POPULARITY
Categories
SANS Internet Stormcenter Daily Network/Cyber Security and Information Security Stormcast
SVG Steganography Steganography is not only limited to pixel-based images but can be used to embed messages into vector-based formats like SVG. https://isc.sans.edu/diary/SVG%20Steganography/31978 Fortinet Vulnerability Details CVE-2025-32756 Horizon3.ai shows how it was able to find the vulnerability in Fortinet s products, and how to possibly exploit this issue. The vulnerability is already being exploited in the wild and was patched May 13th https://horizon3.ai/attack-research/attack-blogs/cve-2025-32756-low-rise-jeans-are-back-and-so-are-buffer-overflows/ Remote Prompt Injection in GitLab Duo Leads to Source Code Theft An attacker may leave instructions (prompts) for GitLab Duo embedded in the source code. This could be used to exfiltrate source code and secrets or to inject malicious code into an application. https://www.legitsecurity.com/blog/remote-prompt-injection-in-gitlab-duo
Hablamos con Iván Servia, de Tagen Ata, quien actualmente está impartiendo un curso de acreditación docente y ofreciendo formación para cooperativas. En nuestra charla, además de comentar su experiencia en la formación docente, abordamos la importancia de la capacitación en ciberseguridad, tema clave en la actualidad. Según el Informe global sobre la brecha de competencias en ciberseguridad 2024 de Fortinet, la falta de formación es responsable del 70 % de los ciberataques, que afectan a sectores como la banca, el comercio, la sanidad, la administración pública y la justicia. España es uno de los países europeos más afectados, recibiendo alrededor del 5 % de los ataques globales. El estudio destaca que casi el 90 % de las organizaciones han sufrido brechas de seguridad el último año, y que el déficit de competencias en ciberseguridad, la falta de compromiso organizativo y la insuficiente tecnología son las principales causas. Además, siete de cada diez responsables de sistemas reconocen que la carencia de formación aumenta los riesgos. El impacto económico es alto, con pérdidas que superan el millón de euros en la mitad de los casos, y responsabilidades legales para los directivos involucrados. La demanda de profesionales cualificados supera la oferta, y se estima que hacen falta cuatro millones de expertos para cubrir el déficit global. La formación continua y las certificaciones en ciberseguridad son altamente valoradas y respaldadas por las empresas, que están invirtiendo en ellas para mejorar la seguridad. Sin embargo, encontrar candidatos con la formación adecuada sigue siendo un desafío, especialmente en España, donde el 80 % de las empresas reporta dificultad en este aspecto. Finalmente, el aumento del compromiso de los consejos de administración y la implementación de formación obligatoria en ciberseguridad reflejan un cambio positivo en la gestión de estos riesgos.
Three Buddy Problem - Episode 46: We dig into a Coinbase breach headlined by bribes, rogue contractors and a $20 million ransom demand. Plus, (another!) batch of Ivanti and Microsoft zero-days being exploited in the wild, a new 'Intrusion Logging' feature coming to Android, Apple's iOS 18.5 patches, and the EU announcing its own vulnerability database and software vendor secure-coding pledge. Cast: Juan Andres Guerrero-Saade (https://twitter.com/juanandres_gs), Ryan Naraine (https://twitter.com/ryanaraine) and Costin Raiu (https://twitter.com/craiu).
SANS Internet Stormcenter Daily Network/Cyber Security and Information Security Stormcast
Microsoft Patch Tuesday Microsoft patched 70-78 vulnerabilities (depending on how you count them). Five of these vulnerabilities are already being exploited. In particular, a remote code execution vulnerability in the scripting engine should be taken seriously. It requires the Microsoft Edge browser to run in Internet Explorer mode. https://isc.sans.edu/diary/Microsoft%20Patch%20Tuesday%3A%20May%202025/31946 Security Advisory Ivanti Endpoint Manager Mobile (EPMM) May 2025 (CVE-2025-4427 and CVE-2025-4428) Ivanti patched an authentication bypass vulnerability and a remote code execution vulnerability. The authentication bypass can exploit the remote code execution vulnerability without authenticating first. https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Endpoint-Manager-Mobile-EPMM?language=en_US Fortinet Patches Exploited Vulnerability in API (CVE-2025-32756) Fortinet patched an already exploited stack-based buffer overflow vulnerability in the API of multiple Fortinet products. The vulnerability is exploited via crafted HTTP requests. https://fortiguard.fortinet.com/psirt/FG-IR-25-254
On this week's show Patrick Gray and Adam Boileau discuss the week's cybersecurity news: Struggling to find that pesky passwords.xlsx in Sharepoint? Copilot has your back! The ransomware ecosystem is finding life a bit tough lately SAP Netweaver bug being used by Chinese APT crew Academics keep just keep finding CPU side-channel attacks And of course… bugs! Asus, Ivanti, Fortinet… and a Nissan LEAF? This week's episode is sponsored by Resourcely, who will soothe your Terraform pains. Founder and CEO Tracis McPeak joins to talk about how to get from a very red dashboard full of cloud problems to a workable future. This episode is also available on Youtube. Show notes Exploiting Copilot AI for SharePoint | Pen Test Partners MrBruh's Epic Blog Ransomware group Lockbit appears to have been hacked, analysts say | Reuters "CONTI LEAK: Video they tried to bury! 6+ Conti members on a private jet. TARGET's birthday — $10M bounty on his head. Filmed by TARGET himself. Original erased — we kept a copy." Mysterious hackers who targeted Marks and