Podcasts about cve

Getting a Better Handle on International Domain Names and Punycode International Domain names can be used for phishing and other attacks. One way to identify suspect names is to look for mixed script use. https://isc.sans.edu/diary/Getting%20a%20Better%20Handle%20on%20International%20Domain%20Names%20and%20Punycode/32234 Citrix Netscaler Vulnerabilities CVE-2025-7775, CVE-2025-7776 and CVE-2025-8424 Citrix patched three vulnerabilities in Netscaler. One is already being exploited https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX694938&articleTitle=NetScaler_ADC_and_NetScaler_Gateway_Security_Bulletin_for_CVE_2025_7775_CVE_2025_7776_and_CVE_2025_8424 git vulnerability exploited (CVE-2025-48384) A git vulnerability patched in early July is now being exploited https://github.com/git/git/security/advisories/GHSA-vwqx-4fm8-6qc9

Apple's "Awe dropping" event is set for September 9th. Developer beta 8 of iOS 216, iPadOS 26, and macOS Tahoe 26 has been released. Apple TV+ is hiking its monthly user price. And Masimo sues US Customs over Apple's Apple Watch blood oxygen workaround. Apple September Event invites have officially gone out. iPhone 17 countdown begins as Foxconn ramps up factory hiring in China. Apple seeds developer beta 8 of iOS 26, iPadOS 26, macOS Tahoe 26. MacOS 26 Tahoe's dead canary utility app Icons. Apple may back out of MLB entirely as NBC closes in on 'Sunday Night Baseball' rights. Apple TV+ hiking price, will now cost $13 per month in U.S. Masimo was last to learn about blood oxygen sensing returning to Apple Watch. FTC draws hard line on foreign-driven censorship & data demands for Big Tech. Apple Wallet in iOS 26 adds a toggle to disable controversial feature. HBO Max launches new Harry Potter immersive environment on Apple Vision Pro. 'F1' & 'Superman' top $600M global; 'Demon Slayer: Infinity Castle' killing it overseas. Elon Musk's xAI sues Apple over claims it favors OpenAI. Apple patches CVE-2025-43300 zero-day in iOS, iPadOS, and macOS exploited in targeted attacks. Picks of the Week Jason's Pick: Nic's Fix Andy's Pick: Studs Terkel Alex's Pick: Bitrig Hosts: Leo Laporte, Alex Lindsay, Andy Ihnatko, and Jason Snell Download or subscribe to MacBreak Weekly at https://twit.tv/shows/macbreak-weekly. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: pantheon.io cachefly.com/twit

Apple's "Awe dropping" event is set for September 9th. Developer beta 8 of iOS 216, iPadOS 26, and macOS Tahoe 26 has been released. Apple TV+ is hiking its monthly user price. And Masimo sues US Customs over Apple's Apple Watch blood oxygen workaround. Apple September Event invites have officially gone out. iPhone 17 countdown begins as Foxconn ramps up factory hiring in China. Apple seeds developer beta 8 of iOS 26, iPadOS 26, macOS Tahoe 26. MacOS 26 Tahoe's dead canary utility app Icons. Apple may back out of MLB entirely as NBC closes in on 'Sunday Night Baseball' rights. Apple TV+ hiking price, will now cost $13 per month in U.S. Masimo was last to learn about blood oxygen sensing returning to Apple Watch. FTC draws hard line on foreign-driven censorship & data demands for Big Tech. Apple Wallet in iOS 26 adds a toggle to disable controversial feature. HBO Max launches new Harry Potter immersive environment on Apple Vision Pro. 'F1' & 'Superman' top $600M global; 'Demon Slayer: Infinity Castle' killing it overseas. Elon Musk's xAI sues Apple over claims it favors OpenAI. Apple patches CVE-2025-43300 zero-day in iOS, iPadOS, and macOS exploited in targeted attacks. Picks of the Week Jason's Pick: Nic's Fix Andy's Pick: Studs Terkel Alex's Pick: Bitrig Hosts: Leo Laporte, Alex Lindsay, Andy Ihnatko, and Jason Snell Download or subscribe to MacBreak Weekly at https://twit.tv/shows/macbreak-weekly. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: pantheon.io cachefly.com/twit

Apple's "Awe dropping" event is set for September 9th. Developer beta 8 of iOS 216, iPadOS 26, and macOS Tahoe 26 has been released. Apple TV+ is hiking its monthly user price. And Masimo sues US Customs over Apple's Apple Watch blood oxygen workaround. Apple September Event invites have officially gone out. iPhone 17 countdown begins as Foxconn ramps up factory hiring in China. Apple seeds developer beta 8 of iOS 26, iPadOS 26, macOS Tahoe 26. MacOS 26 Tahoe's dead canary utility app Icons. Apple may back out of MLB entirely as NBC closes in on 'Sunday Night Baseball' rights. Apple TV+ hiking price, will now cost $13 per month in U.S. Masimo was last to learn about blood oxygen sensing returning to Apple Watch. FTC draws hard line on foreign-driven censorship & data demands for Big Tech. Apple Wallet in iOS 26 adds a toggle to disable controversial feature. HBO Max launches new Harry Potter immersive environment on Apple Vision Pro. 'F1' & 'Superman' top $600M global; 'Demon Slayer: Infinity Castle' killing it overseas. Elon Musk's xAI sues Apple over claims it favors OpenAI. Apple patches CVE-2025-43300 zero-day in iOS, iPadOS, and macOS exploited in targeted attacks. Picks of the Week Jason's Pick: Nic's Fix Andy's Pick: Studs Terkel Alex's Pick: Bitrig Hosts: Leo Laporte, Alex Lindsay, Andy Ihnatko, and Jason Snell Download or subscribe to MacBreak Weekly at https://twit.tv/shows/macbreak-weekly. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: pantheon.io cachefly.com/twit

Apple's "Awe dropping" event is set for September 9th. Developer beta 8 of iOS 216, iPadOS 26, and macOS Tahoe 26 has been released. Apple TV+ is hiking its monthly user price. And Masimo sues US Customs over Apple's Apple Watch blood oxygen workaround. Apple September Event invites have officially gone out. iPhone 17 countdown begins as Foxconn ramps up factory hiring in China. Apple seeds developer beta 8 of iOS 26, iPadOS 26, macOS Tahoe 26. MacOS 26 Tahoe's dead canary utility app Icons. Apple may back out of MLB entirely as NBC closes in on 'Sunday Night Baseball' rights. Apple TV+ hiking price, will now cost $13 per month in U.S. Masimo was last to learn about blood oxygen sensing returning to Apple Watch. FTC draws hard line on foreign-driven censorship & data demands for Big Tech. Apple Wallet in iOS 26 adds a toggle to disable controversial feature. HBO Max launches new Harry Potter immersive environment on Apple Vision Pro. 'F1' & 'Superman' top $600M global; 'Demon Slayer: Infinity Castle' killing it overseas. Elon Musk's xAI sues Apple over claims it favors OpenAI. Apple patches CVE-2025-43300 zero-day in iOS, iPadOS, and macOS exploited in targeted attacks. Picks of the Week Jason's Pick: Nic's Fix Andy's Pick: Studs Terkel Alex's Pick: Bitrig Hosts: Leo Laporte, Alex Lindsay, Andy Ihnatko, and Jason Snell Download or subscribe to MacBreak Weekly at https://twit.tv/shows/macbreak-weekly. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: pantheon.io cachefly.com/twit

In this episode of The Cybersecurity Defenders Podcast, we discuss some intel being shared in the LimaCharlie community.• Attackers are actively exploiting CVE-2023-46604, a remote code execution vulnerability in Apache ActiveMQ first disclosed in October 2023, that is used to compromise cloud-hosted Linux servers.• AshES Cybersecurity has publicly disclosed a critical zero-day vulnerability in Elastic's Endpoint Detection and Response (EDR) platform, specifically in the Microsoft-signed kernel driver elastic-endpoint-driver.sys.• At least a dozen ransomware groups are now deploying kernel-level EDR killers - tools designed specifically to disable endpoint detection and response solutions - as part of their malware arsenal.• Microsoft has released an in-depth technical analysis of PipeMagic, a modular backdoor linked to ransomware operations carried out by Storm-2460, a financially motivated threat group associated with RansomEXX.Support our show by sharing your favorite episodes with a friend, subscribe, give us a rating or leave a comment on your podcast platform.This podcast is brought to you by LimaCharlie, maker of the SecOps Cloud Platform, infrastructure for SecOps where everything is built API first. Scale with confidence as your business grows. Start today for free at limacharlie.io.

