{“lastseen”:”2026-02-19T20:05:09″,”description”:”\\n\\nWelcome to this week’s edition of the Threat Source newsletter.\\n\\nGenerative AI and agentic AI are here to stay. Although I believe that the advantages that AI brings to bad guys may be overstated, these new technologies _allow threat actors_ to conduct attacks at a faster rate than before.\\n\\nOne capability that AI improves for threat actors is the ability to reconnoitre employees, discover their interests, and craft social engineering lures specific to them. Being able to deliver tailored, targeted social engineering using the language and tone most likely to trick an individual is a useful tool for the bad guys.\\n\\nHowever, if AI brings advantages to those who seek to attack us, we shouldn’t overlook the benefits that it brings to defenders and the new weaknesses it exposes in the bad guys. If AI agents are searching for employees who are vulnerable to social engineering; then let us serve them exactly what that are looking for.\\n\\nAI tools can create a whole army of fictitious employees who can be a rich source of threat intelligence. With AI we can easily create social media profiles of fake employees to entice malicious profiling agents. These AI avatars can post social media content or upload AI generated CVs or other documents to AI systems, leaving a trail of breadcrumbs for malicious agents to discover and follow.\\n\\nClearly, any message sent to the email address of an AI-generated employee is certain to be spam. We can update our lists of potentially malicious IP addresses and URLs appropriately. Similarly, we can create accounts on messaging platforms for our fake employees and wait for the social engineering attempts to analyse and block\\n\\nAny attempt to access services or log-in using the credentials of an AI employee can only be malicious. Again, defensive teams can quickly and easily block the connecting IP address to nip in the bud any malicious campaign.\\n\\nMalicious use of AI doesn’t need to be thought of only as a threat. It can be a way to turn the tables on threat actors and use their own tools against them. By understanding how AI tools are profiling and collecting information about our users, we can flood these tools with disinformation and treat any resulting attacks as a rich source of threat intelligence rather than as a source of concern.\\n\\nAI is changing things for both attackers and defenders. New tools and capabilities allow us to think differently about defense and how we can increasingly make life difficult for the bad guys.\\n\\n## The one big thing\\n\\nIn our _latest Vulnerability Deep Dive_, a Cisco Talos researcher discovered six vulnerabilities in the Socomec DIRIS M-70 industrial gateway by emulating just the Modbus protocol handling thread, rather than the whole system. Using tools like Unicorn Engine, AFL, and Qiling for fuzzing and debugging, this \\”good enough\\” approach made it possible to find and analyze weaknesses despite hardware protections. The vulnerabilities were responsibly disclosed and have been patched by the manufacturer.\\n\\n### Why do I care?\\n\\nVulnerabilities in industrial gateways like the M-70 can cause major disruptions, especially in critical infrastructure, data centers, and health care. Attackers could exploit these flaws to stop operations or manipulate processes, leading to financial loss and equipment damage. The research highlights how even devices with strong hardware protections can still be vulnerable through their communication protocols.\\n\\n### So now what?\\n\\nOrganizations using Socomec DIRIS M-70 gateways should apply the manufacturer’s patches to fix the vulnerabilities. To detect exploitation attempts, defenders should download and use the latest Snort rulesets from Snort.org, as recommended in the blog. Finally, regularly monitor industrial devices for unusual activity and review security controls around critical gateways.\\n\\n## Top security headlines of the week\\n\\n**CISA navigates DHS shutdown with reduced staff** \\nCISA is currently operating at roughly 38% capacity (888 out of 2,341 staff) due to the U.S. Department of Homeland Security shutdown that began February 14, 2026. KEV is one area that remains. (_SecurityWeek_)\\n\\n**EU Parliament blocks AI tools over cyber, privacy fears** \\nAccording to an internal email seen by POLITICO, EU Parliament had disabled \\”built-in artificial intelligence features\\” on corporate tablets after its IT department assessed it couldn’t guarantee the security of the tools’ data. (_POLITICO_)\\n\\n**Supply chain attack embeds malware in Android devices** \\nResearchers have spotted new malware embedded in the firmware of Android devices from multiple vendors that injects itself into every app on infected systems, giving attackers virtually unrestricted remote access to them. (_Dark Reading_)\\n\\n**Data breach at fintech giant Figure affects close to a million customers** \\nTroy Hunt, security researcher and creator of the site Have I Been Pwned, analyzed the data allegedly taken from Figure and found it contained 967,200 unique email addresses associated with Figure customers. (_TechCrunch_)\\n\\n**Amnesty International:** **Intellexa ‘s** **Predator spyware used to hack iPhone of journalist in Angola** \\nGovernment customers of commercial surveillance vendors are increasingly using spyware to target journalists, politicians, and other ordinary citizens, including critics. (_TechCrunch_)\\n\\n## Can’t get enough Talos?