Intelligence Feed
Fungicide Research: A Deep Dive into the Realm of Fungal Biology
Talos Intelligence
—
SEV 2/10
Fungicide Research: Unveiling the Mysteries of Fungal Defense Fungicide Research: A Deep Dive into the Realm of Fungal Biology As we venture into the fascinating world of fungicide research, we find ourselves at the intersection of mycology, chemistry, and environmental science. The quest to understand and combat fungal diseases has led to significant breakthroughs in our comprehension of fungal biology and the development of innovative fungicides. In this article, we will delve into the intricacies of fungicide research, exploring the complex relationships between fungi, their environments, and the chemicals that affect them.
Volcanology: A Journey into the Heart of Fire
Talos Intelligence
—
SEV 2/10
Volcanology: Unveiling the Secrets of Earth's Fiery Depths Volcanology: A Journey into the Heart of Fire Deep within the Earth's crust, a cauldron of molten rock and minerals simmers, waiting to unleash its fury upon the surface. Volcanology, the scientific study of volcanoes, seeks to understand the complex processes that govern these geological wonders. As we delve into the world of volcanology, we find ourselves entwined in a tale of fire, earth, and water, where the boundaries between solid, liquid, and gas are constantly blurred.
Biorefining: A New Era in Sustainable Resource Management
Talos Intelligence
—
SEV 1/10
Biorefining: Unlocking the Potential of Biomass Biorefining: A New Era in Sustainable Resource Management Deep within the realm of industrial processes, a revolutionary concept has emerged, poised to transform the way we utilize biomass. Biorefining, a term that may seem obscure to some, holds the key to unlocking the vast potential of organic matter, heralding a new era in sustainable resource management. This innovative approach is not merely a refinement of existing methods but a paradigm shift, akin to the transition from fossil fuels to renewable energy sources.
Atomic Physics: A Journey into the Heart of Matter
Talos Intelligence
—
SEV 2/10
Atomic Physics: Unveiling the Mysteries of the Microcosm Atomic Physics: A Journey into the Heart of Matter As we delve into the realm of atomic physics, we find ourselves in a world where the rules of classical mechanics no longer apply. At the atomic level, the principles of quantum mechanics reign supreme, governing the behavior of particles that are both fascinating and enigmatic. In this article, we will embark on a journey to explore the intricacies of atomic physics, with a focus on the mathematical framework that underlies this complex and intriguing field.
August 5, 2025 09:00Talos reported 5 vulnerabilities to Broadcom and Dell affecting both the ControlVault3 Firmware and its associated Windows APIs that we are calling “ReVault”.
Talos Intelligence
—
SEV 6/10
When your SoC turns against you… By Philippe Laulheret Tuesday, August 5, 2025 09:00 Vulnerability Spotlight Talos reported 5 vulnerabilities to Broadcom and Dell affecting both the ControlVault3 Firmware and its associated Windows APIs that we are calling “ReVault”. 100+ models of Dell Laptops are affected by this vulnerability if left unpatched. The ReVault attack can be used as a post-compromise persistence technique that can remain even across Windows reinstalls.
View all categories
Talos Intelligence
—
SEV 4/10
Categories Blog Blog Series Categories Headlines Breaking security news all uses should be up-to-date on, along with any other cybersecurity topics in the news. Patch Tuesday Talos’ recap of Microsoft’s monthly security update, including the vulnerabilities users need to patch for as soon as possible. The Need to Know Unsure of what certain cybersecurity topics or terms actually mean?
Vulnerability Deep Dive
Talos Intelligence
—
SEV 3/10
Vulnerability Deep Dive - Cisco Talos Blog Blog A very technical breakdown about a vulnerability or set of vulnerabilities and how an attacker could string them together for a cyber attack. February 18, 2026 06:00 “Good enough” emulation: Fuzzing a single thread to uncover vulnerabilities A Talos researcher used targeted emulation of the Socomec DIRIS M-70 gateway’s Modbus thread to uncover six patched vulnerabilities, showcasing efficient tools and methods for IoT security testing. Kelly Patterson Vulnerability Deep Dive August 9, 2025 09:00 ReVault!
Talos IR Quarterly Trends Report
Talos Intelligence
—
SEV 4/10
Talos IR trends - Cisco Talos Blog Blog Each quarter, Cisco Talos Incident Response recaps the malware families and attacker tactics they observed most in the wild. Find out what your organizations can learn so you don’t end up in the same position. April 22, 2026 06:00 IR Trends Q1 2026: Phishing reemerges as top initial access vector, as attacks targeting public administration persist Phishing reemerged as the most observed means of gaining initial access, accounting for over a third of the engagements where initial access could be determined.
