{“lastseen”:”2026-02-12T22:05:10″,”description”:”\\n\\nWelcome to this week’s edition of the Threat Source newsletter.\\n\\nLast week, yet another security AI tool made the rounds on social media: _Shannon_, a fully autonomous AI penetration testing tool created by Keygraph. It \\”autonomously hunts for attack vectors in your code, then uses its built-in browser to execute real exploits, such as injection attacks, and auth bypass, to prove the vulnerability is actually exploitable.\\”\\n\\nIf you thought manual pentesters kept you busy, it looks like Shannon’s here to ensure you never run out of vulnerabilities — or questions.\\n\\nAs with every new advancement in AI, social posts are popping up left and right to question Shannon’s future impact on pentesters’ job security. It goes without saying these days that among the many thoughtful questions are comments praising Shannon and bemoaning the \\”old days\\” with a few obviously canned AI slop quips, which infuriates me as an editor — I could go on for days about this, but we’re getting off-topic. Ahem.\\n\\nShannon requires access to the application’s source code, repository layout, and AI API keys. Even as a cybersecurity novice, I know that this in itself is a major liability that organizations should investigate and weigh carefully before proceeding. In last week’s newsletter, Joe gave a _passionate sermon_ on why feeding highly private information to an agentic engine is nine times out of ten a terrible idea. While I hope Shannon is more secure than Clawdbot, given its intended use, I encourage everyone to ask as many questions as possible about what happens to the information you provide before using it. Quoting Joe, \\”As disciples of security, we understand installing first and asking questions later is practically asking to get pwnt.\\”\\n\\nOther questions I’ve had while reading through comments and exploring the GitHub page:\\n\\n * Can you set scoping guidelines? If not, you might end up with a lot of issues that’ll take a lot of time to fix.\\n * No penetration test is truly representative of attackers’ situations (e.g., attackers don’t work within billable hours or two-week schedules, and only have to find one or a set of vulnerabilities). Relying on access to source code widens the gap between simulated and real-world attacks… I guess this wasn’t a question, huh?\\n * For the companies who choose to use Shannon, how are you using the report it produces to improve not only your product, but also your secure development lifecycle and your developers’ skills? Make a conscious decision: Are you going to rely on Shannon as a quick fix, or integrate it and secure development into your coding practices?\\n\\n\\n\\nAI-powered pentesters aren’t going away any time soon. Anthtropic’s _Claude Opus 4.6_ was also released last week. Unlike Shannon, they added a new layer of detection to support their team in identifying and responding to Claude cyber misuse.\\n\\nAs the landscape evolves, tools like Shannon and Claude Opus 4.6 will continue to push the boundaries of what’s possible, and there will be new questions about risk, responsibility, and readiness. Whether these tools become standard or remain controversial, staying informed and vigilant is as important as ever.\\n\\n## The one big thing\\n\\nCisco Talos has _uncovered a new threat actor_, UAT-9921, using the advanced VoidLink framework to target mainly Linux systems. VoidLink stands out for its modular, on-demand plugin creation, auditability, and ability to evade detection, with features rarely seen in similar threats. UAT-9921 has been active since at least 2019, focusing on the technology and financial sectors, and uses advanced techniques for both compromise and stealth.