{“lastseen”:”2025-08-28T21:00:44″,”description”:”\\n\\nWelcome to this week’s edition of the Threat Source newsletter.\\n\\nAs summer retreats into the rear-view mirror, I’d like to take a moment to reflect on one of my favorite things about the cybersecurity profession: the community. Earlier this month, I attended _Black Hat USA 2025_ and _DEF CON 33_ in scalding hot Las Vegas, NV. We often refer to it as \\”hacker summer camp,\\” where all the security nerds of various stripes congregate to eat, drink, party, hack and reforge or make new bonds of fellowship with other awesome hackers. Hacker summer camp is, simply put, a whirlwind of activity, from the talks to see, villages to visit, parties to attend, and knowledge to gain. In 5 days, I think I walked almost 30 miles. By the end I was exhausted, but happy to have learned so much and see many of my hacker friends.\\n\\nFor all the fun and learning you can have at summer camp, it’s a very privileged position to be able to attend. Las Vegas is _not a cheap town_. Hotels, flights and food — everything, really — is more expensive than average. A Black Hat badge is $1,000+, and DEF CON $500+. If you’re new to this space and early in your career, or your company doesn’t have the money to send you, the FOMO can be real. Earlier in my career, getting the opportunity to visit hacker summer camp — either with my company covering my costs or me paying out of pocket — wasn’t going to happen.\\n\\nI bring this up not to flex that I went to BH\/DEF CON, but to tell you that as good as those conferences are, there is __so much more__ _._ Do not be daunted by what is inaccessible but know that there are other conferences out there for like-minded hackers who want to learn and share knowledge with you, wherever you are in the world. Are you in high school? I promise you there are _clubs and organizations_ there to help you. College? There are student clubs and organizations there that will welcome you. And if you’re looking for projects and _contests_, there are quite a few out there. And _hackathons_? _I got you covered_, fam.\\n\\nIt’s also important to know that there are smaller information security conferences around the world. Perhaps the most popular and usually super local is Bsides. _Check them out_ — their website has a calendar that might have one local to you.\\n\\nInfosec is as much a calling as it is a career. You were drawn to this space for a reason — and finding friends and colleagues who match your vibe is important to both grow as a human, but also to maintain a healthy relationship with this industry, especially one that’s notoriously capable of burning you out. We as humans are social creatures, and we need social interaction, even if it’s limited doses (I see you, introverts). Our professions are a natural magnet to pull others into our orbit. I can tell you so many of the things that I consider personal career milestones happened because I talked with fellow security practitioners over drinks or a meal, and something _truly wonderful happened_.\\n\\nSo go find your people, lean into the things you are a total security nerd about, and enjoy the fellowship and growth. You’ll be all the better for it.\\n\\n## The one big thing\\n\\nLast week, _Talos shared that ransomware attacks in Japan_ surged by about 1.4 times in the first half of 2025, with small and medium-sized companies (especially manufacturing) being the hardest hit. The Qilin group was the most active, and a new player, \\”Kawa4096,\\” also began targeting Japanese businesses. Even though some major ransomware groups were shut down, new threats are quickly taking their place.\\n\\n### Why do I care?\\n\\nThe ransomware landscape is always changing, and it often highlights vulnerabilities in small and mid-sized businesses in critical industries like manufacturing. With new ransomware groups like Kawa4096 emerging and techniques evolving, the risks are growing, and attackers are finding new ways to target organizations that may not have strong defenses.\\n\\n### So now what?\\n\\nWhile small- to mid-size manufacturing companies are the most targeted in Japan, it’s important for all businesses to stay updated on threats, invest in cybersecurity, and train their teams to spot suspicious activity. ClamAV detections are also available in the _blog_.