RAT
Talos Intelligence
—
SEV 4/10
RAT - Cisco Talos Blog Blog May 5, 2026 06:00 CloudZ RAT potentially steals OTP messages using Pheno plugin Cisco Talos discovered an intrusion, active since at least January 2026, where an unknown attacker implanted a CloudZ remote access tool (RAT) and a previously undocumented plugin called “Pheno.” Alex Karkins , Chetan Raghuprasad Threat Spotlight October 30, 2024 06:00 Writing a BugSleep C2 server and detecting its traffic with Snort This blog will demonstrate the practice and methodology of reversing BugSleep’s protocol, writing a functional C2 server, and detecting this traffic with Snort. Aaron Boyd malware October 22, 2024 06:00 Threat actor abuses Gophish to deliver new PowerRAT and DCRAT Cisco Talos recently discovered a phishing campaign using an open-source phishing toolkit called Gophish by an unknown threat actor. Threats August 1, 2024 08:00 APT41 likely compromised Taiwanese government-affiliated research institute with ShadowPad and Cobalt Strike ShadowPad, widely considered the successor of PlugX, is a modular remote access trojan (RAT) only seen sold to Chinese hacking groups.
Intelligence Center
Talos Intelligence
—
SEV 4/10
CloudZ RAT potentially steals OTP messages using Pheno plugin By Alex Karkins , Chetan Raghuprasad Tuesday, May 5, 2026 06:00 Threat Spotlight RAT Cisco Talos discovered an intrusion, active since at least January 2026, where an unknown attacker implanted a CloudZ remote access tool (RAT) and a previously undocumented plugin called “Pheno.” According to the functionalities of the CloudZ RAT and Pheno plugin, this was with the intention of stealing victims’ credentials and potentially one-time passwords (OTPs). CloudZ utilizes the custom Pheno plugin to hijack the established PC-to-phone bridge by abusing the Microsoft Phone Link application, allowing the plugin to continuously scan for active Phone Link processes and potentially intercept sensitive mobile data like SMS and OTPs without deploying malware on the phone. CloudZ evades detection by executing critical malicious functions dynamically in system memory and performing checks to avoid debuggers and sandbox environments.
Threat Spotlight
Talos Intelligence
—
SEV 6/10
Talos Threat Spotlights Blog The most notable recent cyber attacks and malware campaigns Talos is following, along with the Cisco Secure protection to keep users safe. May 5, 2026 06:00 UAT-8302 and its box full of malware Cisco Talos is disclosing UAT-8302, a sophisticated, China-nexus advanced persistent threat (APT) group targeting government entities in South America since at least late 2024 and government agencies in southeastern Europe in 2025. Jungsoo An , Asheer Malhotra , Brandon White Threat Spotlight CloudZ RAT potentially steals OTP messages using Pheno plugin Cisco Talos discovered an intrusion, active since at least January 2026, where an unknown attacker implanted a CloudZ remote access tool (RAT) and a previously undocumented plugin called “Pheno.” Alex Karkins , Chetan Raghuprasad April 21, 2026 06:00 Bad Apples: Weaponizing native macOS primitives for movement and execution Cisco Talos documents several macOS living-off-the-land (LOTL) techniques, demonstrating that native pathways for movement and execution remain accessible to those who understand the underlying architecture.
APT
Talos Intelligence
—
SEV 8/10
APT - Cisco Talos Blog Blog May 5, 2026 06:00 UAT-8302 and its box full of malware Cisco Talos is disclosing UAT-8302, a sophisticated, China-nexus advanced persistent threat (APT) group targeting government entities in South America since at least late 2024 and government agencies in southeastern Europe in 2025. Jungsoo An , Asheer Malhotra , Brandon White Threat Spotlight April 23, 2026 11:10 UAT-4356's Targeting of Cisco Firepower Devices Cisco Talos is aware of UAT-4356's continued active targeting of Cisco Firepower devices’ Firepower eXtensible Operating System (FXOS). UAT-4356 exploited n-day vulnerabilities (CVE-2025-20333 and CVE-2025-20362) to gain unauthorized access to vulnerable devices.
