Ransomware attacks aren’t smash-and-grab anymore. They’re built on access that already looks legitimate — closer to positioning chess pieces than breaking the door down.

That’s the big trend that comes through in the ransomware data from the Talos 2025 Year in Review. Once attackers have initial access (and 40% of the time it’s through phishing) they move the way a user or administrator would: logging in, checking systems, and using the same remote access tools that are already installed.

In fact, one of the biggest challenges for defenders today is that ransomware actors are deliberately trying to overlap with everyday activity. RDP, PowerShell, and PsExec are the top three tools that are used by ransomware actors, but in many environments, these tools are part of normal operations.

The difference is how they’re being used. If they’re being used to expand access and move across systems, this should raise a few red flags. I’m not sure it’s possible to emphasise enough how important your asset management comes into play here — having clear asset inventories and network behaviour baselines and conducting continuous anomaly monitoring.

Like the rest of the Talos Year in Review, identity is what ties everything together. Valid accounts show up across nearly every stage of ransomware attacks: initial access, lateral movement, and execution. 

Top-targeted sectors

From our ransomware data analysis, manufacturing continues to be the most targeted sector, which reflects how challenging these environments are to monitor closely. There’s a mixture of systems, users, and processes, often with limited tolerance for disruption.

Professional, scientific, and technical services (second on the most targeted sectors list) face similar exposure, especially when access spans multiple systems or organizations.

Most prolific ransomware groups

The ransomware-as-a-service (RaaS) groups have had a bit of a shakeup. After LockBit topped our 2024 report, the group fell to 35^th this year following sustained law enforcement pressure. Qilin, a constant pain in the “you-know-what” for our incident responders for over a year now, came in at No. 1.

Qilin uses a double-extortion approach, combining data encryption with threats to release stolen information publicly. According to their data leak site, in 2025, Qilin targeted more than 40 victims every month except January, signaling that this ransomware group will remain a persistent and significant threat in 2026.

Akira and Play (No. 2 and 3 in the chart) had continued success, which can likely be credited to their evolving and adaptable tactics and absorption of affiliates from defunct ransomware groups (i.e., LockBit).

An opportunity for defenders

What’s interesting to note is that for the second year running, January saw lower activity, likely tied to holiday slowdowns and Eastern European public holidays.

It may be wise for security teams to consider testing ransomware defenses in months where activity levels are generally lower, such as January, as there is a reduced chance of interfering with real incidents.

Defender recommendations

• Strengthen identity protections. Actors predominately targeted the person who holds the key rather than the lock itself (i.e., the target’s infrastructure). Phishing and social engineering training is highly recommended.
• Monitor the use of built-in administrative tools such as RDP, PowerShell, and PsExec for lateral movement. Look for unexpected usage patterns, and abnormal access requests.
• Basics, basics, basics! They very much still hold true. Strengthen your backup, EDR, segmentation, logging, and recovery capabilities.
• Regularly test ransomware response readiness.

Read the full 2025 Talos Year in Review to dig deeper into ransomware trends, vulnerability exploitation, phishing and MFA bypass, state-sponsored activity, and how AI is shaping the threat landscape.

Cisco Talos Blog – ​Read More

Many AI visionaries see the universal smart assistant — one that takes over all sorts of routine tasks — as the key direction for the technology’s evolution. Experiments in this field are already in high gear and are yielding some results. Since the start of the year, the internet has been buzzing with stories of the miracles worked by the open-source AI agent OpenClaw, also known as Clawdbot and Moltbot.

If you’ve been following our blog, you already know the drill: every leap forward in AI innovation right now seems to come with serious issues regarding security and privacy. To actually get things done, these agents require access to virtually all of your digital services: email, calendars, cloud storage, messaging apps, and many more.

However, until recently, not a single project — OpenClaw included — could actually put a leash on these agents, or provide any real guarantee that they wouldn’t go off the rails. But that’s finally starting to change thanks to a new concept name IronCurtain — the brainchild of researcher Niels Provos.