\\n\\n**New threat actor, UAT-9921, leverages VoidLink framework in campaigns** \\nCisco Talos recently discovered a new threat actor, UAT-9221, leveraging VoidLink in campaigns. Their activities may go as far back as 2019, even without VoidLink.\\n\\n**_Humans of Talos:_** ** _Ryan Liles, master of technical diplomacy_** \\nAmy chats with Ryan Liles, who bridges the gap between Cisco’s product teams and the third-party testing labs that put Cisco products through their paces. Hear how speaking up has helped him reshape industry standards and create strong relationships in the field.\\n\\n**_Talos Takes: Ransomware chills and phishing heats up_** \\nAmy is joined by Dave Liebenberg, Strategic Analysis Team Lead, to break down Talos IR’s Q4 trends. What separates organizations that successfully fend off ransomware from those that don’t? What were the top threats facing organizations? Can we (pretty please) get a sneak peek into the 2025 Year in Review?\\n\\n## Upcoming events where you can find Talos\\n\\n * _S4x26_ (Feb. 23 – 26) Miami, FL\\n * _CARO Workshop 2026_ (Feb. 25 – 27) Innsbruck, Austria\\n * _DEVCORE 2026_ (Mar. 14) Taipei, Taiwan\\n\\n\\n\\n## Most prevalent malware files from Talos telemetry over the past week\\n\\n**SHA256: 9f1f11a708d393e0a4109ae189bc64f1f3e312653dcf317a2bd406f18ffcc507** \\nMD5: 2915b3f8b703eb744fc54c81f4a9c67f \\nTalos Rep: _https:\/\/talosintelligence.com\/talos_file_reputation?s=9f1f11a708d393e0a4109ae189bc64f1f3e312653dcf317a2bd406f18ffcc507_ \\nExample Filename: https_2915b3f8b703eb744fc54c81f4a9c67f.exe \\nDetection Name: Win.Worm.Coinminer::1201\\n\\n**SHA256: 41f14d86bcaf8e949160ee2731802523e0c76fea87adf00ee7fe9567c3cec610** \\nMD5: 85bbddc502f7b10871621fd460243fbc \\nTalos Rep: _https:\/\/talosintelligence.com\/talos_file_reputation?s=41f14d86bcaf8e949160ee2731802523e0c76fea87adf00ee7fe9567c3cec610_ \\nExample Filename: 85bbddc502f7b10871621fd460243fbc.exe \\nDetection Name: W32.41F14D86BC-100.SBX.TG\\n\\n**SHA256: 90b1456cdbe6bc2779ea0b4736ed9a998a71ae37390331b6ba87e389a49d3d59** \\nMD5: c2efb2dcacba6d3ccc175b6ce1b7ed0a \\nTalos Rep: _https:\/\/talosintelligence.com\/talos_file_reputation?s=90b1456cdbe6bc2779ea0b4736ed9a998a71ae37390331b6ba87e389a49d3d59_ \\nExample Filename:d4aa3e7010220ad1b458fac17039c274_64_Dll.dll \\nDetection Name: Auto.90B145.282358.in02\\n\\n**SHA256: 96fa6a7714670823c83099ea01d24d6d3ae8fef027f01a4ddac14f123b1c9974** \\nMD5: aac3165ece2959f39ff98334618d10d9 \\nTalos Rep: _https:\/\/talosintelligence.com\/talos_file_reputation?s=96fa6a7714670823c83099ea01d24d6d3ae8fef027f01a4ddac14f123b1c9974_ \\nExample Filename: d4aa3e7010220ad1b458fac17039c274_63_Exe.exe \\nDetection Name: W32.Injector:Gen.21ie.1201\\n\\n**SHA256: 38d053135ddceaef0abb8296f3b0bf6114b25e10e6fa1bb8050aeecec4ba8f55** \\nMD5: 41444d7018601b599beac0c60ed1bf83 \\nTalos Rep: _https:\/\/talosintelligence.com\/talos_file_reputation?s=38d053135ddceaef0abb8296f3b0bf6114b25e10e6fa1bb8050aeecec4ba8f55_ \\nExample Filename: content.js \\nDetection Name: W32.38D053135D-95.SBX.TG”,”published”:”2026-02-19T19:00:07″,”modified”:”2026-02-19T19:00:07″,”type”:”talosblog”,”title”:”Using AI to defeat AI”,”source”:””,”references”:””,”id”:”TALOSBLOG:2491207106C93F5B6FB6B608B6212B1B”,”bulletinFamily”:”blog”,”cwe”:null,”cvelist”:[],”sourceData”:””,”sourceHref”:””,”cvss”:{“score”:0,”severity”:”NONE”,”vector”:”NONE”,”version”:”NONE”},”cvss2″:{},”cvss3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””,”cvssV3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””}},”href”:”https:\/\/blog.talosintelligence.com\/using-ai-to-defeat-ai\/”,”category_name”:”News”,”post_link”:””,”product”:””,”version”:””,”vendor”:””,”ai_description”:””,”ai_severity”:””,”ai_vendor”:””,”ai_product”:””,”ai_version”:””,”ai_score”:0}<\/p>\n","protected":false},"excerpt":{"rendered":"
{“lastseen”:”2026-02-19T20:05:09″,”description”:”\\n\\nWelcome to this week’s edition of the Threat Source newsletter.\\n\\nGenerative AI and agentic AI are here to stay. Although I believe…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4],"tags":[6,8,12,13,33,7,69,11,5],"class_list":["post-41725","post","type-post","status-publish","format-standard","hentry","category-category_news","tag-cve","tag-cvss","tag-exploit","tag-news","tag-none","tag-security","tag-talosblog","tag-tapic","tag-vulnerability"],"yoast_head":"\n