Apple's "Awe dropping" event is set for September 9th. Developer beta 8 of iOS 216, iPadOS 26, and macOS Tahoe 26 has been released. Apple TV+ is hiking its monthly user price. And Masimo sues US Customs over Apple's Apple Watch blood oxygen workaround. Apple September Event invites have officially gone out. iPhone 17 countdown begins as Foxconn ramps up factory hiring in China. Apple seeds developer beta 8 of iOS 26, iPadOS 26, macOS Tahoe 26. MacOS 26 Tahoe's dead canary utility app Icons. Apple may back out of MLB entirely as NBC closes in on 'Sunday Night Baseball' rights. Apple TV+ hiking price, will now cost $13 per month in U.S. Masimo was last to learn about blood oxygen sensing returning to Apple Watch. FTC draws hard line on foreign-driven censorship & data demands for Big Tech. Apple Wallet in iOS 26 adds a toggle to disable controversial feature. HBO Max launches new Harry Potter immersive environment on Apple Vision Pro. 'F1' & 'Superman' top $600M global; 'Demon Slayer: Infinity Castle' killing it overseas. Elon Musk's xAI sues Apple over claims it favors OpenAI. Apple patches CVE-2025-43300 zero-day in iOS, iPadOS, and macOS exploited in targeted attacks. Picks of the Week Jason's Pick: Nic's Fix Andy's Pick: Studs Terkel Alex's Pick: Bitrig Hosts: Leo Laporte, Alex Lindsay, Andy Ihnatko, and Jason Snell Download or subscribe to MacBreak Weekly at https://twit.tv/shows/macbreak-weekly. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: pantheon.io cachefly.com/twit

In this week's Security Sprint, Dave and Andy covered the following topics: Warm Open:• Nerd Out EP 61. The 2/3 of the Year Awards!Main Topics:FBI PSA - Russian Government Cyber Actors Targeting Networking Devices, Critical Infrastructure. The Federal Bureau of Investigation (FBI) is warning the public, private sector, and international community of the threat posed to computer networks and critical infrastructure by cyber actors attributed to the Russian Federal Security Service's (FSB) Center 16. The FBI detected Russian FSB cyber actors exploiting Simple Network Management Protocol (SNMP) and end-of-life networking devices running an unpatched vulnerability (CVE-2018-0171) in Cisco Smart Install (SMI) to broadly target entities in the United States and globally. Info Ops: • Most Adults in 25 Countries Say Spread of False Information Is a Top National Threat. The findings come from Pew's seventh iteration of its Global Attitudes Survey: International Opinion on Global Threats, which was last published in 2022. • Foreign disinformation enters AI-powered era. At least one China-based technology company, GoLaxy, seems to be using generative AI to build influence operations in Taiwan and Hong Kong… Documents also show that GoLaxy has created profiles for at least 117 members of Congress and over 2,000 American political figures and thought leaders.• Toxic politics and TikTok engagement in the 2024 U.S. election• Why wind farms attract so much misinformation and conspiracy theory UN - Terror threat posed by ISIL ‘remains volatile and complex,' Security Council hears. The threat posed by the terrorist group ISIL – known more widely in the Middle East as Da'esh – remains dynamic and diverse, with Africa currently experiencing the highest level of activity worldwide.• PDF: Remarks by Mr. Vladimir Voronkov, Under-Secretary-General for Counter-Terrorism, United Nations Office of Counter-Terrorism. • PDF: Remarks by Mr. Vladimir Voronkov, Under-Secretary-General, United Nations Office of Counter-Terrorism.• UN Report: ISIS Fighters' Migration to Afghanistan and the Taliban's Failure• ISIS-K poses major threat with 2,000 fighters in Afghanistan, UN saysFEMA Employees Warn That Trump Is Gutting Disaster Response. After Hurricane Katrina, Congress passed a law to strengthen the nation's disaster response. FEMA employees say the Trump administration has reversed that progress. Employees at the Federal Emergency Management Agency wrote to Congress on Monday warning that the Trump administration had reversed much of the progress made in disaster response and recovery since Hurricane Katrina pummeled the Gulf Coast two decades ago. The letter to Congress, titled the “Katrina Declaration,” rebuked President Trump's plan to drastically scale down FEMA and shift more responsibility for disaster response — and more costs — to the states. It came days before the 20th anniversary of Hurricane Katrina, one of the deadliest and costliest storms to ever strike the United States.Quick Hits:• 25% of security leaders replaced after ransomware attack• Gate 15: Hack Yourself First: Pen Testing for Prevention • FB-ISAO: Ransomware Incident Review January to June 2025• Dissecting PipeMagic: Inside the architecture of a modular backdoor framework• Maryland Transit Administration says cybersecurity incident is affecting some of its servicesNevada state government offices closed after network security incident• Audit of Antisemitic Incidents 2024• MIT report: 95% of generative AI pilots at companies are failing• Report: Russian Sabotage Operations In Europe Have Quadrupled Since 2023• CISA Requests Public Comment for Updated Guidance on Software Bill of Materials• Risky Bulletin: NIST releases face-morphing detection guideline• CVE-2025–41688: Bypassing Restrictions in an OT Remote Access Device• Think before you Click(Fix): Analyzing the ClickFix social engineering technique

Welcome to this week's episode of the PEBCAK Podcast!  We've got four amazing stories this week so sit back, relax, and keep being awesome!  Be sure to stick around for our Dad Joke of the Week. (DJOW) Follow us on Instagram @pebcakpodcast   Please share this podcast with someone you know!  It helps us grow the podcast and we really appreciate it!   Germany may ban adblockers https://www.bleepingcomputer.com/news/legal/mozilla-warns-germany-could-soon-declare-ad-blockers-illegal/   Nebraska man gets jailtime for crypto mining scam https://www.bleepingcomputer.com/news/security/nebraska-man-gets-1-year-in-prison-for-35m-cryptojacking-scheme/   Cyber insurers want CVE exemptions https://www.darkreading.com/cyber-risk/cyber-insurers-may-limit-payments-breaches-unpatched-cve   Drinking alcohol in the US hits all time low https://news.gallup.com/poll/693362/drinking-rate-new-low-alcohol-concerns-surge.aspx   Dad Joke of the Week (DJOW)   Find the hosts on LinkedIn: Chris - https://www.linkedin.com/in/chlouie/ Brian - https://www.linkedin.com/in/briandeitch-sase/ Michael - https://www.linkedin.com/in/michael-chen-82098a2/

Increased Elasticsearch Recognizance Scans Our honeypots noted an increase in reconnaissance scans for Elasticsearch. In particular, the endpoint /_cluster/settings is hit hard. https://isc.sans.edu/diary/Increased%20Elasticsearch%20Recognizance%20Scans/32212 Microsoft Patch Tuesday Issues Microsoft noted some issues deploying the most recent patches with WSUS. There are also issues with certain SSDs if larger files are transferred. https://learn.microsoft.com/en-us/windows/release-health/status-windows-11-24h2#3635msgdesc https://www.tomshardware.com/pc-components/ssds/latest-windows-11-security-patch-might-be-breaking-ssds-under-heavy-workloads-users-report-disappearing-drives-following-file-transfers-including-some-that-cannot-be-recovered-after-a-reboot SAP Vulnerabilities Exploited CVE-2025-31324, CVE-2025-42999 Details explaining how to take advantage of two SAP vulnerabilities were made public https://onapsis.com/blog/new-exploit-for-cve-2025-31324/

The industry is obsessed with vulnerabilities. From vulnerability assessment to vulnerability management to exposure management and even zero days, we love to talk about vulnerabilities. But what about misconfiguration? By definition it's a vulnerability or weakness, but it doesn't have a CVE (common vulnerability enumeration). Should we ignore it? Danny Jenkins, CEO and Founder at ThreatLocker, joins BSW to discuss why misconfigurations matter. Simply, you can prevent many cyberattacks by eliminating your misconfigurations. That's why ThreatLocker released Defense Against Configurations (DAC). Danny will discuss the benefits of DAC, including: Immediate visibility into system misconfigurations before they become vulnerabilities Compliance transparency, showing exactly where systems fall short of industry standards One unified view, with filters by criticality, system, and framework Actionable insights, updated weekly and delivered straight to customers' inboxes Segment Resources: https://www.threatlocker.com/press-release/threatlocker-launches-dac-empowering-organizations-with-real-time-visibility-into-configuration-risks-and-compliance-gaps https://www.threatlocker.com/platform/defense-against-configurations This segment is sponsored by ThreatLocker. Visit https://securityweekly.com/threatlocker to learn more about them! In the leadership and communications segment, CEO Blind Spots That Put Your Company at Risk, The CISO Mindset Shift: From Risk Defender to Business Accelerator in the Age of AI, When “Yes, and…” Backfires, and more! Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw-409