The dangers of AI agents

Let’s keep the suspense going for a little longer, and first discuss what an AI agent gone rogue is actually capable of. It’s important to remember that at the most basic level, any modern AI tool is built on a language model — essentially a text-processing algorithm fed a massive volume of data in its training phase. The result is a statistical model capable of determining the probability of which word will most likely follow another.

A language model is a black box. In practice, this means nobody — not even its creators — fully understands exactly how an AI tool works under the hood. An obvious consequence is that AI developers themselves don’t entirely know how to control or restrict these systems at the model level; instead, they have to invent external guardrails of varying degrees of effectiveness and reliability.

Meanwhile, the methods used to bypass these safeguards often prove to be quite unexpected. For example, we recently shared how chatbots can be coaxed into forgetting almost all their safety instructions if you charm them with prompts written in verse.

But back to the threats posed by AI agents. The inability to fully control or predict the actions of smart assistants often leads to outcomes that no one could have expected. A prime example is the high-profile case where OpenClaw nuked every single email in its owner’s Gmail inbox — despite being explicitly told to wait for confirmation before doing anything — only to apologize afterwards and promise it wouldn’t happen again.

This chat between the OpenClaw bot and its owner resembles a conversation with a teenager who’s just messed up: “What did I tell you?!” – “Geez, Mom, I’m sorry, I won’t do it again — I promise.” Source

In another instance, a journalist testing an AI agent’s capabilities found that the system had pivoted to a highly questionable plan of action while executing a task. Instead of attempting a constructive solution, the agent decided to launch a phishing attack on the user. Seeing the system’s logic unfolding on the screen, the journalist immediately pulled the plug on the experiment.

Beyond spontaneous bad behavior, AI remains vulnerable to prompt injection attacks. In this type of attack, a threat actor smuggles their own malicious instructions into a command or the data being processed (direct prompt injection), or, in more sophisticated cases, even into third-party content used by the agent to do its job (indirect prompt injection). The large language model perceives these instructions as part of the user’s request; as a result, the AI may ignore its original constraints and help the attacker.

Additional danger stems from vulnerabilities within AI agents that could potentially allow attackers to access user data the agent is authorized to see — including passwords, encryption keys, and other secrets — or even grant the ability to execute arbitrary code on the host system.

Of course, this list of threats is by no means exhaustive. As we’ve said time and again, no one knows the full extent of the risks associated with AI. However, researcher Niels Provos recently proposed an approach to help put a leash on AI agents to make them more controllable and mitigate the potential threats.

How Iron Curtain makes AI agents safe to use

IronCurtain, Niels Provos’s new open-source solution, uses an added security buffer between the AI agent and the user’s system.

Instead of giving the AI agent free rein on your system, it forces the agent to work from inside an isolated virtual machine that sits between the bot and your actual accounts. This isolation allows the agent’s actions to be separated from the user’s own, reducing risks if the agent decides to go rogue.

Why did Provos use the name “IronCurtain”? Many will presume it’s a reference to the notional barrier that divided Western Europe and the Warsaw Pact countries of Eastern Europe in the second half of the 20^th century. However, the author himself states there is no such connection.

The project’s name doesn’t refer to a political metaphor at all, but rather… to a theatrical term. In a theater, an iron curtain is a fireproof partition between the stage and the auditorium. If a fire breaks out on stage, the curtain drops to prevent the flames from spreading. By this analogy, the AI agent is “on stage”, while the user’s system with all its files and data is in the “auditorium”. IronCurtain acts as that protective barrier between them.

However, isolation is only part of the solution. At the heart of the system is a security policy that determines which actions the agent is permitted to perform. The design of IronCurtain allows the user to write their own security instructions — defining what the agent can and can’t do — in plain English (no word of support for other languages yet).

The system then uses AI to transform these instructions into a formalized security policy applied to the agent’s actions across the board. Every request it makes to external services — whether email, messaging, or file management — is run through this policy to make sure the agent isn’t overstepping its bounds.

The security policy set during the initial configuration can — and should — evolve over time. According to Provos’s vision, when encountering ambiguous situations, the AI should reach out to the user with follow-up questions and update the instructions from their responses.

IronCurtain is available to anyone on GitHub, but making it work on your computer takes some serious engineering skills. Remember too that, for now, this is merely an R&D prototype.

