When your SoC turns against you… By Philippe Laulheret Tuesday, August 5, 2025 09:00 Vulnerability Spotlight Talos reported 5 vulnerabilities to Broadcom and Dell affecting both the ControlVault3 Firmware and its associated Windows APIs that we are calling “ReVault”. 100+ models of Dell Laptops are affected by this vulnerability if left unpatched. The ReVault attack can be used as a post-compromise persistence technique that can remain even across Windows reinstalls.

Talos Threat Spotlights Blog The most notable recent cyber attacks and malware campaigns Talos is following, along with the Cisco Secure protection to keep users safe. May 5, 2026 06:00 UAT-8302 and its box full of malware Cisco Talos is disclosing UAT-8302, a sophisticated, China-nexus advanced persistent threat (APT) group targeting government entities in South America since at least late 2024 and government agencies in southeastern Europe in 2025. Jungsoo An , Asheer Malhotra , Brandon White Threat Spotlight CloudZ RAT potentially steals OTP messages using Pheno plugin Cisco Talos discovered an intrusion, active since at least January 2026, where an unknown attacker implanted a CloudZ remote access tool (RAT) and a previously undocumented plugin called “Pheno.” Alex Karkins , Chetan Raghuprasad April 21, 2026 06:00 Bad Apples: Weaponizing native macOS primitives for movement and execution Cisco Talos documents several macOS living-off-the-land (LOTL) techniques, demonstrating that native pathways for movement and execution remain accessible to those who understand the underlying architecture.

Microsoft Patch Tuesday for May 2026 — Snort rules and prominent vulnerabilities By Jaeson Schultz Tuesday, May 12, 2026 15:57 Patch Tuesday By Jaeson Schultz Microsoft has released its monthly security update for May 2026, which includes 137 vulnerabilities affecting a range of products, including 31 that Microsoft marked as “critical”. In this month's release, Microsoft has not observed any of the included vulnerabilities being actively exploited in the wild. Out of 31 "critical" entries, 16 are remote code execution (RCE) vulnerabilities in Microsoft Windows services and applications including Microsoft Office, Microsoft Word, Windows Native WiFi Miniport Driver, Azure, Office for Android, Microsoft Dynamics 365, Windows GDI, Microsoft SharePoint, Windows Graphics Component, Windows Netlogon, and Windows DNS Client.

The time of much patching is coming By Martin Lee Thursday, May 14, 2026 14:00 Threat Source newsletter Welcome to this week’s edition of the Threat Source newsletter. Many solutions have been proposed to reduce software bugs: zero-defect mandates, pair programming, formal methods, and mathematical software proofs. The reality is that software engineering is hard .