Spencer's computer systems hint at political allegiance as they warn other tech criminals not to attack former Soviet states The organizational structure of ransomware groups is evolving rapidly. SAP NetWeaver exploitation enters second wave of threat activity China-Nexus Nation State Actors Exploit SAP NetWeaver (CVE-2025-31324) to Target Critical Infrastructures DOGE software engineer's computer infected by info-stealing malware Hackers hijack Japanese financial accounts to conduct nearly $2 billion in trades FBI and Dutch police seize and shut down botnet of hacked routers Poland arrests four in global DDoS-for-hire takedown School districts hit with extortion attempts after PowerSchool breach EU launches vulnerability database to tackle cybersecurity threats Training Solo - vusec Branch Privilege Injection: Exploiting Branch Predictor Race Conditions – Computer Security Group Remote Exploitation of Nissan Leaf: Controlling Critical Body Elements from the Internet PSIRT | FortiGuard Labs EPMM Security Update | Ivanti
In the leadership and communications section, How CISOs can talk cybersecurity so it makes sense to executives, Firms to spend more on GenAI than security in 2025, Europe leads shift from cyber security ‘headcount gap' to skills-based hiring, and more! Next, pre-recorded interviews from RSAC Conference 2025, including: This segment is sponsored by Fortinet. Visit https://securityweekly.com/fortinetrsac to learn more about them! Unpacking the latest annual report from Fortinet's FortiGuard Labs. We're talking with Derek Manky, Chief Security Strategist and Global VP Threat Intelligence, Fortinet's FortiGuard Labs, to get a snapshot of the active threat landscape and trends from 2024, including a comprehensive analysis across all tactics used in cyberattacks, as outlined in the MITRE ATT&CK framework. The report reveals that threat actors are increasingly harnessing automation, commoditized tools, and AI to systematically erode the traditional advantages held by defenders. Read the full report at https://securityweekly.com/fortinetrsac. This segment is sponsored by Cobalt. Visit https://securityweekly.com/cobaltrsac to learn more about them! In this interview, Gunter Ollmann, Chief Technology Officer at Cobalt, unpacks the findings from the State of Pentesting Report 2025, spotlighting both measurable security progress and the rising challenges introduced by generative AI (genAI). While the report shows that organizations are resolving vulnerabilities faster than ever, genAI systems stand out as a growing security blind spot: only 21% of serious genAI vulnerabilities identified during penetration testing are fixed, compared to over 75% for API flaws and 68% for cloud vulnerabilities. Nearly 32% of genAI-related findings were classified as high risk — more than double the average across other systems. And although 98% of organizations are adopting genAI-powered features, only 66% are running regular security assessments on those systems. Segment Resources: https://www.cobalt.io/blog/key-takeaways-state-of-pentesting-report-2025 https://resource.cobalt.io/state-of-pentesting-2025?gl=1*zwbjgz*gclaw*R0NMLjE3MzcwNTU5ODMuQ2owS0NRaUEtYUs4QmhDREFSSXNBTF8tSDltRlB0X2FmSVhnQnBzSjYxOHlRZ1dhcmRMQ0lHalo3eVgxcTh1cHVnWFVwV0todHFPSDFZZ2FBb0hNRUFMd193Y0I.*gcl_au*MTc4MjQwMTAwNC4xNzQ0NjM0MTgz Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw-395
In this episode of Cybersecurity Today, host Jim Love covers recent cybersecurity incidents including a data breach at Mark's and Spencer, the FBI's alert on outdated routers being exploited, and critical Fortinet vulnerabilities actively used in attacks. Additionally, the episode discusses a researcher's proof of concept showing how ransomware can be embedded directly into a CPU, bypassing traditional security measures. Listeners are urged to stay vigilant and implement necessary security patches and updates. 00:00 Breaking News: Marks and Spencer Data Breach 01:37 FBI Alert: Outdated Routers at Risk 03:43 Fortinet Zero-Day Vulnerability 05:46 Ransomware Embedded in CPUs: A New Threat 08:13 Conclusion and Contact Information
In the leadership and communications section, How CISOs can talk cybersecurity so it makes sense to executives, Firms to spend more on GenAI than security in 2025, Europe leads shift from cyber security ‘headcount gap' to skills-based hiring, and more! Next, pre-recorded interviews from RSAC Conference 2025, including: This segment is sponsored by Fortinet. Visit https://securityweekly.com/fortinetrsac to learn more about them! Unpacking the latest annual report from Fortinet's FortiGuard Labs. We're talking with Derek Manky, Chief Security Strategist and Global VP Threat Intelligence, Fortinet's FortiGuard Labs, to get a snapshot of the active threat landscape and trends from 2024, including a comprehensive analysis across all tactics used in cyberattacks, as outlined in the MITRE ATT&CK framework. The report reveals that threat actors are increasingly harnessing automation, commoditized tools, and AI to systematically erode the traditional advantages held by defenders. Read the full report at https://securityweekly.com/fortinetrsac. This segment is sponsored by Cobalt. Visit https://securityweekly.com/cobaltrsac to learn more about them! In this interview, Gunter Ollmann, Chief Technology Officer at Cobalt, unpacks the findings from the State of Pentesting Report 2025, spotlighting both measurable security progress and the rising challenges introduced by generative AI (genAI). While the report shows that organizations are resolving vulnerabilities faster than ever, genAI systems stand out as a growing security blind spot: only 21% of serious genAI vulnerabilities identified during penetration testing are fixed, compared to over 75% for API flaws and 68% for cloud vulnerabilities. Nearly 32% of genAI-related findings were classified as high risk — more than double the average across other systems. And although 98% of organizations are adopting genAI-powered features, only 66% are running regular security assessments on those systems. Segment Resources: https://www.cobalt.io/blog/key-takeaways-state-of-pentesting-report-2025 https://resource.cobalt.io/state-of-pentesting-2025?gl=1*zwbjgz*gclaw*R0NMLjE3MzcwNTU5ODMuQ2owS0NRaUEtYUs4QmhDREFSSXNBTF8tSDltRlB0X2FmSVhnQnBzSjYxOHlRZ1dhcmRMQ0lHalo3eVgxcTh1cHVnWFVwV0todHFPSDFZZ2FBb0hNRUFMd193Y0I.*gcl_au*MTc4MjQwMTAwNC4xNzQ0NjM0MTgz Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw-395