The industry is obsessed with vulnerabilities. From vulnerability assessment to vulnerability management to exposure management and even zero days, we love to talk about vulnerabilities. But what about misconfiguration? By definition it's a vulnerability or weakness, but it doesn't have a CVE (common vulnerability enumeration). Should we ignore it? Danny Jenkins, CEO and Founder at ThreatLocker, joins BSW to discuss why misconfigurations matter. Simply, you can prevent many cyberattacks by eliminating your misconfigurations. That's why ThreatLocker released Defense Against Configurations (DAC). Danny will discuss the benefits of DAC, including: Immediate visibility into system misconfigurations before they become vulnerabilities Compliance transparency, showing exactly where systems fall short of industry standards One unified view, with filters by criticality, system, and framework Actionable insights, updated weekly and delivered straight to customers' inboxes Segment Resources: https://www.threatlocker.com/press-release/threatlocker-launches-dac-empowering-organizations-with-real-time-visibility-into-configuration-risks-and-compliance-gaps https://www.threatlocker.com/platform/defense-against-configurations This segment is sponsored by ThreatLocker. Visit https://securityweekly.com/threatlocker to learn more about them! In the leadership and communications segment, CEO Blind Spots That Put Your Company at Risk, The CISO Mindset Shift: From Risk Defender to Business Accelerator in the Age of AI, When “Yes, and…” Backfires, and more! Show Notes: https://securityweekly.com/bsw-409

The industry is obsessed with vulnerabilities. From vulnerability assessment to vulnerability management to exposure management and even zero days, we love to talk about vulnerabilities. But what about misconfiguration? By definition it's a vulnerability or weakness, but it doesn't have a CVE (common vulnerability enumeration). Should we ignore it? Danny Jenkins, CEO and Founder at ThreatLocker, joins BSW to discuss why misconfigurations matter. Simply, you can prevent many cyberattacks by eliminating your misconfigurations. That's why ThreatLocker released Defense Against Configurations (DAC). Danny will discuss the benefits of DAC, including: Immediate visibility into system misconfigurations before they become vulnerabilities Compliance transparency, showing exactly where systems fall short of industry standards One unified view, with filters by criticality, system, and framework Actionable insights, updated weekly and delivered straight to customers' inboxes Segment Resources: https://www.threatlocker.com/press-release/threatlocker-launches-dac-empowering-organizations-with-real-time-visibility-into-configuration-risks-and-compliance-gaps https://www.threatlocker.com/platform/defense-against-configurations This segment is sponsored by ThreatLocker. Visit https://securityweekly.com/threatlocker to learn more about them! In the leadership and communications segment, CEO Blind Spots That Put Your Company at Risk, The CISO Mindset Shift: From Risk Defender to Business Accelerator in the Age of AI, When “Yes, and…” Backfires, and more! Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw-409

A smaller attack surface should lead to a smaller list of CVEs to track, which in turn should lead to a smaller set of vulns that you should care about. But in practice, keeping something like a container image small has a lot of challenges in terms of what should be considered minimal. Neil Carpenter shares advice and anecdotes on what it takes to refine a container image and to change an org's expectations that every CVE needs to be fixed. Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw-344

A smaller attack surface should lead to a smaller list of CVEs to track, which in turn should lead to a smaller set of vulns that you should care about. But in practice, keeping something like a container image small has a lot of challenges in terms of what should be considered minimal. Neil Carpenter shares advice and anecdotes on what it takes to refine a container image and to change an org's expectations that every CVE needs to be fixed. Show Notes: https://securityweekly.com/asw-344

A smaller attack surface should lead to a smaller list of CVEs to track, which in turn should lead to a smaller set of vulns that you should care about. But in practice, keeping something like a container image small has a lot of challenges in terms of what should be considered minimal. Neil Carpenter shares advice and anecdotes on what it takes to refine a container image and to change an org's expectations that every CVE needs to be fixed. Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw-344

CVE-2017-11882 Will Never Die The (very) old equation editor vulnerability is still being exploited, as this recent sample analyzed by Xavier shows. The payload of the Excel file attempts to download and execute an infostealer to exfiltrate passwords via email. https://isc.sans.edu/diary/CVE-2017-11882%20Will%20Never%20Die/32196 Windows Kerberos Elevation of Privilege Vulnerability Yesterday, Microsoft released a patch for a vulnerability that had already been made public. This vulnerability refers to the privilege escalation taking advantage of a path traversal issue in Windows Kerberos affecting Exchange Server in hybrid mode. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53779 Persistent Risk: XZ Utils Backdoor Still Lurking in Docker Images Some old Debian Docker images containing the xz-utils backdoor are still available for download from Docker Hub via the official Debian account. https://www.binarly.io/blog/persistent-risk-xz-utils-backdoor-still-lurking-in-docker-images FortiSIEM / FortiWeb Vulnerablities Fortinet patched already exploited vulnerabilities in FortiWeb and FortiSIEM https://fortiguard.fortinet.com/psirt/FG-IR-25-152 https://fortiguard.fortinet.com/psirt/FG-IR-25-448

In this Soap Box edition of the Risky Business podcast Patrick Gray chats with Socket founder Feross Aboukhadijeh about how to measure the reachability of vulnerabilities in applications. It's great to know there's a CVE in a library you're using, but it's even better if you can say whether or not that vulnerability actually impacts your application. They also talk about how Socket started out as a way to discover malicious packages in software projects, but these days it's playing the CVE game as well. This episode is also available on Youtube. Show notes

The often-overlooked truth in cybersecurity: Seeing the Unseen in Vulnerability ManagementIn this episode, Sean Martin speaks with HD Moore, Founder and CEO of RunZero, about the often-overlooked truth in cybersecurity: the greatest risks are usually the things you don't know exist in your environment.Moore's career has spanned decades of penetration testing, tool creation, and product development, including leading the creation of Metasploit. That background shapes his approach at RunZero—applying attacker-grade discovery techniques to uncover devices, networks, and vulnerabilities that traditional tools miss. Why Discovery Matters MostThrough repeated penetration tests for high-security organizations, Moore observed a consistent pattern: breaches rarely occurred because defenders ignored known issues, but rather because attackers exploited unknown assets. These unknowns often bypassed mitigation strategies simply because they weren't on the organization's radar. Beyond CVEsMoore emphasizes that an overreliance on CVE lists leaves organizations blind to real-world risks. Many breaches stem from misconfigurations, weak credentials, or overlooked systems—problems that can be exploited within days of a vulnerability being announced. The answer, he says, is to focus on exposure and attack paths in real time, not just lists of patchable flaws. Revealing the GapsRunZero's approach often doubles the asset count organizations believe they have, uncovering systems outside existing scanning or endpoint management coverage. By leveraging unauthenticated discovery techniques, they detect exploitable conditions from an attacker's perspective—identifying forgotten hardware, outdated firmware, and network segmentation issues that open dangerous pathways. Changing the GameThis depth of discovery enables security teams to prioritize the small subset of issues that pose the highest business risk, rather than drowning in thousands of low-impact findings. It also helps organizations rebuild their security programs from the ground up—ensuring that every device is accounted for, properly segmented, and monitored. Collaboration and CommunityMoore also shares his ongoing contributions to open source through Project Discovery, integrating and enhancing tools like the nuclei scanner to accelerate vulnerability detection for everyone—not just paying customers. The message is clear: if you want to close the gaps, you first need to know exactly where they are—and that requires a new level of visibility most teams have never had.Learn more about runZero: https://itspm.ag/runzero-5733Note: This story contains promotional content. Learn more.Guest: HD Moore, Founder and CEO of RunZero | On Linkedin: https://www.linkedin.com/in/hdmoore/ResourcesLearn more and catch more stories from runZero: https://www.itspmagazine.com/directory/runzeroAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story

In this episode I chat with Patrick Garrity from VulnCheck. We discuss the chaos that has enveloped the CVE and NVD programs over the past two years. We cover some of the transparency and communication challenges with the existing program. What some of the new things that have started to emerge as well as why they seem to be struggling. We end on the note that the last 3 months haven't been confidence inspiring. It's likely in 6 months everyone will be scrambling to deal with a difficult situation. The show notes and blog post for this episode can be found at https://opensourcesecurity.io/2025/2025-08-cve-patrick-garrity/

