Intelligence Center

Threat Research

Ransomware incidents in Japan during the first half of 2025

Ransomware attackers continue to primarily target small and medium-sized manufacturing businesses in Japan. Learn More

Malvertising campaign leads to PS1Bot, a multi-stage malware framework

Cisco Talos has observed an ongoing malware campaign that seeks to infect victims with a multi-stage malware framework, implemented in PowerShell and C#, which we are referring to as “PS1Bot.” Learn More

PDFs: Portable documents, or perfect deliveries for phish?

A popular social engineering technique returns: callback phishing, or TOAD attacks, which leverage PDFs, VoIP anonymity and even QR code tricks. Learn More

Fortify Your Defense

Evolve your incident response with intelligence-led proactive services and deep expertise that only Talos can offer, before –and during– an active emergency. Anyone can stand behind you – Talos IR stands beside you, every step of the way.

Together, we can reduce downtime and mitigate risk. Get started today.

Learn More

Latest Talos Takes Podcast Episodes

September 3, 2025
Inside the Black Hat NOC: Lessons in Securing One of the Wildest Networks

How do you build and defend a network where attacks are not just expected-they're part of the curriculum? In this episode, Hazel talks with Jessica Oppenheimer, Director of Security Operations at Cisco, about the ten years she's spent in the Black Hat Network Operations Center (NOC).Explore the technical challenges of segmenting and monitoring a network designed for experimentation, live hacking, and hands-on training, including how malicious and benign behaviors are distinguished in real time. Jessica shares how the NOC leverages Cisco technologies like the new machine learning-powered SnortML engine to detect zero-days, outliers, and advanced attack patterns that traditional rule sets miss.Learn how automation, contextual analysis, and collaborative response drive decision-making in this high-stakes environment, and how those lessons now influence security at global events like the Olympics and the Super Bowl.For more details, check out the Cisco blog wrap detailing all our Black Hat NOC activity https://blogs.cisco.com/security/bhusa-2025-noc

August 1, 2025
Breaking Down Chaos: Tactics and Origins of a New RaaS Operation

Hazel is joined by threat intelligence researcher James Nutland to discuss Cisco Talos’ latest findings on the newly emerged Chaos ransomware group. Based on real-world incident response engagements, James breaks down Chaos’ fast, multi-threaded encryption, their use of social engineering and remote access tools like Quick Assist, and the group’s likely connections to former BlackSuit operators. James also shares what defenders should be watching for and how to stay ahead of evolving ransomware tactics.Read the full research blog: https://blog.talosintelligence.com/new-chaos-ransomware

Why Cisco Talos?

Talos is Cisco's threat intelligence research organization, an elite group of security experts devoted to providing superior protection for our customers, products and services.

Our job is your defense.

Talos powers the Cisco portfolio with comprehensive intelligence.

Every customer environment, every event, every single day, all around the world.