Axios NPM supply chain incident
Overview of the recent Axios NPM supply chain incident including details of the payloads delivered from actor-controlled infrastructure.
The democratisation of business email compromise fraud
This week, Martin tells the story of a crime he encountered and how it shows that the threat landscape is changing.
[Video] The TTP Ep 21: When Attackers Become Trusted Users
An episode of the Talos Threat Perspective on the 2025 Year in Review trends. We explore how identity is being used to gain, extend, and maintain access inside environments.
UAT-10608: Inside a large-scale automated credential harvesting operation targeting web applications
Talos is disclosing a large-scale automated credential harvesting campaign carried out by a threat cluster we currently track as UAT-10608. The campaign is primarily leveraging a collection framework dubbed “NEXUS Listener.”
Inside the Talos 2025 Year in Review: A discussion on what the data means for defenders
A conversation between Cisco Talos and Cisco Security leaders on the 2025 threat landscape, from identity attacks and legacy vulnerabilities to AI-driven threats, and what defenders should prioritize now.
An overview of ransomware threats in Japan in 2025 and early detection insights from Qilin cases
There were 134 ransomware incidents reported in Japan in 2025, representing a 17.5% year-over-year increase from 2024.
Ransomware in 2025: Blending in is the strategy
A summary of the top ransomware trends from the Talos 2025 Year in Review, with a focus on identity, attacker tactics, and practical defenses.
TP-Link, Canva, HikVision vulnerabilities
Cisco Talos’ Vulnerability Discovery & Research team recently disclosed a vulnerability in HikVision, as well as 10 in TP-Link, and 19 in Canva. The vulnerabilities mentioned in this blog post have been patched by their respective vendors, all in adherence to Cisco’s third-p