\\n\\n## Top security headlines of the week\\n\\n**Organizations warned of exploited Git vulnerability** \\nThe US cybersecurity agency CISA on Monday warned that the flaw, tracked as CVE-2025-48384 (CVSS score of 8.1), is an arbitrary file write during the cloning of repositories with submodules that use a ‘recursive’ flag. (_SecurityWeek_)\\n\\n**CISA updates SBOM recommendations** \\nThe document is primarily meant for federal agencies, but CISA hopes businesses will also use it to push vendors for software bills of materials. (_Cybersecurity Dive_)\\n\\n**AI-powered ransomware: \\”PromptLock\\”** \\nAlthough it has not yet been observed in active cyberattacks, the researchers said the PromptLock ransomware appears to be under development and nearly ready to be unleashed onto the threat landscape. (_Dark Reading_)\\n\\n**Credential harvesting campaign targets ScreenConnect cloud administrators** \\nThe campaign uses compromised Amazon Simple Email Service accounts to spear-phish senior IT administrators who have elevated privileges in ScreenConnect environments. (_Cybersecurity Dive_)\\n\\n**Security researcher maps hundreds of TeslaMate servers spilling Tesla vehicle data** \\nA security researcher has found over a thousand publicly exposed hobby servers run by Tesla vehicle owners that are spilling sensitive data about their vehicles, including their granular location histories. (_TechCrunch_)\\n\\n## Can’t get enough Talos?\\n\\n * ** _State of Identity Security Report_** \\nCisco Duo’s global survey of 650 Security \\u0026 Data Ops leaders shows where orgs succeed, and where they’re exposed. Download the full report now.\\n * ** _Static Tundra exposed_** \\nA Russian state-sponsored group, Static Tundra, is exploiting an old Cisco IOS vulnerability to compromise unpatched network devices worldwide.\\n\\n\\n\\n## Upcoming events where you can find Talos\\n\\n * _BlueTeamCon_ (Sept. 4 – 7) Chicago, IL\\n * _LABScon_ (Sept. 17 – 20) Scottsdale, AZ\\n * _VB2025_ (Sept. 24 – 26) Berlin, Germany\\n\\n\\n\\n## Most prevalent malware files from Talos telemetry over the past week\\n\\n**SHA 256: 9f1f11a708d393e0a4109ae189bc64f1f3e312653dcf317a2bd406f18ffcc507** \\nMD5: 2915b3f8b703eb744fc54c81f4a9c67f \\nVirusTotal: _https:\/\/www.virustotal.com\/gui\/file\/9f1f11a708d393e0a4109ae189bc64f1f3e312653dcf317a2bd406f18ffcc507_ \\nTypical Filename: VID001.exe \\nClaimed Product: N\/A \\nDetection Name: Win.Worm.Coinminer::1201\\n\\n**SHA 256: a31f222fc283227f5e7988d1ad9c0aecd66d58bb7b4d8518ae23e110308dbf91 ** \\nMD5: 7bdbd180c081fa63ca94f9c22c457376 \\nVirusTotal: _https:\/\/www.virustotal.com\/gui\/file\/a31f222fc283227f5e7988d1ad9c0aecd66d58bb7b4d8518ae23e110308dbf91\/details_ \\nTypical Filename: IMG001.exe \\nClaimed Product: N\/A \\nDetection Name: Simple_Custom_Detection\\n\\n**SHA256: 47ecaab5cd6b26fe18d9759a9392bce81ba379817c53a3a468fe9060a076f8ca ** \\nMD5: 71fea034b422e4a17ebb06022532fdde \\nVirusTotal: _https:\/\/www.virustotal.com\/gui\/file\/47ecaab5cd6b26fe18d9759a9392bce81ba379817c53a3a468fe9060a076f8ca\/details_ \\nTypical Filename: VID001.exe \\nClaimed Product: N\/A \\nDetection Name: Coinminer:MBT.26mw.in14.Talos”,”published”:”2025-08-28T18:00:19″,”modified”:”2025-08-28T18:00:19″,”type”:”talosblog”,”title”:”Link up, lift up, level up”,”source”:””,”references”:””,”id”:”TALOSBLOG:143856C8B230CB2AC76787734D246A76″,”bulletinFamily”:”blog”,”cwe”:null,”cvelist”:[“CVE-2025-48384″],”sourceData”:””,”sourceHref”:””,”cvss”:{“score”:8,”severity”:”HIGH”,”vector”:”CVSS:3.1\/AV:N\/AC:H\/PR:L\/UI:R\/S:C\/C:H\/I:H\/A:H”,”version”:”3.1″},”cvss2″:{},”cvss3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””,”cvssV3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””}},”href”:”https:\/\/blog.talosintelligence.com\/link-up-lift-up-level-up\/”,”category_name”:”News”,”post_link”:””,”product”:””,”version”:””,”vendor”:””,”ai_description”:””,”ai_severity”:””,”ai_vendor”:””,”ai_product”:””,”ai_version”:””,”ai_score”:0}<\/p>\n","protected":false},"excerpt":{"rendered":"
{“lastseen”:”2025-08-28T21:00:44″,”description”:”\\n\\nWelcome to this week’s edition of the Threat Source newsletter.\\n\\nAs summer retreats into the rear-view mirror, I’d like to take…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4],"tags":[6,8,83,12,15,13,7,69,11,5],"class_list":["post-14860","post","type-post","status-publish","format-standard","hentry","category-category_news","tag-cve","tag-cvss","tag-cvss-80","tag-exploit","tag-high","tag-news","tag-security","tag-talosblog","tag-tapic","tag-vulnerability"],"yoast_head":"\n