In the leadership and communications section, How CISOs can talk cybersecurity so it makes sense to executives, Firms to spend more on GenAI than security in 2025, Europe leads shift from cyber security ‘headcount gap' to skills-based hiring, and more! Next, pre-recorded interviews from RSAC Conference 2025, including: This segment is sponsored by Fortinet. Visit https://securityweekly.com/fortinetrsac to learn more about them! Unpacking the latest annual report from Fortinet's FortiGuard Labs. We're talking with Derek Manky, Chief Security Strategist and Global VP Threat Intelligence, Fortinet's FortiGuard Labs, to get a snapshot of the active threat landscape and trends from 2024, including a comprehensive analysis across all tactics used in cyberattacks, as outlined in the MITRE ATT&CK framework. The report reveals that threat actors are increasingly harnessing automation, commoditized tools, and AI to systematically erode the traditional advantages held by defenders. Read the full report at https://securityweekly.com/fortinetrsac. This segment is sponsored by Cobalt. Visit https://securityweekly.com/cobaltrsac to learn more about them! In this interview, Gunter Ollmann, Chief Technology Officer at Cobalt, unpacks the findings from the State of Pentesting Report 2025, spotlighting both measurable security progress and the rising challenges introduced by generative AI (genAI). While the report shows that organizations are resolving vulnerabilities faster than ever, genAI systems stand out as a growing security blind spot: only 21% of serious genAI vulnerabilities identified during penetration testing are fixed, compared to over 75% for API flaws and 68% for cloud vulnerabilities. Nearly 32% of genAI-related findings were classified as high risk — more than double the average across other systems. And although 98% of organizations are adopting genAI-powered features, only 66% are running regular security assessments on those systems. Segment Resources: https://www.cobalt.io/blog/key-takeaways-state-of-pentesting-report-2025 https://resource.cobalt.io/state-of-pentesting-2025?gl=1*zwbjgz*gclaw*R0NMLjE3MzcwNTU5ODMuQ2owS0NRaUEtYUs4QmhDREFSSXNBTF8tSDltRlB0X2FmSVhnQnBzSjYxOHlRZ1dhcmRMQ0lHalo3eVgxcTh1cHVnWFVwV0todHFPSDFZZ2FBb0hNRUFMd193Y0I.*gcl_au*MTc4MjQwMTAwNC4xNzQ0NjM0MTgz Show Notes: https://securityweekly.com/bsw-395
Fortinet ON AIR is a video podcast series recorded live at Mobile World Congress 2025 in Barcelona, featuring expert voices from across the telecommunications ecosystem. In each episode, we dive into the evolving cybersecurity landscape—exploring how telcos and service providers can stay secure, resilient, and competitive in a fast-changing digital world. In this episode, host Ronen Shpirer is joined by Tamer Bdran, SVP at NEC. Together, they explore how telcos can tackle today's toughest cybersecurity challenges—from AI threats to cloud adoption—by embedding security into every phase of service delivery. Discover why a blueprint-driven, strategic approach is essential to protect critical infrastructure and support digital transformation. Whether you're a security decision-maker or business leader, Fortinet ON AIR brings you frontline perspectives on protecting critical infrastructure, building digital trust, and unlocking innovation—securely. Learn more about Fortinet: https://www.fortinet.com/ Read our blog: https://www.fortinet.com/blog Follow us on LinkedIn: https://www.linkedin.com/company/fortinet/posts/?feedView=all&viewAsMember=true
Fortinet ON AIR is a video podcast series recorded live at Mobile World Congress 2025 in Barcelona, featuring expert voices from across the telecommunications ecosystem. In each episode, we dive into the evolving cybersecurity landscape—exploring how telcos and service providers can stay secure, resilient, and competitive in a fast-changing digital world. In this episode, host Ronen Shpirer connects with Cirion Technologies to explore how service providers can simplify secure networking, automate operations, reduce costs, and deliver value—while building trusted technology partnerships to stay ahead in a fast-changing cyber landscape. Whether you're a security decision-maker or business leader, Fortinet ON AIR brings you frontline perspectives on protecting critical infrastructure, building digital trust, and unlocking innovation—securely. Learn more about Fortinet: https://www.fortinet.com/ Read our blog: https://www.fortinet.com/blog Follow us on LinkedIn: https://www.linkedin.com/company/fortinet/posts/?feedView=all&viewAsMember=true
Fortinet ON AIR is a video podcast series recorded live at Mobile World Congress 2025 in Barcelona, featuring expert voices from across the telecommunications ecosystem. Hear from leaders at Accenture, NEC, Orange Cyberdefense, Cirion Technologies, and Google Cloud as they tackle the biggest challenges facing telcos—from AI-powered attacks and SecOps complexity to securing cloud infrastructure and building a security-first mindset. Tune in and stay ahead of the threat curve. Learn more about Fortinet: https://www.fortinet.com/ Read our blog: https://www.fortinet.com/blog Follow us on LinkedIn: https://www.linkedin.com/company/fortinet/posts/?feedView=all&viewAsMember=true
