\n<\/p>\n
Welcome to this week’s edition of the Threat Source newsletter.<\/p>\n
Hi, I’m Bruce, the 25-foot mechanical star of “Jaws.”<\/p>\n
This summer marks 50 years since my 4 minutes of screentime kept people out of the water for decades. Maybe this Fourth of July weekend you’re planning to sea-shanty your way to a special screening? If you do, here’s a little behind-the-scenes story on how my endless malfunctions almost made Spielberg hang up his director hat before you could say “phone home.”<\/p>\n
I was built for a studio tank — a predictable and safe environment. But Spielberg, in pursuit of realism, had other plans. He threw me into the Atlantic, where the salt water, rolling waves and unruly weather conditions caused more chaos than anybody had bargained for.<\/p>\n
Each day, my hydraulics jammed, my pneumatics corroded and my paint peeled like a sunburned tourist on Amity Beach.<\/p>\n
There were days when the crew could only capture one or two shots before either I broke, the weather broke, or one of the actors’ egos broke. Every night they’d patch me up and whisper an assortment of four-letter words into my rusty gills.<\/p>\n
My saving grace became Verna Fields, aka “Mother Cutter.” Spielberg’s editor was the one to suggest they only use fleeting moments of footage starring yours truly. While I bobbed around like a skydancer on a windless day, Verna worked her magic: stitching reactions, cutting away at just the right moment and building tension with empty water. She turned me from a potential failure to a legend.<\/p>\n
And thus, I became a lesson in what happens when you build for a predictable environment but deploy in the wild. Sound familiar?<\/p>\n
I’ve been told that readers of Talos’ Threat Source Newsletter are security folks, and I’ve been asked to write something just for you. Here it goes\u2026<\/p>\n
* _” You’re gonna need a bigger boat.” _Overprepare. Expect things to go wrong.
* _” It’s only an island if you look at it from the water.” _Perspective matters. Make sure your alerts are honed to spot the things that really matter.
* _” Smile, you son of a\u2026” _Sometimes, your last line of defense is your defining moment. Should everything else fail, make sure you have something left in the tank.<\/p>\n
In cybersecurity, your green ticked audit checklists mean nothing if you haven’t pressure-tested your environment against real red teamers. Incident response plans need ocean trials, not just bullet points.<\/p>\n
If I have a legacy beyond people sticking their noggin in my teeth for “the gram,” it’s this: Build your defenses for salt water, not studio tanks. And remember, the mayor always wants to keep the network open…<\/p>\n
_Editor ‘s note: I’d like to thank Bruce for his time and perspective, and I hope he found our studio a relaxing place to write. I’m also sorry that I only had two barrels and not the requested three for him to play with._<\/p>\n
_Bruce ‘s story is why _ __Cisco Talos Incident Response__ _exists: to help you prepare for the effects of salt water before they wreak havoc on your system. With Talos IR, you can stress test your defenses using real world scenarios and incident responders who ‘ve experienced just about everything there is to see._<\/p>\n
_Enjoy the Fourth of July weekend, and remember to listen out for the_ duh dun.<\/p>\n
## The one big thing<\/p>\n
Cisco Talos has enhanced its email threat detection engine to address _brand impersonation tactics using PDF payloads in phishing attacks_. These attacks often exploit popular brands to steal sensitive information, employing methods like QR code phishing and telephone-oriented attack delivery (TOAD), where victims are tricked into calling adversary-controlled phone numbers. Adobe’s e-signature service and PDF annotations have also been abused to bypass detection systems.<\/p>\n
### Why do I care?<\/p>\n
Phishing attacks are getting sneakier, using PDFs and trusted brands to trick people into giving up personal info or downloading malicious software. If you’re not careful, you could fall for one of these scams, especially since attackers are using clever tactics like fake phone numbers or QR codes to seem legitimate.<\/p>\n
