Intelligence Center

Threat Research

PDFs: Portable documents, or perfect deliveries for phish?

A popular social engineering technique returns: callback phishing, or TOAD attacks, which leverage PDFs, VoIP anonymity and even QR code tricks. Learn More

Spam campaign targeting Brazil abuses Remote Monitoring and Management tools

A new spam campaign is targeting Brazilian users with a clever twist — abusing the free trial period of trusted remote monitoring tools and the country’s electronic invoice system to spread malicious agents. Learn More

Unmasking the new XorDDoS controller and infrastructure

Cisco Talos observed the ongoing global spread of the XorDDoS malware, predominantly targeting the United States, with evidence suggesting Chinese-speaking operators are using sophisticated tools to orchestrate widespread attacks. Learn More

Fortify Your Defense

Evolve your incident response with intelligence-led proactive services and deep expertise that only Talos can offer, before –and during– an active emergency. Anyone can stand behind you – Talos IR stands beside you, every step of the way.

Together, we can reduce downtime and mitigate risk. Get started today.

Learn More

Latest Talos Takes Podcast Episodes

August 1, 2025
Breaking Down Chaos: Tactics and Origins of a New RaaS Operation

Hazel is joined by threat intelligence researcher James Nutland to discuss Cisco Talos’ latest findings on the newly emerged Chaos ransomware group. Based on real-world incident response engagements, James breaks down Chaos’ fast, multi-threaded encryption, their use of social engineering and remote access tools like Quick Assist, and the group’s likely connections to former BlackSuit operators. James also shares what defenders should be watching for and how to stay ahead of evolving ransomware tactics.Read the full research blog: https://blog.talosintelligence.com/new-chaos-ransomware

July 17, 2025
Why Attackers Love Your Remote Access Tools

Attackers are increasingly abusing the same remote access tools that IT teams rely on every day. In this episode, Hazel sits down with Talos security researcher Pierre Cadieux to unpack why these legitimate tools have become such an effective tactic for adversaries.Pierre explains how the flexibility, legitimacy, and built-in capabilities of remote access management tools make them ideal for attackers who want to stay under the radar. They discuss trends Talos Incident Response is seeing in the field, examples of commonly abused tools, and the challenges defenders face when trying to detect misuse.You'll also hear practical advice on what defenders and IT teams can do today to better secure their environments — and what the rise of remote access management tool abuse tells us about attacker behavior and the current state of cybercrime.Resources mentioned:Talos Incident Response Quarterly Trends ReportWhen Legitimate Tools Go Rogue (Talos Blog)

Why Cisco Talos?

Talos is Cisco's threat intelligence research organization, an elite group of security experts devoted to providing superior protection for our customers, products and services.

Our job is your defense.

Talos powers the Cisco portfolio with comprehensive intelligence.

Every customer environment, every event, every single day, all around the world.