{“lastseen”:”2025-12-18T20:05:10″,”description”:”\\n\\nWelcome to this week’s edition of the Threat Source newsletter.\\n\\nFor us in America, we’re in the holiday doldrums and things slow and\/or shut down until the new year. At Cisco, we shut down the last week of the year to reset and recharge, and I’ve grown to be quite fond of it. I’ve worked plenty of gigs where there were no holiday breaks, and now that I’m living that dream, I gotta tell ya, it’s a damn civilized way to live if you can get it.\\n\\nIt’s only natural for us to think on 2025 — what happened to us, what made the news, and with some trepidation (and maybe some hope) what lies in store for 2026.\\n\\nI thought I’d summarize the notable things that come to mind for me:\\n\\n 1. _Uncovering Qilin attack methods exposed through multiple cases_ \\nWhy this one? Quilin is one of the more aggressive cartels that I see in the ransomware space in 2025. On their dark web site, you can see a very active presence. When Talos crunches the numbers for the 2025 Year in Review, don’t be surprised if you see them at the top of the list as one of the more lucrative criminal cartels. Our blog post on this was outstanding — give it a read! (Also, our banner art is just great, if I do say so myself. Our design team is the best.) I think 2026 will see a heavy ransomware tempo. It is simply just too lucrative for the bad guys. Compounding this is the macro\/micro world economy and good old fashioned geopolitical tensions. Everyone hold on tight.\\n 2. _Jaguar Land Rover posts heavy loss after cyber_ _attack_ \\nAs someone who focuses on industrial control security, seeing a manufacturer getting hit so hard resonates with me. It proves the fragility that we see in this space, where operational and information technology mix to fulfill business imperatives, but at a real financial risk. This will be a case study of financial impacts cyber attacks can have on manufacturing with a heavily targeted vertical because the disruptions are costly and lucrative to ransomware actors. My bet is 2026 will see much more of this. _No one_ wants to be the next Land Rover Jaguar. The bad guys know this, and there’s certainly blood in the water and the sharks have noticed.\\n 3. _Disrupting the first reported AI-orchestrated cyber espionage campaign_ \\nAnthropic released a first of its kind report on a state-sponsored adversary using Claude to launch a full kill chain campaign against victims. I had a hard time with this report. It felt (and still feels) hyped to a degree. It’s an entirely plausible scenario, and I don’t want to imply it’s misleading! But the report doesn’t show its work. You can certainly see this being real, but it just misses the test for actual substantive intel. Still, it surely does make one wonder how much better AI attacks will get. The space is moving at blazing speed. Who’s to say what 2026 will show us for attacks and defense!\\n\\n\\n\\nIf you celebrate, enjoy the holidays. At the same time, I know this season can feel especially lonely for those of us who are missing loved ones. This year I lost my grandmother, and I am still processing the tremendous grief and loss for someone who helped raise me to be the man I am today. Find the time to spend with others and be kind to yourself. Resist the urge to isolate yourself. Use the holidays to invest in yourself and your health. I believe in you. I’ll see you all in 2026.\\n\\n## The one big thing\\n\\nFor this end-of-year Talos Takes episode — and Hazel’s last as host — we took a time machine back to 2015 to ask, \\”What would a defender from back then think of the madness we deal with in 2025?