POPULARITY
SANS Internet Stormcenter Daily Network/Cyber Security and Information Security Stormcast
Researchers Scanning the Internet A newish RFC, RFC 9511, suggests researchers identify themselves by adding strings to the traffic they send, or by operating web servers on machines from which the scan originates. We do offer lists of researchers and just added three new groups today https://isc.sans.edu/diary/Researchers%20Scanning%20the%20Internet/31964 Cloudy with a change of Hijacking: Forgotten DNS Records Organizations do not always remove unused CNAME records. An attacker may take advantage of this if an attacker is able to take possession of the now unused public cloud resource the name pointed to. https://blogs.infoblox.com/threat-intelligence/cloudy-with-a-chance-of-hijacking-forgotten-dns-records-enable-scam-actor/ Message signature verification can be spoofed CVE-2025-47934 A vulnerability in openpgp.js may be used to spoof message signatures. openpgp.js is a popular library in systems implementing end-to-end encrypted browser applications. https://github.com/openpgpjs/openpgpjs/security/advisories/GHSA-8qff-qr5q-5pr8
A busy SDH AM on your TuesdayWe go "In Session" catching up with a few more title holders in the GHSA visiting Blessed Trinity, Drew Charter, and RoswellWe also stop by Chattanooga FC to catch up with women's Associate Head Coach Maryn Beutler to talk her journey and the WPSL season opener this weekendWe also look at the AM news involving the Premier League and schedule for today in Open Cup
Presented by Kaiser PermanenteWe go over the champs one final time and are joined by Johnson-Gainesville Boys Head Coach Frank ZamoraCoach Zamora breaks down the season-ender and the pressure of expectations with his program- especially after the rough start to the year...
It's a playoff wrap from the GHSA inside SDH AMBlessed Trinity girls head coach Johnny JacksonDrew Charter boys head coach Declan Abernethy andRoswell Girls Head Coach Mary Desing all drop by to talk about their seasons and titles won in the 2025 season
Presented by Kaiser PermanenteIt's the last In Session of 2025 and we go over the winners from last night and set up your brackets for todayGuests include:Jason Page, girls head coach at WaltonTyler Mayer, boys assistant at Lake Oconee CountyScott Snyder, boys head coach at Westminster andTroy Connolly, boys head coach at Campbell all talk their wins from last night
Presented by Kaiser PermanenteWe go over the results of day two of the GHSA soccer championships and prep your brackets for Day 3Oconee County Girls Head Coach Judson Hamby drops by to talk about one of the best matches you'll see all week and what the win means for the program
Presented by Kaiser PermanenteWe catch up with Armuchee Head Coach Jason Park after their thrilling win yesterday in Class D1 boysMegan Hill, Buford Head Coach, looks at the road to the final with some help from Jay Entlich, head coach at Columbus State- the palce where she spent time as a GA and assistant andTajay Higgins, head coach at Sprayberry, breaks down his big finals matchup with River Ridge
It's a busy Wall Pass Wednesday on SDH AMScarves N Spikes Tyler Pilgrim starts us off with his notes on ATLUTD in Chicago and heading to Austin tonightMLSSoccer.com's Dylan Butler breaks down his thoughts on the rest of the league andBlessed Trinity head girls coach Johnny Jackson looks ahead to his matchup with Marist in the Class AAAA GHSA final
Casey Bass joins the progrum on a Hump Day. Braves win 2nd in a row, Casey Bass becomes Executive Director of GHSA for a day, and we give our Top 5 CD's/Albums in your Multi Disk changer in late 90's early 00's.
Tuesday Thoughts added some Soccer Is In Session as SDH AM preps for the GHSA FinalsWalton Girls Coach Jason PopeOconee County Girls Coach Judson HambyWhitefield Academy Boys Coach Steve HellierLake Oconee Academy Boys Head Coach Conner DomaleskiLovett Girls Coach Virginia Kerns andACA Girls Head Coach Garrett Holt all talk their respective finals Plus, Phil West from Verde All Day in Austin breaks down the season to date for Austin FC as they prep Atlanta United
Presented by Kaiser PermanenteJefferson Girls Head coach Molly MccartyJohnson-Gainesville boys head coach Frank Zamora andCampbell head coach Troy Donnelly stop by to talk about their finals matchups and we go through their brackets
Reaction Monday kicks off another week of SDH AMWe go over the numbers and the sound from the loss in ChicagoWe hear from 929TheGame's Abe Gordon in Hour 1We hear from Ronald Hernandez and head coach Ronny Deila as wellIn hour 2, we drift into "Soccer Is In Session" as we preview the Class 4A boys title game with Westminster's Scott Snyder and Marist's Micah Akin We wrap with your thoughts on the day's news out of Brazil
Presented by Kaiser PermanenteIt's the day for the boys semifinals in the GHSAWe go over the girls semifinals scores from Thursday and have visits from Chad Griffin from Hebron Christian and Chaz Kicklighter from Tattnall County to find out about their seasons and their semis as well...
