{“lastseen”:”2026-04-30T20:05:10″,”description”:”\\n\\nWelcome to this week’s edition of the Threat Source newsletter.\\n\\nAs I’m writing this, today (April 28) is International Superhero Day. If you don’t know the origin story behind this, perhaps you would assume that this day was dreamed up by Marvel. And\u2026 you would be correct.\\n\\nHowever, it’s not a pure marketing ploy. It all started in 1995, when colleagues in Marvel asked a group of school children what superpower they’d want the most.\\n\\nThrough the discussion, it became clear that the people in the children’s lives were already doing pretty heroic things, without the benefit of Hindsight Lad. (He’s a real Marvel invention — Carlton LaFroyge — whose superpower was to make aggressively obvious observations, delivered too late to matter. I’m sure we all have a real-life Carlton LaFroyge in our lives\u2026 heck, some of us ARE Carlton LaFroyge.)\\n\\nOk, before I get to my next point, I need to take you down the same internet wormhole I just disappeared into. Here are some of the weirdest superpowers ever committed to comic book lore:\\n\\n 1. Eye-Scream. His one power is to become ice cream (soft serve, apparently). Not to be confused with another Marvel character, Soft Serve, whose body acts as a portal to an ice cream dimension.\\n 2. Doorman. Recently seen sending Josh Gad into the Dark Dimension (where there presumably is no ice cream) in the Marvel TV show \\”WonderMan.\\” Because his body is a door. Man.\\n 3. The Wall. Has the ability to turn himself into a brick wall. I would genuinely love this ability during socially awkward networking events.\\n\\n\\n\\nNow I’m thinking how awesome a character called \\”Internet Wormhole\\” would be. I just looked it up, and such a character doesn’t exist yet (call me, Marvel).\\n\\nRight, let’s get back on topic. Ooh\u2026 \\”On topic\\” would be another good idea for a super\u2026 no, Hazel, no.\\n\\nAnyway, the children’s ability to identify the people closest to them — parents, grandparents, teachers, uncles, and aunts — as heroes is a comforting thought for me. Having someone’s back is more about showing up than anything else. Being there for them when they need it (and when they don’t even realise they need it). Helping to make someone’s situation a little bit less bad.\\n\\nI can think of a few people in my life who have done, and continue to do, exactly that for me, which makes me feel incredibly lucky. And in an industry like cybersecurity, where bad things happen every single day, it matters more than we tend to admit. You need people around you who can steady things, who can sense you need support, who can listen to you, and who can tell you a silly story on a bleak day.\\n\\nEmpathy doesn’t usually get listed as a specific skillset within cybersecurity, but I think I, and many of my Talos colleagues, would agree that it’s absolutely essential. Users make decisions for reasons that make sense to them. Attackers take advantage of that. If you can’t see both sides of that equation, you’re probably not helping as many people as you could.\\n\\nI’ll end by answering the ultimate question — who is the greatest superhero of all time?\\n\\nIt’s obviously Squirrel Girl. She bested Galactus with a cup of tea and a chat. And though my mum has never been in the same room as Galactus, I have no doubt she’d handle him in exactly the sameway.\\n\\n## The one big thing\\n\\nCisco Talos is wrapping up Year in Review coverage by giving ** _five critical priorities_** to help defenders navigate an increasingly automated threat landscape. While AI and readily available exploit code have drastically lowered the barrier to entry for threat actors, these adversaries still rely on predictable patterns. Identity infrastructure, exposed legacy systems, and platforms that broker trust remain the primary battlegrounds. Ultimately, even the fastest automated attacks generate anomalous behavior that stands out from normal user activity.