\\” Alongside Pierre, Alex, and yours truly, we reminisced about our own journeys, then got into the real meat: just how much ransomware has exploded (thanks, \\”as-a-service\\” model), why identity is now the main battleground, and how the lines between state-sponsored actors and APTs have blurred to the point of being almost meaningless.\\n\\n### Why do I care?\\n\\nYou don’t need me to tell you it’s a different world than it was ten years ago. The ransomware industry is bigger and nastier than ever, and attackers are more organized, more efficient, and more professionalized. The tools (and the stakes) keep changing, but burnout and complexity are constants. If you’re not keeping pace, you’re falling behind, and the attackers aren’t waiting up.\\n\\n### So now what?\\n\\nDon’t panic, and don’t try to win it all alone. Double down on the basics, like identity and access management and keeping tabs on those \\”service accounts\\” that keep multiplying. Make sure your team is trained, supported, and has permission to step away from the keyboard once in a while. Don’t get distracted by AI; it _is_ powerful, but it’s not a magic bullet. And maybe most important of all: Take care of yourself and your people. 2026 is going to bring more of the same (and some surprises), but if you stay grounded, curious, and human, you’ll be ready for whatever’s next.\\n\\n## Top security headlines of the week\\n\\n**Microsoft: Recent Windows updates break VPN access for WSL users** \\nThis known issue affects users who installed the KB5067036 October 2025 non-security update, released October 28th, or any subsequent updates, including the KB5072033 cumulative update released during this month’s Patch Tuesday. (_Bleeping Computer_)\\n\\n**French Interior Ministry confirms** **cyber attack** **on email servers** \\nWhile the attack (detected overnight between Thursday, December 11, and Friday, December 12) allowed the threat actors to gain access to some document files, officials have yet to confirm whether data was stolen. (_Bleeping Computer_)\\n\\n**In-the-wild** **exploitation of** **fresh Fortinet** **flaws** **begins** \\nThe two flaws (CVE-2025-59718 and CVE-2025-59719 [CVSS score of 9.8]) are described as improper verification of cryptographic signature issues impacting FortiOS, FortiWeb, FortiProxy, and FortiSwitchManager. (_SecurityWeek_)\\n\\n**Google to shut down dark web monitoring tool in February 2026** \\nGoogle has announced that it’s discontinuing its dark web report tool in February 2026, less than two years after it was launched as a way for users to monitor if their personal information is found on the dark web. (_The Hacker News_)\\n\\n**Compromised IAM** **credentials** **power a** **large AWS** **crypto** **mining** **campaign** \\nThe activity, first detected on Nov. 2, 2025, employs never-before-seen persistence techniques to hamper incident response and continue unimpeded, according to a new report shared by the tech giant ahead of publication. (_The Hacker News_)\\n\\n## Can’t get enough Talos?\\n\\n** _Humans of Talos: Lexi DiScola_** \\nAmy chats with Senior Cyber Threat Analyst Lexi DiScola, who brings a political science and French background to her work tracking global cyber threats. Even as most people wind down for the holidays, Lexi is tackling the Talos 2025 Year in Review.\\n\\n**_UAT-9686 actively targets Cisco Secure Email Gateway and Secure Email and Web Manager_** \\nOur analysis indicates that appliances with non-standard configurations, as described in Cisco’s advisory, are what we have observed as being compromised by the attack.