Cisco Talos has uncovered new threats, including ransomware like CyberLock and Lucky_Gh0$t, and a destructive malware called Numero, all disguised as legitimate AI tool installers to target victims. This article has been indexed from Cisco Talos Blog Read the original…
Category: Cisco Talos Blog
Scarcity signals: Are rare activities red flags?
Talos analyzed six months of PowerShell network telemetry and found that rare domains are over three times more likely to be malicious compared to frequently contacted ones. This article has been indexed from Cisco Talos Blog Read the original article:…
Ghosted by a cybercriminal
Hazel observes that cybercriminals often fumble teamwork, with fragile alliances crumbling over missed messages. Plus, how UAT-6382 is exploiting Cityworks and what you can do to stay secure. This article has been indexed from Cisco Talos Blog Read the original…
UAT-6382 exploits Cityworks zero-day vulnerability to deliver malware
Talos has observed exploitation of CVE-2025-0994 in the wild by UAT-6382, a Chinese-speaking threat actor, who then deployed malware payloads via TetraLoader. This article has been indexed from Cisco Talos Blog Read the original article: UAT-6382 exploits Cityworks zero-day vulnerability…
Duping Cloud Functions: An emerging serverless attack vector
Cisco Talos built on Tenable’s discovery of a Google Cloud Platform vulnerability to uncover how attackers could exploit similar techniques across AWS and Azure. This article has been indexed from Cisco Talos Blog Read the original article: Duping Cloud Functions:…
Xoxo to Prague
In this week’s newsletter, Thor inspects the LockBit leak, finding $10,000 “security tips,” ransom negotiations gone wrong and a rare glimpse into the human side of cybercrime. This article has been indexed from Cisco Talos Blog Read the original article:…
Microsoft Patch Tuesday for May 2025 — Snort rules and prominent vulnerabilities
Microsoft has released its monthly security update for May of 2025 which includes 78 vulnerabilities affecting a range of products, including 11 that Microsoft marked as “critical”. Microsoft noted five vulnerabilities that have been observed to be exploited in the…
Redefining IABs: Impacts of compartmentalization on threat tracking and modeling
Threat actors are teaming up, splitting attacks into stages and making defense harder than ever. In Part 1, Cisco Talos examines their tactics and defines their motivations. This article has been indexed from Cisco Talos Blog Read the original article:…
Defining a new methodology for modeling and tracking compartmentalized threats
How do you profile actors and defend your systems when multiple threat actors are working together? In Part 2, Cisco Talos proposes an extended Diamond Model to analyze complex relationships between attackers. This article has been indexed from Cisco Talos…
The IT help desk kindly requests you read this newsletter
How do attackers exploit authority bias to manipulate victims? Martin shares proactive strategies to protect yourself and others in this must-read edition of the Threat Source newsletter. This article has been indexed from Cisco Talos Blog Read the original article:…