Podcasts about cve

Experimental Suspicious Domain Feed Our new experimental suspicious domain feed uses various criteria to identify domains that may be used for phishing or other malicious purposes. https://isc.sans.edu/diary/Experimental%20Suspicious%20Domain%20Feed/32102 Wing FTP Server RCE Vulnerability Exploited CVE-2025-47812 Huntress saw active exploitation of Wing FTP Server remote code execution (CVE-2025-47812) on a customer on July 1, 2025. Organizations running Wing FTP Server should update to the fixed version, version 7.4.4, as soon as possible. https://www.huntress.com/blog/wing-ftp-server-remote-code-execution-cve-2025-47812-exploited-in-wild https://www.rcesecurity.com/2025/06/what-the-null-wing-ftp-server-rce-cve-2025-47812/ FortiWeb Pre-Auth RCE (CVE-2025-25257) An exploit for the FortiWeb RCE Vulnerability is now available and is being used in the wild. https://pwner.gg/blog/2025-07-10-fortiweb-fabric-rce NVIDIA Vulnerable to Rowhammer NVIDIA has received new research related to the industry-wide DRAM issue known as Rowhammer . The research demonstrates a potential Rowhammer attack against an NVIDIA A6000 GPU with GDDR6 Memory. The purpose of this notice is to reinforce already known mitigations to Rowhammer attacks. https://nvidia.custhelp.com/app/answers/detail/a_id/5671/~/security-notice%3A-rowhammer---july-2025

Un viaje de 20 min por la actualidad Linux:• Kernel 6.16-rc5 arregla el bajón de rendimiento.• Kernel 6.17 añade EDAC para Granite Rapids-D.• Parchea sudo YA: dos CVE críticos.• Wine-Staging 10.12 corrige un bug de 2014.• GNOME 49 Alpha desactiva X11; Builder se vuelve más pro.• KDE Plasma 6.5 suma funciones y menos cuelgues.• U-Boot 2025.07 trae corutinas, exFAT y más SoCs.Todo explicado en lenguaje fácil, enlaces en las notas.

Referências do Episódio2025-07 Security Bulletin: Junos OS and Junos OS Evolved: Vulnerability in the RADIUS protocol for Subscriber Management (Blast-RADIUS) (CVE-2024-3596)Blast-RADIUS2025-07 Security Bulletin: Juniper Security Director: Insufficient authorization for multiple endpoints in web interface (CVE-2025-52950)ServiceNow Flaw CVE-2025-3648 Could Lead to Data Exposure via Misconfigured ACLsFrom Click to Compromise: Unveiling the Sophisticated Attack of DoNot APT Group on Southern European Government EntitiesIranian group Pay2Key.I2P ramps Up ransomware attacks against Israel and US with incentives for affiliatesRoteiro e apresentação: Carlos Cabral e Bianca OliveiraEdição de áudio: Paulo ArruzzoNarração de encerramento: Bianca Garcia

What s My File Name Malware may use the GetModuleFileName API to detect if it was renamed to a name typical for analysis, like sample.exe or malware.exe https://isc.sans.edu/diary/What%27s%20My%20%28File%29Name%3F/32084 Atomic macOS infostealer adds backdoor for persistent attacks Malware analyst discovered a new version of the Atomic macOS info-stealer (also known as 'AMOS') that comes with a backdoor, to attackers persistent access to compromised systems. https://moonlock.com/amos-backdoor-persistent-access HOUKEN SEEKING A PATH BY LIVING ON THE EDGE WITH ZERO-DAYS At the beginning of September 2024, an attacker repeatedly exploited vulnerabilities CVE-2024- 8190, CVE-2024-8963, and CVE-2024-9380 vulnerabilities to remotely execute arbitrary code on vulnerable Ivanti Cloud Service Appliance devices. https://www.cert.ssi.gouv.fr/uploads/CERTFR-2025-CTI-009.pdf SEO Scams Targeting Putty, WinSCP, and AI Tools Paid Google ads are advertising trojaned versions of popuplar tools like ssh and winscp https://arcticwolf.com/resources/blog-uk/malvertising-campaign-delivers-oyster-broomstick-backdoor-via-seo-poisoning-and-trojanized-tools/

In this episode of The Cybersecurity Defenders Podcast, we discuss some intel being shared in the LimaCharlie community.Two critical local privilege escalation vulnerabilities in the Sudo utility—CVE-2025-32462 and CVE-2025-32463—have been disclosed by the Stratascale Cyber Research Unit.Google Chrome and Mozilla Firefox are both facing distinct, serious threats this week—Chrome from a zero-day vulnerability under active exploitation and Firefox from a campaign of malicious browser extensions targeting cryptocurrency users.The Medusa ransomware group, active since late 2021, has maintained a consistent and aggressive operational tempo into 2025. Cloudflare has rolled out a significant change to how websites handle AI crawlers, positioning itself as the first internet infrastructure provider to block AI-driven scraping by default.

In this July 2025 Patch [FIX] Tuesday episode, Automox security experts Tom, Seth, and Cody unpack four high-impact threats — from Microsoft updates, to Linux vulns, and .zip exploit PoCs.Topics include a physical attack method bypassing BitLocker encryption (CVE-2025-48001), the looming expiration of secure boot certificates, a Linux privilege escalation flaw in chroot and sudo (CVE-2025-32463), and a proof-of-concept .zip exploit that hides malicious content during preview but runs it on unzip.Expect sharp technical insights, practical mitigation tips, and as always, a few laughs. 

In this week's Security Sprint, Dave and Andy covered the following topics:Warm Open:• Stopping Vehicles Before They Become Weapons at Church; Learn how to protect your church from vehicle-based attacks using bollards and physical barriers. • DHS to cut 75% of staff in its intelligence office amid heightened threat environment• North Korean IT Worker Threat: Microsoft - Jasper Sleet: North Korean remote IT workers' evolving tactics to infiltrate organizationsMain Topics:Severe Weather, Texas & Camp Mystic Flood Disaster.• FEMA Activates in Texas Following President Trump's Major Disaster Declaration Announcement• How the cataclysmic floods unfolded, minute by minute, amid darkness and chaos• Texas Hill Country is no stranger to flash floods, but alerts came too late• Meteorologists Say the National Weather Service Did Its Job in Texas• Chantal triggers life-threatening flash floods as storm pushes inland in North Carolina and Virginia• Chantal continues to bring flooding rain as it moves inland after South Carolina landfall• A Majority of Companies Are Already Feeling the Climate HeatScams!• FBI PSA: Fraudsters Target US Stock Investors through Investment Clubs Accessed on Social Media and Messaging Applications• Cyber Criminals Target Prime Day Shoppers with Fake Amazon Domains and Phishing ScamsIran and Domestic Threats.• Iran Suspected of Scouting Jewish Targets in Europe• Sleeper cells and threat warnings: how the US-Iran conflict is spinning up fear • After U.S. strikes on Iran, officials warn of retaliation from ‘sleeper cells' in the U.S.• Iran-linked hackers threaten to release Trump aides' emails• Iran's Top General Issues Threat Quick Hits:• DOJ investigates ex-ransomware negotiator over extortion kickbacks• Risky Biz News - C&M hack linked to malicious insider: Brazilian authorities have arrested a 48-year-old programmer in connection with the hack of software company C&M and six Brazilian banks. • Cybercrime set to become the world's third largest economy• How Much More Must We Bleed? - Citrix NetScaler Memory Disclosure (CitrixBleed 2 CVE-2025-5777)• AIVD: threat against the Netherlands remains high, uncertainty regarding world order• CYFIRMA: Executive Threat Landscape Report Australia• Hack3d: The Web3 Security Quarterly Report - Q2 + H1 2025• ReliaQuest: Ransomware and Cyber Extortion in Q2 2025• Comparitech: Ransomware Roundup: H1 2025 stats on attacks, ransoms, and active gangs• National Health Care Fraud Takedown Results in 324 Defendants Charged in Connection with Over $14.6 Billion in Alleged Fraud.• Chinese Scholars Probe for Weaknesses in Western Electricity Grids• Chinese Hackers Target France in Ivanti Zero-Day Exploit Campaign

Interesting ssh/telnet usernames Some interesting usernames observed in our honeypots https://isc.sans.edu/diary/A%20few%20interesting%20and%20notable%20ssh%20telnet%20usernames/32080 More sudo trouble The host option in Sudo can be exploited to execute commands on unauthorized hosts. https://www.stratascale.com/vulnerability-alert-CVE-2025-32462-sudo-host CitrixBleed2 PoC Posted (CVE-2025-5777) WatchTwer published additional details about the recently patched CitrixBleed vulnerability, including a PoC exploit. https://labs.watchtowr.com/how-much-more-must-we-bleed-citrix-netscaler-memory-disclosure-citrixbleed-2-cve-2025-5777/ Instagram Using Six Day Certificates Instagram changes their TLS certificates daily and they use certificates that are just about to expire in a week. https://hereket.com/posts/instagram-single-day-certificates/

Referências do EpisódioExploiting Trust: How Signed Drivers Fuel Modern Kernel Level Attacks on WindowsExclusive disclosure of the attack activities of the APT group NightEagle.Critical Sudo Vulnerabilities Let Local Users Gain Root Access on Linux, Impacting Major DistrosLocal Privilege Escalation via host optionHow Much More Must We Bleed? - Citrix NetScaler Memory Disclosure (CitrixBleed 2 CVE-2025-5777)Roteiro e apresentação: Carlos Cabral e Bianca OliveiraEdição de áudio: Paulo ArruzzoNarração de encerramento: Bianca Garcia

