{“lastseen”:”2025-11-06T20:05:13″,”description”:”\\n\\nWelcome to this week’s edition of the Threat Source newsletter.\\n\\nEver heard the phrase in this week’s title?\\n\\nFor our non-British readers, here’s the quick version: Every year on November 5, people across the U.K. gather for bonfires, sparklers, fireworks, and attempting to literally handle a hot potato. I used to love these outings as a kid, but now, as a pet owner, I tend to stay in and try to calm the poor, scared creature during the fireworks.\\n\\nAnyway, Bonfire Night is all about marking the evening when the Houses of Parliament didn’t get blown to pieces with gunpowder.\\n\\nThe _Gunpowder Plot_ was the work of a group of conspirators who planned to assassinate King James I by detonating explosives beneath the House of Lords during the State Opening of Parliament on Tuesday, Nov. 5, 1605\\\\. They rented a vault in the cellars below the building, packed it with 36 barrels of gunpowder, and designated a fellow named Guy Fawkes to light the fuse.\\n\\nUnbeknownst to the conspirators, an anonymous warning (the _\\” Monteagle Letter\\”_) was sent to one nobleman (who was due to attend the State Opening of Parliament), suggesting he come up with some sort of excuse to miss it:\\n\\n\\u003e _\\” My lord, out of the love I bear to some of your friends, I have a care of your preservation. I would advise you, as you tender your life, to devise some excuse to shift your attendance at this Parliament; for God and man hath concurred to punish the wickedness of this time. _\\n\\n\\u003e _\u2026 for though there be no appearance of any stir, yet I say they shall receive a terrible blow this Parliament; and yet they shall not see who hurts them.\\” _\\n\\nTaking the warning seriously, the message was passed up the chain to **Robert Cecil,** the King’s chief minister, and the authorities ordered a search. Sir Thomas Knyvet, a Justice of the Peace, led a team to check the cellarsbeneath the House of Lords. There they found Fawkes guarding the barrels, carrying a lantern and some slow matches. He was arrested on the spot.\\n\\nSeveral of Fawkes’ co-conspirators were killed while fleeing; the rest were captured, tried, and condemned. Fawkes himself was sentenced to be hanged, drawn, and quartered — though he died instantly after leaping from the scaffold and breaking his neck.\\n\\nTo this day, November 5th events across the UK include the burning of an effigy of Guy Fawkes in the middle of the bonfire. It’s always struck me as a very odd national tradition. But then again, we are a country of strange customs\u2026 such as when we _chase a wheel of cheese_ down a near-vertical hill.\\n\\nCenturies later, Fawkes’ face was stylised into a white mask with a sly grin for the graphic novel _V for Vendetta. _The mask became shorthand for protest and, eventually, for hacktivism. The man who didn’t light the fuse became the symbol for people trying to spark something. And that, Alanis, is ironic.\\n\\nFor the Gunpowder Plot, it was the act of someone doing the Jacobean equivalent of \\”better check that out,\\” based on some received threat intelligence. It’s a similar gut impulse that still saves many a day in modern cybersecurity settings: the analyst who follows a hunch, the responder who looks twice at a legitimate tool behaving oddly\u2026\\n\\nBy the way, if you haven’t yet, do check out our latest _Cisco Talos Incident Response _report. It’s such a helpful tool for analysts whose days revolve around spotting suspicious behaviour.\\n\\nFor example, this quarter we saw an internal phishing campaign that was launched from compromised O365 accounts, where attackers \\”modified the email-management rules to hide the sent phishing emails and any replies.