{“lastseen”:”2025-10-23T20:05:12″,”description”:”\\n\\nWelcome to this week’s edition of the Threat Source newsletter.\\n\\n\\”The truth about the world, he said, is that anything is possible… For existence has its own order and that no man’s mind can compass, that mind itself being but a fact among others.\\” \u2015 Cormac McCarthy, \\”Blood Meridian\\”\\n\\nEarlier this week, I spent a few days off to take a reading retreat with my wife. Diving into several books from various genres and sitting on several quiet acres in the Texas hill country was a wonderful way to refuel. While reading a completely different book, I was reminded of this quoted section from Cormac and it gave me pause. \\n\\nWe, as security practitioners, often move forward with the knowledge and expertise we’ve acquired along the various paths that led us to this point. It’s easy to fall into the trap of assuming that, because we’ve shared similar experiences, we all possess the same skillsets — each of us following our own string in the maze. In the end, the gaps between what we assume about each other and the reality can be tremendous. How do we ensure these aren’t the very gaps adversaries exploit, and that our perceived strengths don’t become our weaknesses?\\n\\nIt comes down to communication and community. Talking openly about our skillsets can feel unnecessary among seasoned practitioners–we often assume that everyone has followed a similar path through the maze of their careers. But in practice, conversations quickly reveal this isn’t the case. One of the best ways to build the soft skills that help your career grow is by meeting with your team and discussing the technical skills that got you here and how you apply them now, which skills still benefit your daily routine, and which have fallen to the wayside via obsolescence. If you can create a meeting focused on this topic — rotating among your direct team and involving the team or leader above — you’ll start to pinpoint the skillsets that have the greatest impact on your day-to-day work.\\n\\nThis process will help you identify specific technical skills needed for hiring or training new team members. It also gives junior analysts a clear view of what senior analysts rely on in their expanded roles, helping to guide their own education. Furthermore, when everyone understands the technical and soft skills that leadership uses, it can help remove the distance between technical and people leaders — and can leave a \\”string\\” for those early in their careers to follow as they navigate their own path through the maze\\n\\nKnow your environment. This is always my first answer whenever I’m asked what to do next or how to proceed. Knowing with extreme clarity both the skillsets on your team and the foundation they’re built upon will allow your team to thrive and grow. It also makes it easier to identify opportunities for cross-training and to provide targeted mentorship where it’s needed most.\\n\\n\\”War was always here. Before man was, war waited for him. The ultimate trade awaiting its ultimate practitioner.\\” \u2015 Cormac McCarthy, \\”Blood Meridian\\”\\n\\n## The one big thing\\n\\nAccording to the Cisco Talos IR Trends Q3 2025 report, over 60% of our incident response cases involved attackers exploiting public-facing applications, mainly through the ToolShell attack chain against unpatched Microsoft SharePoint servers. This is a huge jump from under 10% last quarter. About 20% of cases were ransomware-related (down from 50%), but new ransomware variants and tactics, like using legitimate tools for persistence, were seen. Attackers also increased their use of compromised internal accounts for phishing, and public administration became the top targeted sector for the first time since we began these reports in 2021.\\n\\n### Why do I care?\\n\\nAttackers are going after anyone with exposed or outdated systems, including local governments and public services. With attackers exploiting new vulnerabilities almost immediately (especially in widely used software like SharePoint), even small delays in patching or weak internal defenses can put your organization and its data at serious risk.\\n\\n### So now what?\\n\\nPrioritize rapid patching of public-facing applications, especially after new vulnerabilities are disclosed, and implement strong network segmentation to limit attackers’ lateral movement. Additionally, enhancing multi-factor authentication, improving centralized logging, and educating your users can help detect and block attacks earlier.