Latest Briefings
Alleged Kimwolf Botmaster ‘Dort’ Arrested in Canada, Faces U.S. Charges
Jacob Butler, a 23-year-old Ottawa man, has been arrested by Canadian police and charged in both Canada and the United States for…
Netherlands Seizes 800 Servers, Arrests 2 in Russian Cyberattack Infrastructure Bust
Dutch financial crime investigators arrested two men and seized over 800 servers tied to hosting infrastructure used to support Russian-linked DDoS attacks,…
Cisco Talos Releases EvidenceForge for Realistic Synthetic Security Logs
EvidenceForge is a new open-source tool from Cisco Talos that generates correlated, realistic security log datasets across 20-plus formats to support threat…
Encryption Optional: How Cyber Extortion Is Evolving Beyond Ransomware
Unit 42 research shows ransomware encryption dropped to 78% of extortion cases in 2025, as threat actors pivot to pure data theft…
Smarter Vulnerability Triage: Pairing CVSS With EPSS and GCVE
Cisco Talos argues that severity scores alone make poor prioritization tools, and outlines a practical triage stack combining CVSS, EPSS, and the…
Meta’s AI Support Bot Exploited to Reset Instagram Passwords
Pro-Iranian hackers circulated a Telegram tutorial showing how to trick Meta's AI customer support assistant into linking a new email address to…
Operation FlutterBridge: New macOS Backdoor Spreads via Google Ads
Unit 42 researchers have identified a macOS malvertising campaign delivering a Flutter-based backdoor called FlutterShell, capable of browser hijacking, shell command execution,…
Inside Cisco Talos Threat Hunting: Hypotheses, Telemetry, and Human Judgment
Cisco Talos has published a detailed look at its hypothesis-driven threat hunting methodology, including a real-world case study showing how correlated firewall…
Microsoft Teams Becomes Prime Vector for IT Impersonation Phishing
Threat actors including APT29 are exploiting overly permissive Teams federation settings to impersonate IT staff and trick employees into approving MFA prompts.…
Active Exploitation of PAN-OS GlobalProtect Auth Bypass CVE-2026-0257
Unit 42 has confirmed active in-the-wild exploitation of a PAN-OS authentication bypass affecting GlobalProtect portals and gateways, with the flaw added to…
Horner Automation Cscape Flaw Enables Code Execution via Malicious Files
An out-of-bounds read vulnerability in Horner Automation Cscape prior to version 10.2 SP3 allows a local attacker to disclose information and execute…
How Attackers Abuse Cloud Logging Services to Evade Detection
Unit 42 researchers outline five techniques adversaries use to manipulate AWS CloudTrail and Google Cloud Logging, turning essential security infrastructure into a…