Freestyle Friday has guests to break down ATLUTD and the stories of soccerBeyond Goals Mentoring's Michael Parkhurst talks about the difficulties of turning negatives into positives- and staying positive. Plus the new soccer experience in Rhode Island and the latest with ATLUTD...AppleTV/MLS Season Pass studio analyst Ozzie Alonso looks at ATLUTD and his top stories from the first third of the season...We preview the weekend in MLS and overseas plus the GHSA semifinals results...
Presented by Kaiser PermanenteWe have your girls brackets for the semis plusMetter HC Corey James talks boys semis vs Atkinson CountyWhitewater Girls HC Sean Estep talks the season and preps for Oconee CountyJefferson Girls HC Molly McCarty talks about geometry and Cherokee Bluff
Presented by Kaiser PermanenteWe look back at the quarterfinals matchups on the boys side and get you ready for the state semifinals on Thursday and FridayHeather Richardson, head girls coach at Social CircleMegan Hill, head girls coach at Buford andAaron Paul, head boys coach at Morgan County all look at their classes and programs as parts head to the semis
Presented by Kaiser PermanenteIn Session travels to Jackson top catch up with a busy Boys HC in Shaun Guillory- testing and traveling to Columbus to take on ShawWe find out about the program turnaround and RD4LWe also go over the results from last night and prep your brackets today to find out the boys semifinals
Tino Hernandez, Head Boys Coach at Calhoun starts off the Monday show looking back at his last four days...We go over brackets, start times, and scores to get you ready for some quick turns- as much as three matches in a week to play for a title...Presented by Kaiser Permanente
Welcome in for another edition of the Morning Espresso from the SDH Network, brought to you by Oglethorpe University, Atlanta's premier undergraduate learning experience and soccer powerhouse.Busy weekend on the SDH Network starts today in Marietta as many of our members will be playing in Atlanta United's annual media match. You can watch if you are a true sicko starting at 1pm on atlutd.com/live. Training Ground Dispatch will be available later this afternoon on our YouTube channel, followed by boys Sweet 16 action in the GHSA state tournament as Calhoun hosts Johnson-Gainesville tonight (soccerdownhere.net, click Listen).Tomorrow, Atlanta United hosts Nashville as they try to build some confidence and find some positive momentum against a team that put up 7 goals last weekend. Pregame starts at 1:30pm on 92.9 The Game and the Audacy app with kickoff set for 2:55pm. Following the match, the Atlanta United Unified Team hosts Nashville at the Benz (watch on atlutd.com/live just after 5pm) and Atlanta United 2 will be on the road in Huntsville for an 8pm kickoff (soccerdownhere.net, click Listen).Cruz Azul will host Vancouver in the Concacaf Champions Cup final in Mexico City on June 1 after defeating Tigres 1-0 on the 7th goal in the tournament from Ángel Sepúlveda. The win gave Cruz Azul a 2-1 win on aggregate in the semifinal as well as hosting privileges for the final.Could be an all-Premier League Europa League final as Manchester United and Tottenham Hotspur took control of their semifinals in the first leg with big wins yesterday. We've talked about the financial implications for Manchester United, winning the Europa League could keep Ange Postecoglu in his job as well. The match could be worth over $100 million to the winner.Bayern could clinch the Bundesliga title this weekend, it will be their 34th in history. Napoli and Inter continue their battle for the Serie A title with Napoli traveling to Lecce while Inter hosts Hellas Verona.The telenovela revolving around Madrid and Rio continues as Brazil has extended their deadline to May 26 for Carlo Ancelotti to become their new manager. Madrid and Brazil and Ancelotti are doing a dance about who will pay what and when he will take over if he does. Meanwhile, Bayer Leverkusen who is at risk of losing Xabi Alonso to Madrid if/when Ancelotti does go is reportedly in negotiations with Erik Ten Hag as their backup plan.More Espresso on Monday on the SDH Network, presented by Oglethorpe University.
