Experiencing an issue? Submit a support ticket.
Cisco Talos has uncovered a BadIIS variant — identifiable by its embedded "demo.pdb" strings — that functions as commodity malware, likely sold or shared among multiple Chinese-speaking cyber crime groups operating under a malware-as-a-service (MaaS) model for continuous monetization. Learn More
Cisco Talos is disclosing UAT-8302, a sophisticated, China-nexus advanced persistent threat (APT) group targeting government entities in South America since at least late 2024 and government agencies in southeastern Europe in 2025. Learn More
Cisco Talos discovered an intrusion, active since at least January 2026, where an unknown attacker implanted a CloudZ remote access tool (RAT) and a previously undocumented plugin called “Pheno.” Learn More
Evolve your incident response with intelligence-led proactive services and deep expertise that only Talos can offer, before –and during– an active emergency. Anyone can stand behind you – Talos IR stands beside you, every step of the way.
Together, we can reduce downtime and mitigate risk. Get started today.
If you're tired of being told to "just patch," we understand. The threat landscape is evolving at breakneck speed, with AI-driven tools enabling adversaries to uncover and exploit vulnerabilities before defenders even know they exist. In this episode of Talos Takes, Amy sits down with Threat Intelligence Lead Pierre Cadieux to discuss how to defend against these unknown threats. We move past the simplified advice of "just patch everything" to explore the logistical, technical, and business realities that make patching a complex, high-stakes operation rather than a simple button click.From the necessity of testing your patches to the importance of building strong partnerships between security teams and business leadership, this episode breaks down the things defenders often miss that build true resilience in organizations.
Are your detection rules failing because your test data lacks the nuance of a real-world network? In this episode of Talos Takes, Amy sits down with David Bianco to discuss why traditional synthetic data often falls short and how his new open-source project, EvidenceForge, is changing the game.Synthetic datasets often look like telemetry but lack the critical causal links and realistic background noise that define actual adversary activity. EvidenceForge solves this by creating data that tells a coherent, causal story. From simulating complex attack chains to modeling realistic, "bursty" human behavior, this tool helps threat hunters and detection engineers to sharpen their skills with reproducible, high-quality telemetry.EvidenceForge blog: https://blog.talosintelligence.com/introducing-evidenceforge-synthetic-security-logs-that-dont-look-as-fake/PEAK Threat Hunting Assistant episode: https://www.buzzsprout.com/2018149/episodes/18825324
Talos is Cisco's threat intelligence research organization, an elite group of security experts devoted to providing superior protection for our customers, products and services.
Our job is your defense.
Talos powers the Cisco portfolio with comprehensive intelligence.
Every customer environment, every event, every single day, all around the world.