Northern lights photo in northern Norway.

Happy New Year from the arctic circle. Its natures fireworks in all their glory. 🤯

Happy 2025 y’all!!!!!

Northern lights from northern Norway.

Success!! Incredible.

Photo of snow covered mountain in Tromsø, Norway.

Will be ringing in the new year in Tromsø, Norway. Going to try our best to finally see the aurora borealis. Regardless Norway is breathtaking. ❤️

Taking it a bit deeper, we have a follow on specific to the actor behind WarmCookie, TA866 or Asylum Ambuscade. Great research tying a lot of data points together.

blog.talosintelligence.com/highlighting...

Threat Spotlight: WarmCookie/BadSpace WarmCookie is a malware family that emerged in April 2024 and has been distributed via regularly conducted malspam and malvertising campaigns.

Our latest is a deep dive into WarmCookie a new addition to the crimeware landscape. A new crimeware family emerges as another falls away, a pretty common narrative.

blog.talosintelligence.com/warmcookie-a...

Early voted in Austin today. Took 15 mins and then I got a cheesesteak for lunch. Go vote and get yourself a treat. You deserve it for doing your part 🗳️

Looks like deepfakes are becoming more prevalent. The future is going to be dark if people are already way down the misinformation hole without deepfakes. Scams are already everywhere, this is going to make it so much worse. It’s only a matter of time before this becomes widespread. 😔

Helene response hampered by misinformation, conspiracy theories Misinformation is adding to the chaos and confusion in many storm-battered communities. Social media platforms such as X have allowed the falsehoods to spread.

www.washingtonpost.com/weather/2024...

Steak (bistec) street taco plate

Unsuccessful trip to animal control for our lost cat, Franklin 😔

Only positive is animal control is close to Cuantas and I got eat some of the best tacos I’ve had in a while. It’s always the little things ❤️

The Light We Keep: A Project PowerUp Story YouTube video by Cisco Talos Intelligence Group

Documentary on the incredible work we've done at Cisco Talos in #Ukraine to help keep the lights on is finally out. So much work went on behind the scenes to make this happen. Incredible to see the impact its had. Check it out. www.youtube.com/watch?v=5lio...

Threat actors using MacroPack to deploy Brute Ratel, Havoc and PhantomCore payloads The threat of VBA macros has diminished since Microsoft prevented the execution of macros in Microsoft Office documents downloaded from the internet, but not all users are using the latest up-to-date ...

I started looking at this because a document uploaded to VT was similar to documents with Picasso loader and I thought it could be a new variant. It turns out there is generator MacroPack generating these docs.

blog.talosintelligence.com/threat-actor...

One of the things I love about #Austin. My neighbor already has their full #Halloween decorations out. I love where I live, and wish I had that kind of initiative. 🎃👻 #lifegoals

Large bunch of blue bonnets blooming in Austin Texas.

Happy blue bonnet season y’all. 🪻🪻

TinyTurla Next Generation - Turla APT spies on Polish NGOs This new backdoor we’re calling “TinyTurla-NG” (TTNG) is similar to Turla’s previously disclosed implant, TinyTurla, in coding style and functionality implementation.

Latest research from my team on Turla activity targeting NGOs supporting Ukraine. Great work as always, full details 👇

It’s New Year’s Day morning which means it’s time for my favorite holiday tradition. Watching the best, mostly forgotten, new years movie ever made. 200 Cigarettes. Paul Rudd at his best. Here we go 2024.

To me the biggest risk from AI was never how are the bad guys going to abuse it to create malware, it's how they are going to abuse it to steal the training data and models worth millions.

Arid Viper disguising mobile spyware as updates for non-malicious Android applications Since April 2022, Cisco Talos has been tracking a malicious campaign operated by the espionage-motivated Arid Viper advanced persistent threat (APT) group targeting Arabic-speaking Android users.

Latest research from our team. Great work as always uncovering a network of seemingly related dating apps as well as the analysis of the malicious apps we found from AridViper. Details 👇

My wife and I like to go big for Halloween. We really enjoy handing out treats and take it seriously. This year’s bag includes fun dip, an airhead, Rice Krispie treat, chocolate, and two dum dums. Made ~100 this year. Last year we ran out 🙃

Tool ænima vinyl record and player

Score of the day from Austin Record Convention. 🎶🎶🤘

Geena Davis in 80's makeup in The Fly

Geena Davis as a Catcher in A League of their Own

On left Geena Davis from BeetleJuice holding a bug, on right Geena Davis in her 50's at an award's show in a black, glossy gown

(1/13) Do you know Geena Davis? This is Geena Davis. She's, in my opinion, the most impressive actress alive and not because of the excellent roles she played... but because of the one role that changed the direction of her life. Geena Davis started her career in the classic Tootsie as April Page.

Lazarus Group exploits ManageEngine vulnerability to deploy QuiteRAT This is the third documented campaign attributed to this actor in less than a year, with the actor reusing the same infrastructure throughout these operations.

Team published two blogs about some new Lazarus activity, including a new exploit added to their arsenal as well as a pivot to more open source tooling. Details
blog.talosintelligence.com/lazarus-quit...

blog.talosintelligence.com/lazarus-coll...

Finally made it to Vegas and headed straight to Vesta. The only decent coffee in Vegas. Getting ready for the chaos ahead at hacker summer camp. 😬

Commercial spyware gets most of the attention, but the mercenary landscape in general (i.e. hack for hire) is going to have increasing impacts on the overall landscape as time goes on, not just mobile platforms with commercial spyware. As long as there is a need, these groups are going to flourish.

Old certificate, new signature: open-source tools forge signature timestamps on Windows drivers * Cisco Talos has observed threat actors taking advantage of a Windows policy loophole that allows the signing and loading of cross-signed kernel mode drivers with signature timestamp prior to July 29...

Great research from @g0jirasan.bsky.social on driver abuse. Allowed actors to legitimately sign drivers with expired certificates. Follow on blog on malicious activity he found as well. Take a read below.

Red Driver activity details - blog.talosintelligence.com/undocumented-reddriver/