Soccer Is In Session live goes from the Pinelands to Johns Creek and Lassiter looking at Round 2 of the GHSA playoffsGuests include:Brian Lawson, HC of Jeff Davis High SchoolKelly Bowler, Boys HC at Johns CreekRobbie Galvin, Girls HC at LassiterWe have finals, scores, brackets, and start times for your Thursday
In this episode, Patrick Faerber and Todd discuss one of the wildest second-round playoff series of the GHSA baseball season—and all the lessons it offered for umpires. From check swings to emotional coaches, and even a "shut up" that nearly derailed everything, they break down every key moment and decision from both games.They explore how to manage volatile coaches without losing control, when to ask for help (and when not to), and why your "relationship bank account" with a coach matters more than you'd think. You'll also hear tips on dealing with bat flips, unsportsmanlike taunts, and how to de-escalate without compromising your credibility.Whether you're a new umpire, a playoff veteran, or just love the chess match of officiating under pressure, this episode is packed with takeaways you can use on the field tomorrow.
Soccer is in Session Playoff Daily visits Trinity Christian and Greenbrier for coach reviews and previews of Round 2 of the GHSA Playoffs...Plus, we look at your scores and brackets
It's a Wall Pass Wednesday on SDH AMScarves N Spikes Tyler Pilgrim drops by to talk about Atlanta United and the fan reaction over the last few days after the loss in central Florida- plus what to think about this weekend with Nashville coming to townThen, we look in the twitch pitch for midweek thoughts and tour the news overseas and the GHSA brackets for the beginning of Round 2 of the GHSA playoffs
Presented by Kaiser PermanenteRound 1 of the GHSA Playoffs is finally completeWe look back at it and prep you for Day 1 of Round 2 with Starrs Mill girls head coach John Bowen and Callaway head coach Mike Petite breaking down their round 2 matchups and talking about a wild four days in HogansvillePlus, brackets and start times
News includes a critical Unauthenticated Remote Code Execution vulnerability in Erlang/OTP SSH, José Valim teasing a new project, Oban Pro v1.6's impressive new "Cascade Mode" feature, Semaphore CI/CD platform being open-sourced as a primarily Elixir application, new sandboxing options for Elixir code with Dune and Mini Elixir, BeaconCMS development slowing due to DockYard cuts, and a look at the upcoming W3C Device Bound Session Credentials standard that will impact all web applications, and more! Show Notes online - http://podcast.thinkingelixir.com/251 (http://podcast.thinkingelixir.com/251) Elixir Community News https://paraxial.io/ (https://paraxial.io/?utm_source=thinkingelixir&utm_medium=shownotes) – Paraxial.io is sponsoring today's show! Sign up for a free trial of Paraxial.io today and mention Thinking Elixir when you schedule a demo for a limited time offer. https://x.com/ErlangDiscu/status/1914259474937753747 (https://x.com/ErlangDiscu/status/1914259474937753747?utm_source=thinkingelixir&utm_medium=shownotes) – Unauthenticated Remote Code Execution vulnerability discovered in Erlang/OTP SSH. https://github.com/erlang/otp/security/advisories/GHSA-37cp-fgq5-7wc2 (https://github.com/erlang/otp/security/advisories/GHSA-37cp-fgq5-7wc2?utm_source=thinkingelixir&utm_medium=shownotes) – Official security advisory for the Erlang/OTP SSH vulnerability. https://paraxial.io/blog/erlang-ssh (https://paraxial.io/blog/erlang-ssh?utm_source=thinkingelixir&utm_medium=shownotes) – Paraxial.io's detailed blog post addressing how the SSH vulnerability impacts typical Elixir systems. https://elixirforum.com/t/updated-nerves-systems-available-with-cve-2025-32433-ssh-fix/70539 (https://elixirforum.com/t/updated-nerves-systems-available-with-cve-2025-32433-ssh-fix/70539?utm_source=thinkingelixir&utm_medium=shownotes) – Updated Nerves systems available with SSH vulnerability fix. https://bsky.app/profile/oban.pro/post/3lndzg72r2k2g (https://bsky.app/profile/oban.pro/post/3lndzg72r2k2g?utm_source=thinkingelixir&utm_medium=shownotes) – Announcement