Podcasts about cve

Referências do Episódio/bin/live a live da Mente Binária sobre a Red Team CommunityStable Channel Update for Desktop (CVE-2025-13223 e CVE-2025-13224)Defending the cloud: Azure neutralized a record-breaking 15 Tbps DDoS attackFrontline Intelligence: Analysis of UNC1549 TTPs, Custom Tools, and Malware Targeting the Aerospace and Defense EcosystemRoteiro e apresentação: Carlos CabralEdição de áudio: Paulo Arruzzo Narração de encerramento: Bianca Garcia

It isn t always defaults: Scans for 3CX Usernames Our honeypots detected scans for usernames that may be related to 3CX business phone systems https://isc.sans.edu/diary/It%20isn%27t%20always%20defaults%3A%20Scans%20for%203CX%20usernames/32464 Watchguard Default Password Controversy A CVE number was assigned to a default password commonly used in Watchguard products. This was a documented username and password that was recently removed in a firmware upgrade. https://github.com/cyberbyte000/CVE-2025-59396/blob/main/CVE-2025-59396.txt https://nvd.nist.gov/vuln/detail/CVE-2025-59396 JavaScript expr-eval Vulnerability The JavaScript expr-eval library was vulnerable to a code execution issue. https://www.kb.cert.org/vuls/id/263614

AWS Morning Brief for the week of November 10th, with Corey Quinn. Links:AWS PrivateLink now supports cross-region connectivity for AWS ServicesAWS announces new partnership to power OpenAI's AI workloadsPrompt engineering with PartyRock: A guide for educators New whitepaper available – AI for Security and Security for AI: Navigating Opportunities and ChallengesFrom Business Logic to Working Code: How AWS Kiro Changes Who Can BuildCVE-2025-31133, CVE-2025-52565, CVE-2025-52881 - runc container issues Amazon CloudWatch Application Signals adds AI-powered Synthetics debuggingInside Amazon Connect: The evolution of a disruptorHow Indeed scaled Governance across 1,000+ AWS accounts with AWS Trusted Advisor Improper authentication token handling in the Amazon WorkSpaces client for LinuxHow Omnissa saved millions by migrating to Amazon RDS and Amazon EC2The Swift AWS Lambda Runtime moves to AWSLabsCVE-2025-12815 - RES web portal may display preview of Virtual Desktops that the user shouldn't have access to

This week features a timeless topic followed by a timely one, both of them pretty important. Lydia prepares for Chicago, Mark shares his slides, and Stephen gonna chill.CHEST 2025 - American College of Chest PhysiciansSome of Lydia's escape room props!0:05:26Naming FilesMuseum Accessioning: Numbering SystemsOklahoma Museums AssociationRice County Historical SocietyMontshire Museum of Science0:43:13Unity Security Vulnerability (2025)"Unity Security Update, What Do?" presentation slidesMark LaCroixUnity Platform Protection - Security AdvisoryUnityUnity Platform Protection - Developer Remediation GuideUnityUnity Platform Protection - Patcher ToolUnityCVE-2025-59489: Arbitrary Code Execution in Unity RuntimeRyotaKGMO Flatt Security Inc.CVE-2025-59489CVE

Referências do EpisódioGTIG AI Threat Tracker: Advances in Threat Actor Usage of AI ToolsCisco Unified Contact Center Express Remote Code Execution Vulnerabilities (CVE-2025-20354 e CVE-2025-20358)Sharing is scaring: The WhatsApp screen-sharing scam you didn't see comingRoteiro e apresentação: Carlos CabralEdição de áudio: Paulo Arruzzo Narração de encerramento: Bianca Garcia

Scans for WSUS: Port 8530/8531 TCP, CVE-2025-59287 We did observe an increase in scans for TCP ports 8530 and 8531. These ports are associated with WSUS and the scans are likely looking for servers vulnerable to CVE-2025-59287 https://isc.sans.edu/diary/Scans%20for%20Port%208530%208531%20%28TCP%29.%20Likely%20related%20to%20WSUS%20Vulnerability%20CVE-2025-59287/32440 BADCANDY Webshell Implant Deployed via The Australian Signals Directorate warns that they still see Cisco IOS XE devices not patches for CVE-2023-20198. A threat actor is now using this vulnerability to deploy the BADCANDY implant for persistent access https://www.cyber.gov.au/about-us/view-all-content/alerts-and-advisories/badcandy Improvements to Open VSX Security In reference to the Glassworm incident, OpenVSX published a blog post outlining some of the security improvements they will make to prevent a repeat of this incident. https://blogs.eclipse.org/post/mika l-barbero/open-vsx-security-update-october-2025

Подкаст RadioDotNet выпуск №125 от 4 ноября 2025 года В этом эпизоде вы можете услышать историю про высокоскоростную передачу данных от международного разработчика ПО Altenar. Сайт подкаста: radio.dotnet.ru Boosty (₽): boosty.to/RadioDotNet Темы: [00:02:25] — Announcing .NET 10 Release Candidate 2 devblogs.microsoft.com/dotnet/dotnet-10-rc-2 [00:10:35] — System.CommandLine 2.0 overview learn.microsoft.com/dotnet/standard/commandline github.com/dotnet/command-line-api github.com/Cysharp/ConsoleAppFramework [00:45:45] — Request smuggling and CVE-2025-55315 andrewlock.net/understanding-the-worst-dotnet-vulnera... [01:05:45] — Official C# SDK for Model Context Protocol modelcontextprotocol.io developer.microsoft.com/blog/microsoft-partners-with-anthropic... github.com/modelcontextprotocol/csharp-sdk github.com/SciSharp/Awesome-DotNET-MCP [01:27:20] — Adding metadata to fallback endpoints in ASP.NET Core andrewlock.net/adding-metadata-to-fallback-endpoints-... [01:38:25] — Кратко о разном podlodka.io/425 devblogs.microsoft.com/dotnet/announcing-sponsorship-on-nuget... devblogs.microsoft.com/dotnet/introducing-custom-agents-for-d... platform.uno/blog/announcing-unoplatform-microsoft-... Фоновая музыка: Максим Аршинов «Pensive yeti.0.1»

Referências do EpisódioCISA orders feds to patch VMware Tools flaw exploited by Chinese hackersCISA Adds Two Known Exploited Vulnerabilities to CatalogYou name it, VMware elevates it (CVE-2025-41244)VMSA-2025-0015: VMware Aria Operations and VMware Tools updates address multiple vulnerabilities (CVE-2025-41244,CVE-2025-41245, CVE-2025-41246)Silent Push Unearths AdaptixC2's Ties to Russian Criminal Underworld, Tracks Threat Actors Harnessing Open-Source Tool for Malicious PayloadsPF deflagra segunda fase de operação contra organização criminosa especializada em fraudes bancárias digitaisRoteiro e apresentação: Carlos CabralEdição de áudio: Paulo Arruzzo Narração de encerramento: Bianca Garcia

CVEs, or Common Vulnerabilities and Exposures, are such a routine aspect of tech that most IT pros probably take them for granted. But like many things we take for granted, the CVE process takes some serious organizational infrastructure to function. On today's Packet Protector, sponsored by Cisco, we talk about the organizations and processes that... Read more »

CVEs, or Common Vulnerabilities and Exposures, are such a routine aspect of tech that most IT pros probably take them for granted. But like many things we take for granted, the CVE process takes some serious organizational infrastructure to function. On today's Packet Protector, sponsored by Cisco, we talk about the organizations and processes that... Read more »

