Cisco Talos Intelligence Blog

September 11, 2023 08:09

You can try to hide your firmware from Kelly Patterson, but she’ll find it (and break it)

Patterson and her teammates are responsible for helping to disclose and patch more than 200 security vulnerabilities a year, some of which affect devices used in thousands of households around the world.

August 3, 2023 08:08

Half-Year in Review: Recapping the top threats and security trends so far in 2023

We've seen threat actors utilize every chance they get to steal sensitive data, to be used in future attacks and/or to manipulate victims into paying up before their data ends up on the dark web.

June 29, 2023 08:06

How Talos IR’s Purple Team can help you prepare for the worst-case scenario

A Purple Team exercise is a collaborative approach between offensive (Red) teams and defensive (Blue) teams.

May 8, 2023 08:05

Researcher Spotlight: Jacob Finn creates his own public-private partnership at Talos

Today, Finn combs through Talos’ various intelligence sources, open-source research, partner resources, and Cisco product telemetry to track major attacker trends and emerging threats.

March 13, 2023 08:03

Researcher Spotlight: How David Liebenberg went from never having opened Terminal to hunting international APTs

When Dave Liebenberg started his first day at Talos, he had never even opened Terminal on a Mac before — let alone written a Snort rule or infiltrated a dark web forum.

September 7, 2022 11:09

Multiple ransomware data leak sites experience DDoS attacks, facing intermittent outages and connectivity issues

Cisco Talos has been monitoring suspected distributed denial-of-service (DDoS) attacks resulting in intermittent downtime and outages affecting several ransomware-as-a-service (RaaS) data leak sites.

July 5, 2022 09:07

Researcher Spotlight: Around the security world and back again with Nick Biasini

Nick Biasini’s seen it all. Going on a nearly 20-year security career, he’s been a part of some of Cisco Talos’ largest undertakings in the company’s history. From an attack on the global Olympic Games, to a wireless router malware that affected hundreds of thousands of devices

June 28, 2022 08:06

De-anonymizing ransomware domains on the dark web

* We have developed three techniques to identify ransomware operators' dark websites hosted on public IP addresses, allowing us to uncover previously unknown infrastructure for the DarkAngels, Snatch, Quantum and Nokoyawa ransomware groups. * The methods we used to identify the

June 9, 2022 08:06

Talos EMEA monthly update: Business email compromise

The latest edition of the Talos EMEA Monthly Update is available now on and Cisco's YouTube page. You can also view the episode in its entirety above. For June, Hazel and Martin got together to discuss business email compromise. BEC has quickly become the most lucrativ