{“lastseen”:”2026-01-08T20:05:09″,”description”:”\\n\\nWelcome to this week’s edition of the Threat Source newsletter.\\n\\nI went to bed at 8:30 p.m. on New Year’s Eve, and I think that’s pretty indicative of how I approach the whole idea of New Year’s resolutions.\\n\\nI love to count down to the new year with loved ones as much as the next person, but I have really conflicted feelings about traditional resolutions. On one hand, it’s great to have goals for the future and pick a day to start putting them into action. On the other, why wait until the New Year, and why pick goals that are often wildly unsustainable? It feels like it just promotes an \\”all or nothing\\” approach, and starts the year on a disappointing note if you stumble even a little. Life happens, and many resolutions don’t give enough grace.\\n\\nHere are some resolutions I failed at this past year:\\n\\n * Lift weights three days\/week for a whole year: Close, but no cigar!\\n * Journal at least one sentence every day: Yeah, I failed at this one pretty quickly. I’m not a journal person.\\n * Knit at least three sweaters: I made a shirt, almost finished a vest, and spent a ton of money on yarn.\\n\\n\\n\\nI have done a lot of things I’m proud about this year, so then… what _has_ worked? An intention that I’ve held throughout the year is turning \\”shoulds\\” into setting plans into motion right away. For example, \\”I should host a one-time book club to discuss my favorite book\\” becomes \\”I just posted in my neighborhood Facebook page to find people who are interested and pick a date.\\” Or \\”I should finish my certification\\” becomes \\”I just set a weekly three-hour calendar block, and I won’t move it unless there’s an emergency.\\”\\n\\nThat shift in mindset reminds me a lot of what works in cybersecurity. Our industry is full of ambitious, high-level goals: \\”Eliminate all vulnerabilities,\\” \\”achieve zero trust,\\” or \\”stop every threat.\\” These aspirations are important, but the reality is that security happens in small, consistent actions: patching systems as soon as updates are available, educating teams on the latest phishing techniques, reviewing logs regularly, or simply responding quickly to a new alert.\\n\\nJust like with personal resolutions, there’s often pressure in security to be perfect, to never let anything slip through the cracks. Even the organizations that have amazing budget and headcount will face challenges and setbacks, and no environment is ever perfectly secure. What matters most is how we respond in the moment, learn from what’s happened, and keep moving forward.\\n\\nSo as we head into 2026, whether you’re setting personal goals or planning your organization’s security strategy, consider focusing less on flawless resolutions and more on building habits that adapt to change. Celebrate the small wins, reflect on what you’ve accomplished, and don’t be afraid to pivot when things don’t go as planned. Show up every day and take that next step.\\n\\n## The one big thing\\n\\nEarlier today, Cisco Talos _disclosed_ _a sophisticated threat actor_ we track as UAT-7290, who has been active since at least 2022. UAT-7290 is tasked with gaining initial access as well as conducting espionage-focused intrusions against critical infrastructure entities in South Asia. UAT-7290’s arsenal includes a malware family consisting of implants we call RushDrop, DriveSwitch, and SilentRaid. Our findings indicate that UAT-7290 conducts extensive technical reconnaissance of target organizations before carrying out intrusions.\\n\\n### Why do I care?\\n\\nUAT-7290 targets telecom and network infrastructure, which, if compromised, can have cascading impacts on national security, business operations, and customer data. Their advanced tactics, use of publicly available exploits, and ability to establish persistent footholds make detection and remediation difficult.\\n\\n### So now what?\\n\\nReview and apply the latest ClamAV and Snort signatures (see the _blog_) to detect and block UAT-7290’s malware and activity. Audit your edge devices (especially those exposed to the internet) for signs of compromise, weak credentials, or unpatched vulnerabilities, and prioritize patching and hardening them. Make sure your incident response plans are ready to address potential intrusions involving advanced persistent threats (APTs).