Jon and Ben discuss the highlights of the 1.81 through 1.84 releases of Rust. This episode was recorded as part of a YouTube live stream on 2025-10-26, which you can still watch. Contributing to Rustacean Station Rustacean Station is a community project; get in touch with us if you'd like to suggest an idea for an episode or offer your services as a host or audio editor! Twitter: @rustaceanfm Discord: Rustacean Station Github: @rustacean-station Email: hello@rustacean-station.org Timestamps & referenced resources [@01:58] - Rust 1.81 [@02:05] - core::error::Error Tracking issue for generic member access build-std Rust project goal [@08:27] - New sort implementations PR implementing the change Repo with the research [@10:49] - #[expect(lint)] [@14:37] - Lint reasons [@16:18] - Stabilized APIs [@16:34] - Duration::abs_diff [@17:25] - hint::assert_unchecked [@22:36] - fs::exists [@25:37] - Compatibility notes [@20:40] - Split panic hook and panic handler arguments [@23:00] - Abort on uncaught panics in extern "C" functions [@27:01] - WASI 0.1 target naming changed [@30:10] - Fix for CVE-2024-43402 CVE announcement [@33:39] - Rust 1.82 [@33:39] - cargo info [@35:06] - Apple target promotions Platform support tiers [@40:10] - Precise capturing use syntax The Captures “trick” Talk on impl Trait [@47:24] - Native syntax for creating a raw pointer Pointers Are Complicated Pointers Are Complicated II Pointers Are Complicated III [@53:43] - Safe items with unsafe extern [@59:32] - Unsafe attributes [@1:03:44] - Omitting empty types in pattern matching The never type [@1:11:33] - Floating-point NaN semantics and const [@1:17:41] - Constants as assembly immediates [@1:19:06] - Safely addressing unsafe statics [@1:22:56] - Stabilized APIs [@1:23:03] - thread::Builder::spawn_unchecked [@1:25:10] - Working with MaybeUninit [@1:25:48] - Exposed SIMD intrinsics [@1:26:14] - Changelog deep-dive [@1:26:26] - Rewrite binary search implementation [@1:27:30] - Rust 1.83 [@1:27:55] - New const capabilities [@1:31:50] - Stabilized APIs [@1:32:06] - New io::ErrorKind variants [@1:33:10] - Option::get_or_insert_default [@1:34:56] - char::MIN [@1:35:48] - Changelog deep-dive [@1:35:48] - Unicode 16 Emoji [@1:39:51] - Sysroot trim-paths [@1:41:31] - cargo update informs of outdated versions [@1:42:43] - cargo --timings dark mode [@1:43:15] - Checksum-based freshness in Cargo nightly [@1:44:26] - Rust 1.84 [@1:44:40] - Cargo considers Rust version for dependency version selection [@1:49:03] - Migration to the new trait solver begins [@1:51:47] - Strict provenance APIs Pointers Are Complicated Pointers Are Complicated II Pointers Are Complicated III Rust has provenance Gankra's write-up on raw pointer design Strict provenance APIs tracking issue [@1:57:53] - Stabilized APIs [@1:57:58] - ::isqrt [@1:58:15] - core::ptr::dangling [@1:59:15] - Changelog deep-dive [@1:59:15] - Include Cargo.lock in published crates [@2:00:12] - wasm32-wasi target removed [@2:01:06] - &raw *invalid_ptr is fine Credits Intro Theme: Aerocity Audio Editing: synchis Hosting Infrastructure: Jon Gjengset Show Notes: Jon Gjengset Hosts: Jon Gjengset and Ben Striegel

Bilingual Phishing for Cloud Credentials Guy observed identical phishing messages in French and English attempting to phish cloud credentials https://isc.sans.edu/diary/Phishing%20Cloud%20Account%20for%20Information/32416 Kaitai Struct WebIDE The binary file analysis tool Kaitai Struct is now available in a web only version https://isc.sans.edu/diary/Kaitai%20Struct%20WebIDE/32422 WSUS Emergency Update Microsoft released an emergency patch for WSUS to fix a currently exploited critical vulnerability https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59287 Network Security Devices Endanger Orgs with 90s-era Flaws Attackers increasingly use simple-to-exploit network security device vulnerabilities to compromise organizations. https://www.csoonline.com/article/4074945/network-security-devices-endanger-orgs-with-90s-era-flaws.html

Infostealer Targeting Android Devices This infostealer, written in Python, specifically targets Android phones. It takes advantage of Termux to gain access to data and exfiltrates it via Telegram. https://isc.sans.edu/diary/Infostealer%20Targeting%20Android%20Devices/32414 Attackers exploit recently patched Adobe Commerce Vulnerability CVE-2025-54236 Six weeks after Adobe's emergency patch, SessionReaper (CVE-2025-54236) has entered active exploitation. E-Commerce security company SanSec has detected multiple exploit attempts. https://sansec.io/research/sessionreaper-exploitation Patch for BIND and unbound nameservers CVE-2025-40780 The Internet Systems Consortium (ISC.org), as well as the Unbound project, patched a flaw that may allow for DNS spoofing due to a weak random number generator. https://kb.isc.org/docs/cve-2025-40780 WSUS Exploit Released CVE-2025-59287 Hawktrace released a walk through showing how to exploit the recently patched WSUS vulnerability https://hawktrace.com/blog/CVE-2025-59287

webctrl.cgi/Blue Angel Software Suite Exploit Attempts. Maybe CVE-2025-34033 Variant? Our honeypots detected attacks that appear to exploit CVE-2025-34033 or a similar vulnerability in the Blue Angle Software Suite. https://isc.sans.edu/diary/webctrlcgiBlue+Angel+Software+Suite+Exploit+Attempts+Maybe+CVE202534033+Variant/32410 Oracle Critical Patch Update Oracle released its quarterly critical patch update. The update includes patches for 374 vulnerabilities across all of Oracle s products. There are nine more patches for Oracle s e-Business Suite. https://www.oracle.com/security-alerts/cpuoct2025.html#AppendixEBS Rust TAR Library Vulnerability A vulnerability in the popular, but no longer maintained, async-tar vulnerability could lead to arbitrary code execution https://edera.dev/stories/tarmageddon

professorjrod@gmail.comWhat's the weakest link in your world—an old router, a forgotten Windows box, or that “anyone with the link” setting you meant to change? We unpack the real vulnerabilities hiding in small businesses, nonprofits, and home networks, then share a clear playbook to find them early and fix them fast without enterprise budgets.We start with the quiet culprits: end‑of‑life operating systems, abandoned firmware, and default passwords that ship on printers, cameras, and routers. You'll hear why isolation, segmentation, and least privilege are lifesavers when replacement isn't an option. From ransomware on aging desktops to misconfigured cloud shares that leak donor lists, we connect everyday scenarios to practical countermeasures like MFA, strong crypto, key rotation, and simple access reviews.Then we go deeper into application and web risks—SQL injection, XSS, CSRF, race conditions, buffer overflows—and how attackers exploit timing and input validation gaps. We break down supply chain threats, where a compromised plugin server can Trojanize an entire customer base, and show how to vet vendors with a software bill of materials and clear service level terms. You'll also get a workable monitoring routine: weekly vulnerability scans (credentialed and non‑credentialed), reputable threat feeds like IBM X‑Force and Abuse.ch, and dark web awareness for leaked credentials.To round it out, we map a no‑nonsense remediation loop: discover, analyze, fix, verify, repeat. Learn to use CVE identifiers and CVSS scores to prioritize by risk and business impact, spot false positives and negatives, and handle patches that break production with rollbacks and compensating controls. Along the way, we share a memorable bug bounty story that proves anyone—even a kid—can help make the internet safer. Subscribe for more practical cybersecurity, share this with someone running on “set it and forget it,” and leave a review telling us the one update you're making today.Inspiring Tech Leaders - The Technology PodcastInterviews with Tech Leaders and insights on the latest emerging technology trends.Listen on: Apple Podcasts SpotifySupport the showArt By Sarah/DesmondMusic by Joakim KarudLittle chacha ProductionsJuan Rodriguez can be reached atTikTok @ProfessorJrodProfessorJRod@gmail.com@Prof_JRodInstagram ProfessorJRod

