Cisco Talos Blog

April 17, 2025 06:00

Unmasking the new XorDDoS controller and infrastructure

Cisco Talos observed the ongoing global spread of the XorDDoS malware, predominantly targeting the United States, with evidence suggesting Chinese-speaking operators are using sophisticated tools to orchestrate widespread attacks.

April 10, 2025 10:30

Unraveling the U.S. toll road smishing scams

Cisco Talos has observed a widespread and ongoing financial theft SMS phishing (smishing) campaign since October 2024 that targets toll road users in the United States of America.

March 28, 2025 06:00

Gamaredon campaign abuses LNK files to distribute Remcos backdoor

Cisco Talos is actively tracking an ongoing campaign, targeting users in Ukraine with malicious LNK files which run a PowerShell downloader since at least November 2024.

March 13, 2025 06:00

Abusing with style: Leveraging cascading style sheets for evasion and tracking

Cascading Style Sheets (CSS) are ever present in modern day web browsing, however its far from their own use. This blog will detail the ways adversaries use CSS in email campaigns for evasion and tracking.

March 6, 2025 06:00

Unmasking the new persistent attacks on Japan

Cisco Talos has discovered an active exploitation of CVE-2024-4577 by an attacker in order to gain access to the victim's machines and carry out post-exploitation activities.

February 27, 2025 06:00

Lotus Blossom espionage group targets multiple industries with different versions of Sagerunex and hacking tools

Lotus Blossom espionage group targets multiple industries with different versions of Sagerunex and hacking tools

February 20, 2025 08:00

Weathering the storm: In the midst of a Typhoon

Cisco Talos has been closely monitoring reports of widespread intrusion activity against several major U.S. telecommunications companies, by a threat actor dubbed Salt Typhoon. This blog highlights our observations on this campaign and identifies recommendations for detection and prevention.

February 6, 2025 06:00

Google Cloud Platform Data Destruction via Cloud Build

A technical overview of Cisco Talos' investigations into Google Cloud Platform Cloud Build, and the threat surface posed by the storage permission family.

January 28, 2025 06:00

New TorNet backdoor seen in widespread campaign

Cisco Talos discovered an ongoing malicious campaign operated by a financially motivated threat actor targeting users, predominantly in Poland and Germany.