Fortinet ON AIR is a video podcast series recorded live at Mobile World Congress 2025 in Barcelona, featuring expert voices from across the telecommunications ecosystem. In each episode, we dive into the evolving cybersecurity landscape—exploring how telcos and service providers can stay secure, resilient, and competitive in a fast-changing digital world. In this episode, host Jonas Walker sat down with Vivien Mura, Group CTO at Orange Cyberdefense, to explore the dual role of AI in today's evolving threat landscape. Drawing on insights from the Security Navigator 2025 report, they discuss everything from generative AI and deepfakes to misinformation and automation—highlighting the urgent need for AI-aware, security-first strategies across the telco ecosystem. Whether you're a security decision-maker or business leader, Fortinet ON AIR brings you frontline perspectives on protecting critical infrastructure, building digital trust, and unlocking innovation—securely. Learn more about Fortinet: https://www.fortinet.com/ Read our blog: https://www.fortinet.com/blog Follow us on LinkedIn: https://www.linkedin.com/company/fortinet/posts/?feedView=all&viewAsMember=true
Fortinet ON AIR is a video podcast series recorded live at Mobile World Congress 2025 in Barcelona, featuring expert voices from across the telecommunications ecosystem. In each episode, we dive into the evolving cybersecurity landscape—exploring how telcos and service providers can stay secure, resilient, and competitive in a fast-changing digital world. In this episode, Ganesh Devarajan from Accenture unpacks insights from the WEF's Global Cybersecurity Outlook—exploring AI-driven threats, shifting attack surfaces, and the urgency of a security-first mindset. Learn how telcos can stay resilient and protect critical infrastructure in an increasingly digital world. Tune in for more expert insights. Whether you're a security decision-maker or business leader, Fortinet ON AIR brings you frontline perspectives on protecting critical infrastructure, building digital trust, and unlocking innovation—securely. Learn more about Fortinet: https://www.fortinet.com/ Read our blog: https://www.fortinet.com/blog Follow us on LinkedIn: https://www.linkedin.com/company/fortinet/posts/?feedView=all&viewAsMember=true
Fortinet ON AIR is a video podcast series recorded live at Mobile World Congress 2025 in Barcelona, featuring expert voices from across the telecommunications ecosystem. In each episode, we dive into the evolving cybersecurity landscape—exploring how telcos and service providers can stay secure, resilient, and competitive in a fast-changing digital world. In this episode, host Ronen Shpirer speaks with Muninder Singh Sambi from Google Cloud to explore how AI and GenAI are reshaping both sides of the cybersecurity battlefield. From threat detection to prompt injection risks, learn how telcos and enterprises can leverage AI to protect their infrastructure—while staying one step ahead of attackers. Whether you're a security decision-maker or business leader, Fortinet ON AIR brings you frontline perspectives on protecting critical infrastructure, building digital trust, and unlocking innovation—securely. Learn more about Fortinet: https://www.fortinet.com/ Read our blog: https://www.fortinet.com/blog Follow us on LinkedIn: https://www.linkedin.com/company/fortinet/posts/?feedView=all&viewAsMember=true
一般社団法人JPCERT コーディネーションセンター(JPCERT/CC)は5月9日、Fortinet製FortiOSおよびFortiProxyにおける認証回避の脆弱性(CVE-2024-55591)について発表した。影響を受けるシステムは以下の通り。
Walter Tissen im Gespräch mit Oliver Kantimm ("Der Aktionärsbrief"). Hier im Beitrag gibt es die Podcast-Variante zur eigentlichen Hauptsendung im Rahmen von BerneckerTV (Aufzeichnung am 08.05.2025). Schlaglichter:Prysmian - Bewertung wieder attraktiv?Super Micro Computer - Boden in Sichtweite?Werblicher Hinweis auf AktionärsbriefARM Holdings - Stark positioniert, aber...Fortinet - Player in einer hochattraktiven BrancheVerabschiedungWir wünschen gewinnbringende Impulse mit diesem Beitrag.=======Jetzt abonnieren: "Der Aktionärsbrief". Weitere Infos unter:https://www.bernecker.info/aktionaersbrief=======Lust auf noch mehr Sendungen im Bernecker.TV? Noch mehr unterschiedliche Experten? Infos zu Bernecker.TV:https://www.bernecker.info/bernecker-tv=======Anmeldung zum kostenlosen Experten-Newsletter der Bernecker-Redaktion über unsere Website:https://www.bernecker.info/newsletter=======Besuchen Sie uns gerne auf unserer Website:https://www.bernecker.info
In this episode of Campus Technology Insider Podcast Shorts, host Rhea Kelly covers the key tech stories in higher education. Highlights include Fortinet's report on the critical role of identity in cloud security, Meta's launch of a standalone AI app featuring Llama 4, and a Cloudera survey revealing data privacy as a top concern for AI adoption. Tune in for more insights on these stories and their implications for the education sector. 00:00 Introduction and Host Welcome 00:17 Critical Security Perimeter in Cloud Services 00:48 Meta Platforms Launches Standalone AI App 01:21 Cloudera Survey on AI Agents and Data Privacy 01:57 Conclusion and Further Resources Source links: Report: Identity Has Become a Critical Security Perimeter for Cloud Services Meta Launches Stand-Alone AI App Study: Data Privacy a Top Concern as Orgs Scale Up AI Agents Campus Technology Insider Podcast Shorts are curated by humans and narrated by AI.