Mass Internet Scanning from ASN 43350 Our undergraduate intern Duncan Woosley wrote up aggressive scans from ASN 43350 https://isc.sans.edu/diary/Mass+Internet+Scanning+from+ASN+43350+Guest+Diary/32180/#comments HTTP/1.1 Desync Attacks Portswigger released details about new types of HTTP/1.1 desync attacks it uncovered. These attacks are particularly critical for organizations using middleboxes to translate from HTTP/2 to HTTP/1.1 https://portswigger.net/research/http1-must-die Microsoft Warns of Exchange Server Vulnerability An attacker with admin access to an Exchange Server in a hybrid configuration can use this vulnerability to gain full domain access. The issue is mitigated by an April hotfix, but was not noted in the release of the April Hotfix. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53786 Sonicwall Update Sonicwall no longer believes that a new vulnerability was used in recent compromises https://www.sonicwall.com/support/notices/gen-7-and-newer-sonicwall-firewalls-sslvpn-recent-threat-activity/250804095336430 SANS.edu Research: Wellington Rampazo, Shift Left the Awareness and Detection of Developers Using Vulnerable Open-Source Software Components https://www.sans.edu/cyber-research/shift-left-awareness-detection-developers-using-vulnerable-open-source-software-components/

 Welcome to episode 315 of The Cloud Pod, where the forecast is always cloudy! Your hosts, Justin and Matt, are here to bring you the latest in cloud and AI news, including news about AI from the White House, the newest hacker exploits, and news from CloudWatch, CrowdStrike, and GKE – plus so much more. Let's get into it!  Titles we almost went with this week: SharePoint and Tell: Government Secrets at Risk Zero-Day Hero: How Hackers Found SharePoint’s Achilles’ Heel Amazon Q Gets an F in Security Class Spark Joy: GitHub’s Marie Kondo Approach to App Development No Code? No Problem! GitHub Lights a Spark Under App Creation GKE Turns 10: Still Not Old Enough to Deploy Itself A Decade of Containers: Pokémon GO Caught Them All Kubernetes Engine Hits Double Digits, Still Can’t Count Past 9 Pods Account Names: The Missing Link in AWS Cost Optimization Flash Gordon Saves Your VMs from the Azure-verse The Flash: Fastest VM Monitor in the Multiverse Ctrl+AI+Delete: Rebooting America’s Artificial Intelligence Strategy The AImerican Dream: White House Plots Path to Silicon Supremacy CrowdStrike’s Year of Living Resiliently Kernel Panic at the Disco: A Recovery Story The Search is Over (But Your Copilot License Isn’t) Ground Control to Major Tom: You’re Fired GPU Booking.com: Reserve Your Neural Network’s Next Vacation Calendar Man Strikes Again: This Time He’s Scheduling Your TPUs AirBnB for AI: Short-Term Rentals for Your Machine Learning Models  Claude’s World Tour: Now Playing in Every Region Going Global: Claude Gets Its Passport Stamped on Vertex AI SQS Finally Learns to Share: No More Queue Hogging The Noisy Neighbor Gets Shushed: Amazon’s Fair Play for Queues CloudWatch Gets Its AI Degree in Observability Teaching Old Logs New Tricks: CloudWatch Goes GenAI The Agent Whisperer: CloudWatch’s New AI Monitoring Powers NotebookLM Gets Its PowerPoint License Slides, Camera, AI-ction: NotebookLM Goes Visual The SSL-ippery Slope: Azure’s Managed Certs Go Public or Go Home Breaking Bad Certificates: DigiCert’s New Rules Leave Some Apps High and Dry Firewall Rules: Now with a Rough Draft Feature Azure’s New Policy: Think Before You Deploy General News  00:50 Hackers exploiting a SharePoint zero-day are seen targeting government agencies | TechCrunch Microsoft SharePoint servers are being actively exploited through a zero-day vulnerability (CVE-2025-53770), with initial attacks primarily targeting government agencies, universities, and energy companies, according to security researchers. The vulnerability affects on-premises SharePoint installations only, not cloud versions, with researchers identifying 9,000-10,000 vulnerable instances accessible from the internet that require immediate patching or disconnection. Initial exploitation appears t

In this episode of The Cybersecurity Defenders Podcast, we discuss some intel being shared in the LimaCharlie community.More than 90 state and local government organizations have been targeted in a recent wave of cyberattacks exploiting a vulnerability in Microsoft SharePoint, according to the Center for Internet Security (CIS).Traditional cyber attack methodologies - exploiting endpoints, moving laterally, escalating privileges - are increasingly outdated as enterprise IT shifts toward SaaS and browser-based access.The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2023-2533 - a high-severity Cross-Site Request Forgery (CSRF) vulnerability in PaperCut NG/MF print management software - to its Known Exploited Vulnerabilities (KEV) catalog.Researchers at Nozomi Networks have disclosed over a dozen security flaws in Tridium's Niagara Framework, a vendor-agnostic building management platform used in sectors ranging from industrial automation to energy and smart infrastructure.Between April 2024 and April 2025, ransomware attacks on the oil and gas industry increased by an unprecedented 935%, according to new research from cybersecurity firm Zscaler.Support our show by sharing your favorite episodes with a friend, subscribe, give us a rating or leave a comment on your podcast platform.This podcast is brought to you by LimaCharlie, maker of the SecOps Cloud Platform, infrastructure for SecOps where everything is built API first. Scale with confidence as your business grows. Start today for free at limacharlie.io.

“We Speak CVE” podcast host Shannon Sabens chats with CVE™/CWE™ Project Lead Alec Summers and CWE Top 25 task lead/CWE Root Causes Mapping Working Group lead Connor Mullaly about the importance of mapping CVE Records (vulnerabilities) to their technical root causes using Common Weakness Enumeration (CWE). Additional topics include the benefits of RCM for CVE Numbering Authorities (CNAs) and consumers of CVE data, Common Vulnerability Scoring System (CVSS) and other vulnerability metadata and their differences with CWE, the CWE Top 25 Most Dangerous Software Weaknesses list, and the tools and guidance available to improve the RCM process (e.g., examples of mappings and best practices on the CWE website, mapping usage labels on CWE entry pages on the website, the RCM WG, and an LLM tool), and more. 

In this episode of 'Cybersecurity Today,' host David Chipley discusses several major security incidents and threats. Hamilton, Ontario faces a $5 million insurance denial following a ransomware attack due to incomplete deployment of Multi-Factor Authentication (MFA). The episode also highlights a severe vulnerability, CVE-2025-54135, in the AI-powered Code Editor 'Cursor', which could allow prompt injection attacks. Further topics include a new ransomware attack exploiting Microsoft SharePoint vulnerabilities investigated by Palo Alto Networks, and a campaign leveraging fake OAuth apps to compromise Microsoft 365 accounts. The episode underscores the importance of robust security measures, emphasizing MFA, OAuth hygiene, and prompt patching. 00:00 Introduction and Headlines 00:38 Hamilton's Ransomware Attack and Insurance Denial 02:52 AI-Powered Code Editor Vulnerability 04:57 Palo Alto Networks Investigates SharePoint Exploitation 06:51 Fake OAuth Apps and Microsoft 365 Breaches 08:48 Conclusion and Upcoming Events

In this episode I discuss GCVE and Vulnerability-Lookup with Alex and Cedric from CIRCL. GCVE offers a decentralized approach, allowing organizations to assign their own IDs and publish vulnerabilities independently. Vulnerability-Lookup is the tool that makes GCVE a reality. The flexibility addresses many of the limitations we see today with a single centralized ID system. The work happening by CIRCL on GCVE is very impressive, with all the current CVE turmoil, this is a project we should all be paying attention to. The show notes and blog post for this episode can be found at https://opensourcesecurity.io/2025/2025/2025-08-gcve-cedric-alex/

Securing Firebase: Lessons Re-Learned from the Tea Breach Inspried by the breach of the Tea app, Brendon Evans recorded a video to inform of Firebase security issues https://isc.sans.edu/diary/Securing%20Firebase%3A%20Lessons%20Re-Learned%20from%20the%20Tea%20Breach/32158 WebKit Vulnerability Exploited before Apple Patch A WebKit vulnerablity patched by Apple yesterday has already been exploited in Google Chrome. Google noted the exploit with its patch for the same vulnerability in Chrome. https://nvd.nist.gov/vuln/detail/CVE-2025-6558 Scattered Spider Update CISA released an update for its report on Scattered Spider, noting that the group also calls helpdesks impersonating users, not just the other way around. https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-320a

In this episode of The Cybersecurity Defenders Podcast, we discuss some intel being shared in the LimaCharlie community.A critical new SharePoint vulnerability is under mass exploitation, with attackers targeting on-premises SharePoint Server deployments to exfiltrate sensitive data, including authentication tokens.And then directly related to the first story, Microsoft has now confirmed that at least three China-linked threat actors—Linen Typhoon, Violet Typhoon, and Storm-2603—were actively exploiting CVE-2025-49706 and CVE-2025-49704 a day before the company issued patches on July 8.The UK government announced on July 22, 2025, that it plans to make ransomware payments illegal for public sector bodies and operators of critical national infrastructure (CNI).In-browser cryptocurrency mining, often called crypto jacking, originally gained notoriety in 2017 when Coinhive introduced JavaScript-based mining for Monero.