\\” As Craig pointed out in the most recent episode of __The Talos Threat Perspective__, he often asks his customers, \\”Can you effectively identify malicious inbox rules across your environment — not just for a single user’s mailbox, and not just for the last 90 days?\\”\\n\\nSo yes, while I think it’s still a bit odd that \\”Remember, remember the fifth of November\\” commemorates a disaster that never happened, most analysts I know would drink to that.\\n\\n## The one big thing\\n\\nTwo Tool Talks in a row? Christmas came early.\\n\\nWith the latest article, Cisco Talos’ Martin Lee explores how to empower autonomous AI agents with cybersecurity know-how, enabling them to make informed decisions about internet safety, such as evaluating the trustworthiness of domains. He demonstrates a proof-of-concept using LangChain and OpenAI, connected to the Cisco Umbrella API, so that AI agents can access real-time threat intelligence and make smarter security choices.\\n\\n### Why do I care?\\n\\nAs AI agents become more autonomous and interact with the internet on your behalf, their ability to distinguish safe from unsafe sites directly impacts your digital security. Equipping AI with real-time threat intelligence means fewer mistakes and better protection for your data and devices in an evolving threat landscape.\\n\\n### So now what?\\n\\nIf you work with or develop AI systems, consider incorporating real-time threat intelligence APIs like Cisco Umbrella to enhance your agents’ decision-making. As this technology evolves, staying informed and adapting these best practices will help ensure both your users and AI agents make safer choices online.\\n\\n## Top security headlines of the week\\n\\n**CISA: High-severity Linux flaw now exploited by ransomware gangs** \\nPotential impact includes system takeover once root access is gained (allowing attackers to disable defenses, modify files, or install malware), lateral movement through the network, and data theft. (_Bleeping Computer_)\\n\\n**Phone location data of top EU officials for sale, report finds** \\nJournalists in Europe found it was \\”easy\\” to spy on top European Union officials using commercially obtained location histories sold by data brokers, despite the continent having some of the strongest data protection laws in the world. (_TechCrunch_)\\n\\n**Poland hit by another major cyberattack** \\nPolish authorities are investigating a large-scale cyberattack that compromised personal data belonging to clients of SuperGrosz, an online loan platform, Deputy Prime Minister and Minister for Digital Affairs Krzysztof Gawkowski confirmed. (_Polskie Radio_)\\n\\n**Conduent admits its data breach may have affected around** **10 million people** \\nThe breach lasted nearly three months. Conduent is a major government contractor and works with more than 600 government entities globally, including those on state, local, and federal levels, and a majority ofFortune 100 companies. (_Tech Radar_)\\n\\n**The password for the Louvre ‘s video surveillance system was \\”Louvre\\”** \\nExperts have been raising concerns about the museum’s security for more than a decade. In 2014, the museum’s video surveillance server password was \\”LOUVRE,\\” while a software program provided by the company Thales was secured with a password \\”THALES.\\” (Cybernews)\\n\\n## Can’t get enough Talos?\\n\\n** _Tales from the Frontlines_** \\nOn Wednesday, Nov. 12, hear Talos IR share candid stories of critical incidents last quarter, how we handled them, and what they mean for your organization. Registration is required.