The Booker Prize Longlist and Hacker Summer Camp

The Booker Prize Longlist and Hacker Summer Camp

/in

The Booker Prize Longlist and Hacker Summer Camp

Welcome to this week’s edition of the Threat Source newsletter. 

This week the Booker Prize Longlist was released and it featured several books I’ve read this year a couple that are on my TBR (To Be Read), a couple that I had not heard of, and a couple that make me scratch my head and question why they would be included at all. It’s always exciting for me to see the Booker Longlist as it gives me an idea of how I’ve tapped into the literary fiction zeitgeist in first half of the year and what I may be tapping into in the back half of the year. That got me thinking about the cycle of staying up to date with the current threat landscape and the evolution of the threat actor behaviors and techniques and how Black Hat and DEF CON reside in a similar space for all of us in the cyber security space. Some of the new or interesting things that will come out will provide actionable insights, others will be a heaping serving of more of the same and while not trivial they will be super interesting and important, and finally some information will simply be all name and sizzle, but in the end full of sound and fury and signifying nothing.  

As a reader I’ve to understand that these lists, and the authors and books included in them, are there for various reasons and not all of them are on the merit of the narrative and the craft of writing. Early in my career it was hard to separate the things that came out of Summer Camp because I was so desperate to learn and so excited that I often couldn’t leverage my own experiences and separate the actionable from the detritus. Now I find that I don’t even have to expend much energy to move the firehose of information into the proper channels in my mind and then dive in and take what I’ve learned and apply it. Also trusting that if something that seems like empty sizzle is important – that I have team members that will keep me clued in and finding the needles in the never-ending field of haystacks.  

I hope you all have a tremendous time at Summer Camp, see a lot of old friends and make new ones and most importantly that you shower and use deodorant. Conference season is a marathon, it’s long, it’s arduous, it’s sweaty – be the hygienic change you want to see in the world.  

The one big thing 

The Cisco Talos Incident Response Trends Q2 2025 report is out today, and as always it is packed with in-depth insights into recent attacker behavior. Phishing remains the top initial access vector, but interestingly, the objective of the majority of observed phishing attacks appeared to be credential harvesting, suggesting cybercriminals may consider brokering compromised credentials as simpler and more reliably profitable than other post-exploitation activities. Ransomware and pre-ransomware incidents made up half of all engagements this quarter, similar to last quarter. Talos IR observed Qilin and Medusa ransomware for the first time, while also responding to previously seen Chaos ransomware. Education was the most targeted industry vertical this quarter.

Why do I care? 

The report contains details of how attackers are exploiting vulnerabilities and circumventing security tools. Examples include MFA installations with self-service options that allow attackers to register their own devices. We also saw stealthy tactics in ransomware attacks such as the use of PowerShell 1.0 (yes the original version from 2006) in what we’re calling “bring your own binary”.

So now what? 

The report outlines actionable advice based on observed incidents,
such as:

  • Proper configuration and monitoring of multi-factor authentication (MFA).
  • Importance of centralized logging
  • Steps to harden endpoint detection and response (EDR) systems.

These insights help prioritize mitigations that directly address real-world attack techniques. Download the report today.

Top security headlines of the week 

Journalist Discovers Google Vulnerability That Allowed People to Disappear Specific Pages From Search

By accident, journalist Jack Poulson discovered Google had completely de-listed two of his articles from its search results. “We only found it by complete coincidence,” Poulson told 404 Media. “I happened to be Googling for one of the articles, and even when I typed in the exact title in quotes it wouldn’t show up in search results anymore.” (404 media)

ChatGPT, GenAI Tools Open to ‘Man in the Prompt’ Browser Attack

A brand-new cyberattack vector allows threat actors to use a poisoned browser extension to inject malicious prompts into all of the top generative AI tools on the market, including ChatGPT, Gemini, and others. (DarkReading)

Phishers Target Aviation Execs to Scam Customers

KrebsOnSecurity recently heard from a reader whose boss’s email account got phished and was used to trick one of the company’s customers into sending a large payment to scammers. An investigation into the attacker’s infrastructure points to a long-running Nigerian cybercrime ring that is actively targeting established companies in the transportation and aviation industries (Krebs)

Can’t get enough Talos? 