Join Steve Goodman, Paul Robichaux, and Bastiaan Verdonk as they delve into the critical security vulnerabilities affecting on-premises SharePoint servers, including the "ToolShell" exploit chain (CVE-2025-49704, CVE-2025-49706, CVE-2025-53770, CVE-2025-53771) which enables unauthenticated remote code execution. They discuss the scale of the problem, the threat actors involved, and the crucial need for immediate patching and robust operational practices for any remaining on-premises deployments.The conversation then shifts to the overwhelming challenge of managing the constant stream of updates and changes within Microsoft 365. Special guest Tom Arbuthnot shares insights from his work with Empowering Cloud and their "Change Pilot" service, detailing how they use AI and expert review to help organizations navigate the deluge of Message Center notifications, prioritize impactful changes, and manage the communication around them. Discover practical strategies for staying ahead of the curve in the fast-paced world of Microsoft 365.Want to stay up to date on all things Practical 365? Follow us on Twitter, Facebook, and Linkedin to stay up to date on all things Microsoft!

This week, we cover AI going rogue, Cloudflare declaring independence, and the secure container craze. Plus, Matt bravely judges 9 new emoji. Watch the YouTube Live Recording of Episode (https://www.youtube.com/live/lRlWChvJ_m8?si=cZJ-0kzBrEH5ERZh) 530 (https://www.youtube.com/live/lRlWChvJ_m8?si=cZJ-0kzBrEH5ERZh) Runner-up Titles VP of getting it on Neutral trombone Good Margin Independent from what? The New Benevolence I have plenty of cynicism for other things Rundown Emojis Australian Bigfoot (https://en.wikipedia.org/wiki/Yowie) Unicode's new emoji refuses to put respect on Bigfoot's name (https://www.engadget.com/mobile/unicodes-new-emoji-refuses-to-put-respect-on-bigfoots-name-184412935.html) Matt's Rankings: Hairy Creature Trombone Treasure Chest Fight Cloud Orca Landslide Apple Core Ballet Dancers Distorted Face AI coding platform goes rogue during code freeze and deletes entire company database — Replit CEO apologizes after AI engine says it 'made a catastrophic error in judgment' and 'destroyed all production data' (https://www.tomshardware.com/tech-industry/artificial-intelligence/ai-coding-platform-goes-rogue-during-code-freeze-and-deletes-entire-company-database-replit-ceo-apologizes-after-ai-engine-says-it-made-a-catastrophic-error-in-judgment-and-destroyed-all-production-data) Cloudflare Cloudflare 1.1.1.1 Incident on July 14, 2025 (https://blog.cloudflare.com/cloudflare-1-1-1-1-incident-on-july-14-2025/) Content Independence Day: no AI crawl without compensation! (https://blog.cloudflare.com/content-independence-day-no-ai-crawl-without-compensation/) Accidental Tech Podcast: 649: Prove It With Cameras (https://atp.fm/649) Anubis Web AI Firewall (https://github.com/TecharoHQ/anubis) Announcing Model Context Protocol (MCP) Server for AWS Price List (https://aws.amazon.com/about-aws/whats-new/2025/07/model-context-protocol-server-price-list/) Chainguard builds a market, everyone else wants in. (https://redmonk.com/jgovernor/2025/07/18/chainguard-builds-a-market-everyone-else-wants-in/) Bitnami Secure Images (https://github.com/bitnami/charts/issues/35164) Relevant to your Interests Browser extensions turn Trojan and infect 2.3 million Chrome and Edge users (https://cybernews.com/security/chrome-edge-hijacked-by-eighteen-malicious-extensions/) Code was the least interesting part of my multi-agent app, and here's what that means to me (https://seroter.com/2025/07/17/code-was-the-least-interesting-part-of-my-multi-agent-app-and-heres-what-that-means-to-me/) Dell employees are not OK (https://www.yahoo.com/news/dell-employees-not-ok-135038218.html) How Uber Became A Cash-Generating Machine (https://len-sherman.medium.com/how-uber-became-a-cash-generating-machine-ef78e7a97230) Clouded Judgement 7.18.25 - The Return of the Point Solution (https://cloudedjudgement.substack.com/p/clouded-judgement-71825-the-return?utm_source=post-email-title&publication_id=56878&post_id=168595292&utm_campaign=email-post-title&isFreemail=true&r=2l9&triedRedirect=true&utm_medium=email) Mid-Year 2025 CNCF Open Source Project Velocity (https://www.cncf.io/blog/2025/07/18/a-mid-year-2025-look-at-cncf-linux-foundation-and-the-top-30-open-source-projects/) new Date("wtf") (https://jsdate.wtf/) Intel axes Clear Linux, the fastest distribution on the market — company ends support, effective immediately (https://www.tomshardware.com/software/linux/intel-axes-clear-linux-the-fastest-distribution-on-the-market-company-ends-support-effective-immediately) The Epic Battle for AI Talent—With Exploding Offers, Secret Deals and Tears (https://www.wsj.com/tech/ai/meta-ai-recruiting-mark-zuckerberg-sam-altman-140d5861?st=pBmtib&reflink=article_copyURL_share) Cursor snaps up enterprise startup Koala in challenge to GitHub Copilot (https://techcrunch.com/2025/07/18/cursor-snaps-up-enterprise-startup-koala-in-challenge-to-github-copilot/) Lovable becomes a unicorn with $200M Series A just 8 months after launch (https://techcrunch.com/2025/07/17/lovable-becomes-a-unicorn-with-200m-series-a-just-8-months-after-launch/) Apple details how it trained its new AI models, see highlights (https://9to5mac.com/2025/07/21/apple-details-how-it-trained-its-new-ai-models-4-interesting-highlights/) Instacart's former CEO is taking the reins of a big chunk of OpenAI (https://www.theverge.com/openai/710836/instacarts-former-ceo-is-taking-the-reins-of-a-big-chunk-of-openai) The Enshittification of American Power (https://www.wired.com/story/enshittification-of-american-power/) Customer guidance for SharePoint vulnerability CVE-2025-53770 (https://msrc.microsoft.com/blog/2025/07/customer-guidance-for-sharepoint-vulnerability-cve-2025-53770/) Mike Lynch's Estate Ordered to Pay Hewlett Packard $945 Million (https://www.nytimes.com/2025/07/22/business/dealbook/mike-lynch-hp.html) OpenAI announces ChatGPT agent for web browsing (https://mashable.com/article/openai-announces-chatgpt-agent-web-browsing) OpenAI's new ChatGPT Agent can control an entire computer and do tasks for you (https://www.theverge.com/ai-artificial-intelligence/709158/openai-new-release-chatgpt-agent-operator-deep-research) ChatGPT Numbers (https://www.threads.com/@axios/post/DMXssSjuHax?xmt=AQF0UNyFv8CGZkBsSBbi7XWeXnW67U-Y-ZWQEwDod8lyhA) Move Mesos to the Attic (https://lists.apache.org/list.html?dev@mesos.apache.org) Anthropic hired back two of its employees — just two weeks after they left for a competitor. (https://www.theverge.com/ai-artificial-intelligence/708521/anthropic-hired-back-two-of-its-employees-just-two-weeks-after-they-left-for-a-competitor) Investors Float Deal Valuing Anthropic at More Than $100 Billion (https://www.theinformation.com/articles/investors-float-deal-valuing-anthropic-100-billion) Nonsense Coldplay's Kiss Cam Exposes Astronomer's CEO Andy Byron Alleged Affair With HR Chief Kristin Cabot (https://www.yahoo.com/entertainment/articles/coldplay-kiss-cam-exposes-astronomer-142620411.html) Unicode's new emoji refuses to put respect on Bigfoot's name (https://www.engadget.com/mobile/unicodes-new-emoji-refuses-to-put-respect-on-bigfoots-name-184412935.html) Atari Is Re-Releasing Its 2600+ To Celebrate Pac-Man's 45th Birthday (https://www.timeextension.com/news/2025/07/atari-is-re-releasing-its-2600plus-to-celebrate-pac-mans-45th-birthday) Conferences Sydney Wizdom Meet-Up (https://www.wiz.io/events/sydney-wizdom-meet-up-aug-2025), Sydney, August 7. Matt will be there. SpringOne (https://www.vmware.com/explore/us/springone?utm_source=organic&utm_medium=social&utm_campaign=cote), Las Vegas, August 25th to 28th, 2025. See Coté's pitch (https://www.youtube.com/watch?v=f_xOudsmUmk). Explore 2025 US (https://www.vmware.com/explore/us?utm_source=organic&utm_medium=social&utm_campaign=cote), Las Vegas, August 25th to 28th, 2025. See Coté's pitch (https://www.youtube.com/shorts/-COoeIJcFN4). Wiz Capture the Flag (https://www.wiz.io/events/capture-the-flag-brisbane-august-2025), Brisbane, August 26. Matt will be there. SREDay London (https://sreday.com/2025-london-q3/), Coté speaking, September 18th and 19th. Civo Navigate London (https://www.civo.com/navigate/london/2025), Coté speaking, September 30th. Texas Linux Fest (https://2025.texaslinuxfest.org), Austin, October 3rd to 4th. CFP closes August 3rd (https://www.papercall.io/txlf2025). CF Day EU (https://events.linuxfoundation.org/cloud-foundry-day-europe/), Frankfurt, October 7th, 2025. AI for the Rest of Us (https://aifortherestofus.live/london-2025), Coté speaking, October 15th to 16th, London. SDT News & Community Join our Slack community (https://softwaredefinedtalk.slack.com/join/shared_invite/zt-1hn55iv5d-UTfN7mVX1D9D5ExRt3ZJYQ#/shared-invite/email) Email the show: questions@softwaredefinedtalk.com (mailto:questions@softwaredefinedtalk.com) Free stickers: Email your address to stickers@softwaredefinedtalk.com (mailto:stickers@softwaredefinedtalk.com) Follow us on social media: Twitter (https://twitter.com/softwaredeftalk), Threads (https://www.threads.net/@softwaredefinedtalk), Mastodon (https://hachyderm.io/@softwaredefinedtalk), LinkedIn (https://www.linkedin.com/company/software-defined-talk/), BlueSky (https://bsky.app/profile/softwaredefinedtalk.com) Watch us on: Twitch (https://www.twitch.tv/sdtpodcast), YouTube (https://www.youtube.com/channel/UCi3OJPV6h9tp-hbsGBLGsDQ/featured), Instagram (https://www.instagram.com/softwaredefinedtalk/), TikTok (https://www.tiktok.com/@softwaredefinedtalk) Book offer: Use code SDT for $20 off "Digital WTF" by Coté (https://leanpub.com/digitalwtf/c/sdt) Sponsor the show (https://www.softwaredefinedtalk.com/ads): ads@softwaredefinedtalk.com (mailto:ads@softwaredefinedtalk.com) Recommendations Brandon: Magic Keyboard with Touch ID and Numeric Keypad for Mac (https://www.apple.com/shop/product/MXK83LL/A/magic-keyboard-with-touch-id-and-numeric-keypad-for-mac-models-with-apple-silicon-usb-c-us-english-black-keys?fnode=9586aab2077eb774c28648c4795309d1121a0be316d0cef51e8ecb4f03f94a17a88ca466c99d3d3ce977c5a3933a01e4a9d465d8c36e6a9db43dcd2fdd97c814f69fee0a947209242f7e16f10d07223c5fa2dd831c66ffc4bca1a0c99c10f58ec0b7562aa4f1a834e276771b7ef3bfa8&fs=f%3Dkeyboard%26fh%3D36f4%252B4603) Matt: Spirited (https://www.imdb.com/title/tt1524415/) Photo Credits Header (https://unsplash.com/photos/a-statue-of-a-gorilla-sitting-on-top-of-a-wooden-bench-p9uwu_LDmoc)

