Threat Research

1 min read

In November 2018, Cisco Talos discovered an attack campaign, called DNSpionage, in which threat actors created a new remote administrative tool that supports HTTP and DNS communication with the attackers'...

1 min read

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Apr. 12 and Apr. 19. As with previous roundups, this post isn't meant to be an...

1 min read

This blog post discusses the technical details of a state-sponsored attack manipulating DNS systems. While this incident is limited to targeting primarily national security organizations in the Middle East and...

1 min read

HawkEye is another example of malware being marketed across various hacking forums. Talos observed ongoing malware distribution campaigns attempting to leverage the latest version of the HawkEye keylogger/stealer, HawkEye Reborn v9, against organizations to steal sensitive information and account credentials for use in additional attacks and account compromise.

1 min read

Cisco Talos is disclosing a series of vulnerabilities found in the Shimo VPN Helper Tool. Shimo VPN is a popular VPN client for MacOS that can be used to connect...

1 min read

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Apr. 5 and Apr. 12. As with previous roundups, this post isn't meant to be an...

1 min read

Sextortionists are doing everything to evade spam filters and convince potential victims that perceived threats are real. Here are some recent changes we’ve seen in the sextortion email landscape.

1 min read

Cisco Talos has uncovered a new Android-based campaign targeting Australian financial institutions. As the investigation progressed, Talos came to understand that this campaign was associated with the "ChristinaMorrow" text message...

1 min read

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Mar. 29 and Apr. 5. As with previous roundups, this post isn't meant to be an...