of Oban Pro v1.6's new "Cascade Mode" feature. https://oban.pro/articles/weaving-stories-with-cascading-workflows (https://oban.pro/articles/weaving-stories-with-cascading-workflows?utm_source=thinkingelixir&utm_medium=shownotes) – Blog post demonstrating Oban Pro's new Cascading Workflows feature used to create children's stories with AI. https://bsky.app/profile/josevalim.bsky.social/post/3lmw5fvnyvc2k (https://bsky.app/profile/josevalim.bsky.social/post/3lmw5fvnyvc2k?utm_source=thinkingelixir&utm_medium=shownotes) – José Valim teasing a new logo with "Soon" message. https://tidewave.ai/ (https://tidewave.ai/?utm_source=thinkingelixir&utm_medium=shownotes) – New site mentioned in José Valim's teasers, not loading to anything yet. https://github.com/tidewave-ai (https://github.com/tidewave-ai?utm_source=thinkingelixir&utm_medium=shownotes) – New GitHub organization related to José Valim's upcoming announcement. https://github.com/tidewave-ai/mcpproxyelixir (https://github.com/tidewave-ai/mcp_proxy_elixir?utm_source=thinkingelixir&utm_medium=shownotes) – The only public project in the tidewave-ai organization - an Elixir MCP server for STDIO. https://x.com/chris_mccord/status/1913073561561858229 (https://x.com/chris_mccord/status/1913073561561858229?utm_source=thinkingelixir&utm_medium=shownotes) – Chris McCord teasing AI development with Phoenix applications. https://ashweekly.substack.com/p/ash-weekly-issue-13 (https://ashweekly.substack.com/p/ash-weekly-issue-13?utm_source=thinkingelixir&utm_medium=shownotes) – Zach Daniel teasing upcoming Ash news to be announced at ElixirConf EU. https://elixirforum.com/t/dune-sandbox-for-elixir/42480 (https://elixirforum.com/t/dune-sandbox-for-elixir/42480?utm_source=thinkingelixir&utm_medium=shownotes) – Dune - a sandbox for Elixir created by a Phoenix maintainer. https://github.com/functional-rewire/dune (https://github.com/functional-rewire/dune?utm_source=thinkingelixir&utm_medium=shownotes) – GitHub repository for Dune, an Elixir code sandbox. https://blog.sequinstream.com/why-we-built-mini-elixir/ (https://blog.sequinstream.com/why-we-built-mini-elixir/?utm_source=thinkingelixir&utm_medium=shownotes) – Blog post explaining Mini Elixir, another Elixir code sandbox solution. https://github.com/sequinstream/sequin/tree/main/lib/sequin/transforms/minielixir (https://github.com/sequinstream/sequin/tree/main/lib/sequin/transforms/minielixir?utm_source=thinkingelixir&utm_medium=shownotes) – GitHub repository that contains Mini Elixir, an Elixir AST interpreter. https://www.reddit.com/r/elixir/comments/1k27ekg/webuiltacustomelixirastinterpreter_for/ (https://www.reddit.com/r/elixir/comments/1k27ekg/we_built_a_custom_elixir_ast_interpreter_for/?utm_source=thinkingelixir&utm_medium=shownotes) – Reddit discussion about Mini Elixir AST interpreter. https://github.com/semaphoreio/semaphore (https://github.com/semaphoreio/semaphore?utm_source=thinkingelixir&utm_medium=shownotes) – Semaphore CI/CD platform open-sourced under Apache 2.0 license - primarily an Elixir application. https://semaphore.io/ (https://semaphore.io/?utm_source=thinkingelixir&utm_medium=shownotes) – Official website for Semaphore CI/CD platform. https://docs.semaphoreci.com/CE/getting-started/install (https://docs.semaphoreci.com/CE/getting-started/install?utm_source=thinkingelixir&utm_medium=shownotes) – Installation guide for Semaphore Community Edition. https://bsky.app/profile/markoanastasov.bsky.social/post/3lj5o5h5z7k2t (https://bsky.app/profile/markoanastasov.bsky.social/post/3lj5o5h5z7k2t?utm_source=thinkingelixir&utm_medium=shownotes) – Announcement from Marko Anastasov, co-founder of Semaphore CI, about open-sourcing their platform. https://github.com/elixir-dbvisor/sql (https://github.com/elixir-dbvisor/sql?utm_source=thinkingelixir&utm_medium=shownotes) – GitHub repository for SQL parser and sigil with impressive benchmarks. https://groups.google.com/g/elixir-ecto/c/8MOkRFAdLZc?pli=1 (https://groups.google.com/g/elixir-ecto/c/8MOkRFAdLZc?pli=1?utm_source=thinkingelixir&utm_medium=shownotes) – Discussion about SQL parser