Got a question or comment? Message us here!A critical zero-day (CVE-2025-53770) is actively targeting on-premises SharePoint servers AND it's already been used to compromise over 100 organizations. In this #SOCBrief, Andrew and Tanner break down how the exploit works and what steps your team should take now. If your SharePoint instance is public-facing and unpatched ... assume compromise.

Reversing SharePoint Toolshell Exploits CVE-2025-53770 and CVE-2025-53771 A quick walk-through showing how to decode the payload of recent SharePoint exploits https://isc.sans.edu/diary/Analyzing%20Sharepoint%20Exploits%20%28CVE-2025-53770%2C%20CVE-2025-53771%29/32138 Compromised JavaScript NPM is Package The popular npm package is was compromised by malware. Luckily, the malicious code was found quickly, and it was reversed after about five hours. https://socket.dev/blog/npm-is-package-hijacked-in-expanding-supply-chain-attack Microsoft Quick Machine Recovery Microsoft added a new quick machine recovery feature to Windows 11. If the system is stuck in a reboot loop, it will boot to a rescue partition and attempt to find fixes from Microsoft. https://learn.microsoft.com/en-gb/windows/configuration/quick-machine-recovery/?tabs=intune

This week's cybersecurity roundup covers three critical healthcare security developments. Microsoft patched an actively exploited SharePoint zero-day vulnerability (CVE-2024-38023) that allows attackers with basic permissions to execute remote code and pivot through networks. Two major dermatology practice breaches - Mount Laurel Dermatology and Anne Arundel Dermatology - exposed over 1.9 million patient records through third-party vendor compromises, highlighting the risks of business associate agreements. Plus, cybersecurity expert Paul Conley challenges the healthcare industry's reliance on annual training and phishing simulations, advocating for personalized, continuous human risk management approaches that build actual cyber culture rather than just checking compliance boxes.Remember, Stay a Little Paranoid X: This Week Health LinkedIn: This Week Health Donate: Alex's Lemonade Stand: Foundation for Childhood Cancer

Microsoft Updates SharePoint Vulnerability Guidance CVE-2025-53770 and CVE-2025-53771 Microsoft released its update for SharePoint 2016, completing the updates across all currently supported versions. https://msrc.microsoft.com/blog/2025/07/customer-guidance-for-sharepoint-vulnerability-cve-2025-53770/ WinZip MotW Privacy Starting with version 7.10, WinZip introduced an option to no longer include the download URL in zip files as part of the Mark of the Web (MotW). https://isc.sans.edu/diary/WinRAR%20MoTW%20Propagation%20Privacy/32130 Interlock Ransomware Several government agencies collaborated to create an informative and comprehensive overview of the Interlock ransomware. Just like prior writeups, this writeup is very informative, including many technical details useful to detect and block this ransomware. https://www.cisa.gov/news-events/cybersecurity-advisories/aa25-203a Sophos Firewall Updates Sophos patched five different vulnerabilities in its firewalls. Two of them are critical, but these only affect a small percentage of users. https://www.sophos.com/en-us/security-advisories/sophos-sa-20250721-sfos-rce

Microsoft Released Patches for SharePoint Vulnerability CVE-2025-53770 CVE-2025-53771 Microsoft released a patch for the currently exploited SharePoint vulnerability. It also added a second CVE number identifying the authentication bypass vulnerability. https://msrc.microsoft.com/blog/2025/07/customer-guidance-for-sharepoint-vulnerability-cve-2025-53770/ How Quickly Are Systems Patched? Jan took Shodan data to check how quickly recent vulnerabilities were patched. The quick answer: Not fast enough. https://isc.sans.edu/diary/How%20quickly%20do%20we%20patch%3F%20A%20quick%20look%20from%20the%20global%20viewpoint/32126 HP Enterprise Instant On Access Points Vulnerability HPE patched two vulnerabilities in its Instant On access points (aka Aruba). One allows for authentication bypass, while the second one enables arbitrary code execution as admin. https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04894en_us Revealing the AppLocker Bypass Risks in The Suggested Block-list Policy AppLocker sample policies suffer from a simple bug that may enable some rule bypass, but only if signatures are not enforced. While reviewing Microsoft s suggested configuration, Varonis Threat Labs noticed a subtle but important issue: the MaximumFileVersion field was set to 65355 instead of the expected 65535. https://www.varonis.com/blog/applocker-bypass-risks Ghost Crypt Malware Leverages Zoho WorkDrive The Ghost malware tricks users into downloading by sending links to Zoho WorkDrive locations. https://www.esentire.com/blog/ghost-crypt-powers-purerat-with-hypnosis

In this episode of The Cybersecurity Defenders Podcast, we discuss some intel being shared in the LimaCharlie community.Cisco has disclosed a critical vulnerability—tracked as CVE-2025-20337 with a perfect score of 10—affecting its Identity Services Engine (ISE) and the ISE Passive Identity Connector (ISE-PIC). A recently updated version of the malware-as-a-service (MaaS) loader Matanbuchus is being deployed in active spear-phishing campaigns that are ultimately aimed at high-value ransomware infections.Cambodia has announced the arrest of over 1,000 individuals this week as part of a nationwide crackdown on cybercrime networks operating within its borders.A threat actor linked to the Abyss ransomware campaign, tracked as UNC6148 by Google's Threat Intelligence Group (GTIG), appears to be exploiting a zero-day vulnerability in SonicWall's end-of-life Secure Mobile Access (SMA) 100 series devices.

