Hazel celebrates unseen effort in cybersecurity and shares some PII. Completely unrelated, but did you know “Back to the Future” turns 40 this year?

Cisco published advisories and a supplemental post about three zero-day vulnerabilities, two of which were exploited in the wild by an advanced threat actor associated with the ArcaneDoor...

A vulnerability has been discovered in Nx (build system) Package, which could allow for sensitive data exfiltration. Nx is a smart, fast, and extensible build system designed for managing...

We are further hardening Cloudflare Workers with the latest software and hardware features. We use defense-in-depth, including V8 sandboxes and the CPU's memory protection keys to keep your data safe.

Over the past year, Bitdefender researchers have been monitoring a persistent malicious campaign that initially spread via Facebook Ads, promising “free access” to TradingView Premium and other...

We dissect a recent incident where npm packages with millions of downloads were infected by the Shai-Hulud worm. Kaspersky experts describe the starting point for the source of the infection.

Malware operators collaborate with covert North Korean IT workers, posing a threat to both headhunters and job seekers

The wait is almost over. The final Digital Personal Data Protection (DPDP) Rules are just days away, marking the next big step after the enactment of the DPDPA in 2023. With only a few days left,...

In September 2024, French retailer Cultura was the victim of a cyber attack they attributed to an external IT service provider. The resultant data breach included almost 1.5M unique email...

Discover what 520+ security leaders revealed about AI in threat intelligence. Explore key use cases, trust levels, and how AI is transforming cybersecurity operations.

BRICKSTORM is a Go backdoor (with SOCKS proxying) deployed preferentially on Linux/BSD network and edge appliances that often lack EDR coverage. Attackers favor devices like VMware vCenter/ESXi as...

SonicWall has disclosed a security incident affecting its MySonicWall cloud backup service. Threat actors conducted brute force attacks on the MySonicWall.com portal and gained unauthorized access...

7 proven practices for adopting a positive security model and making it stick

Posted by Elie Bursztein and Marianna Tishchenko, Google Privacy, Safety and Security TeamEmpowering cyber defenders with AI is critical to tilting the cybersecurity balance back in their favor as...

Researchers said Thalha Jubair was a principal operator, leading or directing many attacks attributed to the hacker subset of The Com since 2022. The post Teen arrested in UK was a core figure in...

Written by: Sarah Yoder, John Wolfram, Ashley Pearson, Doug Bienstock, Josh Madeley, Josh Murchie, Brad Slaybaugh, Matt Lin, Geoff Carstairs, Austin Larsen Introduction Google Threat Intelligence...

The researchers who uncovered the “very, very advanced adversary” behind the malware said it could be a big problem years into the future. The post Brickstorm malware powering ‘next-level’ Chinese...

After a year since we started enabling Automatic SSL/TLS, we want to talk about these results, why they matter, and how we’re preparing for the next leap in Internet security.

The Secret Service’s takedown in New York shines a light on a type of threat that is technically fascinating and deeply concerning for national security: large-scale cellular interception networks...

The Secret Service’s takedown in New York shines a light on a type of threat that is technically fascinating and deeply concerning for national security: large-scale cellular interception networks...

What happens when you bring in a team of cybersecurity responders? How do we turn chaos into control, and what is the long-term value that Talos IR provides to the organizations we work with?

Virtual Private Networks (VPNs) have been the go-to solution for securing remote access to banking systems for decades. They created encrypted tunnels for employees, vendors, and auditors to...

In August 2025, the French telecommunications company Bouygues Telecom detected a cyber attack against their services. The incident resulted in a data breach that exposed almost 6.4M customer...

Uncover unseen third-party risks. Get full visibility into vendors’ IPs, domains, subsidiaries, and facilities to make faster, data-driven security decisions.

RedNovember, a likely Chinese state-sponsored cyber-espionage group, has targeted global government, defense, and tech sectors using advanced tools like Pantegana and Cobalt Strike. Discover the...

Learn more about how AI accelerates security debt through insecure code, third-party risk, and shadow AI—and how governance can turn AI into a defensive asset.

Experts say companies often struggle to manage the aftermath when they discover an employee’s true identity is not what it seemed. The post What to do if your company discovers a North Korean...

The agency says it found a network of some 300 servers and 100,000 SIM cards—enough to knock out cell service in the NYC area. Experts say it mirrors facilities typically used for cybercrime.

Talos discovered that a new PlugX variant’s features overlap with both the RainyDay and Turian backdoors

Replay is a cross-chain bridge on Solana. The original design had simple relayers, but the newer version introduces more smart contracts for managing funds. The idea is to transfer funds on one...