\\n\\n** _Harnessing threat intel in Hybrid Mesh Firewall_** \\nJoin us on Thursday, Nov. 13 to learn how Talos combines expert human research with advanced AI\/ML to detect and stop emerging threats.\\n\\n** _Dynamic binary instrumentation (DBI) with DynamoRio_** \\nThis blog introduces DBI and guides you through building your own DBI tool with the open-source DynamoRIO framework on Windows 11.\\n\\n## Upcoming events where you can find Talos\\n\\n * _DeepSec IDSC_ (Nov. 18 – 21) Vienna, Austria\\n * _AVAR_ (Dec. 3 – 5) Kuala Lumpur, Malaysia\\n\\n\\n\\n## Most prevalent malware files from Talos telemetry over the past week\\n\\n**SHA256: 9f1f11a708d393e0a4109ae189bc64f1f3e312653dcf317a2bd406f18ffcc507** \\nMD5: 2915b3f8b703eb744fc54c81f4a9c67f \\nTalos Rep: _https:\/\/talosintelligence.com\/talos_file_reputation?s=9f1f11a708d393e0a4109ae189bc64f1f3e312653dcf317a2bd406f18ffcc507_ \\nExample Filename: e74d9994a37b2b4c693a76a580c3e8fe_1_Exe.exe \\nDetection Name: Win.Worm.Coinminer::1201\\n\\n**SHA256: 41f14d86bcaf8e949160ee2731802523e0c76fea87adf00ee7fe9567c3cec610** \\nMD5: 85bbddc502f7b10871621fd460243fbc \\nTalos Rep: _https:\/\/talosintelligence.com\/talos_file_reputation?s=41f14d86bcaf8e949160ee2731802523e0c76fea87adf00ee7fe9567c3cec610_ \\nExample Filename: 85bbddc502f7b10871621fd460243fbc.exe \\nDetection Name: W32.41F14D86BC-100.SBX.TG\\n\\n**SHA256: 96fa6a7714670823c83099ea01d24d6d3ae8fef027f01a4ddac14f123b1c9974 ** \\nMD5: aac3165ece2959f39ff98334618d10d9 \\nTalos Rep: _https:\/\/talosintelligence.com\/talos_file_reputation?s=96fa6a7714670823c83099ea01d24d6d3ae8fef027f01a4ddac14f123b1c9974_ \\nExample Filename: 96fa6a7714670823c83099ea01d24d6d3ae8fef027f01a4ddac14f123b1c9974.exe \\nDetection Name: W32.Injector:Gen.21ie.1201\\n\\n**SHA256: a31f222fc283227f5e7988d1ad9c0aecd66d58bb7b4d8518ae23e110308dbf91** \\nMD5: 7bdbd180c081fa63ca94f9c22c457376 \\nTalos Rep: _https:\/\/talosintelligence.com\/talos_file_reputation?s=a31f222fc283227f5e7988d1ad9c0aecd66d58bb7b4d8518ae23e110308dbf91_ \\nExample Filename: e74d9994a37b2b4c693a76a580c3e8fe_3_Exe.exe \\nDetection Name: Win.Dropper.Miner::95.sbx.tg\\n\\n**SHA256: d933ec4aaf7cfe2f459d64ea4af346e69177e150df1cd23aad1904f5fd41f44a** \\nMD5: 1f7e01a3355b52cbc92c908a61abf643 \\nTalos Rep: _https:\/\/talosintelligence.com\/talos_file_reputation?s=d933ec4aaf7cfe2f459d64ea4af346e69177e150df1cd23aad1904f5fd41f44a_ \\nExample Filename: cleanup.bat \\nDetection Name: W32.D933EC4AAF-90.SBX.TG”,”published”:”2025-11-06T19:00:14″,”modified”:”2025-11-06T19:00:14″,”type”:”talosblog”,”title”:”Remember, remember the fifth of November”,”source”:””,”references”:””,”id”:”TALOSBLOG:9FBA345796494C6A37F7B32FC8827E48″,”bulletinFamily”:”blog”,”cwe”:null,”cvelist”:[],”sourceData”:””,”sourceHref”:””,”cvss”:{“score”:0,”severity”:”NONE”,”vector”:”NONE”,”version”:”NONE”},”cvss2″:{},”cvss3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””,”cvssV3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””}},”href”:”https:\/\/blog.talosintelligence.com\/remember-remember-the-fifth-of-november\/”,”category_name”:”News”,”post_link”:””,”product”:””,”version”:””,”vendor”:””,”ai_description”:””,”ai_severity”:””,”ai_vendor”:””,”ai_product”:””,”ai_version”:””,”ai_score”:0}<\/p>\n","protected":false},"excerpt":{"rendered":"
{“lastseen”:”2025-11-06T20:05:13″,”description”:”\\n\\nWelcome to this week’s edition of the Threat Source newsletter.\\n\\nEver heard the phrase in this week’s title?\\n\\nFor our non-British readers,…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4],"tags":[6,8,12,13,33,7,69,11,5],"class_list":["post-25020","post","type-post","status-publish","format-standard","hentry","category-category_news","tag-cve","tag-cvss","tag-exploit","tag-news","tag-none","tag-security","tag-talosblog","tag-tapic","tag-vulnerability"],"yoast_head":"\n