Once a month, the Packet Protector podcast likes to see what’s going on out there via our news roundup. There’s a lot happening! Today we discuss Fortinet warning that a threat actor has found a way to maintain read-only access on Fortinet devices even if you’ve applied the patch for the original threat. Avanti VPNs... Read more »
Once a month, the Packet Protector podcast likes to see what’s going on out there via our news roundup. There’s a lot happening! Today we discuss Fortinet warning that a threat actor has found a way to maintain read-only access on Fortinet devices even if you’ve applied the patch for the original threat. Avanti VPNs... Read more »
SANS Internet Stormcenter Daily Network/Cyber Security and Information Security Stormcast
Exploit Attempts for Recent Langflow AI Vulnerability (CVE-2025-3248) After spotting individaul attempts to exploit the recent Langflow vulnerability late last weeks, we now see more systematic internet wide scans attempting to verify the vulnerability. https://isc.sans.edu/forums/diary/Exploit+Attempts+for+Recent+Langflow+AI+Vulnerability+CVE20253248/31850/ Fortinet Analysis of Threat Actor Activity Fortinet oberved recent vulnerablities in its devices being used to add a symlink to ease future compromise. The symlink is not removed by prior patches, and Fortinet released additional updates to detect and remove this attack artifact. https://www.fortinet.com/blog/psirt-blogs/analysis-of-threat-actor-activity MSFT Inetpub Microsoft clarrified that its April patches created the inetpub directory on purpose. Users should not remove it. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21204#exploitability SANSFIRE https://isc.sans.edu/j/sansfire
Take a Network Break! Guest co-host Ned Bellavance steps in for Johna this week. We start with a Fortinet vulnerability, and then opine on a memo from Shopify’s CEO on the company requiring and measuring AI use by employees. Git celebrates 20 years, DARPA names 15 companies to participate in a Quantum Benchmarking Initiative to... Read more »
Take a Network Break! Guest co-host Ned Bellavance steps in for Johna this week. We start with a Fortinet vulnerability, and then opine on a memo from Shopify’s CEO on the company requiring and measuring AI use by employees. Git celebrates 20 years, DARPA names 15 companies to participate in a Quantum Benchmarking Initiative to... Read more »
Take a Network Break! Guest co-host Ned Bellavance steps in for Johna this week. We start with a Fortinet vulnerability, and then opine on a memo from Shopify’s CEO on the company requiring and measuring AI use by employees. Git celebrates 20 years, DARPA names 15 companies to participate in a Quantum Benchmarking Initiative to... Read more »
In this episode of Cybersecurity Today, host David Shipley discusses several pressing concerns in the cybersecurity landscape. Attackers have been exploiting Fortinet VPN devices to maintain access even after patches were applied; administrators are urged to upgrade and follow recovery guidance. Microsoft has created a new INET Pub folder through its latest Windows update, advising users not to delete it due to a linked security flaw. Lastly, AI-generated code dependencies are becoming a serious supply chain risk, with attackers creating malicious packages based on AI hallucinations. Users are advised to thoroughly review AI-generated code to avoid 'slop squatting'. 00:00 Introduction and Fortinet VPN Exploits 02:46 Microsoft's INET Pub Folder Issue 04:57 AI Hallucinations and Code Dependencies 06:22 Conclusion and Contact Information
SANS Internet Stormcenter Daily Network/Cyber Security and Information Security Stormcast
Microsoft Patch Tuesday Microsoft patched over 120 vulnerabilities this month. 11 of these were rated critical, and one vulnerability is already being exploited. https://isc.sans.edu/diary/Microsoft%20April%202025%20Patch%20Tuesday/31838 Adobe Updates Adobe released patches for 12 different products. In particular important are patches for Coldfusion addressing several remote code execution vulnerabilities. Adobe Commercse got patches as well, but none of the vulnerabilities are rated critical. https://helpx.adobe.com/security/security-bulletin.html OpenSSL 3.5 Released OpenSSL 3.5 was released with support to post quantum ciphers. This is a long term support release. https://groups.google.com/a/openssl.org/g/openssl-project/c/9ZYdIaExmIA Fortiswitch Update Fortinet released an update for Fortiswitch addressing a vulnerability that may be used to reset a password without verification. https://fortiguard.fortinet.com/psirt/FG-IR-24-435
Send us a textGet up to speed with everything that mattered in cybersecurity this month. In this episode of The Cyberman Show, we break down March 2025's top cyber incidents, threat actor tactics, security product launches, and vulnerabilities actively exploited in the wild.Here's what we cover:
We travel to the Emerald City this week to hang out with the great folks at CoSN! This podcast episode, recorded live at the CoSN conference in Seattle, offers interviews with participants, organizers, and presenters. Topics centered around the human aspect of AI, cybersecurity, and some amazing innovations from school districts around the county! 00:00:00-Introduction 00:02:00-Edward McKaveney 00:09:15-Adam Garry 00:15:04-Dr. Richard Charles 00:23:19-Pete Just 00:30:25-CTL 00:35:20-Jason Eyre 00:43:05-Lightspeed 00:45:16-Keith Krueger CoSN AI Readiness Lightspeed Signal -------------------- A special thanks to our sponsors... NTP, Lightspeed, ClassLink, VIZOR, Fortinet, PowerGistics -------------------- Email us at k12techtalk@gmail.com OR info@k12techtalkpodcast.com Call us at 314-329-0363 Join the K12TechPro Community Buy some swag X @k12techtalkpod Facebook Visit our LinkedIn Music by Colt Ball Disclaimer: The views and work done by Josh, Chris, and Mark are solely their own and do not reflect the opinions or positions of sponsors or any respective employers or organizations associated with the guys. K12 Tech Talk itself does not endorse or validate the ideas, views, or statements expressed by Josh, Chris, and Mark's individual views and opinions are not representative of K12 Tech Talk. Furthermore, any references or mention of products, services, organizations, or individuals on K12 Tech Talk should not be considered as endorsements related to any employer or organization associated with the guys.