\\n\\n** _TTP:_** ** _Talking_** ** _through a_** ** _year of_** ** _cyber_** ** _threats, in_** ** _five_** ** _questions_** \\nIn this episode of the Talos Threat Perspective, Hazel is joined by Talos’ Head of Outreach Nick Biasini to reflect on what stood out, what surprised them, and what didn’t in 2025. What might defenders want to think about differently as we head into 2026?\\n\\n## Upcoming events where you can find Talos\\n\\nWe’ll be back in 2026 — see ya then!\\n\\n## Most prevalent malware files from Talos telemetry over the past week\\n\\n**SHA256: 9f1f11a708d393e0a4109ae189bc64f1f3e312653dcf317a2bd406f18ffcc507** \\nMD5: 2915b3f8b703eb744fc54c81f4a9c67f \\nTalos Rep: _https:\/\/talosintelligence.com\/talos_file_reputation?s=9f1f11a708d393e0a4109ae189bc64f1f3e312653dcf317a2bd406f18ffcc507_ \\nExample Filename: 9f1f11a708d393e0a4109ae189bc64f1f3e312653dcf317a2bd406f18ffcc507.exe \\nDetection Name: Win.Worm.Coinminer::1201\\n\\n**SHA256: a31f222fc283227f5e7988d1ad9c0aecd66d58bb7b4d8518ae23e110308dbf91** \\nMD5: 7bdbd180c081fa63ca94f9c22c457376 Talos Rep: _https:\/\/talosintelligence.com\/talos_file_reputation?s=a31f222fc283227f5e7988d1ad9c0aecd66d58bb7b4d8518ae23e110308dbf91_ \\nExample Filename: e74d9994a37b2b4c693a76a580c3e8fe_3_Exe.exe \\nDetection Name: Win.Dropper.Miner::95.sbx.tg\\n\\n**SHA256: 96fa6a7714670823c83099ea01d24d6d3ae8fef027f01a4ddac14f123b1c9974** \\nMD5: aac3165ece2959f39ff98334618d10d9 \\nTalos Rep: _https:\/\/talosintelligence.com\/talos_file_reputation?s=96fa6a7714670823c83099ea01d24d6d3ae8fef027f01a4ddac14f123b1c9974_ \\nExample Filename: 96fa6a7714670823c83099ea01d24d6d3ae8fef027f01a4ddac14f123b1c9974.exe \\nDetection Name: W32.Injector:Gen.21ie.1201\\n\\n**SHA256: 90b1456cdbe6bc2779ea0b4736ed9a998a71ae37390331b6ba87e389a49d3d59** \\nMD5: c2efb2dcacba6d3ccc175b6ce1b7ed0a \\nTalos Rep: _https:\/\/talosintelligence.com\/talos_file_reputation?s=90b1456cdbe6bc2779ea0b4736ed9a998a71ae37390331b6ba87e389a49d3d59_ \\nExample Filename:ck8yh2og.dll \\nDetection Name: Auto.90B145.282358.in02\\n\\n**SHA256: 1aa70d7de04ecf0793bdbbffbfd17b434616f8de808ebda008f1f27e80a2171b** \\nMD5: a8fd606be87a6f175e4cfe0146dc55b2 \\nTalos Rep: _https:\/\/talosintelligence.com\/talos_file_reputation?s=1aa70d7de04ecf0793bdbbffbfd17b434616f8de808ebda008f1f27e80a2171b_ \\nExample Filename: 1aa70d7de04ecf0793bdbbffbfd17b434616f8de808ebda008f1f27e80a2171b.exe \\nDetection Name: W32.1AA70D7DE0-95.SBX.TG”,”published”:”2025-12-18T19:00:31″,”modified”:”2025-12-18T19:00:31″,”type”:”talosblog”,”title”:”Adios 2025, you won\u2019t be missed”,”source”:””,”references”:””,”id”:”TALOSBLOG:4E3C9392500052D23A06C18396AC0196″,”bulletinFamily”:”blog”,”cwe”:null,”cvelist”:[“CVE-2025-59718″,”CVE-2025-59719″],”sourceData”:””,”sourceHref”:””,”cvss”:{“score”:9.8,”severity”:”CRITICAL”,”vector”:”CVSS:3.1\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:H\/I:H\/A:H”,”version”:”3.1″},”cvss2″:{},”cvss3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””,”cvssV3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””}},”href”:”https:\/\/blog.talosintelligence.com\/adios-2025-you-wont-be-missed\/”,”category_name”:”News”,”post_link”:””,”product”:””,”version”:””,”vendor”:””,”ai_description”:””,”ai_severity”:””,”ai_vendor”:””,”ai_product”:””,”ai_version”:””,”ai_score”:0}<\/p>\n","protected":false},"excerpt":{"rendered":"
{“lastseen”:”2025-12-18T20:05:10″,”description”:”\\n\\nWelcome to this week’s edition of the Threat Source newsletter.\\n\\nFor us in America, we’re in the holiday doldrums and things…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4],"tags":[9,6,8,35,12,13,7,69,11,5],"class_list":["post-32024","post","type-post","status-publish","format-standard","hentry","category-category_news","tag-critical","tag-cve","tag-cvss","tag-cvss-98","tag-exploit","tag-news","tag-security","tag-talosblog","tag-tapic","tag-vulnerability"],"yoast_head":"\n