Can IronCurtain be a proper fix?

Niels Provos’s solution sure does look interesting, and aligns with some experts’ views on an ideal approach to AI safety. However, it’s too early to consider IronCurtain a definitive solution to the problem.

Its biggest obvious flaw is that it’s a resource hog. Using an isolated environment for every AI agent requires serious computing power, and complicates infrastructure — especially when multiple agents are running simultaneously.

Furthermore, as mentioned, IronCurtain is still very much in the prototype phase: practical effectiveness hasn’t been proven yet. In particular, there’s a significant question mark over how accurately natural language instructions can be converted into formalized security policies.

It’s also a coin toss as to whether this architecture can truly stop prompt injection. Sadly, the root of the problem is the fundamental inability of modern LLMs to distinguish between data and instructions.

Despite all its limitations, IronCurtain represents a major step toward safer and tamer AI agents. At a minimum, this approach provides a vital blueprint for future development, allowing for a substantive debate on how to make such systems reliable and effective.

How to use AI assistants safely

While architectures like IronCurtain remain experimental in nature, the responsibility for using AI safely rests primarily with users themselves. So, to wrap things up, let’s break down a few simple rules to help mitigate risks when working with AI assistants.

• Evaluate the risks properly before experimenting with the next big thing. Think about what could go wrong and the possible fallout. The internet is already full of real-life examples from users, so you can learn from that collective experience.
• Avoid giving AI agents excessive access privileges. If an assistant only needs access to a calendar or a specific folder, don’t connect your entire email, cloud storage, and work accounts to it.
• Verify AI actions before they’re executed. Even if your agent offers to automate a task, it’s better to manually confirm important operations like sending emails, deleting data, or making payments. Yes, the agent might still misbehave, but you should at least try to rein it in.
• Install a reliable security solution on all the devices you use, just in case a mischievous AI agent brings back some nasty malware as a souvenir from its uncontrolled wanderings across the web.

What else you should know about using AI safely:

• Privacy settings in ChatGPT
• DeepSeek: configuring privacy and deploying a local version
• Unplugged: how to disable AI on your computer and smartphone
• Don’t get pinched: the OpenClaw vulnerabilities
• AI sidebar spoofing: a new attack on AI browsers

Kaspersky official blog – ​Read More

Supply-chain attacks have been one of the most dangerous categories of cybersecurity incidents for years now. And if 2025 taught us anything, it’s that cybercriminals are doubling down on them. In this deep dive, we’re looking at supply-chain attacks from 2025 that, while not always the costliest, were certainly the most unusual and caught the industry’s attention.

January 2025: a RAT found in the DogWifTools GitHub repository

As a “warm-up” after the holiday break, cybercriminals systematically backdoored several versions of DogWifTools. This is a utility designed for launching and vigorously promoting Solana-based meme coins on Pump.fun. After compromising the private GitHub repository for DogWifTools, the attackers waited for the developers to upload a fresh build, injected a RAT into it, and then swapped the legitimate program with their malicious version just a few hours later. According to the developers, the threat actors successfully trojanized versions 1.6.3 through 1.6.6 of DogWifTools for Windows.

The endgame was triggered in late January. After using the RAT to harvest a massive amount of data from infected devices, the attackers drained their victims’ crypto wallets. While victims estimate the total haul at over US$10 million in cryptocurrency, the attackers themselves disputed that figure — though they stopped short of revealing exactly how much they’d actually made off with.

February 2025: the US$1.5 billion Bybit heist

If January was a warm-up, February was a total meltdown. The Bybit crypto exchange hack completely eclipsed previous incidents — becoming the largest crypto heist in history. The attackers managed to compromise the Safe{Wallet} software, the multisig cold storage solution the exchange relied on to manage its assets.

Bybit employees thought they were signing a routine transaction; in reality they were authorizing a malicious smart contract. Once executed, it drained a primary cold wallet, dispersing the funds across several hundred attacker-controlled addresses. The final haul exceeded 400 000 ETH/stETH, with a staggering total value of approximately… US$1.5 billion!