### So now what?<\/p>\n
Be extra cautious with emails containing PDFs, even if they look legit. Avoid scanning QR codes or calling phone numbers from unsolicited emails. Cisco’s detection tools are updated often, but staying vigilant and double-checking anything suspicious is your best defense.<\/p>\n
## Top security headlines of the week<\/p>\n
**Europol Dismantles $540 Million Cryptocurrency Fraud Network, Arrests Five Suspects**
The international effort, codenamed Operation Borrelli was carried out by the Spanish Guardia Civil, along with support from law enforcement authorities from Estonia, France, and the United States. (_The Hacker News_)<\/p>\n
**International Criminal Court hit by new ‘sophisticated’ cyberattack**
In a statement yesterday, the ICC revealed that it had contained a “sophisticated and targeted” cybersecurity incident, which was discovered by systems in place to detect cyberattacks targeting its systems. (_Bleeping Computer_)<\/p>\n
**Windows ‘ Infamous ‘Blue Screen of Death’ Will Soon Turn Black**
After more than 40 years of being set against a very recognizable blue, the updated error message will soon be displayed across a black background. (_SecurityWeek_)<\/p>\n
**Ahold Delhaize Data Breach Impacts 2.2 Million People**
The incident impacted Giant Food pharmacies, Food Lion and Stop & Shop, among others. Stolen information may include names, contact info, date of birth, SSN, passport number, financial account information and more. (_SecurityWeek_)<\/p>\n
**Germany asks Google, Apple remove DeepSeek AI from app stores**
The Berlin Commissioner for Data Protection has formally requested Google and Apple to remove the DeepSeek AI application from the application stores due to GDPR violations. (_Bleeping Computer_)<\/p>\n
## Can’t get enough Talos?<\/p>\n
** _Decrement by one to rule them all: AsIO3.sys driver exploitation_**
Learn how our researcher, Marcin Noga, found two critical vulnerabilities in ASUS’ Armory Crate and AI Suite drivers.<\/p>\n
**_Talos Takes: Teaching LLMs to spot malicious PowerShell scripts_**
Hazel chats with Ryan Fetterman from the SURGe team to explore his new research on how LLMs can assist security operations centers in identifying malicious PowerShell scripts.<\/p>\n
**Beers with Talos: Terms and conceptions may apply**
In this episode, the crew reassembles after a totally intentional and not-at-all accidental hiatus. They cover AI-assisted IVF, a possible underground war against dairy, and the real heroes: conference dogs.<\/p>\n
## Upcoming events where you can find Talos<\/p>\n
* _NIRMA_ (July 28 – 30) St. Augustine, FL
* _Black Hat USA_ (Aug. 2 – 7) Las Vegas, NV<\/p>\n
## Most prevalent malware files from Talos telemetry over the past week<\/p>\n
**SHA 256: 9f1f11a708d393e0a4109ae189bc64f1f3e312653dcf317a2bd406f18ffcc507**
MD5: 2915b3f8b703eb744fc54c81f4a9c67f
VirusTotal: https:\/\/www.virustotal.com\/gui\/file\/9f1f11a708d393e0a4109ae189bc64f1f3e312653dcf317a2bd406f18ffcc507
Typical Filename: VID001.exe
Claimed Product: N\/A
Detection Name: Win.Worm.Coinminer::1201<\/p>\n
**SHA 256: cd697cc93851d0b1939a7557b9ee9b3c0f56aab4336dd00ff6531f94f7e0e836**
MD5: c94c094513f02d63be5ae3415bba8031
VirusTotal: _https:\/\/www.virustotal.com\/gui\/file\/cd697cc93851d0b1939a7557b9ee9b3c0f56aab4336dd00ff6531f94f7e0e836\/details_
Typical Filename: setup
Claimed Product: N\/A
Detection Name: W32.Variant:Gen.28iv.1201<\/p>\n
**SHA 256: 57a6d1bdbdac7614f588ec9c7e4e99c4544df8638af77781147a3d6daa5af536**
MD5: 79b075dc4fce7321f3be049719f3ce27
VirusTotal: _https:\/\/www.virustotal.com\/gui\/file\/57a6d1bdbdac7614f588ec9c7e4e99c4544df8638af77781147a3d6daa5af536\/details_
Typical Filename: RemCom.exe
Claimed Product: N\/A
Detection Name: W32.57A6D1BDBD-100.SBX.VIOC<\/p>\n
**SHA 256: a31f222fc283227f5e7988d1ad9c0aecd66d58bb7b4d8518ae23e110308dbf91 **
MD5: 7bdbd180c081fa63ca94f9c22c457376