\\n\\n### Why do I care?\\n\\nThe speed at which attackers weaponize vulnerabilities and target identity systems — highlighted by a 178 percent spike in device compromise — can feel overwhelming. But there is a silver lining for security teams. Because adversaries inevitably reuse infrastructure and fail to mimic legitimate user behavior, defenders maintain a distinct advantage if they know exactly where to look.\\n\\n### So now what?\\n\\nSecurity teams need to focus on what they can control right now by treating identity infrastructure as a top-tier critical asset. Secure your MFA workflows with strict verification and build baseline detections around what users actually do after they log in. Prioritize patching vulnerabilities based on internet exposure rather than only severity scores, and actively hunt down the long tail of legacy risks hiding in your network. Finally, apply enhanced monitoring to management-plane systems and focus your detection efforts on anomalous events to cut through the noise of alert fatigue.\\n\\n## Top security headlines of the week\\n\\n**Home security giant ADT data breach affects** **5.5 million people** \\nThe extortion group told BleepingComputer that they had allegedly breached the company after compromising an employee’s Okta single sign-on (SSO) account in a voice phishing (vishing) attack. (_BleepingComputer_)\\n\\n**U.S. companies hit with record fines for privacy in 2025** \\nThe increase is driven in part by stronger, more established privacy laws in states like California, new interstate partnerships built around enforcing laws across state lines, and a renewed focus to how AI and automation affect privacy. (_CyberScoop_)\\n\\n**PyPI** **package with 1.1M monthly downloads hacked to push infostealer** \\nThe dangerous release is 0.23.3, and it extended to the Docker image due to the package’s workflow that creates the image from the code and uploads it to a container registry for deployment. (_BleepingComputer_)\\n\\n**LiteLLM** **CVE-2026-42208 SQL injection exploited within 36 hours of disclosure** \\nA newly disclosed critical security flaw in BerriAI’s LiteLLM Python package has come under active exploitation in the wild within 36 hours of the bug becoming public knowledge. (_The Hacker News_)\\n\\n**Feuding ransomware groups leak each other ‘s data** \\nIn response to its data leaking, KryBit breached and exfiltrated 0APT’s infrastructure, listed the latter as a victim, and left a message on 0APT’s leak site: \\”Next time, don’t play with the big boys.\\” (_Dark Reading_)\\n\\n## Can’t get enough Talos?\\n\\n** _AI-powered honeypots: Turning the tables on malicious AI agents_** \\nBecause AI systems generate plausible responses within a given context and set of inputs, they can be tricked into responding inappropriately through prompt injection or into interacting with systems that are not what they appear to be. This Tool Talk shows how generative AI can be used to rapidly deploy adaptive honeypots.\\n\\n** _Talos IR Trends Q1 2026: Phishing reemerges_** \\nPhishing is back as the top initial access vector for attackers targeting the health care and public administration sectors. We did not observe any ransomware deployment thanks to early and swift mitigation from Talos IR.\\n\\n** _25 years of uninterrupted persistence_** \\nHazel, Dave, and Joe cover Bill’s 25 years at Talos and the latest security headlines, including AI-assisted vulnerability research, and why attackers still can’t resist abusing trusted systems (or Roblox).