Cisco Talos is disclosing details on UAT-8099, a Chinese-speaking cybercrime group mainly involved in SEO fraud and theft of high-value credentials, configuration files, and certificate data.| Cisco Talos Blog
Cisco Talos has observed an ongoing malware campaign that seeks to infect victims with a multi-stage malware framework, implemented in PowerShell and C#, which we are referring to as “PS1Bot.”| Cisco Talos Blog
The documents contained malicious VBA code, indicating they may be used as lures to infect organizations.| Cisco Talos Blog
Cisco Talos has discovered a threat actor conducting several campaigns against government entities, military organizations and civilian users in Ukraine and Poland. We judge that these operations are very likely aimed at stealing information and gaining persistent remote access.| Cisco Talos Blog
Cisco Talos discovered Gamaredon APT activity targeting users in Ukraine with malicious LNK files distributed in RAR archives.| Cisco Talos Blog
Cisco Talos has uncovered new threats, including ransomware like CyberLock and Lucky_Gh0$t, and a destructive malware called Numero, all disguised as legitimate AI tool installers to target victims.| Cisco Talos Blog
Talos has observed exploitation of CVE-2025-0994 in the wild by UAT-6382, a Chinese-speaking threat actor, who then deployed malware payloads via TetraLoader.| Cisco Talos Blog
Cisco Talos discovered a sophisticated attack on critical infrastructure by ToyMaker and Cactus, using the LAGTOY backdoor to orchestrate a relentless double extortion scheme.| Cisco Talos Blog
Cisco Talos recently discovered a new ransomware actor called RA Group that has been operating since at least April 22, 2023.| Cisco Talos Blog
By Vanja Svajcer. Introduction Attackers' trends tend to come and go. But one popular technique we're seeing at this time is the use of living-off-the-land binaries — or "LoLBins". LoLBins are used by different actors combined with fileless malware and legitimate cloud services to improve chances of staying undetected within an| Cisco Talos Blog
Cisco Talos has observed a threat actor conducting a phishing campaign targeting Facebook business and advertising account users in Taiwan. This campaign delivers an information stealer onto the target's machine to avoid network security product detections.| Cisco Talos Blog
The Clop ransomware group has claimed responsibility for exploiting the vulnerability to deploy a previously unseen web shell, LemurLoot.| Cisco Talos Blog
Cisco Talos observed a surge in GhostSec, a hacking group’s malicious activities since this past year. GhostSec has evolved with a new GhostLocker 2.0 ransomware, a Golang variant of the GhostLocker ransomware.| Cisco Talos Blog
Our latest findings indicate a definitive shift in the tactics of the North Korean APT group Lazarus Group.| Cisco Talos Blog