VirusTotal: _https:\/\/www.virustotal.com\/gui\/file\/a31f222fc283227f5e7988d1ad9c0aecd66d58bb7b4d8518ae23e110308dbf91\/details_
Typical Filename: IMG001.exe
Claimed Product: N\/A
Detection Name: Simple_Custom_Detection <\/p>\n
**SHA 256: 061e13a4fc9f1d4da0671082d5e4666f316bb251f13eded93f9cdb4a584d0bc0**
MD5: 8d74e04c022cadad5b05888d1cafedd0
VirusTotal: _https:\/\/www.virustotal.com\/gui\/file\/061e13a4fc9f1d4da0671082d5e4666f316bb251f13eded93f9cdb4a584d0bc0\/details_
Typical Filename: smhost.exe
Claimed Product: N\/A
Detection Name: Artemis:Lazy.27fx.in14.Talos<\/p>\n
**SHA 256: 2eb95ef4c4c24f1e38a5c8b556d78b71c8a8fb2589ed8c5b95e9d18659bde293**
MD5: N\/A
VirusTotal: N\/A, use https:\/\/talosintelligence.com\/sha_searches
Typical Filename: N\/A
Claimed Product: N\/A
Detection Name: W32.2EB95EF4C4-100.SBX.TG\n<\/div>\n
View Advisory Details<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"Security Update News Update Information Title A message from Bruce the mechanical shark Update ID TALOSBLOG:E67153809522CA5C3C85EA1EADB5867A Type talosblog Published 2025-07-03T18:00:00 Last Updated 2025-07-03T18:00:00 Security Impact…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4],"tags":[6,8,34,12,13,33,7,69,11,5],"class_list":["post-7533","post","type-post","status-publish","format-standard","hentry","category-category_news","tag-cve","tag-cvss","tag-cvss-00","tag-exploit","tag-news","tag-none","tag-security","tag-talosblog","tag-tapic","tag-vulnerability"],"yoast_head":"\n
A message from Bruce the mechanical shark - zero redgem<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/zero.redgem.net\/?p=7533\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"A message from Bruce the mechanical shark - zero redgem\" \/>\n<meta property=\"og:description\" content=\"Security Update News Update Information Title A message from Bruce the mechanical shark Update ID TALOSBLOG:E67153809522CA5C3C85EA1EADB5867A Type talosblog Published 2025-07-03T18:00:00 Last Updated 2025-07-03T18:00:00 Security Impact...\" \/>\n<meta property=\"og:url\" content=\"https:\/\/zero.redgem.net\/?p=7533\" \/>\n<meta property=\"og:site_name\" content=\"zero redgem\" \/>\n<meta property=\"article:published_time\" content=\"2025-07-03T15:34:50+00:00\" \/>\n<meta name=\"author\" content=\"invoker\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"invoker\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"7 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=7533#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=7533\"},\"author\":{\"name\":\"invoker\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/person\\\/fbfeae8dfad117ac08a7621bee1a1dca\"},\"headline\":\"A message from Bruce the mechanical shark\",\"datePublished\":\"2025-07-03T15:34:50+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=7533\"},\"wordCount\":1504,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\"},\"keywords\":[\"CVE\",\"CVSS\",\"CVSS-0.0\",\"exploit\",\"news\",\"NONE\",\"Security\",\"talosblog\",\"tapic\",\"Vulnerability\"],\"articleSection\":[\"category_news\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/zero.redgem.net\\\/?p=7533#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=7533\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/?p=7533\",\"name\":\"A message from Bruce the mechanical shark - zero redgem\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#website\"},\"datePublished\":\"2025-07-03T15:34:50+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=7533#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/zero.redgem.net\\\/?p=7533\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=7533#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/zero.redgem.net\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"A message from Bruce the mechanical shark\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#website\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/\",\"name\":\"zero redgem\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/zero.redgem.net\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\",\"name\":\"zero