SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

A honeypot capture reveals an SSH scan from an IP linked to the Indonesian government, raising questions of whether it's a nation-state attack or a compromised system. Recent updates disclose that exploits for a serious React vulnerability exist, urging vigilance. Additionally, there's an active threat against Array Networks VPN gateways, emphasizing the importance of patching and verifying updates from VPN vendors, even smaller ones. Tune in for crucial insights into these pressing cybersecurity issues!

Honeypots reveal scans with CDN headers, highlighting attempts by attackers to bypass these defenses. A critical vulnerability in React server components has been patched, but exploitation may occur soon. Additionally, PickleScan, a tool for AI model security, has addressed three significant vulnerabilities, ensuring safer PyTorch models. The discussion dives into the implications of these security issues, making the stakes clearer for developers and cybersecurity professionals.

The compromise of the SmartTube Android app reveals how a developer's key was exploited, leading to the release of a malicious version. In another intriguing discussion, a rogue NPM package cleverly disguised itself through prompt injection to avoid detection, exfiltrating sensitive data for two years. Additionally, Angular addressed a critical stored XSS vulnerability linked to SVG and MathML, highlighting ongoing security challenges in web applications. Tune in for insights on the evolving landscape of cyber threats!

Dive into the world of cyber security with an intriguing analysis of ToolShell payloads, exploring how to decode embedded PowerShell commands. Discover Google's December Android update, which fixes critical vulnerabilities already exploited. Uncover the shocking story of the ShadyPanda malware campaign, where innocent browser extensions turned malicious after years of being safe. The episode also highlights the shift to spyware behaviors and offers insights on defensive strategies amid uncertainties in attribution.

A new variant of ClickFix tricks users with a fake Blue Screen of Death to steal information. There's a concerning phishing risk connected to Teams guest access, where attackers can invite users into unprotected environments. Additionally, a recently patched Geoserver vulnerability (CVE-2025-58360) highlights the dangers of exposing XML entities publicly. These insights reveal the evolving landscape of cyber threats and the importance of vigilance.

Spyware is exploiting vulnerabilities in messaging apps, using tools like keystroke loggers to invade users' privacy. A warning against inputting passwords into random websites highlights the danger of careless online behavior. The critical vulnerabilities in Fluent Bit that could allow remote takeovers are discussed, urging rapid patching for affected users. As Thanksgiving approaches, the focus turns to being safe online and the importance of trusting cloud security.

Conflicts between URL mapping and access control could create serious security gaps. A new destructive worm called Sha1-Hulud is wreaking havoc on NPM and GitHub, stealing credentials and even deleting home directories. Meanwhile, Hacklore.org is tackling outdated security tips, with an open letter from former CISOs addressing common myths about public Wi-Fi and password changes. This dialogue highlights the critical need for updated security advice in a rapidly evolving digital landscape.

Discover how phishing sites are using CSS stuffing to confuse detection engines with harmless code. Explore the alarming news about a critical vulnerability in Oracle Identity Manager that could be exploited as a zero-day attack. Plus, learn about ClamAV's efforts to clean up and streamline its signature database to improve security efforts. This discussion highlights the ever-evolving landscape of cyber threats and the innovative methods attackers employ.

Adam Wilson, a Senior Manager in DevSecOps and application security expert, discusses the automation of generative AI guidelines to mitigate prompt injection risks. He introduces MITRE ATLAS, detailing how it enhances ATT&CK by specifying AI-related threats and their defenses. Adam highlights four main mitigations, emphasizing the value of layered defenses and automation in DevOps environments. Additionally, he shares insights on conducting experiments with different AI defense techniques and underscores the need for ongoing research to bolster security measures.

Dive into the complexities of Unicode, where seemingly funny domain names hide serious vulnerabilities. Discover multiple vulnerabilities in the FortiWeb API and CLI, exacerbated by active exploits. Learn about the troubling DLink DIR-878 router issues, which won't receive patches due to its end-of-life status. Uncover the alarming Operation WrtHug, exposing how thousands of ASUS routers have fallen victim to a global espionage campaign. Tune in for insights on mitigating these threats with better admin controls!