March 2025: Coinbase targeted in a GitHub Actions cascading compromise

Spring 2025 kicked off with a sophisticated attack that used a compromise of multiple GitHub Actions — the workflow patterns used to automate standard DevOps tasks — as its primary delivery mechanism. It all started with the theft of a personal access token belonging to a maintainer of the SpotBugs analysis tool. Using this foothold, the attackers published a malicious process and managed to hijack a token from a maintainer of the reviewdog/action-setup workflow, who was also involved in the project.

From there, they compromised a dependency, the tj-actions/changed-files workflow, modifying it to execute a malicious Python script. This script was designed to hunt for high-value secrets, such as AWS, Azure and Google Cloud keys, GitHub and NPM tokens, database credentials, and RSA private keys. Oddly, the script wrote everything it found directly to publicly accessible build logs. This meant the leaked data wasn’t just available to the attackers, but to anyone savvy enough to look.

The original goal of this operation was a repository belonging to the Coinbase crypto exchange. Fortunately, the developers caught the threat in time and prevented the compromise. After apparently realizing they were about to lose control of the tj-actions/changed-files pipeline, the attackers pivoted to a spray-and-pray approach. This put 23 000 repositories at risk of a secrets leak. In the end, several hundred of those repositories actually saw their sensitive credentials exposed to the public.

April 2025: a backdoor in 21 Magento extensions

In April, an infection was discovered across a whole range of extensions for Magento, one of the most popular platforms for building online stores. The backdoor was embedded into 21 modules developed by three vendors: Tigren, Meetanshi, and MGS. These extensions were part of the infrastructure for several hundred e-commerce companies, including at least one multinational corporation.

According to the researchers who discovered it, the backdoor was actually planted way back in 2019. In April 2025, the attackers finally triggered it to compromise websites and upload web shells. This was accomplished through a function embedded in the extensions that executed arbitrary code pulled from a license file.

Ironically, the infected modules included MGS GDPR and Meetanshi CookieNotice. As the names suggest, these extensions were designed to help sites comply with user privacy and data processing regulations. In the end, instead of ensuring privacy, their use most probably led to the theft of user data and financial assets through web skimming.

May 2025: ransomware distributed through a compromised MSP

In May, ransomware actors from the DragonForce gang gained access to the infrastructure of an unnamed managed service provider (MSP) and used it to distribute their ransomware and steal data from the MSP’s client organizations.

It appears the attackers exploited several vulnerabilities (including one critical flaw) in SimpleHelp, the remote monitoring and management tool used by the MSP. These vulnerabilities were discovered back in 2024 and were publicly disclosed and patched in January 2025. Unfortunately, the MSP evidently decided not to rush the update process — a delay the ransomware gang was more than happy to exploit.

June 2025: a backdoor in over a dozen popular npm packages

At the start of the summer, attackers hacked the account of one of the Gluestack library maintainers and used a stolen access token to inject backdoors into 17 npm packages. The most popular of these packages, @react-native-aria/interactions, boasted 125 000 weekly downloads, while all the compromised packages combined totaled over a million.

What’s particularly interesting in this case are the steps the Gluestack developers took following the incident: first, they restricted GitHub repository access for secondary contributors; second, they enabled two-factor authentication (2FA) for publishing new versions; and third, they promised to implement secure development practices like pull-request-based workflow, systematic code reviews, audit logging, and so on. In other words, prior to the incident a project with hundreds of thousands of weekly downloads had no such measures in place.

July 2025: popular npm packages infected through a phishing attack

In July, npm packages were once again the stars of the show — including the widely used, succinctly named “is” package, which boasts 2.7 million weekly downloads. This JavaScript utility library provides a broad range of type-checking and value validation functions. To pull off a phishing strike against one of the project owners, attackers successfully utilized the oldest trick in the book: typosquatting (using the domain npnjs.com instead of npmjs.com) and a clone of the official npm website.

They then used the compromised account to publish several of their own versions of the package with an embedded backdoor. The infection flew under the radar for six hours: plenty of time for a large number of developers to download the malicious npm packages.

The same phishing tactic was deployed against other developers as well. The attackers leveraged several compromised developer accounts to distribute different variants of their malicious payload. There’s also a strong suspicion that they may have saved some of their haul for future attacks.

