Velociraptor leveraged in ransomware attacks - Cisco Talos has confirmed that ransomware operators are leveraging Velociraptor, an open-...
https://blog.talosintelligence.com/velociraptor-leveraged-in-ransomware-attacks/ #threatspotlight
Velociraptor leveraged in ransomware attacks
* Cisco Talos has confirmed that ransomware operators are leveraging Velociraptor, an open-source digital forensics and incident response (DFIR) tool that had not previously been definitively tied to ransomware incidents.
* We assess with moderate confidence that this activity can be attributed to threat actor Storm-2603, based on overlapping tools and tactics,
Too salty to handle: Exposing cases of CSS abuse for hidden text salting - Cisco Talos has been closely monitoring the abuse of cascading style sheets (CSS) propert...
https://blog.talosintelligence.com/too-salty-to-handle-exposing-cases-of-css-abuse-for-hidden-text-salting/ #threatspotlight
Too salty to handle: Exposing cases of CSS abuse for hidden text salting
A simple yet effective tactic, known as hidden text salting, is increasingly used by cybercriminals over the past few months to evade even the most advanced email security solutions, including those powered by machine learning and large language models.
UAT-8099: Chinese-speaking cybercrime group targets high-value IIS for SEO fraud - Cisco Talos is disclosing details on UAT-8099, a Chinese-speaking cybercrime group mainly...
https://blog.talosintelligence.com/uat-8099-chinese-speaking-cybercrime-group-seo-fraud/ #threatspotlight #securex
UAT-8099: Chinese-speaking cybercrime group targets high-value IIS for SEO fraud
Cisco Talos is disclosing details on UAT-8099, a Chinese-speaking cybercrime group mainly involved in SEO fraud and theft of high-value credentials, configuration files, and certificate data.
Ransomware incidents in Japan during the first half of 2025 - In the first half of 2025, the number of ransomware attacks in Japan increased by approxi...
https://blog.talosintelligence.com/ransomware_incidents_in_japan_during_the_first_half_of_2025/ #threatspotlight #ransomware
Ransomware incidents in Japan during the first half of 2025
Ransomware attackers continue to primarily target small and medium-sized manufacturing businesses in Japan.
Malvertising campaign leads to PS1Bot, a multi-stage malware framework - Cisco Talos has observed an ongoing malware campaign that seeks to infect victims ...
https://blog.talosintelligence.com/ps1bot-malvertising-campaign/ #landingpagetopstory #threatspotlight #topstory #stealer #securex
Malvertising campaign leads to PS1Bot, a multi-stage malware framework
Cisco Talos has observed an ongoing malware campaign that seeks to infect victims with a multi-stage malware framework, implemented in PowerShell and C#, which we are referring to as “PS1Bot.”
PDFs: Portable documents, or perfect deliveries for phish? - Cisco recently developed and released an update to its brand impersonation detection engi...
https://blog.talosintelligence.com/pdfs-portable-documents-or-perfect-deliveries-for-phish/ #threatspotlight
PDFs: Portable documents, or perfect deliveries for phish?
A popular social engineering technique returns: callback phishing, or TOAD attacks, which leverage PDFs, VoIP anonymity and even QR code tricks.
Spam campaign targeting Brazil abuses Remote Monitoring and Management tools - Cisco Talos identified a spam campaign targeting Brazilian users with commercial remote m...
https://blog.talosintelligence.com/spam-campaign-targeting-brazil-abuses-rmm-tools/ #initialaccessbroker #threatspotlightSpam campaign targeting Brazil abuses Remote Monitoring and Management tools
A new spam campaign is targeting Brazilian users with a clever twist — abusing the free trial period of trusted remote monitoring tools and the country’s electronic invoice system to spread malicious agents.
Unmasking the new XorDDoS controller and infrastructure - Cisco Talos observed an existing distributed denial-of-service (DDoS) malware known as Xo...
https://blog.talosintelligence.com/unmasking-the-new-xorddos-controller-and-infrastructure/ #threatspotlight
Unmasking the new XorDDoS controller and infrastructure
Cisco Talos observed the ongoing global spread of the XorDDoS malware, predominantly targeting the United States, with evidence suggesting Chinese-speaking operators are using sophisticated tools to orchestrate widespread attacks.
Unraveling the U.S. toll road smishing scams - Cisco Talos has observed a widespread and ongoing financial theft SMS phishing (smishing)...
https://blog.talosintelligence.com/unraveling-the-us-toll-road-smishing-scams/ #threatspotlight #phishing
Unraveling the U.S. toll road smishing scams
Cisco Talos has observed a widespread and ongoing financial theft SMS phishing (smishing) campaign since October 2024 that targets toll road users in the United States of America.
Gamaredon campaign abuses LNK files to distribute Remcos backdoor - Cisco Talos is actively tracking an ongoing campaign targeting users in Ukraine with mali...
https://blog.talosintelligence.com/gamaredon-campaign-distribute-remcos/ #threatspotlight #ukraine
Gamaredon campaign abuses LNK files to distribute Remcos backdoor
Cisco Talos is actively tracking an ongoing campaign, targeting users in Ukraine with malicious LNK files which run a PowerShell downloader since at least November 2024.
ITSEC News