In this episode of the mnemonic security podcast, Robby is joined by Ricardo Ferreira, CISO EMEA at Fortinet, to explore the power of policy as code and its role in technical resilience. Ferreira explains how organisations can move beyond manual processes to automate security policies, reduce complexity, and enhance agility. They discuss cloud transformation, the challenges of enforcing policy at scale, and why automation and cultural change are essential for security teams. Plus, the growing role of AI and what the future holds for policy-driven security.You can find his book Policy Design in the Age of Digital Adoption, here: https://www.amazon.com/Policy-Design-Digital-Adoption-transformation-ebook/dp/B09WJBQ7L7Send us a text
IT and infosec professionals are used to operating and protecting mission-critical infrastructure; servers, databases, load balancers, and so on. But what about valves that control the flow of gas or oil in a refinery? Temperature and vibration sensors that monitor industrial manufacturing processes? If you're thinking “That's not my problem” think again. There's a whole... Read more »
IT and infosec professionals are used to operating and protecting mission-critical infrastructure; servers, databases, load balancers, and so on. But what about valves that control the flow of gas or oil in a refinery? Temperature and vibration sensors that monitor industrial manufacturing processes? If you're thinking “That's not my problem” think again. There's a whole... Read more »
IT and infosec professionals are used to operating and protecting mission-critical infrastructure; servers, databases, load balancers, and so on. But what about valves that control the flow of gas or oil in a refinery? Temperature and vibration sensors that monitor industrial manufacturing processes? If you're thinking “That's not my problem” think again. There's a whole... Read more »
In this Soap Box edition of Risky Business host Patrick Gray talks to Knocknoc CEO Adam Pointon about how to easily rein in attack surface by glueing your single sign-on service to your network controls. Do your Palo Alto and Fortinet devices really need to be discoverable by ransomware crews? Does your file transfer appliance need to be open to the whole world? What about your SSH and RDP? Your Citrix? Your (gasp) Exchange Online servers?? You can do a lot with IP allowlisting and simple Identity Aware Proxies (IAPs) to minimise your exposure. Knocknoc is a bit of a “Risky Business special”, too. Pat helped Knocknoc to raise a seed round through Decibel Partners where he's a founder advisor. He also serves on Knocknoc's board of directors. This episode is also available on Youtube. Show notes
This week we dive into security headlines including a botnet bonanza that includes TP-Link routers, Chinese attackers targeting Juniper and Fortinet, and a case study of nation-state actors penetrating the operator of a small US electric utility. We also discuss ransomware attacks targeting critical infrastructure, a backdoor in an Android variant used in streaming devices,... Read more »
This week we dive into security headlines including a botnet bonanza that includes TP-Link routers, Chinese attackers targeting Juniper and Fortinet, and a case study of nation-state actors penetrating the operator of a small US electric utility. We also discuss ransomware attacks targeting critical infrastructure, a backdoor in an Android variant used in streaming devices,... Read more »
Today on the Tech Bytes podcast, sponsored by Fortinet, we get a customer view of Fortinet's SASE offering from Liquid Networx. Liquid Networx isn't just a Fortinet customer; it also provides professional services for other customers of FortiSASE. We'll talk about why Liquid Networx decided to adopt SASE, its evolution from on-prem to cloud-based security,... Read more »
Today on the Tech Bytes podcast, sponsored by Fortinet, we get a customer view of Fortinet's SASE offering from Liquid Networx. Liquid Networx isn't just a Fortinet customer; it also provides professional services for other customers of FortiSASE. We'll talk about why Liquid Networx decided to adopt SASE, its evolution from on-prem to cloud-based security,... Read more »
A critical vulnerability could let attackers hijack and potentially disable vulnerable servers. Europol warns of a “shadow alliance” between state-backed threat actors and cybercriminals. Sekoia examines ClearFake. A critical PHP vulnerability is under active exploitation. A sophisticated scareware phishing campaign has shifted its focus to macOS users. Phishing as a service attacks are on the rise. A new jailbreak technique bypasses security controls in popular LLMs. Microsoft has uncovered StilachiRAT. CISA confirms active exploitation of a critical Fortinet vulnerability. On our CertByte segment, Chris Hare is joined by Troy McMillan to break down a question targeting the ISACA® Certified Information Security Manager® (CISM®) exam. AI coding assistants get all judgy. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CertByte Segment Welcome to CertByte! On this bi-weekly segment hosted by Chris Hare, a content developer and project management specialist at N2K, we share practice questions from N2K's suite of industry-leading certification resources. This week, Chris is joined by Troy McMillan to break down a question targeting the ISACA® Certified Information Security Manager® (CISM®) exam. Today's question comes from N2K's ISACA® Certified Information Security Manager® (CISM®) Practice Test. The CISM exam helps to affirm your ability to assess risks, implement effective governance, proactively respond to incidents and is the preferred credential for IT managers, according to ISACA.To learn more about this and other related topics under this objective, please refer to the following resource: CISM Review Manual, 15th Edition, 1.0, Information Security Governance, Introduction. Have a question that you'd like to see covered? Email us at certbyte@n2k.com. If you're studying for a certification exam, check out N2K's full exam prep library of certification practice tests, practice labs, and training courses by visiting our website at n2k.com/certify. Please note: The questions and answers provided here, and on our site, are not actual current or prior questions and answers from these certification publishers or providers. Additional source: https://www.isaca.org/credentialing/cism#1 Selected Reading Critical AMI MegaRAC bug can let attackers hijack, brick servers (bleepingcomputer) Europol Warns of “Shadow Alliance” Between States and Criminals (Infosecurity Magazine) ClearFake's New Widespread Variant: Increased Web3 Exploitation for Malware Delivery (Sekoia.io Blog) PHP RCE Vulnerability Actively Exploited in Wild to Attack Windows-based Systems (cybersecuritynews) Scareware Combined With Phishing in Attacks Targeting macOS Users (securityweek) Sneaky 2FA Joins Tycoon 2FA and EvilProxy in 2025 Phishing Surge (Infosecurity Magazine) New Jailbreak Technique Bypasses DeepSeek, Copilot, and ChatGPT to Generate Chrome Malware (gbhackers) Microsoft Warns of New StilachiRAT Malware (SecurityWeek) Fortinet Vulnerability Exploited in Ransomware Attack, CISA Warns (Infosecurity Magazine) AI coding assistant Cursor reportedly tells a 'vibe coder' to write his own damn code (TechCrunch) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