In this week's Security Sprint, Dave and Andy covered the following topics: Warm Open:• 26th Annual TribalNet Conference & Tradeshow• The Gate 15 Interview EP 60 – Sasha Larkin: “I like the chaos, chaos makes sense to me.” • The SUN will not be published the week of 28 Jul – 01 Aug. The SUN will resume the following week.• P2D2!Main Topics:Microsoft, China & Vendor Risk Management:• A Little-Known Microsoft Program Could Expose the Defense Department to Chinese Hackers• US senator seeks details from Defense Department on Microsoft's Chinese engineers• Microsoft says it will no longer use engineers in China for Department of Defense work• Chairmen Gimenez, Moolenaar, Self Probe Tech Companies Over Risks To Undersea Telecom InfrastructurePasswords. Weak password allowed hackers to sink a 158-year-old companyPatching!• Microsoft SharePoint vulnerability CVE-2025-53770: Microsoft: Customer guidance for SharePoint vulnerability CVE-2025-53770 & UK NCSC: Active exploitation of vulnerability affecting Microsoft Office SharePoint Server products in the UK• Canadian Centre for Cyber Security: CrushFTP security advisory (AV25-432)• CISA Adds One Known Exploited Vulnerability to Catalog - CVE-2025-25257 Fortinet FortiWeb SQL Injection Vulnerability• CitrixBleed 2 situation update — everybody already got owned• Canadian Centre for Cyber Security - Vulnerabilities impacting Citrix NetScaler ADC and NetScaler Gateway - CVE-2025-5349, CVE-2025-5777 and CVE-2025-6543 – Update 2 Managing Politics and BiasQuick Hits:• National Guard hacked by Chinese 'Salt Typhoon' campaign for nearly a year, DHS memo says• Charter Calls Increased Critical Infrastructure Attacks on Spectrum Network in Missouri Acts of Domestic Terrorism• UK NPSA - Security-Minded Communications - Guidance for Remote and Rural Locations • Canadian Centre for Cyber Security (CCCS) & Canadian Anti-Fraud Centre (CAFC) Joint Advisory: Cyber officials warns of malicious campaign to impersonate high-profile public figures• Examining How International Hacktivist Groups Pursue Attention, Select Targets, and Interact in an Evolving Online Landscape• China's cyber sector amplifies Beijing's hacking of U.S. targets• Submarine Cables Face Increasing Threats Amid Geopolitical Tensions and Limited Repair Capacity• Of course, Grok's AI companions want to have sex and burn down schools• Investor Alert: Look Out For Possible Investment Scams Related to the Texas Floods • The Amnban Files: Inside Iran's Cyber-Espionage Factory Targeting Global Airlines• Indian crypto exchange CoinDCX hacked, $44M drained

SharePoint Servers Exploited via 0-day CVE-2025-53770 Late last week, CodeWhite found a new remote code execution exploit against SharePoint. This vulnerability is now actively exploited. https://isc.sans.edu/diary/Critical+Sharepoint+0Day+Vulnerablity+Exploited+CVE202553770+ToolShell/32122/ Veeam Voicemail Phishing Attackers appear to impersonate VEEAM in recent voicemail-themed phishing attempts. https://isc.sans.edu/diary/Veeam%20Phishing%20via%20Wav%20File/32120 Passkey Phishing Attack A currently active phishing attack takes advantage of the ability to use QR codes to complete the Passkey login procedure https://expel.com/blog/poisonseed-downgrading-fido-key-authentications-to-fetch-user-accounts/

Hiding Payloads in Linux Extended File Attributes Xavier today looked at ways to hide payloads on Linux, similar to how alternate data streams are used on Windows. Turns out that extended file attributes do the trick, and he presents some scripts to either hide data or find hidden data. https://isc.sans.edu/diary/Hiding%20Payloads%20in%20Linux%20Extended%20File%20Attributes/32116 Cisco Patches Critical Identity Services Engine Flaw CVE-2025-20281, CVE-2025-20337, CVE-2025-20282 An unauthenticated user may execute arbitrary code as root across the network due to improperly validated data in Cisco s Identity Services Engine. https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-unauth-rce-ZAd2GnJ6 Oracle Critical Patch Update Oracle patched 309 flaws across 111 products. 9 of these vulnerabilities have a critical CVSS score of 9.0 or higher. https://www.oracle.com/security-alerts/cpujul2025.html Broadcom releases VMware Updates Broadcom fixed a number of vulnerabilities for ESXi, Workstation, Fusion, and Tools. https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35877

Experimental Suspicious Domain Feed Our new experimental suspicious domain feed uses various criteria to identify domains that may be used for phishing or other malicious purposes. https://isc.sans.edu/diary/Experimental%20Suspicious%20Domain%20Feed/32102 Wing FTP Server RCE Vulnerability Exploited CVE-2025-47812 Huntress saw active exploitation of Wing FTP Server remote code execution (CVE-2025-47812) on a customer on July 1, 2025. Organizations running Wing FTP Server should update to the fixed version, version 7.4.4, as soon as possible. https://www.huntress.com/blog/wing-ftp-server-remote-code-execution-cve-2025-47812-exploited-in-wild https://www.rcesecurity.com/2025/06/what-the-null-wing-ftp-server-rce-cve-2025-47812/ FortiWeb Pre-Auth RCE (CVE-2025-25257) An exploit for the FortiWeb RCE Vulnerability is now available and is being used in the wild. https://pwner.gg/blog/2025-07-10-fortiweb-fabric-rce NVIDIA Vulnerable to Rowhammer NVIDIA has received new research related to the industry-wide DRAM issue known as Rowhammer . The research demonstrates a potential Rowhammer attack against an NVIDIA A6000 GPU with GDDR6 Memory. The purpose of this notice is to reinforce already known mitigations to Rowhammer attacks. https://nvidia.custhelp.com/app/answers/detail/a_id/5671/~/security-notice%3A-rowhammer---july-2025

What s My File Name Malware may use the GetModuleFileName API to detect if it was renamed to a name typical for analysis, like sample.exe or malware.exe https://isc.sans.edu/diary/What%27s%20My%20%28File%29Name%3F/32084 Atomic macOS infostealer adds backdoor for persistent attacks Malware analyst discovered a new version of the Atomic macOS info-stealer (also known as 'AMOS') that comes with a backdoor, to attackers persistent access to compromised systems. https://moonlock.com/amos-backdoor-persistent-access HOUKEN SEEKING A PATH BY LIVING ON THE EDGE WITH ZERO-DAYS At the beginning of September 2024, an attacker repeatedly exploited vulnerabilities CVE-2024- 8190, CVE-2024-8963, and CVE-2024-9380 vulnerabilities to remotely execute arbitrary code on vulnerable Ivanti Cloud Service Appliance devices. https://www.cert.ssi.gouv.fr/uploads/CERTFR-2025-CTI-009.pdf SEO Scams Targeting Putty, WinSCP, and AI Tools Paid Google ads are advertising trojaned versions of popuplar tools like ssh and winscp https://arcticwolf.com/resources/blog-uk/malvertising-campaign-delivers-oyster-broomstick-backdoor-via-seo-poisoning-and-trojanized-tools/

In this episode of The Cybersecurity Defenders Podcast, we discuss some intel being shared in the LimaCharlie community.Two critical local privilege escalation vulnerabilities in the Sudo utility—CVE-2025-32462 and CVE-2025-32463—have been disclosed by the Stratascale Cyber Research Unit.Google Chrome and Mozilla Firefox are both facing distinct, serious threats this week—Chrome from a zero-day vulnerability under active exploitation and Firefox from a campaign of malicious browser extensions targeting cryptocurrency users.The Medusa ransomware group, active since late 2021, has maintained a consistent and aggressive operational tempo into 2025. Cloudflare has rolled out a significant change to how websites handle AI crawlers, positioning itself as the first internet infrastructure provider to block AI-driven scraping by default.

