23+ hour, 37+ min ago  (1680+ words) This blog post provides an in-depth technical analysis of the malicious dynamic-link library (DLL) "msimg32.dll, which Cisco Talos observed being deployed in Qilin ransomware attacks. The broader activities and attacks of Qilin was previously introduced and described in the blog post…...

19+ hour, 40+ min ago  (141+ words) In this episode of the Talos Threat Perspective, we explore how identity is being used to gain, extend, and maintain access inside environments." Drawing on insights from the 2025 Talos Year in Review, we break down how attackers are:" This episode…...

1+ day, 3+ hour ago  (452+ words) To unpack the biggest takeaways and what they mean for security teams, we brought together Christopher Marshall, VP of Cisco Talos, and Peter Bailey, SVP and GM of Cisco Security." Marshall:One of the clearest"trends"in this year's data…...

23+ hour, 7+ min ago  (511+ words) The core'component'of the framework is a web application that makes'all of'the exfiltrated data available to the operator in a'graphical interface that includes'in-depth'statistics and search capabilities to allow them to sift through the compromised data.' This analysis is based on data…...

3+ day, 3+ hour ago  (578+ words) Ransomware attacks aren't smash-and-grab anymore. They're built on access that already looks legitimate " closer to positioning chess pieces than breaking the door down. That's the big trend'that comes through in the ransomware data from the'Talos 2025 Year in Review. Once attackers…...

2+ week, 1+ day ago  (293+ words) Modern script-based malware (e.g.,VBScript, JScript, PowerShell) relies heavily on COM automation to perform malicious operations. Traditional dynamic analysis tools capture low-level API calls but miss the semantic meaning of high-level COM interactions. Consider this attack pattern: Behavioral monitoring will detect…...

3+ week, 1+ day ago  (511+ words) Cisco Talos" Vulnerability Discovery & Research team recently disclosed vulnerabilities in the BioSig Project Libbiosig library and OpenCFD OpenFOAM, as well as an unpatched vulnerability in Microsoft DirectX. The vulnerabilities mentioned in this blog post have been patched by their respective…...

1+ mon, 5+ day ago  (846+ words) New Dohdoor malware campaign targets education and health care'Cisco Talos Blog New Dohdoor malware campaign targets education and health care - Cisco Talos discovered an ongoing malicious campaign since at least as early as December 2025 by a threat actor we track…...

1+ mon, 5+ day ago  (210+ words) UAT-8616's attempted exploitation indicates a continuing trend of the targeting of network edge devices by cyber threat actors looking to establish persistent footholds into high value organizations including Critical Infrastructure (CI) sectors. In the identified example, the peer-system-ip'should be validated…...

1+ mon, 1+ week ago  (318+ words) This blog describes'efforts at emulating functionality of the'Socomec'DIRIS M-70 gateway to discover vulnerabilities. In vulnerability research, knowing which tool to use for the job at hand is crucial. This post will highlight multiple emulation tools and approaches used, detail the benefits…...