August 2025: the s1ngularity attack and a leak of hundreds of developers’ secrets

In late August, an incident dubbed “s1ngularity” continued the trend of targeting JavaScript developers. Attackers compromised Nx, a popular build system and CI/CD pipeline optimization tool. Malicious code injected into the packages searched through infected developer systems for a vast range of sensitive data, such as crypto wallet keys, npm and GitHub tokens, SSH keys, API keys, and more.

Interestingly, the attackers used locally installed AI tools, such as Claude Code, Gemini CLI, and Amazon Q, to sniff out secrets on the victims’ machines. Everything they found was then posted to public GitHub repositories created in the victims’ names, using titles “s1ngularity-repository”, “s1ngularity-repository-0”, and “s1ngularity-repository-1”. As you might have guessed, that’s where the name of the attack comes from.

Consequently, the private data of hundreds of developers ended up sitting in plain sight, where it could be accessed not just by the attackers, but by absolutely anyone with an internet connection.

September 2025: a crypto stealer hits npm packages that have 2.6 billion weekly downloads

The trend of npm package compromises rolled right into September. Following a fresh phishing campaign targeting JavaScript developers, attackers managed to inject malicious code into a few dozen high-profile projects. Some of these, specifically “chalk” and “debug”, boast hundreds of millions of weekly downloads; collectively, the infected packages were racking up over 2.6 billion downloads per week at the time of the breach — and they’ve only grown more popular since.

The payload was a crypto stealer: malware designed to intercept cryptocurrency transactions and reroute them to the attackers’ wallets. Fortunately, despite successfully poisoning some of the world’s most popular projects, the attackers somehow managed to botch the final stage of their operation. In the end, they walked away with a measly US$925.

Just a week later, another major incident struck: the first wave of the self-propagating Shai-Hulud malware, which infected around 150 npm packages, including projects from CrowdStrike. However, the second wave, which hit several months later, proved to be far more destructive. We’ll take a closer look at the Great Worm a bit further down.

October 2025: GlassWorm infects the Visual Studio Code ecosystem

Roughly a month after the Shai-Hulud attack, similar self-propagating malware dubbed GlassWorm began infecting Visual Studio Code extensions across both the Open VSX Registry and the Microsoft Extension Marketplace. The attackers were hunting for GitHub, Git, npm, and Open VSX accounts, as well as crypto wallet keys.

The creators of GlassWorm took a highly creative approach to their command-and-control infrastructure: they used a crypto wallet on the Solana blockchain as their primary C2, with Google Calendar serving as a backup communication channel.

Beyond simply draining victims’ crypto wallets and hijacking their accounts to spread the worm further, the attackers also dropped a RAT named Zombi onto infected devices, granting them total control over the compromised systems.

November 2025: the IndonesianFoods campaign and 150 000 spam packages on npm

In November, a new nuisance emerged within the npm registry. A coordinated malicious campaign dubbed IndonesianFoods saw attackers flood the registry with tens of thousands of useless packages.

The primary goal here was gaming the system to inflate metrics and farm tokens on tea.xyz, a blockchain platform designed to reward open-source developers. To pull this off, the attackers built a massive web of interdependent projects with the names referencing Indonesian cuisine, such as zul-tapai9-kyuki or andi-rendang23-breki.

The creators of this campaign didn’t bother hijacking accounts. Strictly speaking, the spam packages didn’t even contain a malicious payload — unless you count a script designed to automatically generate new packages every seven seconds. Nevertheless, the incident served as a stark reminder of how vulnerable the npm infrastructure is to large-scale spam campaigns.

December 2025: Shai-Hulud 2.0 and the leak of 400 000 developer secrets

The absolute headliner of the year — not just for supply-chain attacks, but likely for the entire cybersecurity field — was the self-propagating malware Shai-Hulud (also known as Sha1-Hulud) targeting developers.

This malware was the logical evolution of the s1ngularity attack we mentioned earlier: it also scours systems for all kinds of secrets and publishes them in open GitHub repositories. However, Shai-Hulud added a self-propagation mechanism to this baseline: the worm infects projects controlled by already-compromised developers by using their stolen credentials.