In this week's show Patrick Gray and Adam Boileau discuss the week's cybersecurity news, including: China has been rummaging in F5's networks for a couple of years Meanwhile China tries to deflect by accusing the NSA of hacking its national timing system Salesforce hackers use their stolen data trove to dox NSA, ICE employees Crypto stealing, proxy-deploying, blockchain-C2-ing VS Code worm charms us with its chutzpah Adam gets humbled by new Linux-capabilities backdoor trick Microsoft ignores its own guidance on avoiding BinaryFormatter, gets WSUS owned. This episode is sponsored by Push Security. Co-founder and Chief Product Officer Jacques Louw joins to talk through how Push traced a LinkedIn phishing campaign targeting CEOs, and the new logging capabilities that proved critical to understanding it. This episode is also available on Youtube. Show notes Why the F5 Hack Created an ‘Imminent Threat' for Thousands of Networks | WIRED Breach at US-based cybersecurity provider F5 blamed on China, sources say | Reuters Network security devices endanger orgs with '90s era flaws | CSO Online China claims it caught US attempting cyberattack on national time center | The Record from Recorded Future News Hackers Dox Hundreds of DHS, ICE, FBI, and DOJ Officials Hackers Say They Have Personal Data of Thousands of NSA and Other Government Officials ICE amps up its surveillance powers, targeting immigrants and antifa - The Washington Post John Bolton Indictment Provides Interesting Details About Hack of His AOL Account and Extortion Attempt US court orders spyware company NSO to stop targeting WhatsApp, reduces damages | Reuters Apple alerts exploit developer that his iPhone was targeted with government spyware | TechCrunch A New Attack Lets Hackers Steal 2-Factor Authentication Codes From Android Phones | WIRED GlassWorm: First Self-Propagating Worm Using Invisible Code Hits OpenVSX Marketplace | Koi Blog European police bust network selling thousands of phone numbers to scammers | The Record from Recorded Future News Stephan Berger on X: "We recently took over an APT investigation from another forensic company. While reviewing analysis reports from the other company, we discovered that the attackers had been active in the network for months and had deployed multiple backdoors. One way they could regain root" / X Linux Capabilities Revisited | dfir.ch CVE-2025-59287 WSUS Remote Code Execution | HawkTrace TARmageddon (CVE-2025-62518): RCE Vulnerability Highlights the Challenges of Open Source Abandonware | Edera Blog Browser threat detection & response | Push Security | Push Security How Push stopped a high risk LinkedIn spear-phishing attack

Es gibt wieder einige Neuigkeiten in der Welt der IT-Sicherheit und alte Bekannte rühren erneut ihr hässliches Haupt. Allen voran die als "Chatkontrolle" bezeichnete Iniative zum "Client-Side Scanning" von Nachrichten, die der EU-Rat unter dänischer Präsidentschaft kürzlich erneut aus der Versenkung hervorholte. Fast genau ein Jahr nach dem letzten Scheitern dieser Initiative zur Aufweichung von Verschlüsselung sprechen Sylvester und Christopher erneut darüber. Auch Oracle ist bereits altbekannter "Gast" im Podcast - dieses Mal mit einer kritischen Lücke in ihrer e-Business Suite und einer äußerst unbefriedigenden Kommunikationsstrategie. Sylvester erklärt seinem Co-Host und den Hörern, was es mit Signals neuen "Post Quantum Ratchets" auf sich hat und warum diese kryptografischen Ratschen den Messenger im Quantenzeitalter sicherer machen sollen. Und dann geht es gleich quantensicher weiter, nämlich mit einer Diskussion über die Vorteile hybrider Quantenverschlüsselungssysteme zu rein quantensicheren. - Einsteiger-Themenabend zu IT-Sicherheit in Hannover: https://aktionen.heise.de/heise-themenabend - Oracles gelöschter Blogeintrag: https://nitter.net/pic/orig/media%2FG2T6vnYWEAAHcB6.jpg - Watchtowr Labs zu CVE-2025-61882: https://labs.watchtowr.com/well-well-well-its-another-day-oracle-e-business-suite-pre-auth-rce-chain-cve-2025-61882well-well-well-its-another-day-oracle-e-business-suite-pre-auth-rce-chain-cve-2025-61882/ - "Passwort", Folge 16: Die Technik hinter der Chatkontrolle - https://passwort.podigee.io/16-die-technik-hinter-der-chatkontrolle - Cloudflare-Blog zum Zertifikats-Lapsus: https://blog.cloudflare.com/unauthorized-issuance-of-certificates-for-1-1-1-1/ - SPQR: https://signal.org/blog/spqr/ - "Passwort", Folge 32: Quantencomputer und wie man sich vor ihnen schützt - https://passwort.podigee.io/32-quantencomputer-und-wie-man-sich-vor-ihnen-schutzt - DJB über Hybrid oder nicht: https://blog.cr.yp.to/20240102-hybrid.html - Folgt uns im Fediverse: * @christopherkunz@chaos.social * @syt@social.heise.de Mitglieder unserer Security Community auf heise security PRO hören alle Folgen bereits zwei Tage früher. Mehr Infos: https://pro.heise.de/passwort

As political uncertainty continues to rise across Europe, increasing polarisation is creating a breeding ground for radicalisation. More than ever, extremist groups are exploiting online platforms and social networks - using them as virtual planning hubs, spaces to share extremist propaganda and recruit young people. In this episode, host Lucas Webber is joined by Dr Nicolas Stockhammer, a political scientist and Director of the Research Cluster "Counter-Terrorism, CVE and Intelligence" at Danube-University Krems in Austria. They explore the online trends emerging across Europe, and what these developments mean for counter-terrorism efforts.

In this episode, I sit down with Mitchel Herckis, Global Head of Government Affairs at cloud security leader Wiz. We will be discussing all things public sector and cybersecurity, including the evolution of the FedRAMP program, modernizing vulnerability management, and the future of Continuous ATO (cATO).We covered a lot of ground, including:Mitch's background, both at Wiz and inside Government at roles such as OMBHow Wiz is working with Federal agencies and Defense Industrial Base (DIB) partners on Cloud Security, including the long-needed overhaul of FedRAMP with FedRAMP 20x's efforts.The move towards real Continuous Monitoring (ConMon) with real-time visibility of cloud environments, as well as the need for machine-readable artifacts, automations, and streamlined security control assessments.The modernization of vulnerability management, including factors such as attack paths, reachability, exploitability, known exploitation, and the importance of focusing on real risks versus noise.Moving away from paper-based compliance exercises and bridging the gap between security and compliance.Wiz's role as a CVE Numbering Authority (CNA) and the broader CVE program, including its importance for both the Government and industry when it comes to vulnerability management.To evolving usage of SBOMs and broader supply chain security.Disjointed efforts around the Government at both the Federal at State levels when it comes to Continuous ATO (cATO) and how we can move towards a more cohesive approach to modern system assessment and authorization.The importance of Government Affairs and bridging the divide between industry and Government, including bringing in tech leaders into Government, influencing policy, and improving outcomes for citizens and warfighters alike.The dual-edged sword that is AI adoption in the public sector.

Happy Patch Tuesday! In this October episode, security specialists Ryan Braunstein and Mat Lee break down some of the month's most critical vulnerabilities — and why this batch of CVEs might just be the spookiest yet.The duo dives deep into:A Unity Engine remote code execution flaw that impacts games, VR apps, and even training toolsThe Windows Hello bypass vulnerability that lets attackers inject their own biometric data to access local accountsA Microsoft Exchange Server privilege escalation that could expose entire inboxesWith expert insights, real-world context, and a touch of humor, Ryan and Mat unpack what these vulnerabilities mean for IT and security pros — and what steps you should take right now to stay protected

“We Speak CVE” podcast host Shannon Sabens chats with CVE Consumer Working Group (CWG) co-chairs, Jay Jacobs and Bob Lord, and CVE™ Project Lead Alec Summers, about how the CWG was created to address the needs and perspectives of those who use CVE data — ranging from enterprise security teams to tool developers and managed security service providers — recognizing that their requirements and pain points often differ from those of upstream data providers.Topics include the CWG's goals to systematically capture and organize consumer feedback, identify common and unique challenges across different user types, and inform improvements in the CVE Program; the diversity and international participation among sign-ups, including organizations outside the usual sphere, such as medical companies; and the concept of “patch smarter, not harder,” stressing the importance of prioritization and high-quality data to help defenders manage the overwhelming volume of vulnerabilities. In addition, listeners are encouraged to join the CWG for meetings scheduled to accommodate global involvement and help participate in shaping the future of CVE.

