Your year-end infosec wrapped_TALOSBLOG:8B5FA5E5CAA66B716DB5A706994A2294

{
    "lastseen": "2025-12-04T20:05:13",
    "description": "![Your year-end infosec wrapped](https://blog.talosintelligence.com/content/images/2025/12/threat-source-newsletter.jpg)\n\nWelcome to this week's edition of the Threat Source newsletter.\n\n _\" They say that a person's personality is the sum of their experiences. But that isn't true, at least not entirely, because if our past was all that defined us, we'd never be able to put up with ourselves. We need to be allowed to convince ourselves that we're more than the mistakes we made yesterday. That we are all of our next choices, too, all of our tomorrows.\" \u2015 Fredrik Backman _\n\nIt's December, so 'tis the season to enjoy the onslaught that is a reflection of your year. Here there be tygers... and Spotify Wrapped,  Goodreads Year in Books, Duolingo Year in Review, and... and... \n\nThis is the perfect opportunity to reflect on the defining moments of your career in information security. I can predict, without fail, your defining moment. No matter the length of that career and no matter the breadth and depth of your knowledge, I can assure you that the defining moment is not when you flexed your expertise, but rather when you made the most impactful mistake you can make in your given role at the time.\n\nAsk any practitioner for a success story and it's a struggle -- partially because they aren't that memorable and partially because it stokes the imposter syndrome fire to five-alarm bonfire levels. Ask the same practitioner for examples of huge mistakes or failures and get ready for never-ending stories. The best part about that is that not only are those stories wildly entertaining, they are also incredibly instructive. Not only have I learned the most in my career BY FAR from my mistakes, but I've learned a lot from the mistakes of my peers and friends. They just seem to make them less often, which is really infuriating (and there goes my imposter syndrome).\n\nSo, take a second to look back on the biggest mistakes in 2025 and in your career. Go on, open your Notes app (after finishing this fantastic newsletter, of course). Then pull up a stump, take some time in one of the big team get-togethers that are so common during this time of year, and share. You'll entertain, you'll teach, you'll connect, and you'll learn from your peers who will jump in to share the bizarre and hilarious missteps that led them to their current job.\n\n _\" I've missed more than 9,000 shots in my career. I've lost almost 300 games. 26 times I've been trusted to take the game winning shot and missed. I've failed over and over and over again in my life. And that is why I succeed.\" -- Michael Jordan _\n\n## The one big thing\n\nCisco Talos _released a blog_ exploring how generative AI (GenAI) is changing cybersecurity for both attackers and defenders. Adversaries are using GenAI for coding, phishing, evasion, and vulnerability discovery, especially as uncensored models become more widely available. While GenAI's direct role in malware is still limited, its use in social engineering and vulnerability hunting is quickly growing. For defenders, GenAI provides powerful tools to process large amounts of threat data, respond to incidents faster, and proactively find code vulnerabilities.\n\n### Why do I care?\n\nGenAI is lowering the barrier for adversaries to launch sophisticated attacks and discover new vulnerabilities, making threats more dynamic and harder to predict. At the same time, defenders who harness GenAI effectively can level the playing field. GenAI can help defenders overcome issues created by analyst shortages and overwhelming data volumes, gaining the edge in detection and response.\n\n### So now what?\n\nNow's the time for security teams to start experimenting with GenAI in their daily work -- think threat detection, incident response, and reviewing code for vulnerabilities. It's also important to get comfortable with these tools and train teams so everyone knows how to use them wisely. As GenAI keeps evolving, staying flexible and combining smart automation with human expertise will be key to staying secure.