Send us a textWelcome to  Podcast 229 on 5th of July, 2025: This week's 10 outstanding high dividend stocks are in the attached podcast's narration and transcript. 5 U.S STOCK SELCTORS USED (1) common shares  (2) dividend yield + 5% (3)  shares traded over 1M  (4) price gain +5%. (5) share price exceeding $22.72QUALIFIERS' STOCK SYMBOLS & THEIR SCORES: (1) NE Score 70 (2) CIVI Score 76 (3) LYB Score 59 (4) MUR Score 56  (5) WHR Score 48.5 CANADIAN STOCK SELCTORS (1) common shares (2) dividend yield + 4% (3) # shares traded over 455K (4) operating margins +5% (5) share prices $22.72 (6) weekly share price gain +5%. QUALIFIERS' & SCORES   (1) PXT Score 49 (2) RCI.B Score 61 (3) NPI Score 57 (4)  BCE Score 40 (5) CVE Score 52.  DATA USED FOR ALL STOCK SCORE CALCULATIONS:   (1) Price $ (2)  Price 4yrs ago $ (3) Book Value $ (4) Advisor Buys # (5) Advisor Strong Buys # (6) Dividend. Yield % (7)Operating Margin % (8) Share Volume Traded # (9) Price/Earnings Ratio.     CNADIAN SCORE  CALCULATIONS (K=Thousand M =million)STOCK  1            2           3     4   5     6          7          8       9PXT   | 14.38 | 22.86| 25.33 | 0| 0|10.71| 26.23 | 171K | 13.0xRCI.B | 44.04| 66.69| 19.40| 7 |0| 4.54| 22.40| 844K |13.4x NPI | 22.49| 34.37| 16.10| 5| 0 | 5.34 |32.55 | 344K| | 22.6x BCE  | 30.84| 6 1.99| 18.71| 2| 0 | 5.67 |12.90 |1.2M |73.0x  CVE | 19.16| 11.37 | 16.30 | 9 | 1 | 4.18 | 8.32| 3.7M | 12.9xUS SCORE CALCULATIONNES |NE  | 28.40 | 24.44 | 29.26 | 4 |  0 | 7.04 | 22.75| 1M| 9.5x| CIVI | 29.72 | 46.66 | 70.57| 2 | 3 | 10.16 | 26.79 | 1M | 3.4x| LYB | 62.01 | 102.73 | 38.48 | 2 | 0 | 8.84 |3.97| 2M | 22.6x| MUR | 24.47 | 23.54 |35.67 | 1  | 0 | 5.31 | 20.53 | 844K | 9.3x| WHR| 109.93 | 225.02 | 48.78 | 2 | 0 | 6.37 | 2.81 | 730K | 718.3xFor information on  my 6 investment books go to  www.informus.ca.  Ian Duncan MacDonaldAuthor, Artist, Commercial Risk Consultant,President of Informus Inc 2 Vista Humber Drive Toronto, Ontario Canada, M9P 3R7 Toronto Telephone - 416-245-4994 New York Telephone - 929-800-2397 imacd@informus.ca

Sudo chroot Elevation of Privilege The sudo chroot option can be leveraged by any local user to elevate privileges to root, even if no sudo rules are defined for that user. https://www.stratascale.com/vulnerability-alert-CVE-2025-32463-sudo-chroot Polymorphic ZIP Files A zip file with a corrupt End of Central Directory Record may extract different data depending on the tool used to extract the files. https://hackarcana.com/article/yet-another-zip-trick Cisco Unified Communications Manager Static SSH Credentials Vulnerability A vulnerability in Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an unauthenticated, remote attacker to log in to an affected device using the root account, which has default, static credentials that cannot be changed or deleted. https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-ssh-m4UBdpE7

North Korean IT Worker Fraud Scheme:The U.S. Department of Justice uncovered a covert North Korean operation involving IT workers fraudulently securing remote jobs at over 100 American tech companies using stolen or fake identities. These workers operated within U.S.-based "laptop farms" and created shell companies to obscure over $5 million in illicit earnings. Funds were funneled to the North Korean government, supporting weapons development. The scheme also involved data theft, including sensitive source code from a U.S. defense contractor.Android 16 Anti-Surveillance Feature:Android 16 introduces a “network notification” security upgrade that alerts users when their device connects to suspicious or unencrypted cell networks. It specifically guards against fake cell towers, such as stingray devices, by warning users about network requests for identifiers or lack of encryption, enhancing protection from mobile surveillance and forced downgrades to insecure protocols.Critical Printer Vulnerabilities:Rapid7 researchers identified eight major vulnerabilities affecting printers from Brother, Ricoh, Toshiba, Konica Minolta, and Fujifilm. The most critical flaw (CVE-2024-51978) lets remote attackers bypass admin authentication by exploiting a companion vulnerability (CVE-2024-51977) that reveals the printer's serial number—used to generate default admin credentials. This enables unauthorized reconfiguration and access to stored sensitive documents.Microsoft Authenticator Password Phase-Out:Microsoft will remove password autofill and access features from its Authenticator app starting July 2025. The move supports a transition to passwordless sign-ins using biometrics (e.g., facial recognition, fingerprints) and passkeys, aligning with industry shifts toward stronger, phishing-resistant authentication methods.NIH Open-Access Research Mandate:A new U.S. NIH policy mandates that all taxpayer-funded research be freely accessible upon publication. This accelerates an open-access directive initiated under Biden and implemented during the Trump administration. The policy enhances public access to scientific discoveries and may enable AI tools to help interpret complex studies for broader audiences.Pro-Scottish Independence Account Shutdowns:On June 12, multiple X (formerly Twitter) accounts advocating for Scottish independence vanished in sync with an Israeli cyber strike on Iran. The timing and scope of internet outages in Iran imply that the accounts were likely Iranian-run disinformation tools designed to destabilize the UK under the guise of grassroots political advocacy.Facebook Camera Roll Upload Concerns:Facebook is asking users to opt in to uploading unshared photos from their camera roll to Meta's servers to enable AI-generated content (e.g., collages). While Meta states that content remains private and isn't used for advertising, users must accept AI Terms that permit facial recognition, retention of loosely defined personal data, and potential human review—raising serious privacy concerns over intimate, unshared images.Meta's AI Superlab Push:Meta has launched “Meta Superintelligence Labs” and is heavily investing in top AI talent, reportedly offering compensation packages in the $10 million range. This underscores Meta's ambition to lead in high-end AI development, marking its entry into the elite tier of the global “AI arms race” beyond consumer-facing chatbots.

The Feds shut down a covert North Korean IT operation. Google releases an emergency update to fix a new Chrome zero-day. A major U.S. trade show and event marketing firm suffers a data breach. NetScaler patches a pair of critical vulnerabilities. A sophisticated cyber attack targets The Hague. An Iran-linked hacking group threatens to release emails allegedly stolen from aides to President Trump. A ransomware attack exposes sensitive data linked to multiple Swiss federal government offices. The U.S. Treasury Department faces scrutiny after a string of cyberattacks. The FBI's phone security tips draw fire from Senator Wyden. Tim Starks from CyberScoop describes how ubiquitous surveillance turned deadly. AI proves its pentesting prowess. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest We are joined today by Tim Starks, Senior Reporter from CyberScoop, discussing his story "Hacker helped kill FBI sources, witnesses in El Chapo case, according to watchdog report." Selected Reading US government takes down major North Korean 'remote IT workers' operation (TechCrunch) Google fixes fourth actively exploited Chrome zero-day of 2025 (Bleeping Computer) NetScaler Critical Security Updates for CVE-2025-6543 and CVE-2025-5777 (NetScaler) International Criminal Court hit with cyber security attack (AP News) Iran-linked hackers threaten to release Trump aides' emails (Reuters) Swiss government data compromised in ransomware attack on health foundation Radix (Beyond Machines) Trade show management firm Nth Degree hit by data breach, exposing sensitive data (Beyond Machines) A Trio of US Treasury Hacks Exposes a Pattern Making Banks Nervous (Bloomberg) Senator Chides FBI for Weak Advice on Mobile Security (Krebs on Security) The top red teamer in the US is an AI bot (CSO Online) Audience Survey Complete our annual audience survey before August 31. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

