Categories Blog Blog Series Categories Headlines Breaking security news all uses should be up-to-date on, along with any other cybersecurity topics in the news. Patch Tuesday Talos’ recap of Microsoft’s monthly security update, including the vulnerabilities users need to patch for as soon as possible. The Need to Know Unsure of what certain cybersecurity topics or terms actually mean?

Vulnerability Deep Dive - Cisco Talos Blog Blog A very technical breakdown about a vulnerability or set of vulnerabilities and how an attacker could string them together for a cyber attack. February 18, 2026 06:00 “Good enough” emulation: Fuzzing a single thread to uncover vulnerabilities A Talos researcher used targeted emulation of the Socomec DIRIS M-70 gateway’s Modbus thread to uncover six patched vulnerabilities, showcasing efficient tools and methods for IoT security testing. Kelly Patterson Vulnerability Deep Dive August 9, 2025 09:00 ReVault!

Talos IR trends - Cisco Talos Blog Blog Each quarter, Cisco Talos Incident Response recaps the malware families and attacker tactics they observed most in the wild. Find out what your organizations can learn so you don’t end up in the same position. April 22, 2026 06:00 IR Trends Q1 2026: Phishing reemerges as top initial access vector, as attacks targeting public administration persist Phishing reemerged as the most observed means of gaining initial access, accounting for over a third of the engagements where initial access could be determined.

RAT - Cisco Talos Blog Blog May 5, 2026 06:00 CloudZ RAT potentially steals OTP messages using Pheno plugin Cisco Talos discovered an intrusion, active since at least January 2026, where an unknown attacker implanted a CloudZ remote access tool (RAT) and a previously undocumented plugin called “Pheno.” Alex Karkins , Chetan Raghuprasad Threat Spotlight October 30, 2024 06:00 Writing a BugSleep C2 server and detecting its traffic with Snort This blog will demonstrate the practice and methodology of reversing BugSleep’s protocol, writing a functional C2 server, and detecting this traffic with Snort. Aaron Boyd malware October 22, 2024 06:00 Threat actor abuses Gophish to deliver new PowerRAT and DCRAT Cisco Talos recently discovered a phishing campaign using an open-source phishing toolkit called Gophish by an unknown threat actor. Threats August 1, 2024 08:00 APT41 likely compromised Taiwanese government-affiliated research institute with ShadowPad and Cobalt Strike ShadowPad, widely considered the successor of PlugX, is a modular remote access trojan (RAT) only seen sold to Chinese hacking groups.

CloudZ RAT potentially steals OTP messages using Pheno plugin By Alex Karkins , Chetan Raghuprasad Tuesday, May 5, 2026 06:00 Threat Spotlight RAT Cisco Talos discovered an intrusion, active since at least January 2026, where an unknown attacker implanted a CloudZ remote access tool (RAT) and a previously undocumented plugin called “Pheno.” According to the functionalities of the CloudZ RAT and Pheno plugin, this was with the intention of stealing victims’ credentials and potentially one-time passwords (OTPs). CloudZ utilizes the custom Pheno plugin to hijack the established PC-to-phone bridge by abusing the Microsoft Phone Link application, allowing the plugin to continuously scan for active Phone Link processes and potentially intercept sensitive mobile data like SMS and OTPs without deploying malware on the phone. CloudZ evades detection by executing critical malicious functions dynamically in system memory and performing checks to avoid debuggers and sandbox environments.

On The Radar - Cisco Talos Blog Blog Forward-looking features on the issues and trends that Talos feels is affecting the current cybersecurity landscape. May 6, 2026 06:00 Insights into the clustering and reuse of phone numbers in scam emails Talos has recently started to collect and gather intelligence around phone numbers within emails as an additional indicator of compromise (IOC). In this blog, we discuss new insights into in-the-wild phone number reuse in scam emails.

Insights into the clustering and reuse of phone numbers in scam emails By Omid Mirzaei Wednesday, May 6, 2026 06:00 On The Radar Cisco Talos has recently started to collect and gather intelligence around phone numbers within emails as an additional indicator of compromise (IOC). In this blog, we discuss new insights into in-the-wild phone number reuse in scam emails. According to Talos’ observations, the ease of API-driven provisioning makes a few VoIP providers the preferred tool for attackers, allowing for high-volume, cost-effective scam operations that are difficult to trace.

Unplug your way to better code By Amy Ciminnisi Thursday, May 7, 2026 14:00 Threat Source newsletter Welcome to this week’s edition of the Threat Source newsletter. The person endlessly scrolling or typing away at their computer. It's just an expression, but if nature’s your thing, that works just fine.

State-sponsored actors, better known as the friends you don’t want By Elio Biasiotto , Jerzy ‘Yuri’ Kramarz Tuesday, May 12, 2026 06:00 Threats State-sponsored actors don't break in. They log in, and they use your own tools to stay invisible for months. Responding to a state-sponsored threat is nothing like responding to ransomware, and the differences can make or break the outcome.

Humans of Talos - Cisco Talos Blog Blog A video interview series that shines a spotlight on team members across Talos, featuring their personal stories, career journeys and unique perspectives. May 13, 2026 06:00 Breaking things to keep them safe with Philippe Laulheret Philippe shares his unique journey from French engineering school to the front lines of cybersecurity, explaining how his lifelong love for solving puzzles helps him uncover critical security flaws before they can be exploited. Amy Ciminnisi Humans of Talos April 16, 2026 06:00 More than pretty pictures: Wendy Bishop on visual storytelling in tech Wendy shares the unique challenges and rewards of bridging the gap between artistic expression and highly technical research.

Breaking things to keep them safe with Philippe Laulheret By Amy Ciminnisi Wednesday, May 13, 2026 06:00 Humans of Talos In the latest Humans of Talos, Amy sits down with Senior Vulnerability Researcher Philippe Laulheret to demystify the world of ethical hacking. Philippe shares his unique journey from French engineering school to the front lines of cybersecurity, explaining how his lifelong love for solving puzzles helps him uncover critical security flaws before they can be exploited. From his memorable experiment using a green onion to bypass a biometric fingerprint reader to his perspective on the reality of cybersecurity versus what we see in the movies, Philippe provides a fascinating look at the work that keeps our digital world safe.

Threat Source newsletter - Cisco Talos Blog Blog Talos’ weekly recap of the top cybersecurity news and our latest research. Weekly editions appear on the blog, or readers can subscribe to have the email delivered to their inbox every Thursday. May 14, 2026 14:00 The time of much patching is coming In this week’s newsletter, Martin reflects on what the next iteration of AI tools means for vulnerability discovery and our ability to manage large-scale patch releases.

Unveiling the Mysteries of Nonlinear Dynamics Nonlinear Dynamics: The Hidden Patterns of Complexity In the realm of physics, there exists a fascinating field of study that delves into the intricacies of complex systems, where the behavior of individual components gives rise to emergent properties that cannot be predicted by analyzing their parts in isolation. This is the domain of nonlinear dynamics, a branch of science that has been captivating the imagination of researchers and scientists for decades. 🐲 The concept of nonlinearity is rooted in the idea that the output of a system is not directly proportional to its input.