You have to invite them in

⚠️ Region Alert: UAE/Middle East

This edition of the Threat Source newsletter explores the evolving landscape of identity-based attacks, using an analogy of vampire mythology to describe how attackers now seek to be "invited in" rather than forcing entry. Data from the upcoming 2025 Talos Year in Review indicates that nearly a third of MFA spray attacks targeted Identity Access Management (IAM) applications, alongside a 178% surge in fraudulent device registrations. Attackers are increasingly leveraging social engineering and adversary-in-the-middle phishing kits to capture legitimate credentials and session tokens.

The newsletter also provides a critical update on the security situation in the Middle East, specifically noting that a recent attack on medical equipment manufacturer Stryker appears opportunistic. However, the broader threat landscape remains elevated due to regional military operations, particularly involving Iranian threat actors known for destructive malware. Additional headlines cover new .NET AOT malware evasion techniques, the expansion of the SideWinder espionage campaign in Southeast Asia, and a novel Android trojan that uses silent audio loops to maintain persistence.

Read Full Article