Vulnerability Deep Dive - Cisco Talos Blog Blog A very technical breakdown about a vulnerability or set of vulnerabilities and how an attacker could string them together for a cyber attack. February 18, 2026 06:00 “Good enough” emulation: Fuzzing a single thread to uncover vulnerabilities A Talos researcher used targeted emulation of the Socomec DIRIS M-70 gateway’s Modbus thread to uncover six patched vulnerabilities, showcasing efficient tools and methods for IoT security testing.
Kelly Patterson Vulnerability Deep Dive August 9, 2025 09:00 ReVault! When your SoC turns against you… deep dive edition Talos reported 5 vulnerabilities to Broadcom and Dell affecting both the ControlVault3 Firmware and its associated Windows APIs that we are calling “ReVault”. Philippe Laulheret June 26, 2025 06:00 Decrement by one to rule them all: AsIO3.sys driver exploitation Cisco Talos uncovered and analyzed two critical vulnerabilities in ASUS' AsIO3.sys driver, highlighting serious security risks and the importance of robust driver design.
Marcin Noga vulnerability February 10, 2025 08:30 Small praise for modern compilers - A case of Ubuntu printing vulnerability that wasn’t During an earlier investigation of the macOS printing subsystem, IPP-USB protocol caught our attention. We decided to take a look at how other operating systems handle the same functionality. Aleksandar Nikolic November 25, 2024 08:00 Finding vulnerabilities in ClipSp, the driver at the core of Windows’ Client License Platform By Philippe Laulheret ClipSP (clipsp.sys) is a Windows driver used to implement client licensing and system policies on Windows 10 and 11 systems.
Cisco Talos researchers have discovered eight vulnerabilities related to clipsp.sys ranging from signature bypass to elevation of p August 28, 2024 12:00 The vulnerabilities we uncovered by fuzzing µC/OS protocol stacks Fuzzing has long been one of our favorite ways to search for security issues or vulnerabilities in software, but when it comes to fuzzing popular systems used in ICS environments, it traditionally involved a custom hardware setup to fuzz the code in its native environment.
Fuzzing µCOS protocol stacks, Part 2: Handling multiple requests per test case This time, I’ll discuss why this approach is more challenging than simply substituting a socket file descriptor with a typical file descriptor. Fuzzing µC/OS protocol stacks, Part 1: HTTP server fuzzing Any vulnerability in an RTOS has the potential to affect many devices across multiple industries. Fuzzing µC/OS protocol stacks, Part 3: TCP/IP server fuzzing, implementing a TAP driver This is the final post in the three-part series that details techniques I used to fuzz two µC/OS protocol stacks: µC/TCP-IP and µC/HTTP-server.
August 19, 2024 06:00 How multiple vulnerabilities in Microsoft apps for macOS pave the way to stealing permissions An adversary could exploit these vulnerabilities by injecting malicious libraries into Microsoft's applications to gain their entitlements and user-granted permissions. Francesco Benvenuto June 26, 2024 12:00 Multiple vulnerabilities in TP-Link Omada system could lead to root access Affected devices could include wireless access points, routers, switches and VPNs.
Jared Rittle , Carl Hurd May 16, 2024 08:00 Talos releases new macOS open-source fuzzer Compared to fuzzing for software vulnerabilities on Linux, where most of the code is open-source, targeting anything on macOS presents a few difficulties. March 20, 2024 08:00 Dissecting a complex vulnerability and achieving arbitrary code execution in Ichitaro Word Research conducted by Cisco Talos last year uncovered multiple vulnerabilities rated as low severity despite their ability to allow for full arbitrary code execution.
Ali Rizvi-Santiago January 31, 2024 12:00 OAS Engine Deep Dive: Abusing low-impact vulnerabilities to escalate privileges Open Automation Software recently released patches for multiple vulnerabilities in their OAS Engine. Cisco Talos publicly disclosed these issues after working with Open Automation Software to ensure that patches were available for users. Now that a fix has been released with Ve Jared Rittle October 17, 2023 08:00 Snapshot fuzzing direct composition with WTF Although there is public research on Direct Composition, only a few discuss fuzzing this feature, and none, to our knowledge, that covers snapshot fuzzing.
Jaewon Min July 13, 2023 12:00 Uncovering weaknesses in Apple macOS and VMWare vCenter: 12 vulnerabilities in RPC implementation Uncovered issues fall into use-after-free, buffer-overflow, information leak and denial of service vulnerability classes. Some of these could be combined to achieve remote code execution or privilege escalation. Aleksandar Nikolic , Dimitrios Tatsis Vulnerability Spotlight July 6, 2023 11:38 Taking over Milesight UR32L routers behind a VPN: 22 vulnerabilities and a full chain In all, Cisco Talos is releasing 22 security advisories today, nine of which have a CVSS score greater than 8, associated with 69 CVEs.
January 15, 2019 15:02 Vulnerability Deep Dive: TP-Link TL-R600VPN remote code execution vulnerabilities Introduction TP-Link recently patched three vulnerabilities in their TL-R600VPN gigabit broadband VPN router, firmware version 1.3.0. Cisco Talos publicly disclosed these issues after working with TP-Link to ensure that a patch was available. Now that a fix is out there, we wan Carl Hurd ,