Cisco Talos
Coverage of Cisco Talos in the Nexus archive.
- MyPillow must decide whether to be firm or soft as ransomware crims demand pay
MyPillow, a US bedding brand founded by election conspiracy theorist Mike Lindell, is targeted by Play ransomware operators demanding a ransom to prevent data leaks. The attackers claim to have stolen sensitive data including client documents, payroll, and financial information. Play ransomware, linked to North Korean actors and previously involved in breaches of Swiss government files and Microchip Technology, has allegedly affected 900 organizations as of May 2025.
- China-Linked UAT-8302 Targets Governments Using Shared APT Malware Across Regions
A China-linked APT group, UAT-8302, has been targeting government entities in South America and southeastern Europe since late 2024. The group deploys custom-made malware families after exploitation. Cisco Talos is tracking the activity.
- Newly Discovered PowMix Botnet Hits Czech Workers Using Randomized C2 Traffic
A new botnet named PowMix has been discovered targeting Czech workers since December 2025, using randomized command-and-control (C2) beaconing intervals to evade network detection. Cisco Talos researchers identified the malicious campaign, which avoids persistent C2 connections to bypass security measures.