Russian Hackers Exploit CVE-2025-26633 via MSC EvilTwin to Deploy SilentPrism and DarkWisp
The threat actors behind the zero-day exploitation of a recently-patched security vulnerability in Microsoft Windows have been found to deliver […]
LABScon24 Replay | A Walking Red Flag (With Yellow Stars)
APT40 used CTFs at Hainan University to recruit hackers and source software vulnerabilities for operations. Jiangsu MSS received vulnerabilities from
LABScon24 Replay | A Walking Red Flag (With Yellow Stars) Read More »
Hackers Exploit WordPress mu-Plugins to Inject Spam and Hijack Site Images
Threat actors are using the “mu-plugins” directory in WordPress sites to conceal malicious code with the goal of maintaining persistent
Hackers Exploit WordPress mu-Plugins to Inject Spam and Hijack Site Images Read More »
⚡ Weekly Recap: Chrome 0-Day, IngressNightmare, Solar Bugs, DNS Tactics, and More
Every week, someone somewhere slips up—and threat actors slip in. A misconfigured setting, an overlooked vulnerability, or a too-convenient cloud
⚡ Weekly Recap: Chrome 0-Day, IngressNightmare, Solar Bugs, DNS Tactics, and More Read More »
Beers with Talos: Year in Review episode
Joe, Hazel, Bill and Dave break down Talos’ Year in Review 2024 and discuss how and why cybercriminals have been
Beers with Talos: Year in Review episode Read More »
5 Impactful AWS Vulnerabilities You’re Responsible For
If you’re using AWS, it’s easy to assume your cloud security is handled – but that’s a dangerous misconception. AWS
5 Impactful AWS Vulnerabilities You’re Responsible For Read More »
Available now: 2024 Year in Review
Welcome to Cisco Talos’ 2024 Year in Review, available for download now. This report is powered by threat telemetry from over
Available now: 2024 Year in Review Read More »
Russia-Linked Gamaredon Uses Troop-Related Lures to Deploy Remcos RAT in Ukraine
Entities in Ukraine have been targeted as part of a phishing campaign designed to distribute a remote access trojan called
Russia-Linked Gamaredon Uses Troop-Related Lures to Deploy Remcos RAT in Ukraine Read More »
A week in security (March 24 – March 30)
Last week on Malwarebytes Labs: Vulnerability in most browsers abused in targeted attacks “This fraud destroyed my life.” Man ends
A week in security (March 24 – March 30) Read More »