In this July 2025 Patch [FIX] Tuesday episode, Automox security experts Tom, Seth, and Cody unpack four high-impact threats — from Microsoft updates, to Linux vulns, and .zip exploit PoCs.Topics include a physical attack method bypassing BitLocker encryption (CVE-2025-48001), the looming expiration of secure boot certificates, a Linux privilege escalation flaw in chroot and sudo (CVE-2025-32463), and a proof-of-concept .zip exploit that hides malicious content during preview but runs it on unzip.Expect sharp technical insights, practical mitigation tips, and as always, a few laughs. 

Interesting ssh/telnet usernames Some interesting usernames observed in our honeypots https://isc.sans.edu/diary/A%20few%20interesting%20and%20notable%20ssh%20telnet%20usernames/32080 More sudo trouble The host option in Sudo can be exploited to execute commands on unauthorized hosts. https://www.stratascale.com/vulnerability-alert-CVE-2025-32462-sudo-host CitrixBleed2 PoC Posted (CVE-2025-5777) WatchTwer published additional details about the recently patched CitrixBleed vulnerability, including a PoC exploit. https://labs.watchtowr.com/how-much-more-must-we-bleed-citrix-netscaler-memory-disclosure-citrixbleed-2-cve-2025-5777/ Instagram Using Six Day Certificates Instagram changes their TLS certificates daily and they use certificates that are just about to expire in a week. https://hereket.com/posts/instagram-single-day-certificates/

Sudo chroot Elevation of Privilege The sudo chroot option can be leveraged by any local user to elevate privileges to root, even if no sudo rules are defined for that user. https://www.stratascale.com/vulnerability-alert-CVE-2025-32463-sudo-chroot Polymorphic ZIP Files A zip file with a corrupt End of Central Directory Record may extract different data depending on the tool used to extract the files. https://hackarcana.com/article/yet-another-zip-trick Cisco Unified Communications Manager Static SSH Credentials Vulnerability A vulnerability in Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an unauthenticated, remote attacker to log in to an affected device using the root account, which has default, static credentials that cannot be changed or deleted. https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-ssh-m4UBdpE7

The Feds shut down a covert North Korean IT operation. Google releases an emergency update to fix a new Chrome zero-day. A major U.S. trade show and event marketing firm suffers a data breach. NetScaler patches a pair of critical vulnerabilities. A sophisticated cyber attack targets The Hague. An Iran-linked hacking group threatens to release emails allegedly stolen from aides to President Trump. A ransomware attack exposes sensitive data linked to multiple Swiss federal government offices. The U.S. Treasury Department faces scrutiny after a string of cyberattacks. The FBI's phone security tips draw fire from Senator Wyden. Tim Starks from CyberScoop describes how ubiquitous surveillance turned deadly. AI proves its pentesting prowess. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest We are joined today by Tim Starks, Senior Reporter from CyberScoop, discussing his story "Hacker helped kill FBI sources, witnesses in El Chapo case, according to watchdog report." Selected Reading US government takes down major North Korean 'remote IT workers' operation (TechCrunch) Google fixes fourth actively exploited Chrome zero-day of 2025 (Bleeping Computer) NetScaler Critical Security Updates for CVE-2025-6543 and CVE-2025-5777 (NetScaler) International Criminal Court hit with cyber security attack (AP News) Iran-linked hackers threaten to release Trump aides' emails (Reuters) Swiss government data compromised in ransomware attack on health foundation Radix (Beyond Machines) Trade show management firm Nth Degree hit by data breach, exposing sensitive data (Beyond Machines) A Trio of US Treasury Hacks Exposes a Pattern Making Banks Nervous (Bloomberg) Senator Chides FBI for Weak Advice on Mobile Security (Krebs on Security) The top red teamer in the US is an AI bot (CSO Online) Audience Survey Complete our annual audience survey before August 31. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

This week we are joined by Kyle Lefton, Security Researcher from Akamai, who is diving into their work on "Two Botnets, One Flaw - Mirai Spreads Through Wazuh Vulnerability." Akamai researchers have observed active exploitation of CVE-2025-24016, a critical RCE vulnerability in Wazuh, by two Mirai-based botnets. The campaigns highlight how quickly attackers are adapting proof-of-concept exploits to spread malware, underscoring the urgency of patching vulnerable systems. One botnet appears to target Italian-speaking users, suggesting regionally tailored operations. The research can be found here: ⁠Two Botnets, One Flaw: Mirai Spreads Through Wazuh Vulnerability Learn more about your ad choices. Visit megaphone.fm/adchoices

NetScaler ADC and NetScaler Gateway Security Bulletin for CVE-2025-6543 Citrix patched a memory overflow vulnerability leading to unintended control flow and denial of service. https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX694788 Remote code execution in CentOS Web Panel - CVE-2025-48703 An arbitrary file upload vulnerability in the user (not admin) part of Web Panel can be used to execute arbitrary code https://fenrisk.com/rce-centos-webpanel Gogs Arbitrary File Deletion Vulnerability Due to the insufficient patch for the CVE-2024-39931, it's still possible to delete files under the .git directory and achieve remote command execution. https://github.com/gogs/gogs/security/advisories/GHSA-wj44-9vcg-wjq7 Let s Encrypt Will Soon Issue IP Address-Based Certs Let s Encrypt is almost ready to issue certificates for IP address SANs from Let's Encrypt's production environment. They'll only be available under the short-lived profile (which has a 6-day validity period), and that profile will remain allowlist-only for a while. https://community.letsencrypt.org/t/getting-ready-to-issue-ip-address-certificates/238777

Extracting Data From JPEGs Didier shows how to efficiently extract data from JPEGs using his tool jpegdump.py https://isc.sans.edu/diary/A%20JPEG%20With%20A%20Payload/32048 Windows Recall Export in Europe In its latest insider build for Windows 11, Microsoft is testing an export feature for data stored by Recall. The feature is limited to European users and requires that you note an encryption key that will be displayed only once as Recall is enabled. https://blogs.windows.com/windows-insider/2025/06/13/announcing-windows-11-insider-preview-build-26120-4441-beta-channel/ Anubis Ransomware Now Wipes Data The Anubis ransomware, usually known for standard double extortion, is now also wiping data preventing any recovery even if you pay the ransom. https://www.trendmicro.com/en_us/research/25/f/anubis-a-closer-look-at-an-emerging-ransomware.html Mitel Vulnerabilities CVE-2025-47188 Mitel this week patched a critical path traversal vulnerability (sadly, no CVE), and Infoguard Labs published a PoC exploit for an older file upload vulnerability. https://labs.infoguard.ch/posts/cve-2025-47188_mitel_phone_unauthenticated_rce/ https://www.mitel.com/support/mitel-product-security-advisory-misa-2025-0007

Quasar RAT Delivered Through Bat Files Xavier is walking you through a quick reverse analysis of a script that will injection code extracted from a PNG image to implement a Quasar RAT. https://isc.sans.edu/diary/Quasar%20RAT%20Delivered%20Through%20Bat%20Files/32036 Delayed Windows 11 24H2 Rollout Microsoft slightly throttled the rollout of windows 11 24H2 due to issues stemming from the patch Tuesday fixes. https://learn.microsoft.com/en-us/windows/release-health/windows-message-center#3570 An In-Depth Analysis of CVE-2025-33073 Patch Tuesday fixed an already exploited SMB client vulnerability. A blog by Synacktiv explains the nature of the issue and how to exploit it. https://www.synacktiv.com/en/publications/ntlm-reflection-is-dead-long-live-ntlm-reflection-an-in-depth-analysis-of-cve-2025 Connectwise Rotating Signing Certificates Connectwise is rotating signing certificates after a recent compromise, and will release a new version of its Screen share software soon to harden its configuration. https://www.connectwise.com/company/trust/advisories KDE Telnet URL Vulnerablity The Konsole delivered as part of KDE may be abused to execute arbitrary code via telnet URLs. https://kde.org/info/security/advisory-20250609-1.txt