\\n\\n## Top security headlines of the week\\n\\n**Vulnerability in Dolby Decoder can allow zero-click attacks** \\nTracked as CVE-2025-54957 (CVSS score of 7.0), the security defect can be triggered using malicious audio messages, leading to remote code execution. On Android, the vulnerability can be exploited remotely without user interaction. (_SecurityWeek_)\\n\\n**131 Chrome extensions caught hijacking WhatsApp Web for massive spam campaign** \\nResearchers have uncovered a coordinated campaign that leveraged 131 rebranded clones of a WhatsApp Web automation extension for Google Chrome to spam Brazilian users at scale. (_The Hacker News_)\\n\\n**Prosper data breach impacts 17.6 million accounts** \\nHackers stole personal and financial details belonging to 17.6 million users of the Prosper lending platform, including Social Security numbers and government IDs. (_SecurityWeek_)\\n\\n**\\” PassiveNeuron\\” cyber spies target orgs with custom malware** \\nA threat campaign is targeting high-profile organizations in the government, industrial, and financial sectors across Asia, Africa, and Latin America, with two custom malware implants designed for cyber espionage. (_Dark Reading_)\\n\\n## Can’t get enough Talos?\\n\\n * ** _Reducing abuse of Microsoft 365 Exchange Online Direct Send_** \\nCisco Talos has observed increased activity by malicious actors leveraging Direct Send as part of phishing campaigns. Here’s how to strengthen your defenses.\\n * ** _Beers with Talos: Two Marshalls, one podcast_** \\nTalos’ Vice President Christopher Marshall (the \\”real Marshall,\\” much to Joe’s displeasure) joins Hazel, Bill, and Joe for a very real conversation about leading people when the world won’t stop moving.\\n\\n\\n\\n## Upcoming events where you can find Talos\\n\\n * _NTNU MALWAREFORUM_ (Oct. 28 – 29) Oslo, Norway\\n * _Bsides Osijek_ (Nov. 5) Osijek, Croatia\\n * _AVAR_ (Dec. 3 – 5) Kuala Lumpur, Malaysia\\n\\n\\n\\n## Most prevalent malware files from Talos telemetry over the past week\\n\\n**SHA256: d933ec4aaf7cfe2f459d64ea4af346e69177e150df1cd23aad1904f5fd41f44a** \\nMD5: 1f7e01a3355b52cbc92c908a61abf643 \\nTalos Rep: _https:\/\/talosintelligence.com\/talos_file_reputation?s=d933ec4aaf7cfe2f459d64ea4af346e69177e150df1cd23aad1904f5fd41f44a_ \\nExample Filename: cleanup.bat \\nDetection Name: W32.D933EC4AAF-90.SBX.TG\\n\\n**SHA256: 9f1f11a708d393e0a4109ae189bc64f1f3e312653dcf317a2bd406f18ffcc507** \\nMD5: 2915b3f8b703eb744fc54c81f4a9c67f \\nTalos Rep: _https:\/\/talosintelligence.com\/talos_file_reputation?s=9f1f11a708d393e0a4109ae189bc64f1f3e312653dcf317a2bd406f18ffcc507_ \\nExample Filename: e74d9994a37b2b4c693a76a580c3e8fe_1_Exe.exe \\nDetection Name: Win.Worm.Coinminer::1201\\n\\n**SHA256: 41f14d86bcaf8e949160ee2731802523e0c76fea87adf00ee7fe9567c3cec610** \\nMD5: 85bbddc502f7b10871621fd460243fbc \\nTalos Rep: _https:\/\/talosintelligence.com\/talos_file_reputation?s=41f14d86bcaf8e949160ee2731802523e0c76fea87adf00ee7fe9567c3cec610_ \\nExample Filename: 85bbddc502f7b10871621fd460243fbc.exe \\nDetection Name: W32.41F14D86BC-100.SBX.TG\\n\\n**SHA256: 96fa6a7714670823c83099ea01d24d6d3ae8fef027f01a4ddac14f123b1c9974** \\nMD5: aac3165ece2959f39ff98334618d10d9 \\nTalos Rep: _https:\/\/talosintelligence.com\/talos_file_reputation?s=96fa6a7714670823c83099ea01d24d6d3ae8fef027f01a4ddac14f123b1c9974_ \\nExample Filename: 96fa6a7714670823c83099ea01d24d6d3ae8fef027f01a4ddac14f123b1c9974.exe \\nDetection Name: W32.Injector:Gen.21ie.1201\\n\\n**SHA256: 629ff05b7396cd0278ac345008b1e9246a6511da973e3e7eb630c5890758c15a** \\nMD5: 6692f8df8616472715273203b42e754d \\nTalos Rep: _https:\/\/talosintelligence.com\/talos_file_reputation?s=629ff05b7396cd0278ac345008b1e9246a6511da973e3e7eb630c5890758c15a_ \\nExample Filename: EasyAsVPNgo.exe \\nDetection Name: W32.Proxy.27e2.1201″,”published”:”2025-10-23T18:00:57″,”modified”:”2025-10-23T18:00:57″,”type”:”talosblog”,”title”:”Strings in the maze: Finding hidden strengths and gaps in your team”,”source”:””,”references”:””,”id”:”TALOSBLOG:896CB4F5F974E50EE7FF2D6C13060EE8″,”bulletinFamily”:”blog”,”cwe”:null,”cvelist”:[“CVE-2025-54957″],”sourceData”:””,”sourceHref”:””,”cvss”:{“score”:6.5,”severity”:”MEDIUM”,”vector”:”CVSS:3.1\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:L\/I:L\/A:N”,”version”:”3.1″},”cvss2″:{},”cvss3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””,”cvssV3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””}},”href”:”https:\/\/blog.talosintelligence.com\/strings-in-the-maze\/”,”category_name”:”News”,”post_link”:””,”product”:””,”version”:””,”vendor”:””,”ai_description”:””,”ai_severity”:””,”ai_vendor”:””,”ai_product”:””,”ai_version”:””,”ai_score”:0}<\/p>\n","protected":false},"excerpt":{"rendered":"
{“lastseen”:”2025-10-23T20:05:12″,”description”:”\\n\\nWelcome to this week’s edition of the Threat Source newsletter.\\n\\n\\”The truth about the world,…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4],"tags":[6,8,26,12,21,13,7,69,11,5],"class_list":["post-22930","post","type-post","status-publish","format-standard","hentry","category-category_news","tag-cve","tag-cvss","tag-cvss-65","tag-exploit","tag-medium","tag-news","tag-security","tag-talosblog","tag-tapic","tag-vulnerability"],"yoast_head":"\n