\\n\\n### Why do I care?\\n\\nVoidLink introduces powerful new methods for attackers to compromise, control, and hide within Linux environments, which are common in critical infrastructure and cloud services. Its ability to quickly generate customized attack tools and evade detection makes it harder for defenders to respond. The framework’s advanced stealth and lateral movement features increase the risk of undetected breaches and data theft.\\n\\n### So now what?\\n\\nUpdate your defenses and use the _Snort rules and ClamAV signature mentioned in the blog_ to help detect and block VoidLink activity. Strengthen Linux security, especially for cloud and IoT environments, and monitorfor unusual network activity or signs of lateral movement. Make sure endpoint detection solutions are up to date and configured to recognize the latest threats.\\n\\n## Top security headlines of the week\\n\\n**SolarWinds WHD** **attacks** **highlight** **risks of** **exposed** **apps** \\nSeveral vendors in recent days have warned of exploitation of vulnerabilities in WHD, though it’s not entirely clear which bugs are under attack. (_Dark Reading_, _SecurityWeek_)\\n\\n**Ivanti EPMM exploitation widespread as** **governments,** **others targeted** \\nIvanti released advisories on Jan. 29 for code injection vulnerabilities in the on-premises version of Endpoint Manager Mobile. Researchers warn the activity shows evidence of initial access brokers preparing for future attacks. (_Cybersecurity Dive_)\\n\\n**New** **\\” ZeroDayRAT\\”** **spyware** **kit** **enables** **total** **compromise of iOS, Android** **devices** \\nOnce installed, capabilities include victim and device profiling, including model, OS, country, lock status, SIM and carrier info, dual SIM phone numbers, app usage broken down by time, preview of recent SMS messages, and more. (_SecurityWeek_)\\n\\n**European Commission probes intrusion into staff mobile management backend** \\nBrussels is digging into a cyber break-in that targeted the European Commission’s mobile device management systems, potentially giving intruders a peek inside the official phones carried by EU staff. (_The Register_)\\n\\n## Can’t get enough Talos?\\n\\n** _Humans of Talos:_** ** _Ryan Liles, master of technical diplomacy_** \\nAmy chats with Ryan Liles, who bridges the gap between Cisco’s product teams and the third-party testing labs that put Cisco products through their paces. Hear how speaking up has helped him reshape industry standards and create strong relationships in the field.\\n\\n** _Knife Cutting the Edge: Disclosing a China-nexus gateway-monitoring AitM framework_** \\nCisco Talos uncovered \\”DKnife,\\” a fully featured gateway-monitoring and adversary-in-the-middle (AitM) framework comprising seven Linux-based implants that perform deep-packet inspection, manipulate traffic, and deliver malware via routers and edge devices.\\n\\n** _Talos Takes: Ransomware chills and phishing heats up_** \\nAmy is joined by Dave Liebenberg, Strategic Analysis Team Lead, to break down Talos IR’s Q4 trends. What separates organizations that successfully fend off ransomware from those that don’t? What were the top threats facing organizations? Can we (pretty please) get a sneak peek into the 2025 Year in Review?