C'est une consécration rare dans le monde feutré de la cybersécurité : la société française YesWeHack vient d'obtenir le statut d'autorité de numérotation CVE, autrement dit l'un des sésames les plus prestigieux du secteur. Elle devient ainsi la huitième entreprise française habilitée à attribuer ces identifiants universels de vulnérabilités, les fameux CVE — Common Vulnerabilities and Exposures.Derrière cet acronyme un peu technique se cache une mission essentielle : recenser et standardiser les failles de sécurité découvertes à travers le monde. Ces identifiants CVE servent de référence commune à toute l'industrie — des éditeurs de logiciels aux gouvernements — pour coordonner la réponse face aux menaces. Sans eux, impossible de suivre efficacement les vulnérabilités, ni d'en mesurer l'impact global.Jusqu'à présent, seules quelques grandes entreprises françaises avaient ce privilège : Thales, Schneider Electric, Dassault Systèmes, IDEMIA, Centreon, ARC Informatique et WPScan. Désormais, YesWeHack rejoint ce club très restreint, aux côtés des géants du secteur. Une reconnaissance saluée par Guillaume Vassault-Houlière, cofondateur et PDG de la société : « Ce statut reflète notre expertise et nos processus éprouvés dans la gestion des vulnérabilités. Il va nous permettre d'accélérer la coordination entre chercheurs, entreprises et équipes de sécurité ». Pour cette plateforme française, fondée il y a dix ans, la distinction sonne comme une suite logique. YesWeHack s'est imposée comme un acteur majeur du bug bounty, cette pratique qui consiste à rémunérer les hackers éthiques pour détecter les failles avant les cybercriminels. Grâce à ce nouveau statut, les vulnérabilités découvertes sur sa plateforme pourront désormais recevoir un identifiant CVE directement, sans passer par une autorité tierce — un gain de temps précieux pour les entreprises concernées.Basée sur une infrastructure européenne conforme au RGPD, YesWeHack renforce ainsi son rôle de pilier de la cybersécurité européenne. Une réussite symbolique, à l'heure où la souveraineté numérique et la sécurité des infrastructures deviennent des enjeux stratégiques pour tout le continent. Hébergé par Acast. Visitez acast.com/privacy pour plus d'informations.

In this episode of The Cybersecurity Defenders Podcast, we discuss some intel being shared in the LimaCharlie community.A newly disclosed vulnerability in Redis, dubbed RediShell and tracked as CVE-2025-49844, affects all Redis versions and carries a maximum CVSS score of 10.0.Cisco has disclosed a critical zero-day vulnerability—CVE-2025-20352—affecting its widely deployed IOS and IOS XE software, confirming active exploitation in the wild.Researchers at NCC Group have found that voice cloning technology has reached a level where just five minutes of recorded audio is enough to generate convincing voice clones in real time.A China-linked cyber-espionage group, tracked as UNC5221, has been systematically targeting network infrastructure appliances that lack standard endpoint detection and response (EDR) support.Dutch authorities have arrested two 17-year-old boys suspected of being recruited by pro-Russian hackers to carry out surveillance activities.Support our show by sharing your favorite episodes with a friend, subscribe, give us a rating or leave a comment on your podcast platform.This podcast is brought to you by LimaCharlie, maker of the SecOps Cloud Platform, infrastructure for SecOps where everything is built API first. Scale with confidence as your business grows. Start today for free at limacharlie.io.

New Oracle E-Business Suite Patches Oracle released one more patch for the e-business suite. Oracle does not state if it is already exploited, but the timing of the patch suggests that it should be expedited. https://www.oracle.com/security-alerts/alert-cve-2025-61884.html Widespread Sonicwall SSLVPN Compromise Huntress Labs observed the widespread compromise of the Sonicwall SSLVPN appliance. https://www.huntress.com/blog/sonicwall-sslvpn-compromise Active Exploitation of Gladinet CentreStack and Triofox Local File Inclusion Flaw (CVE-2025-11371) An unpatched vulnerability in the secure file sharing solutions Gladinet CentreStack and TrioFox is being exploited. https://www.huntress.com/blog/gladinet-centrestack-triofox-local-file-inclusion-flaw Two 7-Zip Vulnerabilities CVE-2025-11002, CVE-2025-11001 7-Zip patched two vulnerabilities that may lead to arbitrary code execution https://www.zerodayinitiative.com/advisories/ZDI-25-949/ https://www.zerodayinitiative.com/advisories/ZDI-25-950/

FreePBX Exploit Attempts (CVE-2025-57819) A FreePBX SQL injection vulnerability disclosed in August is being used to execute code on affected systems. https://isc.sans.edu/diary/Exploit%20Against%20FreePBX%20%28CVE-2025-57819%29%20with%20code%20execution./32350 Disrupting Threats Targeting Microsoft Teams Microsoft published a blog post outlining how to better secure Teams. https://www.microsoft.com/en-us/security/blog/2025/10/07/disrupting-threats-targeting-microsoft-teams/ Kibana XSS Patch CVE-2025-25009 Elastic patched a stored XSS vulnerability in Kibana https://discuss.elastic.co/t/kibana-8-18-8-8-19-5-9-0-8-and-9-1-5-security-update-esa-2025-20/382449 QT SVG Vulnerabilities CVE-2025-10728, CVE-2025-10729, The QT group fixed two vulnerabilities in the QT SVG module. One of the vulnerabilities may be used for code execution https://www.qt.io/blog/security-advisory-uncontrolled-recursion-and-use-after-free-vulnerabilities-in-qt-svg-module-impact-qt

What is a CVE – and why does it matter to your patching process? Landon Miles breaks down CVEs, CVSS scores, and CNAs – covering how they work together, what to prioritize, and how to respond. Learn how to assess risk, spot active exploits, and streamline remediation with clear, actionable steps.

Sometimes you don t even need to log in Applications using simple, predictable cookies to verify a user s identity are still exploited, and relatively recent vulnerabilities are still due to this very basic mistake. https://isc.sans.edu/diary/%22user%3Dadmin%22.%20Sometimes%20you%20don%27t%20even%20need%20to%20log%20in./32334 Western Digital My Cloud Vulnerability Western Digital patched a critical vulnerability in its MyCloud device. https://nvd.nist.gov/vuln/detail/CVE-2025-30247 sudo vulnerability exploited A recently patched vulnerability in sudo is now being exploited. https://www.sudo.ws/security/advisories/

Stevens Roundtable: Understanding Commercial Vehicle Enforcement Trucker Tim welcomes Sergeant Barrett Smith from the Mesquite Police Department to discuss the crucial role of Commercial Vehicle Enforcement (CVE) in ensuring road safety. Sergeant Smith explains the importance of non-punitive inspections for driver and public safety, emphasizing the need for compliance and effective pre-trip inspections. The conversation explores the accountability and cooperation between CVE and drivers, sharing valuable insights on preparing for inspections and maintaining vehicle safety. Hear about the pivotal efforts of CVE to keep roads safer, benefiting both drivers and the motoring public. Trucking Brotherhood and New Beginnings at Stevens Transport Noah Easley, a new solo driver at Stevens Transport. Noah shares his transition into the trucking world, highlighting the camaraderie at Stevens and the industry's brotherhood vibe reminiscent of 'Smokey and the Bandit.' With insights on training with mentor Larry Ruffin and adapting to life on the road, Noah reflects on his journey and future aspirations. He also touches on his passion for rapping during long drives. Discover the blend of community, personal growth, and lifestyle in the trucking industry through Noah's story. Become a Team Driver Discover the transformative world of team driving with Stevens Transport in this insightful discussion. Learn how driving with a partner boosts efficiency, earning potential, and safety, while allowing for nearly constant travel and the enjoyment of America's stunning landscapes. Understand how federal regulations intersect with teamwork logistics, enabling over 5,500 miles a week. Insights on rest strategies, like bunk bed sleeping arrangements, are shared. Stevens Transport explains the advantages of choosing your driving partner and how this approach can elevate your trucking career. Explore team driving's benefits and start your journey to success now. Earn More/Team Up - https://vimeo.com/1020240977 Driver Spotlight - Jeremy J. Carter Meet Jeremy J. Carter, a dedicated Stevens Transport driver and trainer from Inverness, Florida. Celebrating 2 million miles, Jeremy shares his trucking journey, highlighting the support he's received and the experiences he's had along the way. Hear why he's working toward 3 million miles and why Stevens is still home after 18 years. See the video here: https://youtu.be/v0mmchHExQo?si=jTBODPWcS5Q7W2i5 Hall of Famer Richard Fertig: A Mentor for Future Drivers Richard Fertig, celebrates 15 years with Stevens Transport. Discover what makes Richard a standout figure in the trucking world, from his love for capturing scenic beauty on the road to his dedication to training new drivers. Richard shares insights into the supportive culture at Stevens, the importance of asking questions, and his willingness to help fellow drivers. Whether you're a seasoned driver or new to the industry, Richard's wisdom and open approach are invaluable. Tune in to explore a career that Pilot/Flying J Rewards App: https://pilotflyingj.com/rewards Become a Driver for Stevens Transport For questions on whether you meet our driver qualifications, please call our Recruiting Department at 1-800-333-8595 or visit: www.stevenstransport.com/drivers/ Stevens Transport 9757 Military Parkway, Dallas, TX 75227 http://www.stevenstransport.com/ http://www.becomeadriver.com/ Driver Recruiting: 1-800-333-8595.  Apply Here: https://intelliapp2.driverapponline.com Paragon Leasing Technician Careers: https://www.stevenstransport.com/careers/fleet-maintenance-jobs/

