A spam campaign that has been active since at least January 2025 is targeting Portuguese-speaking users in Brazil. The campaign abuses free trials of commercial RMM tools, including N-able and PDQ Connect, to gain unauthorized access to systems.

A spear-phishing campaign attributed to Russian-speaking threat actors targeted the UK Ministry of Defence (MOD) in late 2024. The attackers deployed a RomCom malware variant known as Damascened Peacock.

Cisco Talos observed an existing DDoS malware known as XorDDoS, continuing to spread globally between November 2023 and February 2025. A significant finding shows that over 70 percent of attacks using XorDDoS targeted the U.S.

Cisco Talos reported an ongoing campaign targeting Ukrainian users with malicious LNK files, which run a PowerShell downloader, since at least November 2024. The file names use Russian words related to the movement of troops in Ukraine as a lure.

Typical tooling used by UAT-5918 includes networking tools such as FRPC, FScan, In-Swor, Earthworm, and Neo-reGeorg. Credential harvesting is accomplished by dumping registry hives, NTDS, and using tools such as Mimikatz and browser data stealers.

Cybersecurity experts have uncovered how hackers use CSS to deceive spam filters and monitor user behavior. This sophisticated technique allows malicious actors to remain under the radar while gaining insights into user preferences and actions.

CVE-2024-41147 is an out-of-bounds write vulnerability in Miniaudio. CVE-2025-27163 and CVE-2025-27164 are out-of-bounds read vulnerabilities in the font functionality in Adobe Acrobat, which can lead to information disclosure.

Cisco Talos uncovered two new variants of the Sagerunex backdoor, which were detected during attacks on telecommunications and media companies, as well as many Sagerunex variants persistent in the government and manufacturing industries.

Cisco Talos discovered an ongoing malicious campaign operated by a financially motivated threat actor since as early as July 2024 targeting users, predominantly in Poland and Germany, based on the phishing email language.

Cisco Talos has identified a phishing campaign targeting Facebook business users in Taiwan, using emails disguised as legal notices to trick recipients into downloading malware.