Experiencing an issue? Submit a support ticket.
Talos is disclosing a large-scale automated credential harvesting campaign carried out by a threat cluster we currently track as UAT-10608. The campaign is primarily leveraging a collection framework dubbed “NEXUS Listener.” Learn More
This blog provides an in-depth analysis of the malicious “msimg32.dll” used in Qilin ransomware attacks, which is a multi-stage infection chain targeting EDR systems. Learn More
Cisco Talos discovered an ongoing malicious campaign since at least as early as December 2025 by a threat actor we track as “UAT-10027,” delivering a previously undisclosed backdoor dubbed “Dohdoor.” Learn More
Evolve your incident response with intelligence-led proactive services and deep expertise that only Talos can offer, before –and during– an active emergency. Anyone can stand behind you – Talos IR stands beside you, every step of the way.
Together, we can reduce downtime and mitigate risk. Get started today.
In this episode of Talos Takes, Amy is joined by William Largent (Cisco Talos) and Lou Stella (Splunk) for a "double-header" discussion. With the recent release of the Cisco Talos 2025 Year in Review and the Splunk Top 50 Cybersecurity Threats report, we’re breaking down the most critical trends that shaped the security landscape last year — all based on Cisco telemetry, Talos' original research, and Talos Incident Response engagements.From the professionalization of ransomware-as-a-service to the persistent challenge of decade-old vulnerabilities, this episode moves beyond the headlines to provide a practical roadmap for defenders. You’ll get tips on how to prioritize your defenses and reduce your attack surface for the year ahead.Talos 2025 Year in Review: https://blog.talosintelligence.com/2025yearinreview/Splunk Top 50 Cybersecurity Threats: https://www.splunk.com/en_us/campaigns/top-50-security-threats.html
In this episode of Talos Takes, David Bianco from Cisco Foundation AI joins Amy to demystify the world of proactive cyber defense. We explore the evolution of the PEAK Threat Hunting framework and talk through how security teams can modernize their approach to identifying risks before they escalate. David also provides an exclusive look at a new open-source tool designed to help hunters navigate the "prepare" phase of PEAK with ease. Whether you are building a new program from scratch or looking to refine your existing strategy, take a listen for actionable advice to help you take that next step in your security journey.PEAK Threat Hunting Assistant: https://blogs.cisco.com/security/introducing-peak-threat-hunting-assistantGitHub: https://github.com/cisco-foundation-ai/PEAK-Assistant
Talos is Cisco's threat intelligence research organization, an elite group of security experts devoted to providing superior protection for our customers, products and services.
Our job is your defense.
Talos powers the Cisco portfolio with comprehensive intelligence.
Every customer environment, every event, every single day, all around the world.