The first wave of Shai-Hulud hit in September, infecting several hundred npm packages. But toward the end of the year, a second wave arrived, dubbed Shai-Hulud 2.0.

This time, the worm was upgraded with wiper functionality. If the malware failed to find valid npm or GitHub tokens on an infected system, it triggered a destructive payload that erased user files.

Approximately 400 000 secrets were leaked in total as a result of the attack. It’s worth noting that, just like with s1ngularity, all this sensitive data ended up in public repositories where it could be downloaded not only by the attackers but by anyone else. And it’s highly likely that the fallout from this attack will be felt for a long time to come.

One of the first, confirmed cases of an exploit using secrets leaked by Shai-Hulud was a cryptocurrency theft targeting several thousand Trust Wallet users. Attackers used these secrets on Christmas Eve to upload a malicious version of the Trust Wallet extension, complete with a built-in crypto drainer, to the Chrome Web Store. In the end, they managed to make off with US$8.5 million in cryptocurrency.

How to protect against supply-chain attacks

While putting together a similar retrospective for 2024, we found sticking to a “one month, one threat” structure fairly easy. For 2025, however, it was a much taller order. There were so many massive supply-chain attacks last year that we simply couldn’t fit them all into this one overview.

The year 2026 is shaping up to be just as intense, so we recommend checking out our dedicated post on preventing supply-chain attacks. In the meantime, here are the essential takeaways:

• Thoroughly evaluate your vendors and carefully audit the code you integrate into your own projects.
• Implement strict security requirements directly into your service contracts.
• Develop a comprehensive incident response plan.
• Monitor your corporate infrastructure for suspicious activity using an XDR solution.
• If your internal security team is stretched thin, leverage an external service for proactive threat hunting and timely response.

If you want to learn more about supply-chain attacks, have a read of our analytical report Supply chain reaction: securing the global digital ecosystem in an age of interdependence. It’s based on insights from technical experts, and reveals how often organizations face supply-chain and trusted-relationship risks, where protection gaps remain, and what strategies to employ to improve resilience against these kinds of threats.

Kaspersky official blog – ​Read More

Welcome to this week’s edition of the Threat Source newsletter. 

Anyone who spoke with me in the last several weeks has had to deal with me loudly waiting in anticipation for the long-awaited “Project Hail Mary” movie adaptation. I read (and cried over) the book by Andy Weir, who’s also the author of “The Martian,” about a year ago and, shortly after, found out it was being made into a movie. 

(I know what you’re thinking: Two movie-themed editions in two weeks? It’s every cinephile’s dream!) 

Anyway, the story centers around a biologist and science teacher named Ryland Grace (Ryan Gosling), who wakes up from a coma on a spaceship lightyears away from Earth, his two crewmembers long dead. Our planet’s sun is slowly dimming, its energy being consumed by alien microbes called “astrophage” that are infecting all the stars in our stellar neighborhood — except one. Grace’s task is to figure out why this star is unaffected and send the solution back to Earth. It’s a one-way trip, and he’ll eventually die in space alone… or so he thinks. 

The movie met 99.9% of my expectations, which is rare for an adaptation. The humor was spot-on, the soundtrack was gorgeous, and the puppetry — yes, the puppetry (mild spoilers for Rocky, Grace’s new alien friend) — was out-of-this-world. 

While it is a story about space, it’s first and foremost about communication, trust, and collaboration — things we’re no strangers to at Talos, especially when creating the Year in Review report (which is available now). The entire processof creating this report, from raw data to final design, is only a little bit less monumental than stopping alien microbes from plunging the earth into an ice age. 

The process begins with Talos’ Strategic Analysis team, who leverage the vast amount of Cisco’s telemetry, Talos research, and data from Talos Incident Response cases to analyze trends over the past year. This analysis is synthesized into a comprehensive report, which undergoes rigorous review and proofing at multiple levels. While the report is being drafted, the Strategic Comms team develops a detailed schedule of content and collateral to promote it both internally and externally, meeting weekly to track our progress. Once the text is finalized, it moves to our design team, who transform the data into a visually stunning, accessible format. Even after the report launches, the work continues: We produce videos, answer your questions on Reddit (today only!), record podcasts, create social media graphics, and collaborate across Cisco to ensure our findings reach the right people. 