In this week's Security Sprint, Dave and Andy covered the following topics:Warm Open:• The GRIP is one year old and to celebrate, we're running an anniversary sale!!• Join the GRIP in July and use promo code HOTJULY2025 to receive a 20% discount!• (TLP:CLEAR) Hostile Nation States Employing Non-State Actors• Surge in MOVEit Transfer Scanning Could Signal Emerging Threat Activity• ‘Suspended animation': US government upheaval has frayed partnerships with critical infrastructure• Short-term extension of expiring cyber information-sharing law could be on the table• Gate 15 is excited to offer a low-cost ransomware resilience exercise for executives! Contact us today for more information on this great opportunity!Main Topics:Iranian Cyber Actors May Target Vulnerable US Networks and Entities of Interest. CISA, the Federal Bureau of Investigation (FBI), the Department of Defense Cyber Crime Center (DC3), and the National Security Agency (NSA) published Iranian Cyber Actors May Target Vulnerable US Networks and Entities of Interest. This joint fact sheet details the need for increased vigilance for potential cyber activity against U.S. critical infrastructure by Iranian state-sponsored or affiliated threat actors. Defense Industrial Base companies, particularly those possessing holdings or relationships with Israeli research and defense firms, are at increased risk. At this time, we have not seen indications of a coordinated campaign of malicious cyber activity in the U.S. that can be attributed to Iran. Beazley Report: U.S. Executives Misjudge Their Cyber Preparedness. U.S.-based executives feel more prepared to counter cyber threats, potentially indicating a false sense of security because many companies lack the ability to be adequately preparedness, according to a new report from specialist insurer Beazley. According to the report, Spotlight on Tech Transformation & Cyber Risk 2025, the perception of cyber resilience rose to 81% from 73% a year ago. Hostile Events:• A violent ambush in Idaho leaves 2 firefighters dead and 1 injured. What to know about the attack• Suspect Identified in Deadly Ambush of Idaho Firefighters• Chilling ‘coincidence' of Idaho shooting sends internet sleuths into overdrive• Gunman started Idaho blaze and then fatally shot 2 firefighters in ambush attack, officials say• Here's a timeline of how the Canfield Mountain ambush shooting unfolded• Multiple firefighters reportedly shot while responding to fire near Coeur d'Alene• Europol: New report - major developments and trends on terrorism in Europe in 2024Quick Hits:• Canadian Centre for Cyber Security - Vulnerabilities impacting Citrix NetScaler ADC and NetScaler Gateway - CVE-2025-5349, CVE-2025-5777 and CVE-2025-6543 • Over 1,200 Citrix servers unpatched against critical auth bypass flaw• The State of Ransomware 2025• Scattered Spider hackers shift focus to aviation, transportation firms • Scattered Spider's Calculated Path from CFO to Compromise • M&S fashion rivals ‘benefited from its pause on online orders after cyber-attack' • Ransomware attack contributed to patient's death• Canada orders Chinese CCTV biz Hikvision to quit the country ASAP• FBI PSA - Criminals Posing as Legitimate Health Insurers and Fraud Investigators to Commit Health Care Fraud• 50 Customers of French Bank Hit by Insider SIM Swap Scam; An intern at Société Générale is believed to have facilitated the theft of more than EUR1mn (USD1.15mn) from the bank's customers.• State of CPS Security 2025: Building Management System Exposures • H1 2025 Crypto Hacks and Exploits: A New Record Amid Evolving Threats

Referências do EpisódioSecurity Advisory: Airoha-based Bluetooth Headphones and EarbudsTracing Blind Eagle to Proton66CVE-2025-5777, CVE-2025-6543: Frequently Asked Questions About CitrixBleed 2 and Citrix NetScaler ExploitationRoteiro e apresentação: Carlos Cabral e Bianca OliveiraEdição de áudio: Paulo ArruzzoNarração de encerramento: Bianca Garcia

This week we are joined by Kyle Lefton, Security Researcher from Akamai, who is diving into their work on "Two Botnets, One Flaw - Mirai Spreads Through Wazuh Vulnerability." Akamai researchers have observed active exploitation of CVE-2025-24016, a critical RCE vulnerability in Wazuh, by two Mirai-based botnets. The campaigns highlight how quickly attackers are adapting proof-of-concept exploits to spread malware, underscoring the urgency of patching vulnerable systems. One botnet appears to target Italian-speaking users, suggesting regionally tailored operations. The research can be found here: ⁠Two Botnets, One Flaw: Mirai Spreads Through Wazuh Vulnerability Learn more about your ad choices. Visit megaphone.fm/adchoices

This week we are joined by Kyle Lefton, Security Researcher from Akamai, who is diving into their work on "Two Botnets, One Flaw - Mirai Spreads Through Wazuh Vulnerability." Akamai researchers have observed active exploitation of CVE-2025-24016, a critical RCE vulnerability in Wazuh, by two Mirai-based botnets. The campaigns highlight how quickly attackers are adapting proof-of-concept exploits to spread malware, underscoring the urgency of patching vulnerable systems. One botnet appears to target Italian-speaking users, suggesting regionally tailored operations. The research can be found here: ⁠Two Botnets, One Flaw: Mirai Spreads Through Wazuh Vulnerability Learn more about your ad choices. Visit megaphone.fm/adchoices

NetScaler ADC and NetScaler Gateway Security Bulletin for CVE-2025-6543 Citrix patched a memory overflow vulnerability leading to unintended control flow and denial of service. https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX694788 Remote code execution in CentOS Web Panel - CVE-2025-48703 An arbitrary file upload vulnerability in the user (not admin) part of Web Panel can be used to execute arbitrary code https://fenrisk.com/rce-centos-webpanel Gogs Arbitrary File Deletion Vulnerability Due to the insufficient patch for the CVE-2024-39931, it's still possible to delete files under the .git directory and achieve remote command execution. https://github.com/gogs/gogs/security/advisories/GHSA-wj44-9vcg-wjq7 Let s Encrypt Will Soon Issue IP Address-Based Certs Let s Encrypt is almost ready to issue certificates for IP address SANs from Let's Encrypt's production environment. They'll only be available under the short-lived profile (which has a 6-day validity period), and that profile will remain allowlist-only for a while. https://community.letsencrypt.org/t/getting-ready-to-issue-ip-address-certificates/238777

Referências do EpisódioCitrixBleed 2: Electric Boogaloo — CVE-2025–5777NetScaler ADC and NetScaler Gateway Security Bulletin for CVE-2025-5349 and CVE-2025-5777NetScaler ADC and NetScaler Gateway Security Bulletin for CVE-2025-6543Citrix users hit by actively exploited zero-day vulnerabilityCisco Identity Services Engine Unauthenticated Remote Code Execution VulnerabilitiesIn the Wild: Malware Prototype with Embedded Prompt InjectionRoteiro e apresentação: Carlos Cabral e Bianca OliveiraEdição de áudio: Paulo ArruzzoNarração de encerramento: Bianca Garcia

News includes the first CVE released under EEF's new CNA program for an Erlang zip traversal vulnerability, Phoenix MacroComponents being delayed for greater potential, Supabase announcing Multigres - a Vitess-like proxy for scaling Postgres to petabyte scale, a surge of new MCP server implementations for Phoenix and Plug including Phantom, HermesMCP, ExMCP, Vancouver, and Excom, a fun blog post revealing that Erlang was the only language that didn't crash under extreme load testing against 6 other languages, LiveDebugger v0.3.0 being teased with Firefox extension support and enhanced debugging capabilities, and more! Show Notes online - http://podcast.thinkingelixir.com/258 (http://podcast.thinkingelixir.com/258) Elixir Community News https://www.honeybadger.io/ (https://www.honeybadger.io/utm_source=thinkingelixir&utm_medium=podcast) – Honeybadger.io is sponsoring today's show! Keep your apps healthy and your customers happy with Honeybadger! It's free to get started, and setup takes less than five minutes. https://cna.erlef.org/cves/cve-2025-4748.html (https://cna.erlef.org/cves/cve-2025-4748.html?utm_source=thinkingelixir&utm_medium=shownotes) – New CVE for Erlang regarding zip traversal - 4.8 severity (medium) with workaround available or update to latest patched OTP versions First CVE released under the EEF's new CNA (CVE Numbering Authority) program - a successful process milestone https://bsky.app/profile/steffend.me/post/3lrlhd5etkc2p (https://bsky.app/profile/steffend.me/post/3lrlhd5etkc2p?utm_source=thinkingelixir&utm_medium=shownotes) – Phoenix MacroComponents is being delayed in search of greater potential https://github.com/phoenixframework/phoenixliveview/pull/3846 (https://github.com/phoenixframework/phoenix_live_view/pull/3846?utm_source=thinkingelixir&utm_medium=shownotes) – Draft PR for Phoenix MacroComponents development https://x.com/supabase/status/1933627932972376097 (https://x.com/supabase/status/1933627932972376097?utm_source=thinkingelixir&utm_medium=shownotes) – Supabase announcement of Multigres project https://supabase.com/blog/multigres-vitess-for-postgres (https://supabase.com/blog/multigres-vitess-for-postgres?utm_source=thinkingelixir&utm_medium=shownotes) – Multigres - Vitess for Postgres, announcement of a new proxy for scaling Postgres databases to petabyte scale https://github.com/multigres/multigres (https://github.com/multigres/multigres?utm_source=thinkingelixir&utm_medium=shownotes) – Multigres GitHub repository Sugu, co-creator of Vitess, has joined Supabase to build Multigres https://hex.pm/packages/phantom_mcp (https://hex.pm/packages/phantom_mcp?utm_source=thinkingelixir&utm_medium=shownotes) – Phantom MCP server - comprehensive implementation supporting Streamable HTTP with Phoenix/Plug integration https://hex.pm/packages/hermes_mcp (https://hex.pm/packages/hermes_mcp?utm_source=thinkingelixir&utm_medium=shownotes) – HermesMCP - comprehensive MCP server with client, stdio and Plug adapters https://hex.pm/packages/ex_mcp (https://hex.pm/packages/ex_mcp?utm_source=thinkingelixir&utm_medium=shownotes) – ExMCP - comprehensive MCP implementation with client, server, stdio and Plug adapters, uses Horde for distribution https://hex.pm/packages/vancouver (https://hex.pm/packages/vancouver?utm_source=thinkingelixir&utm_medium=shownotes) – Vancouver MCP server - simple implementation supporting only tools https://hex.pm/packages/excom (https://hex.pm/packages/excom?utm_source=thinkingelixir&utm_medium=shownotes) – Excom MCP server - simple implementation supporting only tools https://www.youtube.com/watch?v=4dzZ44-xVds (https://www.youtube.com/watch?v=4dzZ44-xVds?utm_source=thinkingelixir&utm_medium=shownotes) – AshAI video demo showing incredible introspection capabilities for MCP frameworks https://freedium.cfd/https:/medium.com/@codeperfect/we-tested-7-languages-under-extreme-load-and-only-one-didnt-crash-it-wasn-t-what-we-expected-67f84c79dc34 (https://freedium.cfd/https:/medium.com/@codeperfect/we-tested-7-languages-under-extreme-load-and-only-one-didnt-crash-it-wasn-t-what-we-expected-67f84c79dc34?utm_source=thinkingelixir&utm_medium=shownotes) – Blog post comparing 7 languages under extreme load - Erlang was the only one that didn't crash https://github.com/software-mansion/live-debugger (https://github.com/software-mansion/live-debugger?utm_source=thinkingelixir&utm_medium=shownotes) – LiveDebugger v0.3.0 release being teased with new features https://bsky.app/profile/membrane-swmansion.bsky.social/post/3lrb4kpmmw227 (https://bsky.app/profile/membrane-swmansion.bsky.social/post/3lrb4kpmmw227?utm_source=thinkingelixir&utm_medium=shownotes) – Software Mansion preview of LiveDebugger v0.3.0 features including Firefox extension and enhanced debugging capabilities https://smartlogic.io/podcast/elixir-wizards/s14-e03-langchain-llm-integration-elixir/ (https://smartlogic.io/podcast/elixir-wizards/s14-e03-langchain-llm-integration-elixir/?utm_source=thinkingelixir&utm_medium=shownotes) – Elixir Wizards podcast episode featuring discussion with Mark Ericksen on the Elixir LangChain project for LLM integration Do you have some Elixir news to share? Tell us at @ThinkingElixir (https://twitter.com/ThinkingElixir) or email at show@thinkingelixir.com (mailto:show@thinkingelixir.com) Find us online - Message the show - Bluesky (https://bsky.app/profile/thinkingelixir.com) - Message the show - X (https://x.com/ThinkingElixir) - Message the show on Fediverse - @ThinkingElixir@genserver.social (https://genserver.social/ThinkingElixir) - Email the show - show@thinkingelixir.com (mailto:show@thinkingelixir.com) - Mark Ericksen on X - @brainlid (https://x.com/brainlid) - Mark Ericksen on Bluesky - @brainlid.bsky.social (https://bsky.app/profile/brainlid.bsky.social) - Mark Ericksen on Fediverse - @brainlid@genserver.social (https://genserver.social/brainlid) - David Bernheisel on Bluesky - @david.bernheisel.com (https://bsky.app/profile/david.bernheisel.com) - David Bernheisel on Fediverse - @dbern@genserver.social (https://genserver.social/dbern)