Intelligence Center
Talos Intelligence
—
SEV 8/10
UAT-8302 and its box full of malware By Jungsoo An , Asheer Malhotra , Brandon White Tuesday, May 5, 2026 06:00 APT Threat Spotlight Cisco Talos is disclosing UAT-8302, a sophisticated, China-nexus advanced persistent threat (APT) group targeting government entities in South America since at least late 2024 and government agencies in southeastern Europe in 2025. After successful compromises, UAT-8302 deploys multiple custom-made malware families that have previously been used by other known China-nexus threat actors. Talos discovered a .NET-based backdoor we track as “NetDraft” that is a C#-based variant of the FinalDraft/SquidDoor malware family developed and operated by Jewelbug / REF7707 / CL-STA-0049 / LongNosedGoblin , a cluster of China-nexus APT actors.
On The Radar
Talos Intelligence
—
SEV 4/10
On The Radar - Cisco Talos Blog Blog Forward-looking features on the issues and trends that Talos feels is affecting the current cybersecurity landscape. May 6, 2026 06:00 Insights into the clustering and reuse of phone numbers in scam emails Talos has recently started to collect and gather intelligence around phone numbers within emails as an additional indicator of compromise (IOC). In this blog, we discuss new insights into in-the-wild phone number reuse in scam emails.
Intelligence Center
Talos Intelligence
—
SEV 3/10
Insights into the clustering and reuse of phone numbers in scam emails By Omid Mirzaei Wednesday, May 6, 2026 06:00 On The Radar Cisco Talos has recently started to collect and gather intelligence around phone numbers within emails as an additional indicator of compromise (IOC). In this blog, we discuss new insights into in-the-wild phone number reuse in scam emails. According to Talos’ observations, the ease of API-driven provisioning makes a few VoIP providers the preferred tool for attackers, allowing for high-volume, cost-effective scam operations that are difficult to trace.
Intelligence Center
Talos Intelligence
—
SEV 4/10
Unplug your way to better code By Amy Ciminnisi Thursday, May 7, 2026 14:00 Threat Source newsletter Welcome to this week’s edition of the Threat Source newsletter. The person endlessly scrolling or typing away at their computer. It's just an expression, but if nature’s your thing, that works just fine.
Patch Tuesday
Talos Intelligence
—
SEV 8/10
Patch Tuesday - Cisco Talos Blog Blog Talos’ recap of Microsoft’s monthly security update, including the vulnerabilities users need to patch for as soon as possible. May 12, 2026 15:57 Microsoft Patch Tuesday for May 2026 — Snort rules and prominent vulnerabilities Microsoft has released its monthly security update for May 2026, which includes 137 vulnerabilities affecting a range of products, including 16 that Microsoft marked as “critical”. Jaeson Schultz Patch Tuesday April 14, 2026 16:27 Microsoft Patch Tuesday for April 2026 - Snort Rule and Prominent Vulnerabilities Overview of patch tuesday release from Microsoft for April 2026.
Intelligence Center
Talos Intelligence
—
SEV 7/10
Microsoft Patch Tuesday for May 2026 — Snort rules and prominent vulnerabilities By Jaeson Schultz Tuesday, May 12, 2026 15:57 Patch Tuesday By Jaeson Schultz Microsoft has released its monthly security update for May 2026, which includes 137 vulnerabilities affecting a range of products, including 31 that Microsoft marked as “critical”. In this month's release, Microsoft has not observed any of the included vulnerabilities being actively exploited in the wild. Out of 31 "critical" entries, 16 are remote code execution (RCE) vulnerabilities in Microsoft Windows services and applications including Microsoft Office, Microsoft Word, Windows Native WiFi Miniport Driver, Azure, Office for Android, Microsoft Dynamics 365, Windows GDI, Microsoft SharePoint, Windows Graphics Component, Windows Netlogon, and Windows DNS Client.
Threats
Talos Intelligence
—
SEV 8/10
Threats - Cisco Talos Blog Blog Threats May 12, 2026 06:00 State-sponsored actors, better known as the friends you don’t want Responding to a state-sponsored threat is nothing like responding to ransomware, and the differences can make or break the outcome. Learn why your IR plan might need revisiting, and the factors you should consider. Elio Biasiotto , Jerzy ‘Yuri’ Kramarz April 23, 2026 11:10 UAT-4356's Targeting of Cisco Firepower Devices Cisco Talos is aware of UAT-4356's continued active targeting of Cisco Firepower devices’ Firepower eXtensible Operating System (FXOS).
