Welcome to this week’s edition of the Threat Source newsletter.
I am the product of a single parent, my mom, who along with my grandparents helped raise me into the man I am today. I cannot fathom what it took for my mom, who worked three jobs to put herself through college to be a teacher, to struggle through it. My grandparents did some heavy lifting here, helping with me as a kid as my mom worked long hours and earned her bachelor’s degree.
I didn’t see as much of my mom as I wanted — but in her third job where she cleaned offices on the weekend, I would often go with her and help. It got me out of the house, let me spend time with my mom, and afterwards we’d have a meal together. Shout out to the Taco Bell dollar menu, which was all we could afford. It took me well into my thirties to understand how important that time we shared was, even as I took out garbage, cleaned bathrooms, and complained the entire time.
So why am I waxing nostalgic for my childhood janitorial days? Role models. My mom is certainly one. We also recently recognized International Women’s Day here at Talos, and I couldn’t help but think of the sacrifices and hard work my mom did to ensure I had food and clothing and was loved. It caused me to reflect on the women who work in my career space, especially here at Cisco. What parallels exist? What don’t I know about? How can I be an ally? I had previously observed that cybersecurity is a male-dominated field, but I hadn’t really dug into any data to support that. It also made me wonder: What other STEM fields suffered from a lack of, or had successes in, gender diversity?
So I did some homework to better understand. Some sobering stats:
- Women make up 28.2% of the broad STEM global workforce — but in the U.S./U.K. it’s only 19.2% and 17.9% respectively.
- In STEM categories like biology and life sciences, women make up over half (!!!) of doctoral recipients in biology related fields and 60% of all undergraduate degrees. In computer sciences it’s only 21.3% for a bachelors.
- Pay gaps. Whooo buddy. There’s a $7,000 pay gap in the U.S ($5,400 globally) between men and women in cybersecurity, and it gets even worse if you are Black, Indigenous, and a Person of Color (BIPOC).
- Leadership roles? Forget about it. In cybersecurity, women hold 16% of CISO roles and only 7% are in C-level positions.
Well, that was depressing. I knew it wasn’t great, but geez.
Even though I'm a bit slow, I did find some good news. There are a lot of fantastic organizations, programs, and scholarships to help women attain skills and get great jobs in STEM, especially in cybersecurity. I’m quite partial to CTFs and competitions in this space — it’s valuable hands-on experience, and having fun hacking stuff in a safe and inclusive space is fantastic. I’m also fond of Women in Cybersecurity (WiCyS). I've been fortunate to do WiCyS mentorship here in Cisco, and it was an awesome experience.
Should you find yourself in a position to mentor someone that would add diversity into our career space, do it! It is incredibly rewarding. A diversity of thoughts and lived experiences make us and those we protect safer — which is what we do all day, every day here in Talos.
The one big thing
On Tuesday, March 10, Talos updated our blog on the developing situation in the Middle East. We continue to monitor the evolving cyber threat landscape associated with the conflict and collect tactics, techniques, and procedures (TTPs); threat actor identifiers; and other intelligence to help inform defensive efforts and maintain situational awareness.
Though select hacktivist operations are highlighted in the blog, hundreds of attacks have been claimed by numerous collectives since the beginning of the conflict. Talos cautions against accepting these claims at face value, emphasizing that defenders should independently verify them since older leaks and previously public information can be used to influence perceptions.
Why do I care?
Cyber operations are likely to play a supporting but strategically significant role in the ongoing conflict. Iranian-aligned groups are employing network-based intrusions to target adversary infrastructure and advance strategic objectives.
Destructive malware can present a direct threat to an organization’s daily operations, impacting the availability of critical assets and data. Disruptive cyberattacks against organizations in a target country may unintentionally spill over to organizations in other countries. A more active hacktivist landscape inherently increases the threat of DDoS and website defacement attacks, as hundreds of attacks have been claimed by numerous collectives since the beginning of the conflict.
So now what?
Organizations should increase vigilance and evaluate their capabilities encompassing planning, preparation, detection, and response for destructive malware. Consider minimizing the amount and sensitivity of data that is available to external parties. To improve defenses against DDoS attacks, ensure your organization has a business continuity plan in place, assess external attack surfaces, and confirm that critical systems have healthy, usable backups. For website defacement/redirect protection, ensure that websites are protected against the most commonly exploited security vulnerabilities.
Defenders should ensure security fundamentals are being adhered to, such as robust patching for known vulnerabilities and requiring multi-factor authentication (MFA) for remote access and on critical services. Network security teams should proactively monitor their traffic for APT-associated IP addresses and implement hardening guidelines.
We will update this blog with IOCs and further developments accordingly.