On this week's show Patrick Gray and Adam Boileau discuss the week's cybersecurity news: Github Actions supply chain attack loots keys and secrets from 23k projects Why a VC fund now owns a minority stake in Risky Business Media (!?!?) China doxes Taiwanese military hackers Microsoft thinks .lnk file whitespace trick isn't worth patching but APTs sure love it CISA delivers government efficiency by re-hiring fired staff… to put them on paid leave …and Google acquires Wiz for $32bn This week's show is sponsored by Zero Networks, and they have sent along a happy customer to talk about their experience. Aaron Steinke is Head of Infrastructure at La Trobe Financial, an asset management firm in Australia. Aaron talks through bringing modern zero-trust goodness to the reality of a technology environment that's been around 40 years. This episode is also available on Youtube. Show notes Risky Bulletin: GitHub supply chain attack prints everyone's secrets in build logs - Risky Business Media China says Taiwan's military is behind PoisonIvy APT China identifies Taiwanese hackers allegedly behind cyberattacks and espionage | The Record from Recorded Future News Crypto exchange OKX shuts down tool used by North Korean hackers to launder stolen funds | The Record from Recorded Future News Lazarus Group deceives developers with 6 new malicious npm packages | CyberScoop Poisoned Windows shortcuts found to be a favorite of Chinese, Russian, N. Korean state hackers | The Record from Recorded Future News 'Mora_001' ransomware gang exploiting Fortinet bug spotlighted by CISA in January | The Record from Recorded Future News Black Basta uses brute-forcing tool to attack edge devices | Cybersecurity Dive Alleged Russian LockBit developer extradited from Israel, appears in New Jersey court | The Record from Recorded Future News CISA works to contact probationary employees for reinstatement after court order - Nextgov/FCW ‘People Are Scared': Inside CISA as It Reels From Trump's Purge | WIRED The Wiretap: CISA Staff Are Cautiously Optimistic About Trump's Pick For Director White House instructs agencies to avoid firing cybersecurity staff, email says | Reuters Signal no longer cooperating with Ukraine on Russian cyberthreats, official says | The Record from Recorded Future News Telegram CEO Pavel Durov allowed to leave France amid investigation Appellate court upholds sentence for former Uber cyber executive Joe Sullivan | The Record from Recorded Future News Google buys cloud security provider Wiz for $32 billion | The Record from Recorded Future News Pat Gray, Founder of Risky Business, Joins Decibel as Founder Advisor - Decibel
Take a Network Break! We start with warnings about an Apple Webkit zero day and ransonware exploits against known Fortinet vulnerabilites, and discuss attribution issues with the X DDoS attack. Intel names Lip-Bu Tan as Chief Resurrection Officer, but how long does he have before investors get antsy? HPE plans to lay off thousands of... Read more »
Take a Network Break! We start with warnings about an Apple Webkit zero day and ransonware exploits against known Fortinet vulnerabilites, and discuss attribution issues with the X DDoS attack. Intel names Lip-Bu Tan as Chief Resurrection Officer, but how long does he have before investors get antsy? HPE plans to lay off thousands of... Read more »
Take a Network Break! We start with warnings about an Apple Webkit zero day and ransonware exploits against known Fortinet vulnerabilites, and discuss attribution issues with the X DDoS attack. Intel names Lip-Bu Tan as Chief Resurrection Officer, but how long does he have before investors get antsy? HPE plans to lay off thousands of... Read more »
SANS Internet Stormcenter Daily Network/Cyber Security and Information Security Stormcast
Mark of the Web: Some Technical Details Windows implements the "Mark of the Web" (MotW) as an alternate data stream that contains not just the "zoneid" of where the file came from, but may include other data like the exact URL and referrer. https://isc.sans.edu/diary/Mark%20of%20the%20Web%3A%20Some%20Technical%20Details/31732 Havoc Sharepoint with Microsoft Graph API A recent phishing attack observed by Fortinet uses a simple HTML email to trick a user into copy pasting powershell into their system to execute additional code. Most of the malware interaction uses a Sharepoint site via Microsoft's Graph API futher hiding the malicious traffic https://www.fortinet.com/blog/threat-research/havoc-sharepoint-with-microsoft-graph-api-turns-into-fud-c2 Paragon Partition Manager Exploit A vulnerable Paragon Partition Manager has been user recently to escalate privileges for ransomware deployment. Even if you to not have PAragon installed: An attacker may just "bring the vulnerable driver" to your system. https://kb.cert.org/vuls/id/726882
00:00 - PreShow Banter™ — Prove That You're Wearing Pants05:50 - BHIS - Talkin' Bout [infosec] News 2025-05-1706:46 - Story # 1: Fortinet discloses second firewall auth bypass patched in January07:12 - Story # 1b: Fortinet CEO boasts it was voted the “most trusted” cybersecurity firm. Don't die laughing08:45 - Story # 1c: Forbes Most Trusted Companies in America 2025 List16:25 - Story # 2: SAML Bypass Authentication on GitHub Enterprise Servers to Login as Other User Account18:37 - Story # 2b: Rapid7 Flags New PostgreSQL Zero-Day Connected to BeyondTrust Exploitation20:04 - Story # 3: Putting the human back into AI is key, former NSA Director Nakasone says36:35 - Story # 4: Apple Confirms USB Restricted Mode Exploited in ‘Extremely Sophisticated' Attack37:44 - Story # 5: DOGE Exposes Once-Secret Government Networks, Making Cyber-Espionage Easier than Ever43:14 - Story # 5b: DOGE's .gov site lampooned as coders quickly realize it can be edited by anyone46:59 - Story # 6: Man who SIM-swapped the SEC's X account pleads guilty51:26 - Story # 7: Russia's Sandworm caught snarfing credentials, data from American and Brit orgs53:55 - Story # 8: Nearly 10 years after Data and Goliath, Bruce Schneier says: Privacy's still screwed
In today's episode, I welcome Ricardo Ferreira, EMEA Field CISO at Fortinet, to discuss how the UK's proposed Cybersecurity and Resilience Bill compares to the EU's NIS2 directive. Ricardo brings a wealth of experience in cybersecurity strategy and regulation, and he shares why he believes the UK's bill is missing key components that could make it truly effective. With Brexit allowing the UK to take an independent approach, Ricardo argues that there is a unique opportunity to cherry-pick the most effective elements from NIS2 while avoiding its potential pitfalls. But is the current bill providing enough clarity? Ricardo highlights how the legislation introduces buzzwords like "digital supply chain" without actually outlining a clear path for addressing cyber threats. In contrast, NIS2 lays out a prescriptive approach that includes risk profiling, supply chain security frameworks, and post-breach recovery strategies. We also explore the growing need for board-level accountability in cybersecurity. Should executives and directors be held personally responsible for cyber resilience within their organizations? And how can governments ensure that businesses have both the guidance and incentives to proactively address security risks rather than reactively scramble to contain breaches? With cyber threats only growing more sophisticated, the role of regulation in mitigating risk has never been more important. But does the UK's current legislative approach go far enough? And what lessons can be learned from international frameworks like NIS2? Tune in for an insightful discussion on the future of cybersecurity policy, where it's headed, and what needs to change to create truly resilient digital infrastructures. As always, I'd love to hear your thoughts—how should governments balance regulation with innovation in cybersecurity?