redgem\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"\",\"contentUrl\":\"\",\"width\":191,\"height\":188,\"caption\":\"zero redgem\"},\"image\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/logo\\\/image\\\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/person\\\/fbfeae8dfad117ac08a7621bee1a1dca\",\"name\":\"invoker\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"caption\":\"invoker\"},\"sameAs\":[\"https:\\\/\\\/zero.redgem.net\"],\"url\":\"https:\\\/\\\/zero.redgem.net\\\/?author=1\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"A message from Bruce the mechanical shark - zero redgem","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/zero.redgem.net\/?p=7533","og_locale":"en_US","og_type":"article","og_title":"A message from Bruce the mechanical shark - zero redgem","og_description":"Security Update News Update Information Title A message from Bruce the mechanical shark Update ID TALOSBLOG:E67153809522CA5C3C85EA1EADB5867A Type talosblog Published 2025-07-03T18:00:00 Last Updated 2025-07-03T18:00:00 Security Impact...","og_url":"https:\/\/zero.redgem.net\/?p=7533","og_site_name":"zero redgem","article_published_time":"2025-07-03T15:34:50+00:00","author":"invoker","twitter_card":"summary_large_image","twitter_misc":{"Written by":"invoker","Est. reading time":"7 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/zero.redgem.net\/?p=7533#article","isPartOf":{"@id":"https:\/\/zero.redgem.net\/?p=7533"},"author":{"name":"invoker","@id":"https:\/\/zero.redgem.net\/#\/schema\/person\/fbfeae8dfad117ac08a7621bee1a1dca"},"headline":"A message from Bruce the mechanical shark","datePublished":"2025-07-03T15:34:50+00:00","mainEntityOfPage":{"@id":"https:\/\/zero.redgem.net\/?p=7533"},"wordCount":1504,"commentCount":0,"publisher":{"@id":"https:\/\/zero.redgem.net\/#organization"},"keywords":["CVE","CVSS","CVSS-0.0","exploit","news","NONE","Security","talosblog","tapic","Vulnerability"],"articleSection":["category_news"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/zero.redgem.net\/?p=7533#respond"]}]},{"@type":"WebPage","@id":"https:\/\/zero.redgem.net\/?p=7533","url":"https:\/\/zero.redgem.net\/?p=7533","name":"A message from Bruce the mechanical shark - zero redgem","isPartOf":{"@id":"https:\/\/zero.redgem.net\/#website"},"datePublished":"2025-07-03T15:34:50+00:00","breadcrumb":{"@id":"https:\/\/zero.redgem.net\/?p=7533#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/zero.redgem.net\/?p=7533"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/zero.redgem.net\/?p=7533#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/zero.redgem.net\/"},{"@type":"ListItem","position":2,"name":"A message from Bruce the mechanical shark"}]},{"@type":"WebSite","@id":"https:\/\/zero.redgem.net\/#website","url":"https:\/\/zero.redgem.net\/","name":"zero redgem","description":"","publisher":{"@id":"https:\/\/zero.redgem.net\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/zero.redgem.net\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/zero.redgem.net\/#organization","name":"zero redgem","url":"https:\/\/zero.redgem.net\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/zero.redgem.net\/#\/schema\/logo\/image\/","url":"","contentUrl":"","width":191,"height":188,"caption":"zero redgem"},"image":{"@id":"https:\/\/zero.redgem.net\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/zero.redgem.net\/#\/schema\/person\/fbfeae8dfad117ac08a7621bee1a1dca","name":"invoker","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","caption":"invoker"},"sameAs":["https:\/\/zero.redgem.net"],"url":"https:\/\/zero.redgem.net\/?author=1"}]}},"_links":{"self":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts\/7533","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=7533"}],"version-history":[{"count":0,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts\/7533\/revisions"}],"wp:attachment":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=7533"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=7533"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=7533"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}