With @cktricky out on a grand tour across the country (or just unable to record for the day), @sethlaw succumbs to the dark side to give @lojikil a platform to talk about recent developments in the application security world. Specifically, a discussion on vulnerability data and scoring mechanisms, including CVE, CVSS, CWSS, and other acronyms. Wraps up with a longer discussion on the use of AI across multiple disciplines and provenance of AI Slop.

In this episode of The Cybersecurity Defenders Podcast, we discuss some intel being shared in the LimaCharlie community.Over an eight-month period beginning in July of last year, China-backed threat actors carried out a coordinated campaign that included attempts to breach cybersecurity vendor SentinelOne.CISA has added two newly confirmed exploited vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active abuse in the wild.OpenAI has banned ChatGPT accounts linked to state-sponsored threat actors, including groups affiliated with governments in China, Russia, North Korea, Iran, and others.A critical vulnerability in Wazuh Server, CVE-2025-24016 (CVSS 9.9), is being actively exploited by threat actors to deliver multiple Mirai botnet variants for distributed denial-of-service (DDoS) operations.

Extracting Data From JPEGs Didier shows how to efficiently extract data from JPEGs using his tool jpegdump.py https://isc.sans.edu/diary/A%20JPEG%20With%20A%20Payload/32048 Windows Recall Export in Europe In its latest insider build for Windows 11, Microsoft is testing an export feature for data stored by Recall. The feature is limited to European users and requires that you note an encryption key that will be displayed only once as Recall is enabled. https://blogs.windows.com/windows-insider/2025/06/13/announcing-windows-11-insider-preview-build-26120-4441-beta-channel/ Anubis Ransomware Now Wipes Data The Anubis ransomware, usually known for standard double extortion, is now also wiping data preventing any recovery even if you pay the ransom. https://www.trendmicro.com/en_us/research/25/f/anubis-a-closer-look-at-an-emerging-ransomware.html Mitel Vulnerabilities CVE-2025-47188 Mitel this week patched a critical path traversal vulnerability (sadly, no CVE), and Infoguard Labs published a PoC exploit for an older file upload vulnerability. https://labs.infoguard.ch/posts/cve-2025-47188_mitel_phone_unauthenticated_rce/ https://www.mitel.com/support/mitel-product-security-advisory-misa-2025-0007

In this episode of The Tech Trek, Amir sits down with Matt Moore, CTO and co-founder of Chainguard, to explore the escalating importance of software supply chain security. From Chainguard's origin story at Google to the systemic risks enterprises face when consuming open source, Matt shares the lessons, best practices, and technical innovations that help make open source software safer and more reliable. The conversation also touches on AI's impact on the attack surface, mitigating threats with engineering rigor, and why avoiding long-lived credentials could be your best defense.

Quasar RAT Delivered Through Bat Files Xavier is walking you through a quick reverse analysis of a script that will injection code extracted from a PNG image to implement a Quasar RAT. https://isc.sans.edu/diary/Quasar%20RAT%20Delivered%20Through%20Bat%20Files/32036 Delayed Windows 11 24H2 Rollout Microsoft slightly throttled the rollout of windows 11 24H2 due to issues stemming from the patch Tuesday fixes. https://learn.microsoft.com/en-us/windows/release-health/windows-message-center#3570 An In-Depth Analysis of CVE-2025-33073 Patch Tuesday fixed an already exploited SMB client vulnerability. A blog by Synacktiv explains the nature of the issue and how to exploit it. https://www.synacktiv.com/en/publications/ntlm-reflection-is-dead-long-live-ntlm-reflection-an-in-depth-analysis-of-cve-2025 Connectwise Rotating Signing Certificates Connectwise is rotating signing certificates after a recent compromise, and will release a new version of its Screen share software soon to harden its configuration. https://www.connectwise.com/company/trust/advisories KDE Telnet URL Vulnerablity The Konsole delivered as part of KDE may be abused to execute arbitrary code via telnet URLs. https://kde.org/info/security/advisory-20250609-1.txt

June's Patch [FIX] Tuesday unpacks a lighter-than-usual Windows patch cycle — but don't get too comfortable. Join Automox cybersecurity experts as they break down high-risk vulnerabilities across macOS and Windows, including:A chained SSH vulnerability (CVE-2025-26465 & CVE-2025-26466) that allows memory exhaustion and bypasses host key verificationA WebDAV remote code execution flaw (CVE-2025-33053) actively exploited in the wildMultiple macOS threats, from sandbox escapes to keychain access and privilege escalationThe team also shares patching strategies, mitigation tips, and password hygiene advice you'll want to follow.

Our terminal apps are loaded, the goals are set, but we're already hitting a few snags. The TUI Challenge begins...Sponsored By:Tailscale: Tailscale is a programmable networking software that is private and secure by default - get it free on up to 100 devices! 1Password Extended Access Management: 1Password Extended Access Management is a device trust solution for companies with Okta, and they ensure that if a device isn't trusted and secure, it can't log into your cloud apps. Unraid: A powerful, easy operating system for servers and storage. Maximize your hardware with unmatched flexibility. Support LINUX UnpluggedLinks:

