7+ hour, 49+ min ago  (938+ words) Cisco Talos Blog From the field to the report and back again: How incident responders can use the Year in Review Every year, Cisco Talos publishes Year in Review, a comprehensive look at the previous year's threat landscape. It's drawn…...

1+ day, 3+ hour ago  (544+ words) The email'contained'a shortened URL that leads to the download of a password'protected'and'encrypted RAR archive. The decryption password was included in the email body. Based on this email and the collected samples, Talos observed two distinct infection chains originating from the…...

2+ day, 5+ hour ago  (200+ words) Join Amy and Pierre Cadieux as they unpack the ransomware and vulnerability trends that defined 2025. From the persistent ransomware threats targeting the manufacturing sector to the rise of stealthy living-off-the-land tactics, we break down what these shifts mean for your…...

2+ day, 7+ hour ago  (248+ words) The Jira vector does not rely on a notification pipeline in the traditional sense. Jira notifications are expected in corporate environments. An email from Atlassian is rarely blocked, as it is often critical for internal project management and IT operations....

2+ day, 3+ hour ago  (185+ words) Speed and age'shouldn't'be allowed to pair up, but that is the theme of'the'Talos 2025 Year in Review'vulnerability findings. "The speed at which these CVEs climbed into the top tier reflects a larger systemic challenge: Newly disclosed vulnerabilities in widely deployed software…...

6+ day, 49+ min ago  (164+ words) Cisco Talos is actively investigating the March 31, 2026 supply chain attack on the official Axios node package manager (npm) package during which two malicious versions (v1. 14. 1 and v0. 30. 4) were deployed. Axios is one of the more popular Java Script libraries with as many…...

5+ day, 20+ hour ago  (426+ words) The impact of these supply chain attacks can be vast. Axios receives 100 million downloads weekly and innumerable organizations rely on the frameworks and libraries compromised by Team PCP. The headache they pose to organizations and their security personnel is considerable…...

1+ week, 3+ hour ago  (1680+ words) This blog post provides an in-depth technical analysis of the malicious dynamic-link library (DLL) "msimg32. dll, which Cisco Talos observed being deployed in Qilin ransomware attacks. The broader activities and attacks of Qilin was previously introduced and described in the blog post…...

6+ day, 19+ hour ago  (617+ words) Welcome to this week's edition of the Threat Source newsletter. Last weekend, I witnessed a crime. Not a notable crime that you might read about in the press, but an unremarkable fraud attempt that nevertheless illustrates how new threat actor…...

6+ day, 23+ hour ago  (141+ words) In this episode of the Talos Threat Perspective, we explore how identity is being used to gain, extend, and maintain access inside environments." Drawing on insights from the 2025 Talos Year in Review, we break down how attackers are:" This episode…...