ToolShell: Details of CVEs Affecting SharePoint Servers - Cisco Talos is aware of the ongoing exploitation of CVE-2025-53770 and CVE-2025-53771 in ...
https://blog.talosintelligence.com/toolshell-affecting-sharepoint-servers/ #threatadvisory
ToolShell: Details of CVEs Affecting SharePoint Servers
Cisco Talos is aware of the ongoing exploitation of CVE-2025-53770 and CVE-2025-53771 in the wild. These are path traversal vulnerabilities affecting SharePoint Server Subscription Edition, SharePoint Server 2016, and SharePoint Server 2019.
MaaS operation using Emmenhtal and Amadey linked to threats against Ukrainian entities - In April 2025 Cisco Talos identified a Malware-as-a-Service (MaaS) operation that utilize...
https://blog.talosintelligence.com/maas-operation-using-emmenhtal-and-amadey-linked-to-threats-against-ukrainian-entities/ #threatadvisoryMaaS operation using Emmenhtal and Amadey linked to threats against Ukrainian entities
Cisco Talos uncovered a stealthy Malware-as-a-Service (MaaS) operation that used fake GitHub accounts to distribute a variety of dangerous payloads and evade security defenses.
Newly identified wiper malware “PathWiper” targets critical infrastructure in Ukraine - Cisco Talos observed a destructive attack on a critical infrastructure entity within Ukra...
https://blog.talosintelligence.com/pathwiper-targets-ukraine/ #landingpagetopstory #threatadvisory #topstory #ukraine #wiper #apt
Newly identified wiper malware “PathWiper” targets critical infrastructure in Ukraine
Cisco Talos observed a destructive attack on a critical infrastructure entity within Ukraine, using a previously unknown wiper we are calling “PathWiper.”
UAT-6382 exploits Cityworks zero-day vulnerability to deliver malware - Cisco Talos has observed exploitation of CVE-2025-0994, a remote-code-execution vulnerabi...
https://blog.talosintelligence.com/uat-6382-exploits-cityworks-vulnerability/ #landingpagetopstory #threatadvisory #vulnerability #topstory #aptUAT-6382 exploits Cityworks zero-day vulnerability to deliver malware
Talos has observed exploitation of CVE-2025-0994 in the wild by UAT-6382, a Chinese-speaking threat actor, who then deployed malware payloads via TetraLoader.
ArcaneDoor - New espionage-focused campaign found targeting perimeter network devices - ArcaneDoor is a campaign that is the latest example of state-sponsored actors targeting p...
https://blog.talosintelligence.com/arcanedoor-new-espionage-focused-campaign-found-targeting-perimeter-network-devices/ #threatadvisory #threats #apt
ArcaneDoor - New espionage-focused campaign found targeting perimeter network devices
Cisco is aware of new activity targeting certain Cisco Adaptive Security Appliances (ASA) 5500-X Series and has released three CVEs related to the event. We assess with high confidence this activity is related to same threat actor as ArcaneDoor in 2024.
Large-scale brute-force activity targeting VPNs, SSH services with commonly used login credentials - Cisco Talos would like to acknowledge Brandon White of Cisco Talos and Phillip Schafer, M...
https://blog.talosintelligence.com/large-scale-brute-force-activity-targeting-vpns-ssh-services-with-commonly-used-login-credentials/ #threatadvisory #securex #threats
Large-scale brute-force activity targeting VPNs, SSH services with commonly used login credentials
Cisco Talos would like to acknowledge Anna Bennett and Brandon White of Cisco Talos and Phillip Schafer, Mike Moran, and Becca Lynch of the Duo Security Research team for their research that led to the identification of these attacks.
Cisco Talos is actively monitoring a global increase in brute-force attacks
Active exploitation of Cisco IOS XE Software Web Management User Interface vulnerability - Overview Cisco has identified active exploitation of a previously unknown vulnerab...
https://blog.talosintelligence.com/active-exploitation-of-cisco-ios-xe-software/ #landingpagetopstory #threatadvisory #topstory #ios
Active exploitation of Cisco IOS XE Software Web Management User Interface vulnerabilities
Cisco has identified active exploitation of two previously unknown vulnerabilities in the Web User Interface (Web UI) feature of Cisco IOS XE software - CVE-2023-20198 and CVE-2023-20273 - when exposed to the internet or untrusted networks.
What to know about the HTTP/2 Rapid Reset DDoS attacks - Cisco Talos is actively tracking the novel distributed denial-of-service (DDoS) attacks c...
https://blog.talosintelligence.com/http-2-rapid-reset-ddos-attacks/ #threatadvisoryWhat to know about the HTTP/2 Rapid Reset DDoS attacks
Cisco Talos is actively tracking the novel distributed denial-of-service (DDoS) attacks cloud services provider Cloudflare disclosed earlier this week. The techniques described in Cloudflare’s blog post resulted in a record-breaking DDoS attack and could facilitate much larger attacks in the future.
CVE-2023-44487
CVE-2023-44487, a vulnerability in the HTTP/2
Mercenary mayhem: A technical analysis of Intellexa's PREDATOR spyware
Commercial spyware use is on the rise, with actors leveraging these sophisticated tools to conduct surveillance operations against a growing number of targets. Cisco Talos has new details of a commercial spyware product sold by the spyware firm Intellexa (formerly known as Cytrox).
What Cisco Talos knows about the Rhysida ransomware - Cisco Talos is aware of the recent advisory published by the U.S. Department of He...
https://blog.talosintelligence.com/rhysida-ransomware/ #threatadvisory #ransomware #securex #malwareWhat Cisco Talos knows about the Rhysida ransomware
The group appears to commonly deploy double extortion — of the victims that have been listed on the leak site, several of them have had some portion of their exfiltrated data exposed.
ITSEC News
Bala Danmeri