Top security headlines of the week
Russian government hackers targeting Signal and WhatsApp users, Dutch spies warn
Two agencies accused “Russian state actors” of using phishing and social engineering techniques — rather than malware — to take over accounts on the two messaging apps. (TechCrunch)
FBI investigating “suspicious” cyber activities on critical surveillance network
The FBI has identified a suspected cybersecurity incident on a sensitive network used to manage wiretaps and intelligence surveillance warrants. Officials are working to determine the seriousness of the incident. (CNN)
TriZetto confirms year-long hack of its network exposed records on 3.4M people
Until recently, the total number of impacted individuals was unknown. According to a recent filing with the Office of the Maine Attorney General, the breach likely initially occurred on November 19, 2024. (HealthExec)
"InstallFix” attacks spread fake Claude Code sites
A fresh cyber attack campaign blends malvertising with a ClickFix-style technique that highlights risky behavior with AI coding assistants and command-line interfaces. (Dark Reading)
ClickFix attack uses Windows Terminal to evade detection
Victims are instructed to open Windows Terminal directly, instead of relying on the Windows Run dialog. The new approach, observed in the wild in February, allows attackers to bypass protections designed to prevent Run dialog abuse. (Dark Reading)
Can’t get enough Talos?
It's the B+ Team: Matt Olney returns
Matt is back to talk with the crew about about the most random things, including TikTok diagnosing us with ADHD, K-Pop Demon Hunters, ransomware in hospitals (the serious bit), attacker use of AI, and why 1999-era tricks are still undefeated.
Modernizing your threat hunt
David Bianco joins Amy to explore the evolution of the PEAK Threat Hunting framework and talk through how security teams can modernize their approach to identifying risks before they escalate.
Spinning complex ideas into clear docs with Kri Dontje
Kri and Amy discuss the importance of consistency, accuracy, and accessibility in documentation; how to get the most out of a subject matter expert-technical writer relationship; and the surprising connection between weaving and binary code.
Agentic AI security
This blog emphasizes the importance of robust risk management and threat modeling to defend against both internal operational errors and potential malicious exploitation.
Upcoming events where you can find Talos
- DEVCORE 2026 (March 14) Taipei, Taiwan
- Botconf 2026 (April 15 – 17) Reims, France
Most prevalent malware files from Talos telemetry over the past week
SHA256: 9f1f11a708d393e0a4109ae189bc64f1f3e312653dcf317a2bd406f18ffcc507
MD5: 2915b3f8b703eb744fc54c81f4a9c67f
Talos Rep: https://talosintelligence.com/talos_file_reputation?s=9f1f11a708d393e0a4109ae189bc64f1f3e312653dcf317a2bd406f18ffcc507
Example Filename: https_2915b3f8b703eb744fc54c81f4a9c67f.exe
Detection Name: Win.Worm.Coinminer::1201
SHA256: 90b1456cdbe6bc2779ea0b4736ed9a998a71ae37390331b6ba87e389a49d3d59
MD5: c2efb2dcacba6d3ccc175b6ce1b7ed0a
Talos Rep: https://talosintelligence.com/talos_file_reputation?s=90b1456cdbe6bc2779ea0b4736ed9a998a71ae37390331b6ba87e389a49d3d59
Example Filename: d4aa3e7010220ad1b458fac17039c274_64_Dll.dll
Detection Name: Auto.90B145.282358.in02
SHA256: 96fa6a7714670823c83099ea01d24d6d3ae8fef027f01a4ddac14f123b1c9974
MD5: aac3165ece2959f39ff98334618d10d9
Talos Rep: https://talosintelligence.com/talos_file_reputation?s=96fa6a7714670823c83099ea01d24d6d3ae8fef027f01a4ddac14f123b1c9974
Example Filename: d4aa3e7010220ad1b458fac17039c274_63_Exe.exe
Detection Name: W32.Injector:Gen.21ie.1201
SHA256: 38d053135ddceaef0abb8296f3b0bf6114b25e10e6fa1bb8050aeecec4ba8f55
MD5: 41444d7018601b599beac0c60ed1bf83
Talos Rep: https://talosintelligence.com/talos_file_reputation?s=38d053135ddceaef0abb8296f3b0bf6114b25e10e6fa1bb8050aeecec4ba8f55
Example Filename: 38d053135ddceaef0abb8296f3b0bf6114b25e10e6fa1bb8050aeecec4ba8f55.js
Detection Name: W32.38D053135D-95.SBX.TG
SHA256: 5e6060df7e8114cb7b412260870efd1dc05979454bd907d8750c669ae6fcbcfe
MD5: a2cf85d22a54e26794cbc7be16840bb1
Talos Rep: https://talosintelligence.com/talos_file_reputation?s=5e6060df7e8114cb7b412260870efd1dc05979454bd907d8750c669ae6fcbcfe
Example Filename: VID001.exe
Detection Name: W32.5E6060DF7E-100.SBX.TG