We do this for the good of the community. Our report isn’t gated, and it never will be; you can read it right in your browser without filling out fake names and emails in annoying forms. Talos’ job is to keep as many people as safe as possible, and that means free access to critical information. Here’s a taste of our findings: 

• React2Shell was the No. 1 most targeted CVE in 2025 despite only being discovered in December. ToolShell was No. 3 despite being released in June. 
• About 25% of the vulnerabilities on our top 100 list affect widely used frameworks and libraries, highlighting the risk of supply chain-style attacks. 
• Nearly a third of MFA spray attacks targeted identity and access management (IAM) applications. 
• Attackers continued to rely heavily on phishing for initial access, observed in 40% of Talos IR cases. 35% of cases involved internal phishing. 
• Qilin was the most seen ransomware variant in 2025, with over 40 victims each month except January. 

We also offer insights on AI and state-sponsored threats, so be sure to view the full report. 

In “Project Hail Mary,” Grace and his alien friend, Rocky, realize that they can’t save their respective worlds alone. The Talos Year in Review is the result of a massive, cross-functional mission. It takes collaboration between all of Talos’ teams to turn complex, often daunting telemetry into actionable intelligence for the community. 

When we share knowledge, communicate clearly, and work together, the results are, to quote Rocky, “Amaze! Amaze! Amaze!” 

Stay tuned over the coming days and weeks as we break each section down into the most important 2025 Year in Review findings you need to know.

The one big thing 

One of the main themes from the 2025 Year in Review’s vulnerability data is that attackers are targeting identity by compromising the infrastructure that sits around it, including physical hardware devices, software, and management platforms. Network components act as de facto identity gateways, allowing adversaries to impersonate users, bypass MFA, and traverse networks undetected. Attackers overwhelmingly prefer high-access targets that require minimal exploitation steps and yield maximum operational payoff. 

Why do I care? 

Identity-centric network components act as control points for the entire environment, meaning their compromise can invalidate MFA, bypass segmentation, and grant immediate access to high-value resources. Network management platforms give adversaries direct access to privileged administrative functions, device credentials, and automation pipelines that touch hundreds of downstream systems. Compromising a single ADC or management platform can expose dozens of downstream systems, making these devices powerful force multipliers. 

So now what? 

Organizations should consider the impact on identity when prioritizing the patching of network devices. ADCs must be protected as identity control points, not merely performance appliances. Defenders should focus on these high-leverage vulnerability classes that enable identity compromise, policy manipulation, and infrastructure-wide escalation. Read the full Year in Review for more information.

Top security headlines of the week 

U.S. Department of Energy publishes five-year energy security plan 
The three goals are to develop ‘world-class’ security technologies, to harden the US energy infrastructure, and establish emergency preparedness for response and recovery from incidents. (SecurityWeek) 

Someone has publicly leaked an exploit kit that can hack millions of iPhones 
Researchers are warning that this will allow any hacker to easily use the tools to target iPhone users running older versions of Apple’s operating systems who have not yet updated to its latest iOS 26 software. (TechCrunch) 

Checkmarx KICS code scanner targeted in widening supply chain hit 
Specifically, the cybercriminals infiltrated KICS GitHub Action, which organizations use to run KICS scans within their CI/CD pipelines, and poisoned multiple versions of the software. (Dark Reading) 

Attackers hide infostealer in copyright infringement notices 
Aimed at organizations in critical sectors, including healthcare, government, hospitality, and education, it attempts to install PureLog Stealer, a low-cost infostealer easy for threat actors to use. (Dark Reading) 

Oracle releases emergency patch for critical identity manager vulnerability 
CVE-2026-21992 can be used without authentication for remote code execution and it may have been exploited in the wild. (SecurityWeek) 

Can’t get enough Talos? 

Today only: Ask us anything 
Talos and Splunk researchers are standing by on Reddit to answer your questions about the Year in Review, Top 50 Cybersecurity Threats report, or just about anything else you want to know. It’s halfway over, so post your questions now! 