\\n\\n## Top security headlines of the week\\n\\n**U.S. cyber pros plead guilty over** **BlackCat** **ransomware activity** \\nTwo US citizens plead guilty to working as ALPHV\/BlackCat ransomware affiliates in 2023. Along with an unnamed third conspirator, they were previously employed by security firms Sygnia and DigitalMint. (_DarkReading_)\\n\\n**European** **Space Agency** **(ESA)** **confirms breach after hacker offers to sell data** \\nThe ESA has confirmed that some of its systems have been breached and is working on securing compromised devices. The hacker offered to sell 200GB of allegedly stolen data from ESA’s systems, including files from private Bitbucket repositories. (_SecurityWeek_)\\n\\n**Sophisticated** **ClickFix** **campaign targeting hospitality sector** \\nFake Booking reservation cancellations and fake BSODs trick victims into executing malicious code leading to RAT infections. (_SecurityWeek_) (_The Hacker News_)\\n\\n**New n8n vulnerability lets authenticated users execute system commands** \\nIt affects n8n versions from 1.0.0 up to, but not including, 2.0.0, and allows an authenticated user with permission to create or modify workflows to execute arbitrary operating system commands on the host running n8n. The issue has been addressed in version 2.0.0. (_The Hacker News_)\\n\\n**Russia-aligned hackers abuse Viber to target Ukrainian military and government** \\nThe attack chain involves the use of Viber to distribute malicious ZIP archives containing multiple Windows shortcut (LNK) files disguised as official Microsoft Word and Excel documents to trick recipients into opening them. (_The Hacker News_)\\n\\n## Can’t get enough Talos?\\n\\n** _How_** ** _Cisco Talos powers the solutions protecting your organization_** \\nWhat happens under the hood of Cisco’s security portfolio? Our reputation and detection services apply Talos’ real-time intelligence to detect and block threats. Here’s how.\\n\\n** _The TTP: Talking through a year of cyber threats, in five questions_** \\nHazel is joined by Nick Biasini to reflect on what stood out, what surprised them, and what didn’t in 2025. What might defenders want to think about differently heading into 2026?\\n\\n## Upcoming events where you can find Talos\\n\\n * _JSAC_ (Jan. 21 – 23) Tokyo, Japan\\n * _S4x26_ (Feb. 23 – 26) Miami, FL\\n\\n\\n\\n## Most prevalent malware files from Talos telemetry over the past week\\n\\n**SHA256: 9f1f11a708d393e0a4109ae189bc64f1f3e312653dcf317a2bd406f18ffcc507** \\nMD5: 2915b3f8b703eb744fc54c81f4a9c67f \\nTalos Rep: _https:\/\/talosintelligence.com\/talos_file_reputation?s=9f1f11a708d393e0a4109ae189bc64f1f3e312653dcf317a2bd406f18ffcc507_ \\nExample Filename: 9f1f11a708d393e0a4109ae189bc64f1f3e312653dcf317a2bd406f18ffcc507.exe \\nDetection Name: Win.Worm.Coinminer::1201\\n\\n**SHA256: 90b1456cdbe6bc2779ea0b4736ed9a998a71ae37390331b6ba87e389a49d3d59** \\nMD5: c2efb2dcacba6d3ccc175b6ce1b7ed0a \\nTalos Rep: _https:\/\/talosintelligence.com\/talos_file_reputation?s=90b1456cdbe6bc2779ea0b4736ed9a998a71ae37390331b6ba87e389a49d3d59_ \\nExample Filename: ck8yh2og.dll \\nDetection Name: Auto.90B145.282358.in02\\n\\n**SHA256: 96fa6a7714670823c83099ea01d24d6d3ae8fef027f01a4ddac14f123b1c9974** \\nMD5: aac3165ece2959f39ff98334618d10d9 \\nTalos Rep: _https:\/\/talosintelligence.com\/talos_file_reputation?s=96fa6a7714670823c83099ea01d24d6d3ae8fef027f01a4ddac14f123b1c9974_ \\nExample Filename: 96fa6a7714670823c83099ea01d24d6d3ae8fef027f01a4ddac14f123b1c9974.exe \\nDetection Name: W32.Injector:Gen.21ie.1201\\n\\n**SHA256: ecd31e50ff35f41fbacf4b3c39901d5a2c9d4ae64b0c0385d661b1fd8b00481f** \\nMD5: e41ae00985e350137ddd9c1280f04fc3 \\nTalos Rep: _https:\/\/talosintelligence.com\/talos_file_reputation?s=ecd31e50ff35f41fbacf4b3c39901d5a2c9d4ae64b0c0385d661b1fd8b00481f_ \\nExample Filename: tg-submit-JDs62cgS.exe \\nDetection Name: Auto.ECD31E.252552.in02\\n\\n**SHA256: 1aa70d7de04ecf0793bdbbffbfd17b434616f8de808ebda008f1f27e80a2171b** \\nMD5: a8fd606be87a6f175e4cfe0146dc55b2 \\nTalos Rep: _https:\/\/talosintelligence.com\/talos_file_reputation?s=1aa70d7de04ecf0793bdbbffbfd17b434616f8de808ebda008f1f27e80a2171b_ \\nExample Filename: WCInstaller_NonAdmin.exe \\nDetection Name: W32.1AA70D7DE0-95.SBX.TG”,”published”:”2026-01-08T19:00:40″,”modified”:”2026-01-08T19:00:40″,”type”:”talosblog”,”title”:”Resolutions, shmesolutions (and what\u2019s actually worked for me)”,”source”:””,”references”:””,”id”:”TALOSBLOG:D05527F7A8093D682520D5E4FCC355F5″,”bulletinFamily”:”blog”,”cwe”:null,”cvelist”:[],”sourceData”:””,”sourceHref”:””,”cvss”:{“score”:0,”severity”:”NONE”,”vector”:”NONE”,”version”:”NONE”},”cvss2″:{},”cvss3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””,”cvssV3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””}},”href”:”https:\/\/blog.talosintelligence.com\/resolutions-shmesolutions-and-whats-actually-worked-for-me\/”,”category_name”:”News”,”post_link”:””,”product”:””,”version”:””,”vendor”:””,”ai_description”:””,”ai_severity”:””,”ai_vendor”:””,”ai_product”:””,”ai_version”:””,”ai_score”:0}<\/p>\n","protected":false},"excerpt":{"rendered":"
{“lastseen”:”2026-01-08T20:05:09″,”description”:”\\n\\nWelcome to this week’s edition of the Threat Source newsletter.\\n\\nI went to bed at 8:30 p.m. on New…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4],"tags":[6,8,12,13,33,7,69,11,5],"class_list":["post-34780","post","type-post","status-publish","format-standard","hentry","category-category_news","tag-cve","tag-cvss","tag-exploit","tag-news","tag-none","tag-security","tag-talosblog","tag-tapic","tag-vulnerability"],"yoast_head":"\n