Salt Typhoon is still at it. Russian cyber-actor Seashell Blizzard expands its reach. The EFF sues DOGE to protect federal workers' data. House Republicans pursue a comprehensive data privacy bill. Fortinet patches a critical vulnerability. Google views cybercrime as a national security threat. Palo Alto Networks issues 10 new security advisories. Symantec suspects a Chinese APT sidehustle. Guest Jason Baker, Principal Security Consultant at GuidePoint Security, joins us to share an update on the state of ransomware. A massive IoT data breach exposes 2.7 billion records. Here come the AI agents. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today's guest, Jason Baker, Principal Security Consultant at GuidePoint Security, joins us to share an update on the state of ransomware. Selected Reading China's Salt Typhoon Spies Are Still Hacking Telecoms—Now by Exploiting Cisco Routers (WIRED) Russian Seashell Blizzard Enlists Specialist Initial Access Subgroup to Expand Ops (Infosecurity Magazine) EFF Leads Fight Against DOGE and Musk's Access to US Federal Workers' Data (Infosecurity Magazine) Elon Musk and the Right Are Recasting Reporting as ‘Doxxing' (New York Times) FortiOS Vulnerability Allows Super-Admin Privilege Escalation – Patch Now! (Hackread) Cybercrime evolving into national security threat: Google (The Record) House Republicans launch group for comprehensive data privacy legislation (The Record) Palo Alto Networks Patches Potentially Serious Firewall Vulnerability (SecurityWeek) Chinese Cyberspy Possibly Launching Ransomware Attacks as Side Job (SecurityWeek) Massive IoT Data Breach Exposes 2.7 Billion Records, Including Wi-Fi Passwords (Cyber Security News) Are You Ready to Let an AI Agent Use Your Computer? (IEEE Spectrum) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
SANS Internet Stormcenter Daily Network/Cyber Security and Information Security Stormcast
Microsoft Patch Tuesday Microsoft released patches for 55 vulnerabilities. Three of them are actagorized as critical, two are already exploited and another two have been publicly disclosed. The LDAP server vulnerability could become a huge deal, but it is not clear if an exploit will appear. https://isc.sans.edu/diary/Microsoft%20February%202025%20Patch%20Tuesday/31674 Adobe Patches Adobe released patches for seven products. Watch out in particular for the Adobe Commerce issues https://helpx.adobe.com/security/security-bulletin.html Fortinet Acknowledges Exploitation of Vulnerability https://fortiguard.fortinet.com/psirt/FG-IR-24-535
My guest on this episode is Johnny Keefer. After finishing #25 in the 2024 PGA TOUR U standings, he raced through the Canada swing of PGA Tour Americas to earn his Korn Ferry Tour card in 2025. Johnny started his 2025 campaign with two top-5 finishes in Panama and Bogota. Johnny Keefer - Korn Ferry TourThe Back of the Range - All Access Subscribe to The Back of the Range Subscribe in Apple Podcasts and SPOTIFY!Also Subscribe in YouTube, Google Play , Overcast, Stitcher Follow on Social Media! Email us: ben@thebackoftherange.comWebsite: www.thebackoftherange.com Voice Work by Mitch Phillips
SANS Internet Stormcenter Daily Network/Cyber Security and Information Security Stormcast
From PowerShell to a Python Obfuscation Race! This information stealer not only emulates a PDF document convincingly, but also includes its own Python environment for Windows https://isc.sans.edu/diary/From%20PowerShell%20to%20a%20Python%20Obfuscation%20Race!/31634 Alleged Active Exploit Sale of CVE-2024-55591 on Fortinet Devices An exploit for this week's Fortinet vulnerability is for sale on russian forums. Fortinet also requires patching of devices without cloud license within seven days of patch release https://x.com/MonThreat/status/1884577840185643345 https://community.fortinet.com/t5/Support-Forum/Firmware-upgrade-policy/td-p/373376 The Tainted Voyage: Uncovering Voyager's Vulnerabilities Sonarcube identified vulnerabilities in the popular PHP package Voyager. One of them allows arbitrary file uploads. https://www.sonarsource.com/blog/the-tainted-voyage-uncovering-voyagers-vulnerabilities/ Hackers exploit critical unpatched flaw in Zyxel CPE devices A currently unpatches vulnerablity in Zyxel devices is actively exploited. https://www.bleepingcomputer.com/news/security/hackers-exploit-critical-unpatched-flaw-in-zyxel-cpe-devices/ VMSA-2025-0002: VMware Avi Load Balancer addresses an unauthenticated blind SQL Injection vulnerability (CVE-2025-22217) VMWare released a patch for the AVI Load Balancer addressing an unauthenticated blink SQL injection vulnerability. https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25346
SANS Internet Stormcenter Daily Network/Cyber Security and Information Security Stormcast
This episode shows how attackers are bypassing phishing filter by abusing the "shy" softhyphen HTML entitiy. We got an update from Apple fixing a 0-day vulnerability in addition to a number of other issues. watchTowr show how to exploit an interesting FortiOS vulnerability and we have patches for Github Desktop and Apache Solr An unusal shy z-wasp phish https://isc.sans.edu/diary/An%20unusual%20%22shy%20z-wasp%22%20phishing/31626 How the soft hyphen "shy" HTML entity can be abused to bypass e-mail filters Apple Patches https://support.apple.com/en-us/100100 Apple released patches for all of its operating systems, fixing a 0-day vulnerability among many others issues Get Fortirekt I am the Super_admin now https://labs.watchtowr.com/get-fortirekt-i-am-the-super_admin-now-fortios-authentication-bypass-cve-2024-55591/ Details about a recent FortiOS Vulnerability GitHub Desktop Vulnerability https://thehackernews.com/2025/01/github-desktop-vulnerability-risks.html Apache Solr Vulnerability https://solr.apache.org/security.html#cve-2024-52012-apache-solr-configset-upload-on-windows-allows-arbitrary-path-write-access