Experiencing an issue? Submit a support ticket.
This blog examines the full lifecycle of a Python package, from hosting on repositories such as PyPI or custom web servers, through source and wheel distribution formats, to the final installation into virtual or system-wide Python environments. Learn More
Cisco Talos has uncovered a BadIIS variant — identifiable by its embedded "demo.pdb" strings — that functions as commodity malware, likely sold or shared among multiple Chinese-speaking cyber crime groups operating under a malware-as-a-service (MaaS) model for continuous monetization. Learn More
Cisco Talos is disclosing UAT-8302, a sophisticated, China-nexus advanced persistent threat (APT) group targeting government entities in South America since at least late 2024 and government agencies in southeastern Europe in 2025. Learn More
Evolve your incident response with intelligence-led proactive services and deep expertise that only Talos can offer, before –and during– an active emergency. Anyone can stand behind you – Talos IR stands beside you, every step of the way.
Together, we can reduce downtime and mitigate risk. Get started today.
MFA and password resets aren't always enough.That’s terrifying for security teams today. In this episode of Talos Takes, we dive deep into ARToken, a sophisticated phishing/BEC-as-a-service platform that steals credentials, bypasses MFA entirely, and leverages primary refresh tokens (PRTs) to maintain persistence in your environment long after a password reset. This turns a simple phishing click into a long-term breach.It’s time to rethink your defenses. Join us as Cisco Talos Threat Researcher Michael Kelley breaks down how this new breed of automated attack works and, more importantly, how you can spot it. From hunting for suspicious device authorization grants to securing your cloud infrastructure, don't miss this critical look at the new frontier of business email compromise. Blog: https://blog.talosintelligence.com/artoken-inside-an-eviltokens-affiliate-panel-targeting-microsoft-365/
While the Component Object Model (COM) is a fundamental Windows technology that allows software to communicate and function, it's also a powerful tool for threat actors looking to move laterally, maintain persistence, and evade traditional security measures.Joining us is Vanya Svajcer, who shares his expertise on how to cut through the noise and identify malicious signals within COM-based binaries. Whether you are a seasoned researcher or just starting your journey into reverse engineering and malware analysis, here's some practical advice on how to start hunting for COM-based threats and making your next investigation a little more effective.Vanja's blog: https://blog.talosintelligence.com/introduction-to-com-usage-by-windows-threats
Talos is Cisco's threat intelligence research organization, an elite group of security experts devoted to providing superior protection for our customers, products and services.
Our job is your defense.
Talos powers the Cisco portfolio with comprehensive intelligence.
Every customer environment, every event, every single day, all around the world.