🔥The 9th Round of Easy Loan, Earn $40 Reward is in progress❗️ ⏰ Promotion Period: January 15th - Feburary 15th, 2025 👉 Register now and check more details at gate.io/campaigns/358

Researchers uncovered multiple cyber espionage campaigns targeting government, manufacturing, telecom, and media sectors. These #attacks, attributed to the #LotusBlossom #ThreatActor, use Sagerunex and other hacking tools for post-compromise activities. blog.talosintelligence.com/lotus-blossom-…

Unmasking the new persistent attacks on Japan. Read our latest Threat Spotlight to learn more: cs.co/6018L2Phj

Improved bypass for Windows 11 OOBE: 1. Shift-F10 2. start ms-cxh:localonly Only required on Home and Pro editions.

Cisco Talos's Guilherme Venere analyses an ongoing campaign targeting users in Ukraine with malicious LNK files which run a PowerShell downloader. The downloader contacts geo-fenced servers in Russia & Germany to deploy the second stage, Remcos backdoor. blog.talosintelligence.com/gamaredon-camp…

Have you received a suspicious text that seems to be from a toll road service? Discover how this widespread smishing scam is targeting U.S. drivers and uncover the actors behind it in our latest blog: cs.co/6014FISg6

Nice one Cisco Talos Intelligence Group blog.talosintelligence.com/unraveling-the…

Hazel, Azim and Lexi discuss some of the most prolific ransomware techniques and groups — and why LockBit may end this year very differently to how they ended 2024. Listen to the full episode: cs.co/60172EeHb

Hard to stop, even harder to spot... What's driving the wave of identity attacks in 2024? How are adversaries cracking MFA defenses? Find the answers in our latest topic summary: cs.co/601223aF4

Are you attending CTA TIPS next week? Edmund Brumaghin and Nick Biasini will dive into how multiple actors collaborate during cyber intrusions and how organizations can adapt to this evolving threat landscape. Register now: cs.co/6014NEfLM

In my new blog I talk about a concerning trend where threat actors abuse the trial period of RMM tools to create their network of infected machines. These tools provide the infra and features a regular backdoor would provide without the price tag. check out the research below!

A lot of you have been asking, YES! HITCON 2025 CFP is open! The conference will be host on August 15 - August 16. Submit your talk before June 8th. Looking forward to your submissions! #HITCON #HITCON2025 CFP:cfp2025.hitcon.org/en/

🚨 Hackers are exploiting free software trials to hijack executive systems in Brazil. Using fake invoices and Dropbox links, they’re slipping past defenses—and it’s working. The twist? They’re not using malware. They’re using legit IT tools. Learn more →

A #SpamCampaign is targeting Brazilian users, exploiting #RremoteMonitoringTools since Jan 2025. Attackers use NF-e as bait and host malicious content on Dropbox. #ThreatIntelligence #CyberSecurity blog.talosintelligence.com/spam-campaign-…

📡New blogs out: Compartmentalized attacks are no longer limited to financially motivated actors, state-sponsored groups are adopting them too. We propose a new taxonomy for initial access groups to reflect broader motivations and affiliations. blog.talosintelligence.com/redefining-ini…

🔎 Follow the motive: Join Talos researcher Ashley Shen as we break down the evolution of initial access brokers and why defining their motives is key to better defense: cs.co/6015NdD1z

"Talos has found intrusions in enterprise networks of local governing bodies in the United States (U.S.), beginning January 2025 when initial exploitation first took place. UAT-6382 successfully exploited CVE-2025-0944." blog.talosintelligence.com/uat-6382-explo…

This is what I’ve been up to the last year! Building the largest remote observatory in the world (By quantity of scopes)