being 400-650x faster than Ecto for generating SQL. https://bsky.app/profile/bcardarella.bsky.social/post/3lndymobsak2p (https://bsky.app/profile/bcardarella.bsky.social/post/3lndymobsak2p?utm_source=thinkingelixir&utm_medium=shownotes) – Announcement about BeaconCMS reducing development due to Dockyard cuts. https://bsky.app/profile/did:plc:vnywtpvzgdgetnwea3fs3y6w (https://bsky.app/profile/did:plc:vnywtpvzgdgetnwea3fs3y6w?utm_source=thinkingelixir&utm_medium=shownotes) – Related profile for BeaconCMS announcement. https://beaconcms.org/ (https://beaconcms.org/?utm_source=thinkingelixir&utm_medium=shownotes) – BeaconCMS official website. https://github.com/BeaconCMS/beacon (https://github.com/BeaconCMS/beacon?utm_source=thinkingelixir&utm_medium=shownotes) – GitHub repository for BeaconCMS. Do you have some Elixir news to share? Tell us at @ThinkingElixir (https://twitter.com/ThinkingElixir) or email at show@thinkingelixir.com (mailto:show@thinkingelixir.com) Discussion Resources Discussion about Device Bound Session Credentials, a W3C initiative being built into major browsers that will require minor changes to Phoenix for implementation. https://w3c.github.io/webappsec-dbsc/ (https://w3c.github.io/webappsec-dbsc/?utm_source=thinkingelixir&utm_medium=shownotes) – W3C - Device Bound Session Credentials proposal https://github.com/w3c/webappsec-dbsc/ (https://github.com/w3c/webappsec-dbsc/?utm_source=thinkingelixir&utm_medium=shownotes) – Device Bound Session Credentials explainer https://developer.chrome.com/docs/web-platform/device-bound-session-credentials (https://developer.chrome.com/docs/web-platform/device-bound-session-credentials?utm_source=thinkingelixir&utm_medium=shownotes) – Device Bound Session Credentials (DBSC) on the Google Chrome developer blog https://en.wikipedia.org/wiki/TrustedPlatformModule (https://en.wikipedia.org/wiki/Trusted_Platform_Module?utm_source=thinkingelixir&utm_medium=shownotes) – Wikipedia article on Trusted Platform Module, relevant to Device Bound Session Credentials discussion. https://www.grc.com/sn/sn-1021-notes.pdf (https://www.grc.com/sn/sn-1021-notes.pdf?utm_source=thinkingelixir&utm_medium=shownotes) – Other podcast show notes discussing Device Bound Session Credentials (DBSC). https://twit.tv/shows/security-now/episodes/1021?autostart=false (https://twit.tv/shows/security-now/episodes/1021?autostart=false?utm_source=thinkingelixir&utm_medium=shownotes) – Security Now podcast episode covering Device Bound Session Credentials (time coded link to discussion). Find us online - Message the show - Bluesky (https://bsky.app/profile/thinkingelixir.com) - Message the show - X (https://x.com/ThinkingElixir) - Message the show on Fediverse - @ThinkingElixir@genserver.social (https://genserver.social/ThinkingElixir) - Email the show - show@thinkingelixir.com (mailto:show@thinkingelixir.com) - Mark Ericksen on X - @brainlid (https://x.com/brainlid) - Mark Ericksen on Bluesky - @brainlid.bsky.social (https://bsky.app/profile/brainlid.bsky.social) - Mark Ericksen on Fediverse - @brainlid@genserver.social (https://genserver.social/brainlid) - David Bernheisel on Bluesky - @david.bernheisel.com (https://bsky.app/profile/david.bernheisel.com) - David Bernheisel on Fediverse - @dbern@genserver.social (https://genserver.social/dbern)
Presented by Kaiser PermanenteRound one of the GHSA Playoffs wraps up in Georgia MondayHebron Christian HC Chad Griffin drops by to talk about the rounds of 16 matchups for the LionsNathan Nadeau, girls HC at Dooly County, talks about their win, roadtrip, and postseason successes in ViennaPlus your brackets and surprises from Round 1 so far
This week on the PayneCast:NFL DraftChattanooga Christian's soccer coach resignsHoward baseball gets lightsRMS Tigers vs Heritage Generals in the NGAC ChampionshipGHSA playoffsSEC baseballRushmore of Country Music ArtistsOverreactionBuy/SellJust one more thingBe sure you leave us a review and a rating. You can follow us on Spotify, Apple Podcast, YouTube, Facebook, & Instagram! Please send your comments, topics, and ideas to thepaynecast1@gmail.com.