\\n\\n## Upcoming events where you can find Talos\\n\\n * _Cisco Live_ _2026_ (Feb. 9 – 13) Amsterdam, Netherlands\\n * _S4x26_ (Feb. 23 – 26) Miami, FL\\n\\n\\n\\n## Most prevalent malware files from Talos telemetry over the past week\\n\\n**SHA256: 41f14d86bcaf8e949160ee2731802523e0c76fea87adf00ee7fe9567c3cec610** \\nMD5: 85bbddc502f7b10871621fd460243fbc \\nTalos Rep: _https:\/\/talosintelligence.com\/talos_file_reputation?s=41f14d86bcaf8e949160ee2731802523e0c76fea87adf00ee7fe9567c3cec610_ \\nExample Filename: 85bbddc502f7b10871621fd460243fbc.exe \\nDetection Name: W32.41F14D86BC-100.SBX.TG\\n\\n**SHA256: a31f222fc283227f5e7988d1ad9c0aecd66d58bb7b4d8518ae23e110308dbf91** \\nMD5: 7bdbd180c081fa63ca94f9c22c457376 \\nTalos Rep: _https:\/\/talosintelligence.com\/talos_file_reputation?s=a31f222fc283227f5e7988d1ad9c0aecd66d58bb7b4d8518ae23e110308dbf91_ \\nExample Filename: d4aa3e7010220ad1b458fac17039c274_62_Exe.exe \\nDetection Name: Win.Dropper.Miner::95.sbx.tg**\\n\\n**SHA256: 9f1f11a708d393e0a4109ae189bc64f1f3e312653dcf317a2bd406f18ffcc507** \\nMD5: 2915b3f8b703eb744fc54c81f4a9c67f \\nTalos Rep: _https:\/\/talosintelligence.com\/talos_file_reputation?s=9f1f11a708d393e0a4109ae189bc64f1f3e312653dcf317a2bd406f18ffcc507_ \\nExample Filename: VID001.exe \\nDetection Name: Win.Worm.Coinminer::1201\\n\\n**SHA256: 90b1456cdbe6bc2779ea0b4736ed9a998a71ae37390331b6ba87e389a49d3d59** \\nMD5: c2efb2dcacba6d3ccc175b6ce1b7ed0a \\nTalos Rep: _https:\/\/talosintelligence.com\/talos_file_reputation?s=90b1456cdbe6bc2779ea0b4736ed9a998a71ae37390331b6ba87e389a49d3d59_ \\nExample Filename: d4aa3e7010220ad1b458fac17039c274_64_Dll.dll \\nDetection Name: Auto.90B145.282358.in02\\n\\n**SHA256: 96fa6a7714670823c83099ea01d24d6d3ae8fef027f01a4ddac14f123b1c9974** \\nMD5: aac3165ece2959f39ff98334618d10d9 \\nTalos Rep: _https:\/\/talosintelligence.com\/talos_file_reputation?s=96fa6a7714670823c83099ea01d24d6d3ae8fef027f01a4ddac14f123b1c9974_ \\nExample Filename: d4aa3e7010220ad1b458fac17039c274_63_Exe.exe \\nDetection Name: W32.Injector:Gen.21ie.1201\\n\\n**SHA256: 38d053135ddceaef0abb8296f3b0bf6114b25e10e6fa1bb8050aeecec4ba8f55** \\nMD5: 41444d7018601b599beac0c60ed1bf83 \\nTalos Rep: _https:\/\/talosintelligence.com\/talos_file_reputation?s=38d053135ddceaef0abb8296f3b0bf6114b25e10e6fa1bb8050aeecec4ba8f55_ \\nExample Filename: content.js Detection Name: W32.38D053135D-95.SBX.TG”,”published”:”2026-02-12T19:00:22″,”modified”:”2026-02-12T19:00:22″,”type”:”talosblog”,”title”:”Hand over the keys for Shannon\u2019s shenanigans”,”source”:””,”references”:””,”id”:”TALOSBLOG:C90440C99D2D18600A27D92BAC028E2C”,”bulletinFamily”:”blog”,”cwe”:null,”cvelist”:[],”sourceData”:””,”sourceHref”:””,”cvss”:{“score”:0,”severity”:”NONE”,”vector”:”NONE”,”version”:”NONE”},”cvss2″:{},”cvss3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””,”cvssV3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””}},”href”:”https:\/\/blog.talosintelligence.com\/hand-over-the-keys-for-shannons-shenanigans\/”,”category_name”:”News”,”post_link”:””,”product”:””,”version”:””,”vendor”:””,”ai_description”:””,”ai_severity”:””,”ai_vendor”:””,”ai_product”:””,”ai_version”:””,”ai_score”:0}<\/p>\n","protected":false},"excerpt":{"rendered":"
{“lastseen”:”2026-02-12T22:05:10″,”description”:”\\n\\nWelcome to this week’s edition of the Threat Source newsletter.\\n\\nLast week, yet another security AI tool made the rounds…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4],"tags":[6,8,12,13,33,7,69,11,5],"class_list":["post-40694","post","type-post","status-publish","format-standard","hentry","category-category_news","tag-cve","tag-cvss","tag-exploit","tag-news","tag-none","tag-security","tag-talosblog","tag-tapic","tag-vulnerability"],"yoast_head":"\n