I'm joined by guests Praveen Perera, Future Paul & Ben Carman to go through the list.Bitcoin • Software Releases & Project Updates (00:01:29) Cove Wallet (00:18:14) Harbor.cash (00:35:45) Sparrow Wallet (00:37:05) BDK bdk_chain (00:37:52) Liana (00:38:24) Nunchuk Android (00:39:02) Bull Bitcoin Mobile (00:40:39) Blue Wallet (00:41:00) Bitkey App (00:43:21) FullyNoded (00:44:03) Zaprite (00:45:43) BoltzExchange (00:45:46) Padawan Wallet (00:46:23) Blockstream Green Android (00:46:37) Samourai Dojo (00:46:49) ESP-Miner (00:46:51) NBXplorer (00:47:12) Mempal• Poject Spotlight (00:47:23) DahLIAS (00:48:25) Manna Bitcoin (00:48:34) Darkwire (00:48:44) Parasite Pool (00:48:55) Blockpicker (00:49:10) LOCK Protocol (00:49:17) Sigbash (00:49:38) Arkade OS (00:50:09) Swift Bitcoin (00:50:36) Pythia (00:50:45) Arcana Seed Lodge (00:50:54) BIP47 Message Verifier (00:51:02) Traxe (00:51:08) Censorship Resistant (00:51:21) Bitcoin-4-AllVulnerability Disclosures (00:51:38) Coinbase data breach (00:54:07) Ledger Donjon (00:54:46) CVE-2023-21563 (00:55:59) BitpixiePrivacy & Other Related Bitcoin Projects • Software Releases & Project Updates (00:57:14) SimpleX (00:57:15) NomadNet (00:57:16) Sideband (00:57:17) Mullvad VPN Loader (00:58:17) Signal Desktop (00:58:20) Have I Been Pwned (00:58:22) KYCnot.me• Poject Spotlight (01:00:26) OniuxLightning + L2+ • Project Spotlight (01:00:39) Routstr (01:02:22) Lightning Blinder (01:02:32) Phoenixd MCP Server (01:03:27) Amboss Rails (01:03:48) Sixty Nuts (01:03:54) BTCNutServerBoosts (01:07:13) Shoutout to top boosters AVERAGE_GARY, hgw39, Rod Palmer, Chris, Hech, AVERAGE_GARY, Bob the Cow, Plunger & Homer Hodl.Links & Contacts:Website: https://bitcoin.review/Substack: https://substack.bitcoin.review/Twitter: https://twitter.com/bitcoinreviewhqNVK Twitter: https://twitter.com/nvkTelegram: https://t.me/BitcoinReviewPodEmail: producer@coinkite.comNostr & LN: ⚡nvk@nvk.org (not an email!)Full show notes: https://bitcoin.review/podcast/episode-97

vBulletin Exploits CVE-2025-48827, CVE-2025-48828 We do see exploit attempts for the vBulletin flaw disclosed about a week ago. The flaw is only exploitable if vBulltin is run on PHP 8.1, and was patched over a year ago. However, vBulltin never disclosed the type of vulnerability that was patched. https://isc.sans.edu/diary/vBulletin%20Exploits%20%28CVE-2025-48827%2C%20CVE-2025-48828%29/32006 Google Chrome 0-Day Patched Google released a security update for Google Chrome patching three flaws. One of these is already being exploited. https://chromereleases.googleblog.com/ Roundcube Update Roundcube patched a vulnerability that allows any authenticated user to execute arbitrary code. https://roundcube.net/news/2025/06/01/security-updates-1.6.11-and-1.5.10 HP Vulnerabilities in StoreOnce HP patched multiple vulnerabilities in StoreOnce. These issues could lead to remote code execution https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbst04847en_us&docLocale=en_US

Forecast = Stormy with a chance of TikTok malware showers—exploit scoring systems hot, but patch management outlook remains partly cloudy. Welcome to Storm⚡️Watch! In this episode, we're diving into the current state of cyber weather with a mix of news, analysis, and practical insights. This week, we tackle a fundamental question: are all exploit scoring systems bad, or are some actually useful? We break down the major frameworks: **CVSS (Common Vulnerability Scoring System):** The industry standard for assessing vulnerability severity, CVSS uses base, temporal, and environmental metrics to give a comprehensive score. It's widely used but has limitations—especially since it doesn't always reflect real-world exploitability. **Coalition Exploit Scoring System (ESS):** This system uses AI and large language models to predict the likelihood that a CVE will be exploited in the wild. ESS goes beyond technical severity, focusing on exploit availability and usage probabilities, helping organizations prioritize patching with better accuracy than CVSS alone. **EPSS (Exploit Prediction Scoring System):** EPSS is a data-driven approach that estimates the probability of a vulnerability being exploited, using real-world data from honeypots, IDS/IPS, and more. It updates daily and helps teams focus on the most urgent risks. **VEDAS (Vulnerability & Exploit Data Aggregation System):** VEDAS aggregates data from over 50 sources and clusters vulnerabilities, providing a score based on exploit prevalence and maturity. It's designed to help teams understand which vulnerabilities are most likely to be actively exploited. **LEV/LEV2 (Likely Exploited Vulnerabilities):** Proposed by NIST, this metric uses historical EPSS data to probabilistically assess exploitation, helping organizations identify high-risk vulnerabilities that might otherwise be missed. **CVSS BT:** This project enriches CVSS scores with real-world threat intelligence, including data from CISA KEV, ExploitDB, and more. It's designed to help organizations make better patching decisions by adding context about exploitability. Next, we turn our attention to a troubling trend: malware distribution via TikTok. Attackers are using AI-generated videos, disguised as helpful software activation tutorials, to trick users into running malicious PowerShell commands. This “ClickFix” technique has already reached nearly half a million views. The malware, including Vidar and StealC, runs entirely in memory, bypassing traditional security tools and targeting credentials, wallets, and financial data. State-sponsored groups from Iran, North Korea, and Russia have adopted these tactics, making it a global concern. For employees, the takeaway is clear: never run PowerShell commands from video tutorials, and always report suspicious requests to IT. For IT teams, consider disabling the Windows+R shortcut for standard users, restrict PowerShell execution, and update security awareness training to include social media threats. We also highlight the latest from Censys, VulnCheck, runZero, and GreyNoise—industry leaders providing cutting-edge research and tools for vulnerability management and threat intelligence. Don't miss GreyNoise's upcoming webinar on resurgent vulnerabilities and their impact on organizational security. And that's a wrap for this episode! We will be taking a short break from Storm Watch for the summer. We look forward to bringing more episodes to you in the fall! Storm Watch Homepage >> Learn more about GreyNoise >>  

This week, we are joined by John Hammond, Principal Security Researcher at Huntress, who is sharing his PoC and research on "CVE-2025-30406 - Critical Gladinet CentreStack & Triofox Vulnerability Exploited In The Wild." A critical 9.0 severity vulnerability (CVE-2025-30406) in Gladinet CentreStack and Triofox is being actively exploited in the wild, allowing remote code execution via hardcoded cryptographic keys in default configuration files. Huntress researchers observed compromises at multiple organizations and confirmed hundreds of vulnerable internet-exposed servers, urging immediate patching or manual machineKey updates. Mitigation guidance, detection, and remediation scripts have been released to help users identify and secure affected installations. The research can be found here: ⁠CVE-2025-30406 - Critical Gladinet CentreStack & Triofox Vulnerability Exploited In The Wild Learn more about your ad choices. Visit megaphone.fm/adchoices

This week, we are joined by John Hammond, Principal Security Researcher at Huntress, who is sharing his PoC and research on "CVE-2025-30406 - Critical Gladinet CentreStack & Triofox Vulnerability Exploited In The Wild." A critical 9.0 severity vulnerability (CVE-2025-30406) in Gladinet CentreStack and Triofox is being actively exploited in the wild, allowing remote code execution via hardcoded cryptographic keys in default configuration files. Huntress researchers observed compromises at multiple organizations and confirmed hundreds of vulnerable internet-exposed servers, urging immediate patching or manual machineKey updates. Mitigation guidance, detection, and remediation scripts have been released to help users identify and secure affected installations. The research can be found here: ⁠CVE-2025-30406 - Critical Gladinet CentreStack & Triofox Vulnerability Exploited In The Wild Learn more about your ad choices. Visit megaphone.fm/adchoices

Researchers Scanning the Internet A newish RFC, RFC 9511, suggests researchers identify themselves by adding strings to the traffic they send, or by operating web servers on machines from which the scan originates. We do offer lists of researchers and just added three new groups today https://isc.sans.edu/diary/Researchers%20Scanning%20the%20Internet/31964 Cloudy with a change of Hijacking: Forgotten DNS Records Organizations do not always remove unused CNAME records. An attacker may take advantage of this if an attacker is able to take possession of the now unused public cloud resource the name pointed to. https://blogs.infoblox.com/threat-intelligence/cloudy-with-a-chance-of-hijacking-forgotten-dns-records-enable-scam-actor/ Message signature verification can be spoofed CVE-2025-47934 A vulnerability in openpgp.js may be used to spoof message signatures. openpgp.js is a popular library in systems implementing end-to-end encrypted browser applications. https://github.com/openpgpjs/openpgpjs/security/advisories/GHSA-8qff-qr5q-5pr8

On this week's show Patrick Gray and Adam Boileau discuss the week's cybersecurity news: TeleMessage memory dumps show up on DDoSecrets Coinbase contractor bribed to hand over user data Telegram does seem to be actually cooperating with law enforcement Britain's legal aid service gets 15 years worth of applicant data stolen Shocking no one, Ivanti were weaseling when they blamed latest bugs on a third party library This week's episode is sponsored by Prowler, who make an open source cloud security tool. Founder and original project developer Toni de la Fuente joins to talk through the flexibility that open tooling brings. Prowler is also adding support for SaaS platforms like M365, and of course, an AI assistant to help you write checks! This episode is also available on Youtube. Show notes TeleMessage - Distributed Denial of Secrets How the Signal Knockoff App TeleMessage Got Hacked in 20 Minutes | WIRED Coinbase says thieves stole user data and tried to extort $20M Hack could cost Coinbase up to $400M: filing | Cybersecurity Dive Severed Fingers and ‘Wrench Attacks' Rattle the Crypto Elite Money Stuff: US Debt Rates Itself | NewsletterHunt 2 massive black market services blocked by Telegram, messaging app says | Reuters Telegram Gave Authorities Data on More than 20,000 Users GovDelivery, an email alert system used by governments, abused to send scam messages | TechCrunch ATO warning as hackers steal $14,000 in tax returns: ‘Be wary' Hack of SEC social media account earns 14-month prison sentence for Alabama man | The Record from Recorded Future News 19-year-old accused of largest child data breach in U.S. agrees to plead guilty Beach mansion, Benz and Bitcoin worth $4.5m seized from League of Legends hacker Shane Stephen Duffy | 7NEWS Pegasus spyware maker rebuffed in efforts to get off trade blacklist - The Washington Post Ransomware attack hits supplier of refrigerated groceries to British supermarkets | The Record from Recorded Future News UK government confirms massive data breach following hack of Legal Aid Agency | The Record from Recorded Future News Ivanti Endpoint Mobile Manager customers exploited via chained vulnerabilities | Cybersecurity Dive Expression Payloads Meet Mayhem - Ivanti EPMM Unauth RCE Chain (CVE-2025-4427 and CVE-2025-4428)