The White House Office of Management and Budget is instructing agencies to consider reducing staff for programs that have a lapse in funding in the event of a government shutdown, as tensions rise ahead of the Sept. 30 end to the fiscal year. “With respect to those Federal programs whose funding would lapse and which are otherwise unfunded, such programs are no longer statutorily required to be carried out,” the undated message said. The guidance goes on to say that consistent with applicable law, including a federal reduction in force statute, agencies are directed to use this opportunity to consider RIF notices for employees working in projects, programs or activities that have a funding lapse on Oct.1, don't have another source of funding, and are not consistent with President Donald Trump's priorities. The project, program or activity must meet all three criteria, the message said. The message places blame for a possible shutdown squarely on congressional Democrats, calling their demands “insane.” The OMB message explains that the One Big Beautiful Bill Act, legislation passed earlier this year that is at the heart of Trump's second-term agenda, provided “ample resources to ensure that many core Trump Administration priorities will continue uninterrupted.” Federal cyber authorities sounded a rare alarm last week, issuing an emergency directive about an ongoing and widespread attack spree involving actively exploited zero-day vulnerabilities affecting Cisco firewalls. Cisco said it began investigating attacks on multiple government agencies linked to the state-sponsored campaign in May. The vendor, which attributes the attacks to the same threat group behind an early 2024 campaign targeting Cisco devices it dubbed “ArcaneDoor,” said the new zero-days were exploited to “implant malware, execute commands, and potentially exfiltrate data from the compromised devices.” Cisco disclosed three vulnerabilities affecting its Adaptive Security Appliances — CVE-2025-20333, CVE-2025-20363 and CVE-2025-20362 — but said “evidence collected strongly indicates CVE-2025-20333 and CVE-2025-20362 were used by the attacker in the current attack campaign.” The Cybersecurity and Infrastructure Security Agency said those two zero-days pose an “unacceptable risk” to federal agencies and require immediate action. The Daily Scoop Podcast is available every Monday-Friday afternoon. If you want to hear more of the latest from Washington, subscribe to The Daily Scoop Podcast  on Apple Podcasts, Soundcloud, Spotify and YouTube.

Distracting the Analyst for Fun and Profit Our undergraduate intern, Tyler House analyzed what may have been a small DoS attack that was likely more meant to distract than to actually cause a denial of service https://isc.sans.edu/diary/%5BGuest%20Diary%5D%20Distracting%20the%20Analyst%20for%20Fun%20and%20Profit/32308 GitHub s plan for a more secure npm supply chain GitHub outlined its plan to harden the supply chain, in particular in light of the recent attack against npm packages https://github.blog/security/supply-chain-security/our-plan-for-a-more-secure-npm-supply-chain/ SolarWinds Web Help Desk AjaxProxy Deserialization of Untrusted Data Remote Code Execution Vulnerability (CVE-2025-26399) SolarWinds Web Help Desk was found to be susceptible to an unauthenticated AjaxProxy deserialization remote code execution vulnerability that, if exploited, would allow an attacker to run commands on the host machine. This vulnerability is a patch bypass of CVE-2024-28988, which in turn is a patch bypass of CVE-2024-28986. https://www.solarwinds.com/trust-center/security-advisories/cve-2025-26399 Vulnerabilities in Supermicro BMC Firmware CVE-2025-7937 CVE-2025-6198 Supermicro fixed two vulnerabilities that could allow an attacker to compromise the BMC with rogue firmware. https://www.supermicro.com/en/support/security_BMC_IPMI_Sept_2025

???? Register for FREE Infosec Webcasts, Anti-casts & Summits – https://poweredbybhis.com 00:00 - PreShow Banter™ — Enter Dark John03:15 - Kerberoasting Goes to Washington – BHIS - Talkin' Bout [infosec] News 2025-09-1503:49 - Story # 1: Senator blasts Microsoft for making default Windows vulnerable to “Kerberoasting”12:46 - Story # 2: How an Attacker's Blunder Gave Us a Rare Look Inside Their Day-to-Day Operations32:42 - Story # 3: Some JLR suppliers ‘face bankruptcy' due to hack crisis41:30 - Story # 4: AI-Powered Villager Pen Testing Tool Hits 11,000 PyPI Downloads Amid Abuse Concerns46:07 - Story # 5: All your vulns are belong to us! CISA wants to maintain gov control of CVE program49:55 - Story # 6: Qantas penalizes executives for July cyberattack51:15 - Story # 7: America's second largest egg producer breached, claim hackers54:55 - Story # 8: Undocumented Radios Found in Solar-Powered Devices

CTRL-Z DLL Hooking Attackers may use a simple reload trick to overwrite breakpoints left by analysts to reverse malicious binaries. https://isc.sans.edu/diary/CTRL-Z%20DLL%20Hooking/32294 Global Admin in every Entra ID tenant via Actor tokens As part of September s patch Tuesday, Microsoft patched CVE-2025-55241. The discoverer of the vulnerability, Dirk-jan Mollema has published a blog post showing how this vulnerability could have been exploited. https://dirkjanm.io/obtaining-global-admin-in-every-entra-id-tenant-with-actor-tokens/ WatchGuard Firebox iked Out of Bounds Write Vulnerability CVE-2025-9242 WatchGuard patched an out-of-bounds write vulnerability, which could allow an unauthenticated attacker to compromise the devices. https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2025-00015 NVidia Triton Inference Server NVIDIA patched critical vulnerabilities in its Triton Inference Server. https://nvidia.custhelp.com/app/answers/detail/a_id/5691

Chris and Hector call out Microsoft for “gross cybersecurity negligence,” explain Kerberoasting in plain English, and discuss CISA's CVE overhaul. Plus, hackers on the battlefield, and how U.S. tech helped build China's surveillance state. Join our new Patreon! ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://www.patreon.com/c/hackerandthefed⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ Send HATF your questions at ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠questions@hackerandthefed.com

If you like what you hear, please subscribe, leave us a review and tell a friend!Apple, Google, and other tech companies addressed actively exploited vulnerabilities and malware campaigns, including CVE-2025-43300 and hundreds of malicious Android apps involved in ad fraud. Threat actors, including ShinyHunters and North Korean phishing groups, leveraged stolen data, AI-forged military IDs, and ransomware to target individuals and organizations, while VC and cyber investment firms like Glilot Capital continued to raise significant funding.

