Cisco Talos Blog

November 14, 2024 06:00

New PXA Stealer targets government and education sectors for sensitive information

Cisco Talos discovered a new information stealing campaign operated by a Vietnamese-speaking threat actor targeting government and education entities in Europe and Asia.

October 31, 2024 09:37

Threat actors use copyright infringement phishing lure to deploy infostealers

Cisco Talos has observed a threat actor conducting a phishing campaign targeting Facebook business and advertising account users in Taiwan. This campaign delivers an information stealer onto the target's machine to avoid network security product detections.

October 23, 2024 06:02

Threat Spotlight: WarmCookie/BadSpace

WarmCookie is a malware family that emerged in April 2024 and has been distributed via regularly conducted malspam and malvertising campaigns.

October 23, 2024 06:02

Highlighting TA866/Asylum Ambuscade Activity Since 2021

TA866 (also known as Asylum Ambuscade) is a threat actor that has been conducting intrusion operations since at least 2020.

October 21, 2024 12:50

Akira ransomware continues to evolve

As the Akira ransomware group continues to evolve its operations, Talos has the latest research on the group's attack chain, targeted verticals, and potential future TTPs.

October 3, 2024 06:00

Threat actor believed to be spreading new MedusaLocker variant since 2022

The malware, called "BabyLockerKZ," has primarily affected users in Europe and South America.

September 10, 2024 00:00

DragonRank, a Chinese-speaking SEO manipulator service provider

Cisco Talos is disclosing a new threat called “DragonRank” that primarily targets countries in Asia and a few in Europe, operating PlugX and BadIIS for search engine optimization (SEO) rank manipulation.

September 6, 2024 06:00

Vulnerability in Tencent WeChat custom browser could lead to remote code execution

While this issue was disclosed and patched in the V8 engine in June 2023, the WeChat Webview component was not updated, and still remained vulnerable when Talos reported it to the vendor.

August 28, 2024 06:00

BlackByte blends tried-and-true tradecraft with newly disclosed vulnerabilities to support ongoing attacks

In recent investigations, Talos Incident Response has observed the BlackByte ransomware group using techniques that depart from their established tradecraft. Read the full analysis.