Web Scanning SonicWall for CVE-2021-20016 - Update Scans for SonicWall increased by an order of magnitude over the last couple of weeks. Many of the attacks appear to originate from Global Host , a low-cost virtual hosting provider. https://isc.sans.edu/diary/Web%20Scanning%20SonicWall%20for%20CVE-2021-20016%20-%20Update/31952 Google Update Patches Exploited Chrome Flaw Google released an update for Chrome. The update fixes two specific flaws reported by external researchers, CVE-2025-4664 and CVE-2025-4609. The first flaw is already being exploited in the wild. https://chromereleases.googleblog.com/2025/05/stable-channel-update-for-desktop_14.html https://x.com/slonser_/status/1919439373986107814 RVTools Bumblebee Malware Attack Zerodaylabs published its analysis of the RV-Tools Backdoor attack. It suggests that this may not be solely a search engine optimization campaign directing victims to the malicious installer, but that the RVTools distribution site was compromised. https://zerodaylabs.net/rvtools-bumblebee-malware/ Operation RoundPress ESET Security wrote up a report summarizing recent XSS attacks against open-source webmail systems https://www.welivesecurity.com/en/eset-research/operation-roundpress/

This week, we discuss Zenoss finally getting acquired, Databricks buying Neon, and the debut of WizOS. Plus, updates on OpenAI, Google, Apple—and hot takes on Marmite, Vegemite, and Emacs. Watch the YouTube Live Recording of Episode (https://www.youtube.com/live/gtm8WopIaOM?si=NsjyGL8As3sTLg7P) 519 (https://www.youtube.com/live/gtm8WopIaOM?si=NsjyGL8As3sTLg7P) Runner-up Titles Vegemite is still bad You're probably eating it It's a bold statement This episode's all about us Pendantic is my jam They tell you they're making “calculated bets” Rupert SlackGPT No one knows anything, do everything Rundown Marmite Rice Cakes (https://groceries.morrisons.com/products/marmite-rice-cakes/109658607) M&A Virtana Acquires Zenoss to Deliver the Industry's Deepest and Broadest Observability Platform (https://www.virtana.com/press-release/virtana-acquires-zenoss-to-deliver-the-industrys-deepest-and-broadest-observability-platform/) Databricks Agrees to Acquire Neon to Deliver Serverless Postgres for Developers + AI Agents - Databricks (https://www.databricks.com/company/newsroom/press-releases/databricks-agrees-acquire-neon-help-developers-deliver-ai-systems) Introducing WizOS: Securing Wiz from the ground up with hardened, near-zero-CVE container base images. (https://www.wiz.io/blog/introducing-wizos-hardened-near-zero-cve-base-images) Checking on OpenAI Evolving OpenAI's structure (https://openai.com/index/evolving-our-structure/) OpenAI caves to pressure, keeps nonprofit in charge (https://www.theregister.com/2025/05/05/openai_keep_nonprofit_in_charge/) OpenAI Hires Instacart C.E.O. to Run Business and Operations (https://www.nytimes.com/2025/05/08/technology/openai-fidji-simo.html) OpenAI Reaches Agreement to Buy Startup Windsurf for $3 Billion (https://www.bloomberg.com/news/articles/2025-05-06/openai-reaches-agreement-to-buy-startup-windsurf-for-3-billion) Anysphere, which makes Cursor, has reportedly raised $900M at $9B valuation (https://techcrunch.com/2025/05/04/cursor-is-reportedly-raising-funds-at-9-billion-valuation-from-thrive-a16z-and-accel/) Checking in on Google Google Search traffic decline is inevitable, execs say (https://searchengineland.com/google-search-traffic-decline-inevitable-455345) Google tests replacing 'I'm Feeling Lucky' with 'AI Mode' (https://techcrunch.com/2025/05/13/google-tests-replacing-im-feeling-lucky-with-ai-mode/) Checking on Apple Apple To Appeal Judge's Scathing New Ruling In Epic Games Antitrust Case, Says CEO Tim Cook (https://deadline.com/2025/05/apple-to-appeal-ruling-in-epic-games-fortnite-antitrust-case-1236383340/) Eddy Cue is fighting to save Apple's $20 billion paycheck from Google (https://www.theverge.com/policy/662974/google-search-remedies-trial-eddy-cue-apple-deal-ai) PayPal Brings Contactless Payments to German iPhones Under New EU Rule (https://www.macrumors.com/2025/05/13/paypal-contactless-payments-germany/) emacs — Matt Gemmell (https://mattgemmell.scot/emacs/) Relevant to your Interests New Netflix UI (https://about.netflix.com/en/news/unveiling-our-innovative-new-tv-experience) VMware perpetual license holders receive cease-and-desist letters from Broadcom (https://arstechnica.com/gadgets/2025/05/broadcom-sends-cease-and-desist-letters-to-subscription-less-vmware-users/) The EC2 Pricing Form is 284 MB JSON File? (https://pricing.us-east-1.amazonaws.com/offers/v1.0/aws/AmazonEC2/current/ap-southeast-2/index.json) Has DOGE missed its opportunity? (https://www.nextgov.com/ideas/2025/05/has-doge-missed-its-opportunity/405125/) Thanks to DOGE, Gumroad's founder has a second job with the VA (https://www.fastcompany.com/91330297/doge-sahil-lavignia-gumroad) Microsoft employees are banned from using DeepSeek app, president says (https://techcrunch.com/2025/05/08/microsoft-employees-are-banned-from-using-deepseek-app-president-says/) AI Is Like a Crappy Consultant (https://lukekanies.com/writing/ai-is-like-a-crappy-consultant/) You can now submit your claims for Apple's $95 million Siri spying settlement (https://www.theverge.com/news/663166/apple-siri-audio-recording-lawsuit-payout-applications) Microsoft laying off about 6,000 people, or 3% of its workforce (https://www.cnbc.com/2025/05/13/microsoft-is-cutting-3percent-of-workers-across-the-software-company.html) The Case for Open AI Tooling: Why Developers Need Sovereignty in the AI Era (https://thenewstack.io/the-case-for-open-ai-tooling-why-developers-need-sovereignty-in-the-ai-era/) DeepSeek's ‘Tech Madman' Founder Is Threatening US Dominance in AI Race (https://www.bloomberg.com/news/features/2025-05-13/deepseek-races-after-chatgpt-as-china-s-ai-industry-soars) Microsoft laying off about 6,000 people, or 3% of its workforce (https://www.cnbc.com/2025/05/13/microsoft-is-cutting-3percent-of-workers-across-the-software-company.html) GM unveils new 'groundbreaking' EV battery tech, aims to be first to market (https://www.cnbc.com/2025/05/13/gm-new-ev-battery-tech.html) Exclusive: Slate Auto has already racked up more than 100,000 refundable reservations (https://techcrunch.com/2025/05/12/slate-auto-crosses-100000-refundable-reservations-in-two-weeks) Nonsense Meet Vulcan, the first Amazon robot with a sense of touch (https://www.cnbc.com/video/2025/05/07/meet-vulcan-the-first-amazon-robot-with-a-sense-of-touch.html) Fyre Festival's embattled founder is selling the brand: 'It's time to pass the torch' (https://www.npr.org/2025/04/24/nx-s1-5374909/fyre-festival-for-salrl-billy-mcfarland) Conferences NDC Oslo (https://ndcoslo.com/), May 21st-23th, Coté speaking. POST/CON 25 (https://postcon.postman.com/2025/), June 3-4, Los Angeles, CA, Brandon representing SDT. Register here for free pass (https://fnf.dev/43irTu1) using code BRANDON (https://fnf.dev/43irTu1) (limited to first 20 People) Contract-Driven Development: Unite Your Teams and Accelerate Delivery (https://postcon.postman.com/2025/session/3022520/contract-driven-development-unite-your-teams-and-accelerate-delivery%20%20%20%20%20%208:33) by Chris Chandler SREDay Cologne, June 12th, 2025 (https://sreday.com/2025-cologne-q2/#tickets) - Coté speaking, discount: CLG10, 10% off. SDT News & Community Join our Slack community (https://softwaredefinedtalk.slack.com/join/shared_invite/zt-1hn55iv5d-UTfN7mVX1D9D5ExRt3ZJYQ#/shared-invite/email) Email the show: questions@softwaredefinedtalk.com (mailto:questions@softwaredefinedtalk.com) Free stickers: Email your address to stickers@softwaredefinedtalk.com (mailto:stickers@softwaredefinedtalk.com) Follow us on social media: Twitter (https://twitter.com/softwaredeftalk), Threads (https://www.threads.net/@softwaredefinedtalk), Mastodon (https://hachyderm.io/@softwaredefinedtalk), LinkedIn (https://www.linkedin.com/company/software-defined-talk/), BlueSky (https://bsky.app/profile/softwaredefinedtalk.com) Watch us on: Twitch (https://www.twitch.tv/sdtpodcast), YouTube (https://www.youtube.com/channel/UCi3OJPV6h9tp-hbsGBLGsDQ/featured), Instagram (https://www.instagram.com/softwaredefinedtalk/), TikTok (https://www.tiktok.com/@softwaredefinedtalk) Book offer: Use code SDT for $20 off "Digital WTF" by Coté (https://leanpub.com/digitalwtf/c/sdt) Sponsor the show (https://www.softwaredefinedtalk.com/ads): ads@softwaredefinedtalk.com (mailto:ads@softwaredefinedtalk.com) Recommendations Brandon: Sinners (https://www.rottentomatoes.com/m/sinners_2025) Matt: Devs (https://www.imdb.com/title/tt8134186/) — first recommended by Brandon on episode 223 (https://www.softwaredefinedtalk.com/223) Photo Credits Header (https://unsplash.com/s/photos/Vegemite?license=free&orientation=landscape)