Samsung patches a critical Android zero-day vulnerability. Microsoft resolves a global Exchange Online outage. CISA reaffirms its commitment to the CVE program. California passes a bill requiring web browsers to let users automatically send opt-out signals. Apple issues spyware attack warnings. The FTC opens an investigation into AI chatbots on how they protect children and teens. A hacker convicted of attempting to extort more than 20,000 psychotherapy patients is free on appeal. Our guest is Dave Lewis, Global Advisory CISO at 1Password, discussing how security leaders can protect M&A deal value and integrity. Schools face insider threats from students. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today's guest is Dave Lewis, Global Advisory CISO at 1Password, discussing how security leaders can protect deal value and integrity.Selected Reading Samsung patches actively exploited zero-day reported by WhatsApp (Bleeping Computer) Microsoft fixes Exchange Online outage affecting users worldwide (Bleeping Computer) CISA looks to partners to shore up the future of the CVE Program (Help Net Security) California legislature passes bill forcing web browsers to let consumers automatically opt out of data sharing (The Record) Apple warns customers targeted in recent spyware attacks (Bleeping Computer) FTC to AI Companies: Tell Us How You Protect Teens and Kids Who Use AI Companions (CNET) Defence, Space and Cybersecurity. Why the General Assembly in Frascati matters (Decode39) DSEI Takeaways: Space and Cyber and the Invisible Front Line (Via Satellite)  Hacker convicted of extorting 20,000 psychotherapy victims walks free during appeal (The Record) Children hacking their own schools for 'fun', watchdog warns (BBC) - kicker Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

BASE64 Over DNS The base64 character set exceeds what is allowable in DNS. However, some implementations will work even with these invalid characters. https://isc.sans.edu/diary/BASE64%20Over%20DNS/32274 Google Chrome Update Google released an update for Google Chrome, addressing two vulnerabilities. One of the vulnerabilities is rated critical and may allow code execution. https://chromereleases.googleblog.com/2025/09/stable-channel-update-for-desktop_9.html Ivanti Updates Ivanti patched a number of vulnerabilities, several of them critical, across its product portfolio. https://forums.ivanti.com/s/article/September-Security-Advisory-Ivanti-Connect-Secure-Policy-Secure-ZTA-Gateways-and-Neurons-for-Secure-Access-Multiple-CVEs Sophos Patches Sophos resolved authentication bypass vulnerability in Sophos AP6 series wireless access point firmware (CVE-2025-10159) https://www.sophos.com/en-us/security-advisories/sophos-sa-20250909-ap6 Apple Introduces Memory Integrity Enforcement With the new hardware promoted in yesterday s event, Apple also introduced new memory integrity features based on this new hardware. https://security.apple.com/blog/memory-integrity-enforcement/

In this episode of Manufacturing Hub Podcast, hosts Vladimir Romanov and Dave Griffith sit down with Gavin Dilworth to explore the evolving world of ICS and OT cybersecurity. This is a topic that impacts every sector of manufacturing and critical infrastructure, yet many organizations still struggle with where to start, how to assess risk, and how to balance IT and OT responsibilities.Gavin brings decades of experience in automation engineering and cybersecurity, having worked across energy, oil and gas, water, and manufacturing. He shares his unique journey from being an operator and control systems engineer to becoming a specialist in OT cybersecurity. The conversation spans a wide range of issues, from asset inventory and managed switches to people, process, and technology frameworks that help organizations take the first step toward maturity.We discuss why IT and OT teams often clash and what it takes to bridge the gap. Gavin explains the realities of budgets, the challenges of compliance, and why self-reporting frameworks often fail to reflect true maturity. He also highlights the role of legislation in Europe, rising insurance premiums, and how cybersecurity assessments can influence financial and strategic decisions at the executive level.The episode provides clear insights into best practices such as building a proper asset inventory, structuring security awareness training for OT teams, and applying a risk-based approach to patch management. Gavin also outlines the importance of functional safety, process hazard analysis, and the role of frameworks like ISA/IEC 62443. For engineers, leaders, and decision makers, this conversation makes it clear that cybersecurity is not just a technology problem but a people and process challenge that requires long term discipline and investment.If you want to understand what real world OT cybersecurity looks like, what mistakes to avoid, and how to set a path toward resilience, this episode is packed with valuable takeaways.Timestamps 00:00 Introduction and upcoming ICC event 02:20 Gavin's career journey from operator to cybersecurity expert 06:00 What ICS and OT cybersecurity really mean 09:00 Managed switches, firewalls, and securing industrial devices 11:00 The importance of people, process, and technology in security programs 13:30 Asset inventories and the first practical steps in cybersecurity 17:00 Insurance, legislation, and financial implications of OT risk 23:00 The problem with self reporting and maturity frameworks 27:00 Risk based patching strategies and CVE management 31:00 Physical keys, tokens, and access control challenges 37:00 IT versus OT ownership of cybersecurity 45:00 Certifications, training, and resources for professionals 53:00 Unified Namespace and cybersecurity considerations 58:00 Predictions for the next five years in OT cybersecurity 01:02:00 Career advice for engineers and cybersecurity professionalsReferences mentioned in this episode Industrial Network Security, Eric D. Knapp (Third Edition): https://www.isa.org/products/industrial-network-security-third-edition Security PHA Review: https://www.isa.org/products/security-pha-review-for-consequence-based-cyberse Managing Cybersecurity in the Process Industries, ISA: https://www.isa.org/products/managing-cybersecurity-in-the-process-indust Industrial Cybersecurity: Efficiently secure critical infrastructure systems, Steve Mustard: https://www.isa.org/products/industrial-cybersecurity-efficiently-secure-criti Assessment Plus: https://assessmentplus.co.nz Ignition 8.3 by Inductive Automation: https://inductiveautomation.comAbout the hosts Vladimir Romanov is an electrical engineer and MBA with over a decade of experience in manufacturing and industrial automation. He has worked with Procter and Gamble, Kraft Heinz, Post Holdings, and now leads Joltek, a consulting and integration firm focused on digital transformation and modern manufacturing systems.Dave Griffith is an experienced systems integrator, consultant, and advisor in the industrial automation space. He has worked with manufacturers across multiple sectors, helping organizations align technology with business strategy.About the guest Gavin Dilworth is the founder of Assessment Plus, based in New Zealand. With a background spanning automation, controls, and cybersecurity, he helps organizations design architectures, implement policies, and build resilience in OT environments. He also mentors professionals looking to enter or advance in the ICS cybersecurity field. Connect with him here: https://www.linkedin.com/in/gavin-dilworth/

Up first, the ASW news of the week. At Black Hat 2025, Doug White interviews Ted Shorter, CTO of Keyfactor, about the quantum revolution already knocking on cybersecurity's door. They discuss the terrifying reality of quantum computing's power to break RSA and ECC encryption—the very foundations of modern digital life. With 2030 set as the deadline for transitioning away from legacy crypto, organizations face a race against time. Ted breaks down what "full crypto visibility" really means, why it's crucial to map your cryptographic assets now, and how legacy tech—from robotic sawmills to outdated hospital gear—poses serious risks. The interview explores NIST's new post-quantum algorithms, global readiness efforts, and how Keyfactor's acquisitions of InfoSec Global and Cipher Insights help companies start the quantum transition today—not tomorrow. Don't wait for the breach. Watch this and start your quantum strategy now. If digital trust is the goal, cryptography is the foundation. Segment Resources: http://www.keyfactor.com/digital-trust-digest-quantum-readiness https://www.keyfactor.com/press-releases/keyfactor-acquires-infosec-global-and-cipherinsights/ For more information about Keyfactor's latest Digital Trust Digest, please visit: https://securityweekly.com/keyfactorbh Live from BlackHat 2025 in Las Vegas, cybersecurity host Jackie McGuire sits down with Seemant Sehgal, founder of BreachLock, to unpack one of the most pressing challenges facing SOC teams today: alert fatigue—and its even more dangerous cousin, vulnerability fatigue. In this must-watch conversation, Seemant reveals how his groundbreaking approach, Adversarial Exposure Validation (AEV), flips the script on traditional defense-heavy security strategies. Instead of drowning in 10,000+ “critical” alerts, AEV pinpoints what actually matters—using Generative AI to map realistic attack paths, visualize kill chains, and identify the exact vulnerabilities that put an organization's crown jewels at risk. From his days leading cybersecurity at a major global bank to pioneering near real-time CVE validation, Seemant shares insights on scaling offensive security, improving executive buy-in, and balancing automation with human expertise. Whether you're a CISO, SOC analyst, red teamer, or security enthusiast, this interview delivers actionable strategies to fight fatigue, prioritize risks, and protect high-value assets. Key topics covered: - The truth about alert fatigue & why it's crippling SOC efficiency - How AI-driven offensive security changes the game - Visualizing kill chains to drive faster remediation - Why fixing “what matters” beats fixing “everything” - The future of AI trust, transparency, and control in cybersecurity Watch now to discover how BreachLock is redefining offensive security for the AI era. Segment Resources: https://www.breachlock.com/products/adversarial-exposure-validation/ This segment is sponsored by Breachlock. Visit https://securityweekly.com/breachlockbh to learn more about them! Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw-347