Intelligence Center
Talos Intelligence
—
SEV 4/10
State-sponsored actors, better known as the friends you don’t want By Elio Biasiotto , Jerzy ‘Yuri’ Kramarz Tuesday, May 12, 2026 06:00 Threats State-sponsored actors don't break in. They log in, and they use your own tools to stay invisible for months. Responding to a state-sponsored threat is nothing like responding to ransomware, and the differences can make or break the outcome.
Humans of Talos
Talos Intelligence
—
SEV 3/10
Humans of Talos - Cisco Talos Blog Blog A video interview series that shines a spotlight on team members across Talos, featuring their personal stories, career journeys and unique perspectives. May 13, 2026 06:00 Breaking things to keep them safe with Philippe Laulheret Philippe shares his unique journey from French engineering school to the front lines of cybersecurity, explaining how his lifelong love for solving puzzles helps him uncover critical security flaws before they can be exploited. Amy Ciminnisi Humans of Talos April 16, 2026 06:00 More than pretty pictures: Wendy Bishop on visual storytelling in tech Wendy shares the unique challenges and rewards of bridging the gap between artistic expression and highly technical research.
Intelligence Center
Talos Intelligence
—
SEV 3/10
Breaking things to keep them safe with Philippe Laulheret By Amy Ciminnisi Wednesday, May 13, 2026 06:00 Humans of Talos In the latest Humans of Talos, Amy sits down with Senior Vulnerability Researcher Philippe Laulheret to demystify the world of ethical hacking. Philippe shares his unique journey from French engineering school to the front lines of cybersecurity, explaining how his lifelong love for solving puzzles helps him uncover critical security flaws before they can be exploited. From his memorable experiment using a green onion to bypass a biometric fingerprint reader to his perspective on the reality of cybersecurity versus what we see in the movies, Philippe provides a fascinating look at the work that keeps our digital world safe.
Intelligence Center
Talos Intelligence
—
SEV 6/10
The time of much patching is coming By Martin Lee Thursday, May 14, 2026 14:00 Threat Source newsletter Welcome to this week’s edition of the Threat Source newsletter. Many solutions have been proposed to reduce software bugs: zero-defect mandates, pair programming, formal methods, and mathematical software proofs. The reality is that software engineering is hard .
Threat Advisory
Talos Intelligence
—
SEV 8/10
Threat Advisory - Cisco Talos Blog Blog Any urgent malware campaigns or security vulnerabilities that Talos is actively researching. These posts include the latest threat detection our researchers develop to address these issues. May 14, 2026 12:02 Ongoing exploitation of Cisco Catalyst SD-WAN vulnerabilities Cisco Talos is tracking the active exploitation of CVE-2026-20182, an authentication bypass vulnerability in Cisco Catalyst SD-WAN Controller, formerly SD-WAN vSmart, and Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage.
Intelligence Center
Talos Intelligence
—
SEV 8/10
Ongoing exploitation of Cisco Catalyst SD-WAN vulnerabilities By Cisco Talos Thursday, May 14, 2026 12:02 Threat Advisory Cisco Talos is tracking the active exploitation of CVE-2026-20182 , an authentication bypass vulnerability in Cisco Catalyst SD-WAN Controller, formerly SD-WAN vSmart, and Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage. Successful exploitation of CVE-2026-20182 allows an unauthenticated, remote attacker to bypass authentication and obtain administrative privileges on an affected system. The exploitation of CVE-2026-20182 appears to have been limited so far and Talos clusters this activity under UAT-8616 with high confidence.
Threat Source Newsletter
Talos Intelligence
—
SEV 4/10
Threat Source newsletter - Cisco Talos Blog Blog Talos’ weekly recap of the top cybersecurity news and our latest research. Weekly editions appear on the blog, or readers can subscribe to have the email delivered to their inbox every Thursday. May 14, 2026 14:00 The time of much patching is coming In this week’s newsletter, Martin reflects on what the next iteration of AI tools means for vulnerability discovery and our ability to manage large-scale patch releases.
Nonlinear Dynamics: The Hidden Patterns of Complexity
Talos Intelligence
—
SEV 3/10
Unveiling the Mysteries of Nonlinear Dynamics Nonlinear Dynamics: The Hidden Patterns of Complexity In the realm of physics, there exists a fascinating field of study that delves into the intricacies of complex systems, where the behavior of individual components gives rise to emergent properties that cannot be predicted by analyzing their parts in isolation. This is the domain of nonlinear dynamics, a branch of science that has been captivating the imagination of researchers and scientists for decades. 🐲 The concept of nonlinearity is rooted in the idea that the output of a system is not directly proportional to its input.