Another day, another phishing campaign abusing google.com open redirects Google s links from it s maps page to hotel listings do suffer from an open redirect vulnerability that is actively exploited to direct users to phishing pages. https://isc.sans.edu/diary/Another%20day%2C%20another%20phishing%20campaign%20abusing%20google.com%20open%20redirects/31950 Adobe Patches Adobe patched 12 different applications. Of particular interest is the update to ColdFusion, which fixes several arbitrary code execution and arbitrary file read problems. https://helpx.adobe.com/security/security-bulletin.html Samsung Patches magicInfo 9 Again Samsung released a new patch for the already exploited magicInfo 9 CMS vulnerability. While the description is identical to the patch released last August, a new CVE number is used. https://security.samsungtv.com/securityUpdates#SVP-MAY-2025 Ivanti Patches Critical Ivanti Neurons Flaw Ivanti released a patch for Ivanti Neurons for ITSM (on-prem only) fixing a critical authentication bypass vulnerability. Ivanti also points to its guidance to secure the underlying IIS server to make exploitation of flaws like this more difficult

This week in the security news: Android catches up to iOS with its own lockdown mode Just in case, there is a new CVE foundation Branch privilege injection attacks My screen is vulnerable The return of embedded devices to take over the world - 15 years later Attackers are going after MagicINFO Hacking Starlink Mitel SIP phones can be hacked Reversing with Hopper Supercharge your Ghidra with AI Pretending to be an anti-virus to bypass anti-virus macOS RCE - perfect colors End of life routers are a hackers dream, and how info sharing sucks Ransomware in your CPU Disable ASUS DriverHub Age verification and privacy concerns Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw-874

A busy Patch Tuesday. Investigators discover undocumented communications devices inside Chinese-made power inverters. A newly discovered Branch Privilege Injection flaw affects Intel CPUs. A UK retailer may claim up to £100mn from its cyber insurers after a major cyberattack.  A Kosovo national has been extradited to the U.S. for allegedly running an illegal online marketplace. CISA will continue alerts on its website following industry backlash. On our Industry Voices segment, Neil Hare-Brown, CEO at STORM Guidance, discusses Cyber Incident Response (CIR) retainer service provision. Shoring up the future of the CVE program. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest On today's Industry Voices segment, we are joined by Neil Hare-Brown, CEO at STORM Guidance, discussing Cyber Incident Response (CIR) retainer service provision. You can learn more here.  Selected Reading Microsoft Patch Tuesday security updates for May 2025 fixed 5 actively exploited zero-days (Security Affairs) SAP patches second zero-day flaw exploited in recent attacks (Bleeping Computer)  Ivanti fixes EPMM zero-days chained in code execution attacks (Bleeping Computer)  Fortinet fixes critical zero-day exploited in FortiVoice attacks (Bleeping Computer)  Vulnerabilities Patched by Juniper, VMware and Zoom (SecurityWeek) ICS Patch Tuesday: Vulnerabilities Addressed by Siemens, Schneider, Phoenix Contact (SecurityWeek) Adobe Patches Big Batch of Critical-Severity Software Flaws (SecurityWeek) Ghost in the machine? Rogue communication devices found in Chinese inverters (Reuters) New Intel CPU flaws leak sensitive data from privileged memory (Bleeping Computer)  M&S cyber insurance payout to be worth up to £100mn (Financial Times) US extradites Kosovo national charged in operating illegal online marketplace (The Record) CISA Planned to Kill .Gov Alerts. Then It Reversed Course. (Data BreachToday) CVE Foundation eyes year-end launch following 11th-hour rescue of MITRE program (CyberScoop) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Microsoft Patch Tuesday Microsoft patched 70-78 vulnerabilities (depending on how you count them). Five of these vulnerabilities are already being exploited. In particular, a remote code execution vulnerability in the scripting engine should be taken seriously. It requires the Microsoft Edge browser to run in Internet Explorer mode. https://isc.sans.edu/diary/Microsoft%20Patch%20Tuesday%3A%20May%202025/31946 Security Advisory Ivanti Endpoint Manager Mobile (EPMM) May 2025 (CVE-2025-4427 and CVE-2025-4428) Ivanti patched an authentication bypass vulnerability and a remote code execution vulnerability. The authentication bypass can exploit the remote code execution vulnerability without authenticating first. https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Endpoint-Manager-Mobile-EPMM?language=en_US Fortinet Patches Exploited Vulnerability in API (CVE-2025-32756) Fortinet patched an already exploited stack-based buffer overflow vulnerability in the API of multiple Fortinet products. The vulnerability is exploited via crafted HTTP requests. https://fortiguard.fortinet.com/psirt/FG-IR-25-254

Mayday. Mayday. May Patch Tuesday? This month's episode dives into four key Windows vulnerabilities you need to address — from scripting engine memory corruption in legacy Internet Explorer components to remote code execution risks in Remote Desktop and Visual Studio. Ryan Braunstein and Mat Lee unpack what each CVE means for your environment, how attackers might exploit them, and what you can do to stay secure. If your org still leans on that one app tied to Internet Explorer, relies heavily on RDP, or builds with Visual Studio, this one's for you.

When artificial intelligence can generate code, write tests, and even simulate threat models, how do we still ensure security? That's the question John Sapp Jr. and Alex Kreilein examine in this energizing conversation about trust, risk management, and the future of application security.The conversation opens with a critical concern: not just how to adopt AI securely, but how to use it responsibly. Alex underscores the importance of asking a simple question often overlooked—why do you trust this output? That mindset, he argues, is fundamental to building responsible systems, especially when models are generating code or influencing decisions at scale.Their conversation surfaces an emerging gap between automation and assurance. AI tools promise speed and performance, but that speed introduces risk if teams are too quick to assume accuracy or ignore validation. John and Alex discuss this trust gap and how the zero trust mindset—so common in network security—must now apply to AI models and agents, too.They share a key concern: technical debt is back, this time in the form of “AI security debt”—risk accumulating faster than most teams can keep up with. But it's not all gloom. They highlight real opportunities for security and development teams to reprioritize: moving away from chasing every CVE and toward higher-value work like architecture reviews and resiliency planning.The conversation then shifts to the foundation of true resilience. For Alex, resilience isn't about perfection—it's about recovery and response. He pushes for embedding threat modeling into unit testing, not just as an afterthought but as part of modern development. John emphasizes traceability and governance across the organization: ensuring the top understands what's at stake at the bottom, and vice versa.One message is clear: context matters. CVSS scores, AI outputs, scanner alerts—all of it must be interpreted through the lens of business impact. That's the art of security today.Ready to challenge your assumptions about secure AI and modern AppSec? This episode will make you question what you trust—and how you build.___________Guests: Alex Kreilein, Vice President of Product Security, Qualys | https://www.linkedin.com/in/alexkreilein/John Sapp Jr., Vice President, Information Security & CISO, Texas Mutual Insurance Company | https://www.linkedin.com/in/johnbsappjr/Hosts:Sean Martin, Co-Founder at ITSPmagazine | Website: https://www.seanmartin.comMarco Ciappelli, Co-Founder at ITSPmagazine | Website: https://www.marcociappelli.com___________Episode SponsorsThreatLocker: https://itspm.ag/threatlocker-r974Akamai: https://itspm.ag/akamailbwcBlackCloak: https://itspm.ag/itspbcwebSandboxAQ: https://itspm.ag/sandboxaq-j2enArcher: https://itspm.ag/rsaarchwebDropzone AI: https://itspm.ag/dropzoneai-641ISACA: https://itspm.ag/isaca-96808ObjectFirst: https://itspm.ag/object-first-2gjlEdera: https://itspm.ag/edera-434868___________ResourcesJP Morgan Chase Open Letter: An open letter to third-party suppliers: https://www.jpmorgan.com/technology/technology-blog/open-letter-to-our-suppliersLearn more and catch more stories from RSA Conference 2025 coverage: https://www.itspmagazine.com/rsa-conference-usa-2025-rsac-san-francisco-usa-cybersecurity-event-infosec-conference-coverageCatch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverageWant to tell your Brand Story Briefing as part of our event coverage? Learn More