\n\n## Top security headlines of the week\n\n**Police disrupt \"Cryptomixer,\" seize millions in crypto**   \nMultiple European law enforcement agencies recently disrupted Cryptomixer, a service allegedly used by cybercriminals to launder ill-gotten gains from ransomware and other cyber activities. (_Dark Reading_)\n\n**Malicious Rust crate delivers OS-specific malware to Web3 developer systems**   \nResearchers have discovered a malicious Rust package that features malicious functionality to stealthily execute on developer machines by masquerading as an Ethereum Virtual Machine (EVM) unit helper tool. (_The Hacker News_)\n\n**Chrome, Edge extensions caught tracking users, creating backdoors**   \nA threat actor published over one hundred extensions, which were seen profiling users, reading cookie data to create unique identifiers, and executing payloads with browser API access. (_SecurityWeek_)\n\n**CISA warns of ScadaBR vulnerability after hacktivist ICS attack**   \nCISA has expanded its Known Exploited Vulnerabilities (KEV) catalog with an old \"OpenPLC ScadaBR\" flaw that was recently leveraged by hackers to deface a honeypot they believed to be an industrial control system (ICS). (_SecurityWeek_)\n\n**New legislation targets scammers that use AI to deceive**   \nFollowing a rash of AI-assisted impersonations of U.S. officials, the bill would raise the financial and criminal penalties around using the technology to defraud. (_CyberScoop_)\n\n## Can't get enough Talos?\n\n**Ranksgiving Returns: The Appetizer Uprising**  \nGuess who's back? Hazel, Bill and Joe welcome back fresh-from-parental-leave Dave Liebenberg, who has returned with a new baby and some truly chaotic Thanksgiving opinions.\n\n**_Cisco Talos Incident Response: Threat Hunting at GovWare 2025_**   \nYuri Kramarz goes behind the scenes of the Security Operations Centre (SOC) at the GovWare Conference and Exhibition in Singapore, which Talos IR supported for the first time this year.\n\n**_Talos Takes: When you 're told \"no budget\"_**   \nFrom configuring what you already have, to open-source strategies, to the impact of cybersecurity layoffs, this episode is packed with practical guidance for securing your organization during an economic downturn.\n\n## Upcoming events where you can find Talos\n\n  *  _AVAR_ (Dec. 3 - 5) Kuala Lumpur, Malaysia\n  *  _Black Hat Europe_ (Dec. 8 - 11) London, U.K.\n\n\n\n## Most prevalent malware files from Talos telemetry over the past week\n\n**SHA256: 90b1456cdbe6bc2779ea0b4736ed9a998a71ae37390331b6ba87e389a49d3d59**   \nMD5: c2efb2dcacba6d3ccc175b6ce1b7ed0a   \nTalos Rep: _https://talosintelligence.com/talos_file_reputation?s=90b1456cdbe6bc2779ea0b4736ed9a998a71ae37390331b6ba87e389a49d3d59_   \nExample Filename: ck8yh2og.dll    \nDetection Name: Auto.90B145.282358.in02\n\n**SHA256: 9f1f11a708d393e0a4109ae189bc64f1f3e312653dcf317a2bd406f18ffcc507**   \nMD5: 2915b3f8b703eb744fc54c81f4a9c67f    \nTalos Rep: _https://talosintelligence.com/talos_file_reputation?s=9f1f11a708d393e0a4109ae189bc64f1f3e312653dcf317a2bd406f18ffcc507_   \nExample Filename: e74d9994a37b2b4c693a76a580c3e8fe_1_Exe.exe    \nDetection Name: Win.Worm.Coinminer::1201\n\n**SHA256: 96fa6a7714670823c83099ea01d24d6d3ae8fef027f01a4ddac14f123b1c9974**   \nMD5: aac3165ece2959f39ff98334618d10d9    \nTalos Rep: _https://talosintelligence.com/talos_file_reputation?s=96fa6a7714670823c83099ea01d24d6d3ae8fef027f01a4ddac14f123b1c9974_   \nExample Filename: ~6325.tmp   \nDetection Name: W32.Injector:Gen.21ie.1201\n\n**SHA256: c0ad494457dcd9e964378760fb6aca86a23622045bca851d8f3ab49ec33978fe**   \nMD5: bf9672ec85283fdf002d83662f0b08b7   \nTalos Rep: _https://talosintelligence.com/talos_file_reputation?s=c0ad494457dcd9e964378760fb6aca86a23622045bca851d8f3ab49ec33978fe_   \nExample Filename: g77wokon.html    \nDetection Name: W32.C0AD494457-95.SBX.TG\n\n**SHA256: 41f14d86bcaf8e949160ee2731802523e0c76fea87adf00ee7fe9567c3cec610**   \nMD5: 85bbddc502f7b10871621fd460243fbc    \nTalos Rep: _https://talosintelligence.com/talos_file_reputation?s=41f14d86bcaf8e949160ee2731802523e0c76fea87adf00ee7fe9567c3cec610_   \nExample Filename: 85bbddc502f7b10871621fd460243fbc.exe    \nDetection Name: W32.41F14D86BC-100.SBX.TG",
    "published": "2025-12-04T19:00:21",
    "modified": "2025-12-04T19:00:21",
    "type": "talosblog",
    "title": "Your year-end infosec wrapped",
    "source": "",
    "references": "",
    "id": "TALOSBLOG:8B5FA5E5CAA66B716DB5A706994A2294",
    "bulletinFamily": "blog",
    "cwe": null,
    "cvelist": [],
    "sourceData": "",
    "sourceHref": "",
    "cvss": {
        "score": 0,
        "severity": "NONE",
        "vector": "NONE",
        "version": "NONE"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "https://blog.talosintelligence.com/your-year-end-infosec-wrapped/",
    "category_name": "News",
    "post_link": "",
    "product": "",
    "version": "",
    "vendor": "",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}