Here's Day 3 of "Soccer Is In Session" daily as the GHSA playoffs have begunBrian Lawson, head coach at Jeff Davis, talks about the historic day in HazlehurstHeather Richardson, girls head coach at Social Circle, discusses her season to date andJeremy Moore, head coach at Toombs County, breaks down his double dayPresented by Kaiser Permanente
It's Day Four of Round One and we go through the scores and brackets to get you ready for the weekendMike Petite, head coach at Callaway, talks about the successes and challenges of coaching both programsChris Romano, boys head coach at Oconee County, talks about his season and matchup in Watkinsville as well
SANS Internet Stormcenter Daily Network/Cyber Security and Information Security Stormcast
Honeypot Iptables Maintenance and DShield-SIEM Logging In this diary, Jesse is talking about some of the tasks to maintain a honeypot, like keeping filebeats up to date and adjusting configurations in case your dynamic IP address changes https://isc.sans.edu/diary/Honeypot%20Iptables%20Maintenance%20and%20DShield-SIEM%20Logging/31876 XRPL.js Compromised An unknown actor was able to push malicious updates of the XRPL.js library to NPM. The library is officially recommended for writing Riple (RPL) cryptocurrency code. The malicious library exfiltrated secret keys to the attacker https://www.aikido.dev/blog/xrp-supplychain-attack-official-npm-package-infected-with-crypto-stealing-backdoor https://github.com/XRPLF/xrpl.js/security/advisories/GHSA-33qr-m49q-rxfx Cisco Equipment Affected by Erlang/OTP SSH Vulnerability Cisco published an advisory explaining which of its products are affected by the critical Erlang/OTP SSH library vulnerability https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-erlang-otp-ssh-xyZZy
Presented by Kaiser PemanenteSoccer Is In Session flies into day two of the postseason with a look at matchday one and previewingmatch day twoLincoln County coaches Will Chomskis and Matthew Hayslip preview their same-day trips to Atlanta in Class A-D2GMC Prep head coach Bobby Jaworski previews his matchup and looks at his seasonPerry girls and boys head coach nathan Dooley looks at his previews versus Druid HillsFinals, brackets, and previews in an hour
SANS Internet Stormcenter Daily Network/Cyber Security and Information Security Stormcast
It's 2025, so why are malicious advertising URLs still going strong? Phishing attacks continue to take advantage of Google s advertising services. Sadly, this is still the case for obviously malicious links, even after various anti-phishing services flag the URL. https://isc.sans.edu/diary/It%27s%202025...%20so%20why%20are%20obviously%20malicious%20advertising%20URLs%20still%20going%20strong%3F/31880 ChatGPT Fingerprinting Documents via Unicode ChatGPT apparently started leaving fingerprints in texts, which it creates by adding invisible Unicode characters like non-breaking spaces. https://www.rumidocs.com/newsroom/new-chatgpt-models-seem-to-leave-watermarks-on-text Asus AI Cloud Security Advisory Asus warns of a remote code execution vulnerability in its routers. The vulnerability is related to the AI Cloud feature. If your router is EoL, disabling the feature will mitigate the vulnerability https://www.asus.com/content/asus-product-security-advisory/ PyTorch Vulnerability PyTorch fixed a remote code execution vulnerability exploitable if a malicious model was loaded. This issue was exploitable even with the weight_only=True" setting selected https://github.com/pytorch/pytorch/security/advisories/GHSA-53q9-r3pm-6pq6
It's day one of Season Three in the GHSA soccer playoffsTwo top ten teams in 6A girls square off against each other and we visit with both Ryan Burkhart- head coach of North Gwinnett and Jennifer Barr, head coach at DenmarkPlus, Nathan Nadeau, head girls coach at Dooly County drops by to talk about their home match at the Grove in Class A-D2We look at all the matchups and brackets for today as well...
News includes EEF board elections with voting beginning May 9th, Gleam v1.10.0 enhancing security with SBoMs and SLSA build provenance, an AshAuthentication vulnerability with mitigation steps, the Elixir Secure Coding Training project finding a permanent home at the EEF, announcements for both ElixirConf US 2025 in Orlando and ElixirConfEU in Krakow with speaker lineup, and more! Show Notes online - http://podcast.thinkingelixir.com/250 (http://podcast.thinkingelixir.com/250) Elixir Community News https://paraxial.io/ (https://paraxial.io/?utm_source=thinkingelixir&utm_medium=shownotes) – Paraxial.io is sponsoring today's show! Sign up for a free trial of Paraxial.io today and mention Thinking Elixir when you schedule a demo for a limited time offer. https://erlef.org/blog/eef/election-2025 (https://erlef.org/blog/eef/election-2025?utm_source=thinkingelixir&utm_medium=shownotes) – EEF