Talos is seeing cybercriminals utilize uncensored LLMs, develop their own malicious AI and "jailbreak" existing ones to bypass safety measures, resulting in campaigns that are harder to detect: https://blog.talosintelligence.com/cybercriminal-abuse-of-large-language-models/

Thor’s week off turned into a wild ride with some unexpected lessons in cybersecurity usability. Plus, Cisco Talos uncovers new phishing campaigns by North Korean-aligned threat actors: https://blog.talosintelligence.com/a-week-with-a-smart-car

Attackers are increasingly using your own legitimate IT tools to hide in plain sight. Learn how to spot them before they cause damage in our latest blog: https://blog.talosintelligence.com/when-legitimate-tools-go-rogue

Famous Chollima, a North Korean-aligned threat actor, is targeting cryptocurrency/blockchain professionals (primarily in India) with the new PylangGhost RAT, a Python-based equivalent to their GolangGhost RAT. Learn how these attacks work: https://blog.talosintelligence.com/python-version-of-golangghost-rat

In this week's newsletter, Bill explains why knowing yourself and knowing your environment are the ultimate tools in staying ahead of cyber threats. Don’t let the bad guys learn your environment better than you: https://blog.talosintelligence.com/know-thyself-know-thy-environment

Cisco Talos uncovered zero-day vulnerabilities in catdoc, plus vulnerabilities in Parallel, NVIDIA, and High-Logic FontCreator 15—all now patched:
https://blog.talosintelligence.com/catdoc-zero-day-nvidia-high-logic-fontcreator-and-parallel-vulnerabilities/

In this week’s Threat Source newsletter, Martin reflects on the fact that no one is too small to be a target for cybercriminals. Catch the full issue here: https://blog.talosintelligence.com/everyones-on-the-cyber-target-list

In this week's Talos Takes, Chetan and Hazel break down how threat actors are disguising ransomware and stealers as AI installers. One threat actor is even claiming its ransom funds "humanitarian aid." Catch the full story here: https://www.buzzsprout.com/2018149/episodes/17274008

New destructive malware alert: Talos uncovered "PathWiper," a wiper targeting Ukrainian critical infrastructure, which we attribute with high confidence to a Russia-nexus APT actor. Learn how the attack unfolded: https://blog.talosintelligence.com/pathwiper-targets-ukraine

New author alert! 🚨 Meet Amy Ciminnisi, Talos' Content Manager, who shares her unconventional journey from anthropology to cybersecurity, plus insights on threats disguised as AI installers: https://blog.talosintelligence.com/a-new-author-has-appeared

Think you’re downloading the next big AI tool? You might be in for an unpleasant surprise. Meet CyberLock, Lucky_Gh0$t and Numero: ransomware and malware threats in disguise as AI tool installers: https://blog.talosintelligence.com/fake-ai-tool-installers/

Cisco Talos' own Vitor Ventura, lead security researcher, was featured on the most recent Dark Reading Confidential episode. Vitor discusses how the team stumbled upon YoroTrooper while investigating actors targeting Ukraine. Listen here: https://www.darkreading.com/threat-intelligence/the-day-i-found-an-apt-group-in-the-most-unlikely-place

According to Talos’ recent analysis of six months of PowerShell network telemetry, contacted rare domains are over 3x more likely to be malicious than frequently contacted ones. Read the full analysis: https://blog.talosintelligence.com/scarcity-signals-are-rare-activities-red-flags

Ghosting isn’t just for dating apps — it’s alive and well in the cybercrime underworld. In this week’s Threat Source newsletter, Hazel explores the messy world of cybercriminal teamwork (or lack thereof). Read the newest edition: https://blog.talosintelligence.com/ghosted-by-a-cybercriminal

On this week’s Talos Takes, Edmund Brumaghin joins Hazel to talk about the growing trend of threat actors compartmentalizing their attacks, and how defenders can adjust threat modeling: https://www.buzzsprout.com/2018149/episodes/17204075

How secure are your cloud environments? Cisco Talos built on Tenable’s discovery of a Google Cloud Platform vulnerability to uncover how attackers could exploit similar techniques across AWS and Azure: https://blog.talosintelligence.com/duping-cloud-functions-an-emerging-serverless-attack-vector/

Ever wonder what cybercriminals talk about behind closed doors? In this week’s Threat Source newsletter, Thor takes us into the chat messages within the LockBit leak: https://blog.talosintelligence.com/xoxo-to-prague

🔎 Follow the motive: Join Talos researcher Ashley Shen as we break down the evolution of initial access brokers and why defining their motives is key to better defense: https://www.buzzsprout.com/2018149/episodes/17157547

Attack kill chains are evolving, and defenders must, too. In this two-part blog, Talos examines how threat actors are working together like never before, and proposes an extension to the Diamond Model: http://blog.talosintelligence.com/redefining-initial-access-brokers

Don’t miss CTA TIPS 2025! Join Edmund Brumaghin and Nick Biasini as they uncover how threat actor collaboration and shifts in global defense are changing cyber attribution. Register now: https://www.cyberthreatalliance.org/tips-conference/