\\n\\n## Upcoming events where you can find Talos\\n\\n * _PIVOTcon_ (May 6 – 8) Malaga, Spain\\n * _OffensiveCon_ (May 15 – 16) Berlin, Germany\\n * _Cisco Live U.S._ (May 31 – June 4) Las Vegas, Nevada\\n\\n\\n\\n## Most prevalent malware files from Talos telemetry over the past week\\n\\n**SHA256: 9f1f11a708d393e0a4109ae189bc64f1f3e312653dcf317a2bd406f18ffcc507** \\nMD5: 2915b3f8b703eb744fc54c81f4a9c67f \\nTalos Rep: _https:\/\/talosintelligence.com\/talos_file_reputation?s=9f1f11a708d393e0a4109ae189bc64f1f3e312653dcf317a2bd406f18ffcc507_ \\nExample Filename:VID001.exe \\nDetection Name: Win.Worm.Coinminer::1201\\n\\n**SHA256: 96fa6a7714670823c83099ea01d24d6d3ae8fef027f01a4ddac14f123b1c9974** \\nMD5: aac3165ece2959f39ff98334618d10d9 \\nTalos Rep: _https:\/\/talosintelligence.com\/talos_file_reputation?s=96fa6a7714670823c83099ea01d24d6d3ae8fef027f01a4ddac14f123b1c9974_ \\nExample Filename: d4aa3e7010220ad1b458fac17039c274_63_Exe.exe \\nDetection Name: W32.Injector:Gen.21ie.1201\\n\\n**SHA256: 90b1456cdbe6bc2779ea0b4736ed9a998a71ae37390331b6ba87e389a49d3d59** \\nMD5: c2efb2dcacba6d3ccc175b6ce1b7ed0a \\nTalos Rep: _https:\/\/talosintelligence.com\/talos_file_reputation?s=90b1456cdbe6bc2779ea0b4736ed9a998a71ae37390331b6ba87e389a49d3d59_ \\nExample Filename: APQ9305.dll \\nDetection Name: Auto.90B145.282358.in02\\n\\n**SHA256: 38d053135ddceaef0abb8296f3b0bf6114b25e10e6fa1bb8050aeecec4ba8f55** \\nMD5: 41444d7018601b599beac0c60ed1bf83 \\nTalos Rep: _https:\/\/talosintelligence.com\/talos_file_reputation?s=38d053135ddceaef0abb8296f3b0bf6114b25e10e6fa1bb8050aeecec4ba8f55_ \\nExample Filename: content.js \\nDetection Name: W32.38D053135D-95.SBX.TG\\n\\n**SHA256: a31f222fc283227f5e7988d1ad9c0aecd66d58bb7b4d8518ae23e110308dbf91** \\nMD5: 7bdbd180c081fa63ca94f9c22c457376 \\nTalos Rep: _https:\/\/talosintelligence.com\/talos_file_reputation?s=a31f222fc283227f5e7988d1ad9c0aecd66d58bb7b4d8518ae23e110308dbf91_ \\nExample Filename: d4aa3e7010220ad1b458fac17039c274_62_Exe.exe \\nDetection Name: Win.Dropper.Miner::95.sbx.tg**\\n\\n**SHA256: e60ab99da105ee27ee09ea64ed8eb46d8edc92ee37f039dbc3e2bb9f587a33ba** \\nMD5: dbd8dbecaa80795c135137d69921fdba \\nTalos Rep: _https:\/\/talosintelligence.com\/talos_file_reputation?s=e60ab99da105ee27ee09ea64ed8eb46d8edc92ee37f039dbc3e2bb9f587a33ba_ \\nExample Filename: u992574.dll \\nDetection Name: W32.Variant:MalwareXgenMisc.29d4.1201″,”published”:”2026-04-30T18:00:07″,”modified”:”2026-04-30T18:00:07″,”type”:”talosblog”,”title”:”Great responsibility, without great power”,”source”:””,”references”:””,”id”:”TALOSBLOG:798A0CC4F3BC4929C91EC80925B1CD3D”,”bulletinFamily”:”blog”,”cwe”:null,”cvelist”:[“CVE-2026-42208″],”sourceData”:””,”sourceHref”:””,”cvss”:{“score”:0,”severity”:”NONE”,”vector”:”NONE”,”version”:”NONE”},”cvss2″:{},”cvss3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””,”cvssV3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””}},”href”:”https:\/\/blog.talosintelligence.com\/great-responsibility-without-great-power\/”,”category_name”:”News”,”post_link”:””,”product”:””,”version”:””,”vendor”:””,”ai_description”:””,”ai_severity”:””,”ai_vendor”:””,”ai_product”:””,”ai_version”:””,”ai_score”:0}<\/p>\n","protected":false},"excerpt":{"rendered":"
{“lastseen”:”2026-04-30T20:05:10″,”description”:”\\n\\nWelcome to this week’s edition of the Threat Source newsletter.\\n\\nAs I’m writing this, today (April 28) is International Superhero Day. If…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4],"tags":[6,8,12,13,33,7,69,11,5],"class_list":["post-50532","post","type-post","status-publish","format-standard","hentry","category-category_news","tag-cve","tag-cvss","tag-exploit","tag-news","tag-none","tag-security","tag-talosblog","tag-tapic","tag-vulnerability"],"yoast_head":"\n