board elections announced with important dates - candidacy submissions by May 8th, voting open May 9-16th. https://x.com/TheErlef/status/1911847956308959650 (https://x.com/TheErlef/status/1911847956308959650?utm_source=thinkingelixir&utm_medium=shownotes) – Gleam v1.10.0 will ship with Build SBoMs and SLSA build provenance for all release artifacts and Docker images, improving visibility into dependencies and software supply chain security. https://x.com/theerlef/status/1910348770514006242 (https://x.com/theerlef/status/1910348770514006242?utm_source=thinkingelixir&utm_medium=shownotes) – The "Elixir Secure Coding Training (ESCT)" project has been transferred to the Erlang Ecosystem Foundation for a more permanent home and maintainership. https://bsky.app/profile/davelucia.com/post/3lmcqhzoc7c26 (https://bsky.app/profile/davelucia.com/post/3lmcqhzoc7c26?utm_source=thinkingelixir&utm_medium=shownotes) – Dave Lucia shares information about the ESCT project transfer from Podium to TvLabs and ultimately to the EEF. https://github.com/erlef/elixir-secure-coding (https://github.com/erlef/elixir-secure-coding?utm_source=thinkingelixir&utm_medium=shownotes) – An interactive cybersecurity curriculum designed for enterprise use at software companies using Elixir. https://github.com/phoenixframework/phoenix/pull/6184 (https://github.com/phoenixframework/phoenix/pull/6184?utm_source=thinkingelixir&utm_medium=shownotes) – Fix for Plug.Debugger screen which was showing ANSI codes in HTML. https://github.com/phoenixframework/phoenix/pull/6194 (https://github.com/phoenixframework/phoenix/pull/6194?utm_source=thinkingelixir&utm_medium=shownotes) – Fix for the Phoenix installer's incorrect application of custom variants in tailwind v4. https://github.com/team-alembic/ash_authentication/security/advisories/GHSA-3988-q8q7-p787 (https://github.com/team-alembic/ash_authentication/security/advisories/GHSA-3988-q8q7-p787?utm_source=thinkingelixir&utm_medium=shownotes) – AshAuthentication vulnerability published with mitigation steps - update packages, set requireinteraction to true, and add confirmroute above auth_routes. https://elixirconf.com/ (https://elixirconf.com/?utm_source=thinkingelixir&utm_medium=shownotes) – ElixirConf US 2025 is open for submitting talks and workshops in Orlando. Talk submissions due April 29, workshop submissions due April 15. https://x.com/elixirconf/status/1907843035544826137 (https://x.com/elixirconf/status/1907843035544826137?utm_source=thinkingelixir&utm_medium=shownotes) – Announcement for ElixirConf US 2025 in Orlando with deadlines for talk and workshop submissions. https://x.com/ElixirConfEU/status/1911747531953832323 (https://x.com/ElixirConfEU/status/1911747531953832323?utm_source=thinkingelixir&utm_medium=shownotes) – ElixirConfEU Speakers were announced for the upcoming conference in Krakow, Poland. https://www.elixirconf.eu/#tickets (https://www.elixirconf.eu/#tickets?utm_source=thinkingelixir&utm_medium=shownotes) – Ticket information for ElixirConfEU - 250 Euros for virtual ticket, 600 Euros for in-person ticket. https://www.elixirconf.eu/#keynotes (https://www.elixirconf.eu/#keynotes?utm_source=thinkingelixir&utm_medium=shownotes) – Keynote information for ElixirConfEU in Krakow, Poland, May 14-16 (training on May 14, regular sessions on May 15-16). Do you have some Elixir news to share? Tell us at @ThinkingElixir (https://twitter.com/ThinkingElixir) or email at show@thinkingelixir.com (mailto:show@thinkingelixir.com) Find us online - Message the show - Bluesky (https://bsky.app/profile/thinkingelixir.com) - Message the show - X (https://x.com/ThinkingElixir) - Message the show on Fediverse - @ThinkingElixir@genserver.social (https://genserver.social/ThinkingElixir) - Email the show - show@thinkingelixir.com (mailto:show@thinkingelixir.com) - Mark Ericksen on X - @brainlid (https://x.com/brainlid) - Mark Ericksen on Bluesky - @brainlid.bsky.social (https://bsky.app/profile/brainlid.bsky.social) - Mark Ericksen on Fediverse - @brainlid@genserver.social (https://genserver.social/brainlid) - David Bernheisel on Bluesky - @david.bernheisel.com (https://bsky.app/profile/david.bernheisel.com) - David Bernheisel on Fediverse - @dbern@genserver.social (https://genserver.social/dbern)
This week on the PayneCast:Tragedy in LaFayetteBig announcement for TPRory wins the MastersColorado retires Sanders and Hunter's numbersLee Corso retires from College GameDayFinal Nico thoughtsBraves and Reds starting to look betterSEC baseballGHSA baseball playoffsBaylor/McCallie baseballRushmore of Concession Food/SnacksOverreactionBuy/SellJust one more thingBe sure you leave us a review and a rating. You can follow us on Spotify, Apple Podcast, YouTube, Facebook, & Instagram! Please send your comments, topics, and ideas to thepaynecast1@gmail.com.
