Intelligence Center

Threat Research

New PXA Stealer targets government and education sectors for sensitive information

Cisco Talos discovered a new information stealing campaign operated by a Vietnamese-speaking threat actor targeting government and education entities in Europe and Asia.   Learn More

Threat actors use copyright infringement phishing lure to deploy infostealers

Cisco Talos has observed a threat actor conducting a phishing campaign targeting Facebook business and advertising account users in Taiwan. This campaign delivers an information stealer onto the target's machine to avoid network security product detections.  Learn More

Threat Spotlight: WarmCookie/BadSpace

WarmCookie is a malware family that emerged in April 2024 and has been distributed via regularly conducted malspam and malvertising campaigns.  Learn More

Fortify Your Defense

Evolve your incident response with intelligence-led proactive services and deep expertise that only Talos can offer, before –and during– an active emergency. Anyone can stand behind you – Talos IR stands beside you, every step of the way.

Together, we can reduce downtime and mitigate risk. Get started today.

Learn More

Latest Talos Takes Podcast Episodes

December 11, 2024 | Ep.
It's the 35th anniversary of ransomware - let's talk about the major shifts and changes

Ransomware is 35 years old this month, which isn't exactly something to celebrate. But in any case, do join Hazel and special guest Martin Lee to discuss what happened in the very first ransomware incident in December 1989 and why IT "wasn't ready". They then discuss how ransomware evolved to become the criminal entity it is today, which involves looking back on the likes of SamSam, Maze and the emergence of crypto currencies. Plus, learn why Martin says we shouldn't feel powerless in the face of ransomware.

November 14, 2024 | Ep.
Unwrapping the emerging Interlock ransomware attack

Chetan Raghuprasad is our guest today as he breaks down the relatively new Interlock ransomware attack. Cisco Talos Incident Response recently observed this attacker conducting big-game hunting and double extortion attacks. Chetan talks about the initial access tactics, deployment of the ransomware encryptor, and how Interlock communicates with its victims using their “Worldwide Secrets Blog”.For the full analysis, head to https://blog.talosintelligence.com/emerging-interlock-ransomware/

Why Cisco Talos?

Talos is Cisco's threat intelligence research organization, an elite group of security experts devoted to providing superior protection for our customers, products and services.

Our job is your defense.

Talos powers the Cisco portfolio with comprehensive intelligence.

Every customer environment, every event, every single day, all around the world.