Enabling Firefox's Tab Grouping. Recalled Recall Re-Rolls out. The crucial CVE program nearly died. It's been given new life. China confesses to hacking the US (blames our stance on Taiwan). CISA says what Oracle still refuses to. Brute force attacks on the (rapid) rise. An AI/ML Python package rates a 9.8 (again!) The CA/Browser forum passed short-life certs. :( A wonderful crosswalk hack hits Silicon Valley. Android to add force restarting ahead of schedule. Maybe. The EFF is never happy. But especially now, about Florida. Interesting research into ransomware payouts. Windows Sandbox: The amazing gem hidden inside all Windows 10 & 11! Show Notesb - https://www.grc.com/sn/SN-1022-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: joindeleteme.com/twit promo code TWIT drata.com/securitynow bigid.com/securitynow 1password.com/securitynow material.security

Microsoft issues emergency updates for Windows Server. Apple releases emergency security updates to patch two zero-days. CISA averts a CVE program disruption. Researchers uncover Windows versions of the BrickStorm backdoor. Atlassian and Cisco patch several high-severity vulnerabilities. An Oklahoma cybersecurity CEO is charged with hacking a local hospital. A Fortune 500 financial firm reports an insider data breach. Researchers unmask IP addresses behind the Medusa Ransomware Group. CISA issues a warning following an Oracle data breach. On our Industry Voices segment, we are joined by Rob Allen, Chief Product Officer at ThreatLocker, to discuss a layered approach to zero trust. Former CISA director Chris Krebs steps down from his role at SentinelOne. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. Industry Voices On our Industry Voices segment, we are joined by Rob Allen, Chief Product Officer at ThreatLocker, to discuss a layered approach to zero trust. Selected Reading New Windows Server emergency updates fix container launch issue (Bleeping Computer) Apple fixes two zero-days exploited in targeted iPhone attacks (Bleeping Computer) CISA Throws Lifeline to CVE Program with Last-Minute Contract Extension (Infosecurity Magazine) MITRE Hackers' Backdoor Has Targeted Windows for Years (SecurityWeek) Vulnerabilities Patched in Atlassian, Cisco Products (SecurityWeek) Edmond cybersecurity CEO accused in major hack at hospital (KOCO News) Fortune 500 firm's ex-employee exposes thousands of clients (Cybernews) Researchers Deanonymized Medusa Ransomware Group's Onion Site (Cyber Security News) CISA warns of potential data breaches caused by legacy Oracle Cloud leak (The Record) Krebs Exits SentinelOne After Security Clearance Pulled (SecurityWeek) The top 10 ThreatLocker policies for 2025 (ThreatLocker) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Apple Updates Apple released updates for iOS, iPadOS, macOS, and VisionOS. The updates fix two vulnerabilities which had already been exploited against iOS. https://isc.sans.edu/diary/Apple%20Patches%20Exploited%20Vulnerability/31866 Oracle Updates Oracle released it quarterly critical patch update. The update addresses 378 security vulnerabilities. Many of the critical updates are already known vulnerabilities in open-source software like Apache and Nginx ingress. https://www.oracle.com/security-alerts/cpuapr2025.html Oracle Breach Guidance CISA released guidance for users affected by the recent Oracle cloud breach. The guidance focuses on the likely loss of passwords. https://www.cisa.gov/news-events/alerts/2025/04/16/cisa-releases-guidance-credential-risks-associated-potential-legacy-oracle-cloud-compromise Google Chrome Update A Google Chrome update released today fixes two security vulnerabilities. One of the vulnerabilities is rated as critical. https://chromereleases.googleblog.com/2025/04/stable-channel-update-for-desktop_15.html CVE Updates CISA extended MITRE s funding to operate the CVE numbering scheme. However, a number of other organizations announced that they may start alternative vulnerability registers. https://euvd.enisa.europa.eu/ https://gcve.eu/ https://www.thecvefoundation.org/

Plus, the CVE database is fine for now, but Nvidia's profits are not.Starring Tom Merritt, and Jenn Cutter, and Tanner Goodman.Links to stories can be found here.

The CVE program gets a last-minute reprieve. A federal whistleblower alleges a security breach at the NLRB. Texas votes to spin up their very own Cyber Command. BreachForums suffers another takedown. A watchdog group sues the federal government over SignalGate allegations. The SEC Chair reveals a 2016 hack. ResolverRAT targets the healthcare and pharmaceutical sectors worldwide. Microsoft warns of blue screen crashes following recent updates. On our CertByte segment, Chris Hare is joined by Troy McMillan to break down a question targeting the EC-Council® Certified Ethical Hacker (CEH) exam. 4chan gets Soyjacked.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CertByte Segment Welcome to CertByte! On this bi-weekly segment hosted by Chris Hare, a content developer and project management specialist at N2K. In each segment, Chris is joined by an N2K Content Developer to help illustrate the learning. This week, Chris is joined by Troy McMillan to break down a question targeting the EC-Council® Certified Ethical Hacker (CEH) exam. Today's question comes from N2K's EC-Council Certified Ethical Hacker CEH (312-50) Practice Test. Have a question that you'd like to see covered? Email us at certbyte@n2k.com. If you're studying for a certification exam, check out N2K's full exam prep library of certification practice tests, practice labs, and training courses by visiting our website at n2k.com/certify.To get the full news to knowledge experience, learn more about our N2K Pro subscription at https://thecyberwire.com/pro.  Please note: The questions and answers provided here, and on our site, are not actual current or prior questions and answers from these certification publishers or providers. Selected Reading Funding Expires for Key Cyber Vulnerability Database (Krebs on Security) CISA extends funding to ensure 'no lapse in critical CVE services' (Bleeping Computer) CVE Foundation (CVE Foundation) NoVa govcon firm Mitre to lay off 442 employees after DOGE cuts contracts (Virginia Business) Federal employee alleges DOGE activity resulted in data breach at labor board (NBC News) Whistleblower claims DOGE took sensitive data - now he's being hounded by threatening notes (CNN via YouTube) New state agency to deal with cyber threats advances in Texas House (Texarkana Gazette) BreachForums taken down by the FBI? Dark Storm hackers say they did it “for fun” (Cybernews) Here's What Happened to Those SignalGate Messages (WIRED) After breach, SEC says hackers used stolen data to buy stocks (CNET) New ResolverRAT malware targets pharma and healthcare orgs worldwide (Bleeping Computer) Microsoft warns of blue screen crashes caused by April updates (Bleeping Computer) Infamous message board 4chan taken down following major hack (Bleeping Computer)  Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Well, it looks like DOGE has finally come for cybersecurity. It sounds like the tariff stuff is already biting Nvidia to the tune of $5 billion. Why is OpenAI building a social network? The government would have settled the antitrust case with Meta to the tune of $30 billion. And why did Mark Zuckerberg consider spinning off Instagram voluntarily?Sponsors:SelectQuote.com/rideLinks:Uncle Sam abruptly turns off funding for CVE program. Yes, that CVE program (The Register)Nvidia says it will record $5.5 billion charge tied to H20 processors exported to China (CNBC)OpenAI is building a social network (The Verge)Figma confidentially files for IPO more than a year after ditching Adobe deal (CNBC)Inside Mark Zuckerberg's Failed Negotiations to End Antitrust Case (WSJ)Zuckerberg Says He Considered Spinning Off Instagram in 2018 (Bloomberg)See Privacy Policy at https://art19.com/privacy and California Privacy Notice at https://art19.com/privacy#do-not-sell-my-info.

Online Services Again Abused to Exfiltrate Data Attackers like to abuse free online services that can be used to exfiltrate data. From the originals , like pastebin, to past favorites like anonfiles.com. The latest example is gofile.io. As a defender, it is important to track these services to detect exfiltration early https://isc.sans.edu/diary/Online%20Services%20Again%20Abused%20to%20Exfiltrate%20Data/31862 OpenSSH 10.0 Released OpenSSH 10.0 was released. This release adds quantum-safe ciphers and the separation of authentication services into a separate binary to reduce the authentication attack surface. https://www.openssh.com/releasenotes.html#10.0p1 Apache Roller Vulnerability Apache Roller addressed a vulnerability. Its CVSS score of 10.0 appears inflated, but it is still a vulnerability you probably want to address. https://lists.apache.org/thread/4j906k16v21kdx8hk87gl7663sw7lg7f CVE Funding Changes Mitre s government contract to operate the CVE system may run out tomorrow. This could lead to a temporary disruption of services, but the system is backed by a diverse board of directors representing many large companies. It is possible that non-government funding sources may keep the system afloat for now. https://www.cve.org/

Exploit Attempts for Recent Langflow AI Vulnerability (CVE-2025-3248) After spotting individaul attempts to exploit the recent Langflow vulnerability late last weeks, we now see more systematic internet wide scans attempting to verify the vulnerability. https://isc.sans.edu/forums/diary/Exploit+Attempts+for+Recent+Langflow+AI+Vulnerability+CVE20253248/31850/ Fortinet Analysis of Threat Actor Activity Fortinet oberved recent vulnerablities in its devices being used to add a symlink to ease future compromise. The symlink is not removed by prior patches, and Fortinet released additional updates to detect and remove this attack artifact. https://www.fortinet.com/blog/psirt-blogs/analysis-of-threat-actor-activity MSFT Inetpub Microsoft clarrified that its April patches created the inetpub directory on purpose. Users should not remove it. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21204#exploitability SANSFIRE https://isc.sans.edu/j/sansfire