Intelligence Center

Threat Research

Unmasking the new XorDDoS controller and infrastructure

Cisco Talos observed the ongoing global spread of the XorDDoS malware, predominantly targeting the United States, with evidence suggesting Chinese-speaking operators are using sophisticated tools to orchestrate widespread attacks. Learn More

Unraveling the U.S. toll road smishing scams

Cisco Talos has observed a widespread and ongoing financial theft SMS phishing (smishing) campaign since October 2024 that targets toll road users in the United States of America.   Learn More

Gamaredon campaign abuses LNK files to distribute Remcos backdoor

Cisco Talos is actively tracking an ongoing campaign, targeting users in Ukraine with malicious LNK files which run a PowerShell downloader since at least November 2024. Learn More

Fortify Your Defense

Evolve your incident response with intelligence-led proactive services and deep expertise that only Talos can offer, before –and during– an active emergency. Anyone can stand behind you – Talos IR stands beside you, every step of the way.

Together, we can reduce downtime and mitigate risk. Get started today.

Learn More

Latest Talos Takes Podcast Episodes

April 24, 2025 | Ep.
How is AI influencing the threat landscape (Year in Review special pt 4)

A jam packed episode of guests means a slightly longer Talos Takes for your feed today! We welcome Amy Chang and Omar Santos from Cisco, Vitor Ventura from Talos, and Ryan Fetterman from Splunk. Together, we discuss malicious AI based threats, from social engineering to threat actor-built LLMs. We also talk about how defensive strategies can leverage AI, particularly in the SOC, to increase visibility and make determinations a lot quicker. Here are the resources mentioned in the episode:Talos' 2024 Year in ReviewCisco's State of AI Security reportDefending at machine speed, by Splunk

April 24, 2025 | Ep.
Year in Review special part 3: Identity and MFA attacks

Steven Leung from Cisco Duo joins Hazel to discuss the prevalence of identity-based attacks, why they're happening, and the various methods attackers are using to circumvent MFA (Multi-Factor Authentication), based on data in Talos' 2024 Year in Review. Topics we touch on include phishing, push spray attacks, and Adversary-in-the Middle campaigns, and throughout the episode Steven provides best practice recommendations for implementing MFA at scale, without increasing user friction.For more resources, check out the Duo blog, and Talos' 2024 Year in Review.

Why Cisco Talos?

Talos is Cisco's threat intelligence research organization, an elite group of security experts devoted to providing superior protection for our customers, products and services.

Our job is your defense.

Talos powers the Cisco portfolio with comprehensive intelligence.

Every customer environment, every event, every single day, all around the world.