Documents
0
Active Sources
0
CVEs
0
IOCs
0

Intelligence Feed

ALL BleepingComputer Check Point Cisco Talos CrowdStrike ESET Elastic Kaspersky Krebs Mandiant Microsoft Palo Alto Proofpoint Rapid7 Recorded Future SentinelOne THN
ALL CRITICAL HIGH MEDIUM LOW
APT
Talos Intelligence SEV 8/10
apt malware Turla APT41
APT - Cisco Talos Blog Blog May 5, 2026 06:00 UAT-8302 and its box full of malware Cisco Talos is disclosing UAT-8302, a sophisticated, China-nexus advanced persistent threat (APT) group targeting government entities in South America since at least late 2024 and government agencies in southeastern Europe in 2025. Jungsoo An , Asheer Malhotra , Brandon White Threat Spotlight April 23, 2026 11:10 UAT-4356's Targeting of Cisco Firepower Devices Cisco Talos is aware of UAT-4356's continued active targeting of Cisco Firepower devices’ Firepower eXtensible Operating System (FXOS). UAT-4356 exploited n-day vulnerabilities (CVE-2025-20333 and CVE-2025-20362) to gain unauthorized access to vulnerable devices.
Intelligence Center
Talos Intelligence SEV 8/10
malware vulnerability Play
UAT-8302 and its box full of malware By Jungsoo An , Asheer Malhotra , Brandon White Tuesday, May 5, 2026 06:00 APT Threat Spotlight Cisco Talos is disclosing UAT-8302, a sophisticated, China-nexus advanced persistent threat (APT) group targeting government entities in South America since at least late 2024 and government agencies in southeastern Europe in 2025. After successful compromises, UAT-8302 deploys multiple custom-made malware families that have previously been used by other known China-nexus threat actors. Talos discovered a .NET-based backdoor we track as “NetDraft” that is a C#-based variant of the FinalDraft/SquidDoor malware family developed and operated by Jewelbug / REF7707 / CL-STA-0049 / LongNosedGoblin , a cluster of China-nexus APT actors.
Patch Tuesday
Talos Intelligence SEV 8/10
vulnerability cloud_security Conti
Patch Tuesday - Cisco Talos Blog Blog Talos’ recap of Microsoft’s monthly security update, including the vulnerabilities users need to patch for as soon as possible. May 12, 2026 15:57 Microsoft Patch Tuesday for May 2026 — Snort rules and prominent vulnerabilities Microsoft has released its monthly security update for May 2026, which includes 137 vulnerabilities affecting a range of products, including 16 that Microsoft marked as “critical”. Jaeson Schultz Patch Tuesday April 14, 2026 16:27 Microsoft Patch Tuesday for April 2026 - Snort Rule and Prominent Vulnerabilities Overview of patch tuesday release from Microsoft for April 2026.
Threats
Talos Intelligence SEV 8/10
malware ransomware Turla Lazarus
Threats - Cisco Talos Blog Blog Threats May 12, 2026 06:00 State-sponsored actors, better known as the friends you don’t want Responding to a state-sponsored threat is nothing like responding to ransomware, and the differences can make or break the outcome. Learn why your IR plan might need revisiting, and the factors you should consider. Elio Biasiotto , Jerzy ‘Yuri’ Kramarz April 23, 2026 11:10 UAT-4356's Targeting of Cisco Firepower Devices Cisco Talos is aware of UAT-4356's continued active targeting of Cisco Firepower devices’ Firepower eXtensible Operating System (FXOS).
Threat Advisory
Talos Intelligence SEV 8/10
vulnerability malware Mustang Panda MuddyWater
Threat Advisory - Cisco Talos Blog Blog Any urgent malware campaigns or security vulnerabilities that Talos is actively researching. These posts include the latest threat detection our researchers develop to address these issues. May 14, 2026 12:02 Ongoing exploitation of Cisco Catalyst SD-WAN vulnerabilities Cisco Talos is tracking the active exploitation of CVE-2026-20182, an authentication bypass vulnerability in Cisco Catalyst SD-WAN Controller, formerly SD-WAN vSmart, and Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage.
Intelligence Center
Talos Intelligence SEV 8/10
vulnerability malware
Ongoing exploitation of Cisco Catalyst SD-WAN vulnerabilities By Cisco Talos Thursday, May 14, 2026 12:02 Threat Advisory Cisco Talos is tracking the active exploitation of CVE-2026-20182 , an authentication bypass vulnerability in Cisco Catalyst SD-WAN Controller, formerly SD-WAN vSmart, and Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage. Successful exploitation of CVE-2026-20182 allows an unauthenticated, remote attacker to bypass authentication and obtain administrative privileges on an affected system. The exploitation of CVE-2026-20182 appears to have been limited so far and Talos clusters this activity under UAT-8616 with high confidence.