We have lots of videos to share, so queue them up and let’s get learning!

Tales from the Frontlines

Join the Cisco Talos Incident Response team to hear real-world stories from the frontlines of cyber defense. Reserve your spot.

IR Trends Q2 2025

Phishing attacks persist as actors leverage compromised valid accounts to enhance legitimacy. Read more.

Beers with Talos

So You Wanna Be an Incident Commander? Meet Alex Ryan. Bill, Joe and Hazel chat with Alex about what it really takes to lead through the chaos of a cybersecurity incident, from coordinating stressed-out teams, fielding exec questions, and making sure people eat. Listen here.

Upcoming events where you can find Talos 

The Booker Prize Longlist and Hacker Summer Camp

Join us at hacker summer camp! Read our Black Hat preview here.

Most prevalent malware files from Talos telemetry over the past week  

SHA 256: 9f1f11a708d393e0a4109ae189bc64f1f3e312653dcf317a2bd406f18ffcc507
MD5: 2915b3f8b703eb744fc54c81f4a9c67f
VirusTotal: https://www.virustotal.com/gui/file/9f1f11a708d393e0a4109ae189bc64f1f3e312653dcf317a2bd406f18ffcc507
Typical Filename: VID001.exe
Claimed Product: N/A
Detection Name: Win.Worm.Coinminer::1201 

SHA 256: 83748e8d6f6765881f81c36efacad93c20f3296be3ff4a56f48c6aa2dcd3ac08
MD5: 906282640ae3088481d19561c55025e4
VirusTotal: https://www.virustotal.com/gui/file/83748e8d6f6765881f81c36efacad93c20f3296be3ff4a56f48c6aa2dcd3ac08/details
Typical Filename: AAct_x64.exe
Claimed Product: N/A
Detection Name: PUA.Win.Tool.Winactivator::1201  

SHA 256: 0581bd9f0e1a6979eb2b0e2fd93ed6c034036dadaee863ff2e46c168813fe442
MD5: 7854b00a94921b108f0aed00f77c7833
VirusTotal: https://www.virustotal.com/gui/file/0581bd9f0e1a6979eb2b0e2fd93ed6c034036dadaee863ff2e46c168813fe442/details
Typical Filename: winword.exe
Claimed Product: Microsoft Word, Excel, Outlook, Visio, OneNote
Detection Name: W32.0581BD9F0E.in12.Talos 

SHA256: 2462569cf24a5a1e313390fa3c52ed05c7f36ef759c4c8f5194348deca022277
MD5: 42c016ce22ab7360fb7bc7def3a17b04 
VirusTotal: https://www.virustotal.com/gui/file/2462569cf24a5a1e313390fa3c52ed05c7f36ef759c4c8f5194348deca022277
Typical Filename: Rainmeter-4.5.22.exe
Detection Name: Artemis!Trojan    

SHA 256:7b3ec2365a64d9a9b2452c22e82e6d6ce2bb6dbc06c6720951c9570a5cd46fe5
MD5: ff1b6bb151cf9f671c929a4cbdb64d86
VirusTotal : https://www.virustotal.com/gui/file/7b3ec2365a64d9a9b2452c22e82e6d6ce2bb6dbc06c6720951c9570a5cd46fe5
Typical Filename: endpoint.query 
Detection Name: W32.File.MalParent    

SHA256: 9f1f11a708d393e0a4109ae189bc64f1f3e312653dcf317a2bd406f18ffcc507
MD5: 2915b3f8b703eb744fc54c81f4a9c67f
VirusTotal: https://www.virustotal.com/gui/file/9f1f11a708d393e0a4109ae189bc64f1f3e312653dcf317a2bd406f18ffcc507
Typical Filename: VID001.exe 
Detection Name: Win.Worm.Bitmin-9847045-0  

Cisco Talos Blog – ​Read More