In this episode of The Cybersecurity Defenders Podcast, we discuss some intel being shared in the LimaCharlie community.The Salt Typhoon cyber campaign, attributed to Chinese state-backed hackers, has been declared a national defense crisis by the FBI and allied intelligence agencies.A group identifying itself as “Scattered LapSus Hunters” has posted a threat on Telegram demanding that Google terminate two of its employees.A newly discovered WhatsApp vulnerability, now tracked as CVE-2025-55177, has triggered urgent security advisories, particularly for iPhone users.More than 1,000 developers were compromised in just over four hours on August 26 during an unprecedented, AI-assisted software supply chain attack targeting the npm ecosystem.Support our show by sharing your favorite episodes with a friend, subscribe, give us a rating or leave a comment on your podcast platform.This podcast is brought to you by LimaCharlie, maker of the SecOps Cloud Platform, infrastructure for SecOps where everything is built API first. Scale with confidence as your business grows. Start today for free at limacharlie.io.

Register for FREE Infosec Webcasts, Anti-casts & Summits – https://poweredbybhis.com00:00 - PreShow Banter™ — It's 8ft skeleton season.02:18 - BHIS - Talkin' Bout [infosec] News 2025-09-0203:07 - Story # 1: Salesloft breached to steal OAuth tokens for Salesforce data-theft attacks07:35 - Story # 2: DSLRoot, Proxies, and the Threat of ‘Legal Botnets'13:46 - Story # 3: Attackers Abuse Velociraptor Forensic Tool to Deploy Visual Studio Code for C2 Tunneling17:44 - Story # 4: Ransomware crooks knock Swedish municipalities offline for measly sum of $168K19:39 - Story # 5: As crippling cyberattack against Nevada continues, Lombardo says ‘we're working through it.'20:56 - Story # 6: Citrix forgot to tell you CVE-2025–6543 has been used as a zero day since May 202522:43 - Story # 7: NetScaler ADC and NetScaler Gateway Security Bulletin for CVE-2025-7775, CVE-2025-7776 and CVE-2025-842425:20 - Story # 8: First known AI-powered ransomware uncovered by ESET Research30:00 - Story # 9: In the rush to adopt hot new tech, security is often forgotten. AI is no exception32:06 - Story # 10: TransUnion suffers data breach impacting over 4.4 million people34:17 - Story # 11: ChickenSec FollowUp: Artificial Intelligence: The other AI35:20 - Story # 12: They weren't lovin' it - hacker cracks McDonald's security in quest for free nuggets, and it was apparently not too tricky39:29 - Identify the birds you see or hear with Merlin Bird ID40:04 - Story # 13: Detecting and countering misuse of AI: August 202551:31 - Story # 14: I'm a Stanford student. A Chinese agent tried to recruit me as a spy

For this short week we had episodes on Tuesday and Thursday. We'll return to our Monday, Wednesday and Friday schedule starting next Monday.  But we have an interview this weekend with the researchers who have issued a proof of concept showing that you can go from CVE to working exploit in 15 minutes and at the cost of less than a dollar using AI.   

Salt Typhoon marks China's most ambitious campaign yet. A major Google outage hit Southeastern Europe.  A critical zero-day flaw in FreePBX gets patched. Scattered Lapsus$ Hunters claim the Jaguar Land Rover hack. Researchers uncover a major evolution in the XWorm backdoor campaign. GhostRedirector is a new China-aligned threat actor. CISA adds a pair of TP-Link router flaws to its Known Exploited Vulnerabilities (KEV) catalog. The feds put a $10 million bounty on three Russian FSB officers. Experts warn sweeping cuts to ODNI could cripple U.S. cyber defense. Our guest is Rick Kaun, Global Director of Cybersecurity Services at Rockwell Automation, discussing IT/OT convergence in securing critical water and wastewater systems. Google says rumors of Gmail's breach are greatly exaggerated. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.CyberWire Guest Today our guest is Rick Kaun, Global Director of Cybersecurity Services at Rockwell Automation, who is talking about "IT/OT Convergence for Critical Water & Wastewater Security." Selected Reading ‘Unrestrained' Chinese Cyberattackers May Have Stolen Data From Almost Every American (The New York Times) Google Down in Eastern Europe (UPDATED) (Novinite Sofia News Agency) Sangoma Patches Critical Zero-Day Exploited to Hack FreePBX Servers (SecurityWeek) M&S hackers claim to be behind Jaguar Land Rover cyber attack (BBC) XWorm's Evolving Infection Chain: From Predictable to Deceptive (Trellix) GhostRedirector poisons Windows servers: Backdoors with a side of Potatoes (welivesecurity by ESET) CISA Flags TP-Link Router Flaws CVE-2023-50224 and CVE-2025-9377 as Actively Exploited (The Cyber Security News)  US offers $10 million bounty for info on Russian FSB hackers (Bleeping Computer) Cutting Cyber Intelligence Undermines National Security (FDD) No, Google did not warn 2.5 billion Gmail users to reset passwords (Bleeping Computer) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Exploit Attempts for Dassault DELMIA Apriso. CVE-2025-5086 Our honeypots detected attacks against the manufacturing management system DELMIA Apriso. The deserialization vulnerability was patched in June and is one of a few critical vulnerabilities patched in recent months. https://isc.sans.edu/diary/Exploit%20Attempts%20for%20Dassault%20DELMIA%20Apriso.%20CVE-2025-5086/32256 Android Bulletin Google released its September update, fixing two already-exploited privilege escalation flaws and some remote code execution issues. https://source.android.com/docs/security/bulletin/2025-09-01 Mis-issued Certificates for SAN iPAddress:1.1.1.1 by Fina RDC 2020 Certificate authority Fina RDC issues a certificate for Cloudflare s IP address 1.1.1.1 https://groups.google.com/a/mozilla.org/g/dev-security-policy/c/SgwC1QsEpvc

Getting a Better Handle on International Domain Names and Punycode International Domain names can be used for phishing and other attacks. One way to identify suspect names is to look for mixed script use. https://isc.sans.edu/diary/Getting%20a%20Better%20Handle%20on%20International%20Domain%20Names%20and%20Punycode/32234 Citrix Netscaler Vulnerabilities CVE-2025-7775, CVE-2025-7776 and CVE-2025-8424 Citrix patched three vulnerabilities in Netscaler. One is already being exploited https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX694938&articleTitle=NetScaler_ADC_and_NetScaler_Gateway_Security_Bulletin_for_CVE_2025_7775_CVE_2025_7776_and_CVE_2025_8424 git vulnerability exploited (CVE-2025-48384) A git vulnerability patched in early July is now being exploited https://github.com/git/git/security/advisories/GHSA-vwqx-4fm8-6qc9