Year in Review highlights 
In 2025, attackers moved fast, but they also played the long game. This short video highlights the biggest trends from the 2025 Talos Year in Review and what they reveal about where the threat landscape is headed. 

Gravy, glutes, and the Talos Year in Review 
Hazel, Bill, Joe, and Dave discuss the 2025 Year in Review, supported as always by the Turkey Lurkey Man. We also discuss the cyber activity tied to the situation in the Middle East. 

Cybersecurity’s double-header 
With the recent release of the Year in Review and Splunk’s Top 50 Cybersecurity Threats report, Amy, Bill, and Lou break down the most critical trends that shaped the security landscape last year. 

Upcoming events where you can find Talos 

• Botconf 2026 (April 15 – 17) Reims, France 

Most prevalent malware files from Talos telemetry over the past week 

SHA256: 9f1f11a708d393e0a4109ae189bc64f1f3e312653dcf317a2bd406f18ffcc507 
MD5: 2915b3f8b703eb744fc54c81f4a9c67f 
Talos Rep: https://talosintelligence.com/talos_file_reputation?s=9f1f11a708d393e0a4109ae189bc64f1f3e312653dcf317a2bd406f18ffcc507 
Example Filename: 9f1f11a708d393e0a4109ae189bc64f1f3e312653dcf317a2bd406f18ffcc507.exe 
Detection Name: Win.Worm.Coinminer::1201 

SHA256: 96fa6a7714670823c83099ea01d24d6d3ae8fef027f01a4ddac14f123b1c9974 
MD5: aac3165ece2959f39ff98334618d10d9 
Talos Rep: https://talosintelligence.com/talos_file_reputation?s=96fa6a7714670823c83099ea01d24d6d3ae8fef027f01a4ddac14f123b1c9974 
Example Filename: d4aa3e7010220ad1b458fac17039c274_63_Exe.exe 
Detection Name: W32.Injector:Gen.21ie.1201 

SHA256: 90b1456cdbe6bc2779ea0b4736ed9a998a71ae37390331b6ba87e389a49d3d59 
MD5: c2efb2dcacba6d3ccc175b6ce1b7ed0a 
Talos Rep: https://talosintelligence.com/talos_file_reputation?s=90b1456cdbe6bc2779ea0b4736ed9a998a71ae37390331b6ba87e389a49d3d59 
Example Filename: APQ9305.dll 
Detection Name: Auto.90B145.282358.in02 

SHA256: 5e6060df7e8114cb7b412260870efd1dc05979454bd907d8750c669ae6fcbcfe 
MD5: a2cf85d22a54e26794cbc7be16840bb1 
Talos Rep: https://talosintelligence.com/talos_file_reputation?s=5e6060df7e8114cb7b412260870efd1dc05979454bd907d8750c669ae6fcbcfe 
Example Filename: a2cf85d22a54e26794cbc7be16840bb1.exe 
Detection Name: W32.5E6060DF7E-100.SBX.TG 

SHA256: a31f222fc283227f5e7988d1ad9c0aecd66d58bb7b4d8518ae23e110308dbf91 
MD5: 7bdbd180c081fa63ca94f9c22c457376 
Talos Rep: https://talosintelligence.com/talos_file_reputation?s=a31f222fc283227f5e7988d1ad9c0aecd66d58bb7b4d8518ae23e110308dbf91 
Example Filename: d4aa3e7010220ad1b458fac17039c274_62_Exe.exe 
Detection Name: Win.Dropper.Miner::95.sbx.tg 

SHA256: 38d053135ddceaef0abb8296f3b0bf6114b25e10e6fa1bb8050aeecec4ba8f55 
MD5: 41444d7018601b599beac0c60ed1bf83 
Talos Rep: https://talosintelligence.com/talos_file_reputation?s=38d053135ddceaef0abb8296f3b0bf6114b25e10e6fa1bb8050aeecec4ba8f55 
Example Filename: 38d053135ddceaef0abb8296f3b0bf6114b25e10e6fa1bb8050aeecec4ba8f55.js 
Detection Name: W32.38D053135D-95.SBX.TG 

Cisco Talos Blog – ​Read More