Apple's "Awe dropping" event is set for September 9th. Developer beta 8 of iOS 216, iPadOS 26, and macOS Tahoe 26 has been released. Apple TV+ is hiking its monthly user price. And Masimo sues US Customs over Apple's Apple Watch blood oxygen workaround. Apple September Event invites have officially gone out. iPhone 17 countdown begins as Foxconn ramps up factory hiring in China. Apple seeds developer beta 8 of iOS 26, iPadOS 26, macOS Tahoe 26. MacOS 26 Tahoe's dead canary utility app Icons. Apple may back out of MLB entirely as NBC closes in on 'Sunday Night Baseball' rights. Apple TV+ hiking price, will now cost $13 per month in U.S. Masimo was last to learn about blood oxygen sensing returning to Apple Watch. FTC draws hard line on foreign-driven censorship & data demands for Big Tech. Apple Wallet in iOS 26 adds a toggle to disable controversial feature. HBO Max launches new Harry Potter immersive environment on Apple Vision Pro. 'F1' & 'Superman' top $600M global; 'Demon Slayer: Infinity Castle' killing it overseas. Elon Musk's xAI sues Apple over claims it favors OpenAI. Apple patches CVE-2025-43300 zero-day in iOS, iPadOS, and macOS exploited in targeted attacks. Picks of the Week Jason's Pick: Nic's Fix Andy's Pick: Studs Terkel Alex's Pick: Bitrig Hosts: Leo Laporte, Alex Lindsay, Andy Ihnatko, and Jason Snell Download or subscribe to MacBreak Weekly at https://twit.tv/shows/macbreak-weekly. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: pantheon.io cachefly.com/twit

Apple's "Awe dropping" event is set for September 9th. Developer beta 8 of iOS 216, iPadOS 26, and macOS Tahoe 26 has been released. Apple TV+ is hiking its monthly user price. And Masimo sues US Customs over Apple's Apple Watch blood oxygen workaround. Apple September Event invites have officially gone out. iPhone 17 countdown begins as Foxconn ramps up factory hiring in China. Apple seeds developer beta 8 of iOS 26, iPadOS 26, macOS Tahoe 26. MacOS 26 Tahoe's dead canary utility app Icons. Apple may back out of MLB entirely as NBC closes in on 'Sunday Night Baseball' rights. Apple TV+ hiking price, will now cost $13 per month in U.S. Masimo was last to learn about blood oxygen sensing returning to Apple Watch. FTC draws hard line on foreign-driven censorship & data demands for Big Tech. Apple Wallet in iOS 26 adds a toggle to disable controversial feature. HBO Max launches new Harry Potter immersive environment on Apple Vision Pro. 'F1' & 'Superman' top $600M global; 'Demon Slayer: Infinity Castle' killing it overseas. Elon Musk's xAI sues Apple over claims it favors OpenAI. Apple patches CVE-2025-43300 zero-day in iOS, iPadOS, and macOS exploited in targeted attacks. Picks of the Week Jason's Pick: Nic's Fix Andy's Pick: Studs Terkel Alex's Pick: Bitrig Hosts: Leo Laporte, Alex Lindsay, Andy Ihnatko, and Jason Snell Download or subscribe to MacBreak Weekly at https://twit.tv/shows/macbreak-weekly. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: pantheon.io cachefly.com/twit

Apple's "Awe dropping" event is set for September 9th. Developer beta 8 of iOS 216, iPadOS 26, and macOS Tahoe 26 has been released. Apple TV+ is hiking its monthly user price. And Masimo sues US Customs over Apple's Apple Watch blood oxygen workaround. Apple September Event invites have officially gone out. iPhone 17 countdown begins as Foxconn ramps up factory hiring in China. Apple seeds developer beta 8 of iOS 26, iPadOS 26, macOS Tahoe 26. MacOS 26 Tahoe's dead canary utility app Icons. Apple may back out of MLB entirely as NBC closes in on 'Sunday Night Baseball' rights. Apple TV+ hiking price, will now cost $13 per month in U.S. Masimo was last to learn about blood oxygen sensing returning to Apple Watch. FTC draws hard line on foreign-driven censorship & data demands for Big Tech. Apple Wallet in iOS 26 adds a toggle to disable controversial feature. HBO Max launches new Harry Potter immersive environment on Apple Vision Pro. 'F1' & 'Superman' top $600M global; 'Demon Slayer: Infinity Castle' killing it overseas. Elon Musk's xAI sues Apple over claims it favors OpenAI. Apple patches CVE-2025-43300 zero-day in iOS, iPadOS, and macOS exploited in targeted attacks. Picks of the Week Jason's Pick: Nic's Fix Andy's Pick: Studs Terkel Alex's Pick: Bitrig Hosts: Leo Laporte, Alex Lindsay, Andy Ihnatko, and Jason Snell Download or subscribe to MacBreak Weekly at https://twit.tv/shows/macbreak-weekly. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: pantheon.io cachefly.com/twit

Apple's "Awe dropping" event is set for September 9th. Developer beta 8 of iOS 216, iPadOS 26, and macOS Tahoe 26 has been released. Apple TV+ is hiking its monthly user price. And Masimo sues US Customs over Apple's Apple Watch blood oxygen workaround. Apple September Event invites have officially gone out. iPhone 17 countdown begins as Foxconn ramps up factory hiring in China. Apple seeds developer beta 8 of iOS 26, iPadOS 26, macOS Tahoe 26. MacOS 26 Tahoe's dead canary utility app Icons. Apple may back out of MLB entirely as NBC closes in on 'Sunday Night Baseball' rights. Apple TV+ hiking price, will now cost $13 per month in U.S. Masimo was last to learn about blood oxygen sensing returning to Apple Watch. FTC draws hard line on foreign-driven censorship & data demands for Big Tech. Apple Wallet in iOS 26 adds a toggle to disable controversial feature. HBO Max launches new Harry Potter immersive environment on Apple Vision Pro. 'F1' & 'Superman' top $600M global; 'Demon Slayer: Infinity Castle' killing it overseas. Elon Musk's xAI sues Apple over claims it favors OpenAI. Apple patches CVE-2025-43300 zero-day in iOS, iPadOS, and macOS exploited in targeted attacks. Picks of the Week Jason's Pick: Nic's Fix Andy's Pick: Studs Terkel Alex's Pick: Bitrig Hosts: Leo Laporte, Alex Lindsay, Andy Ihnatko, and Jason Snell Download or subscribe to MacBreak Weekly at https://twit.tv/shows/macbreak-weekly. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: pantheon.io cachefly.com/twit

Increased Elasticsearch Recognizance Scans Our honeypots noted an increase in reconnaissance scans for Elasticsearch. In particular, the endpoint /_cluster/settings is hit hard. https://isc.sans.edu/diary/Increased%20Elasticsearch%20Recognizance%20Scans/32212 Microsoft Patch Tuesday Issues Microsoft noted some issues deploying the most recent patches with WSUS. There are also issues with certain SSDs if larger files are transferred. https://learn.microsoft.com/en-us/windows/release-health/status-windows-11-24h2#3635msgdesc https://www.tomshardware.com/pc-components/ssds/latest-windows-11-security-patch-might-be-breaking-ssds-under-heavy-workloads-users-report-disappearing-drives-following-file-transfers-including-some-that-cannot-be-recovered-after-a-reboot SAP Vulnerabilities Exploited CVE-2025-31324, CVE-2025-42999 Details explaining how to take advantage of two SAP vulnerabilities were made public https://onapsis.com/blog/new-exploit-for-cve-2025-31324/

CVE-2017-11882 Will Never Die The (very) old equation editor vulnerability is still being exploited, as this recent sample analyzed by Xavier shows. The payload of the Excel file attempts to download and execute an infostealer to exfiltrate passwords via email. https://isc.sans.edu/diary/CVE-2017-11882%20Will%20Never%20Die/32196 Windows Kerberos Elevation of Privilege Vulnerability Yesterday, Microsoft released a patch for a vulnerability that had already been made public. This vulnerability refers to the privilege escalation taking advantage of a path traversal issue in Windows Kerberos affecting Exchange Server in hybrid mode. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53779 Persistent Risk: XZ Utils Backdoor Still Lurking in Docker Images Some old Debian Docker images containing the xz-utils backdoor are still available for download from Docker Hub via the official Debian account. https://www.binarly.io/blog/persistent-risk-xz-utils-backdoor-still-lurking-in-docker-images FortiSIEM / FortiWeb Vulnerablities Fortinet patched already exploited vulnerabilities in FortiWeb and FortiSIEM https://fortiguard.fortinet.com/psirt/FG-IR-25-152 https://fortiguard.fortinet.com/psirt/FG-IR-25-448