Presented by Kaiser PermanenteMorgan County Head Coach Aaron Paul and Assistant Brandon York drop by to talk about the double-A program's boys successAnd we also go through the rankings, brackets, and winners from the midweek in the GHSA
Presented by Kaiser PermanenteWe go over the boys and girls polls in GHSA soccerGirls head coach at Druid Hills Kai Uchimura stops by to talk about his season andWe look at tonight's schedule in a midweek, Spring Break schedule
Presented by Kaiser PermanenteWe go over the scores from last night and get you ready for the matchups in the mid-weekPlus, we look at what could be with brackets in 4A through 6A and rankings from our friends at Scorbord
About this episode: Amidst an ongoing outbreak of a deadly clade of mpox in the Democratic Republic of the Congo, the Johns Hopkins Center for Communication Programs has been part of the response team. Working with local partners, CCP has developed community outreach and strategic communications campaigns to help protect people, reduce transmission, and get the outbreak under control. When USAID funding was abruptly canceled, the program was granted a waiver to continue work. But now, as the waiver faces expiration, the program's future is uncertain which could put the DRC, Africa, and even the world at risk of an mpox epidemic. Guests: Dr. Didier Mbayi Kangudie is the Chief of Party for the Johns Hopkins Center for Communication Programs in the Democratic Republic of the Congo. He spent 11 years with USAID as a senior health advisor and has more than 25 years of experience blending clinical work, public health and global health programming. Shannon McAfee is team lead for Johns Hopkins Center for Communication Programs country programs in the Democratic Republic of Congo and Guinea, which include projects focused on integrated health, the GHSA portfolio, education, Ebola, and the COVID-19 response. She has 25 years of experience designing, leading and implementing health and development projects across 16 countries in Africa, Asia and the Caribbean. Host: Stephanie Desmon, MA, is a former journalist, author, and the director of public relations and communications for the Johns Hopkins Center for Communication Programs, the largest center at the Johns Hopkins Bloomberg School of Public Health. Show links and related content: CCP Resumes Mpox Oubreak Prevention Work in the Democratic Republic of Congo—Johns Hopkins Center for Communication Programs African Governments Falling Short on Healthcare Funding: Slow Progress 23 Years After Landmark Abuja Declaration—Human Rights Watch Why The Mpox Crisis Spreading Across Africa is a Global Concern—Public Health On Call (August 2024) Transcript information: Looking for episode transcripts? Open our podcast on the Apple Podcasts app (desktop or mobile) or the Spotify mobile app to access an auto-generated transcript of any episode. Closed captioning is also available for every episode on our YouTube channel. Contact us: Have a question about something you heard? Looking for a transcript? Want to suggest a topic or guest? Contact us via email or visit our website. Follow us: @PublicHealthPod on Bluesky @JohnsHopkinsSPH on Instagram @JohnsHopkinsSPH on Facebook @PublicHealthOnCall on YouTube Here's our RSS feed Note: These podcasts are a conversation between the participants, and do not represent the position of Johns Hopkins University.
Presented by Kaiser PermanenteMolly McCarty, head coach of the girls team at Jefferson, and Corey James, boys and girls coach at Metter stop by to talk about their season and the communities...Coach McCarty also has some advice for programs trying to build through tough times and Coach James talks about how other sports help with the soccer program build in Metter.
SANS Internet Stormcenter Daily Network/Cyber Security and Information Security Stormcast
Critical Next.js Vulnerability CVE-2025-29927 A critical vulnerability in how the x-middleware-subrequest header is verified may lead to bypassing authorization in Next.js applications. https://zhero-web-sec.github.io/research-and-things/nextjs-and-the-corrupt-middleware https://github.com/vercel/next.js/security/advisories/GHSA-f82v-jwr5-mffw https://www.runzero.com/blog/next-js/ Microsoft Trust Signing Service Abused Attackers abut the Microsoft Trust Signing Service, a service meant to help developers create signed software, to obtain short lived signatures for malware. https://www.bleepingcomputer.com/news/security/microsoft-trust-signing-service-abused-to-code-sign-malware/
Billy and Patrick are back on International Waffle Day!!! We talk GHSA reclassification meeting, Braves lineup starters and Hawks facing the Rockets!
Presented by Kaiser PermanenteChad Griffin, the head coach of both programs at Hebron Christian, talks their undefeated start to both seasonsHeather Richardson, head girls coach at Social Circle, talks their start that has them #2 in the polls in Class-D2Plus, rankings and Wednesday matchups in the GHSA
Jarrett and Bart join for Hour 2 where the Weekend Whiparound looks at your Match Week 4 in MLS, Atlanta United, and MLS Next Pro with ATLUTD2What could it look like for the visitors after coming home from Jamaica and having two days rest before coming to Atlanta...?Hour 1 goes through all the news of the AM- from England and the Prem to CONCACAF and getting to the final eight in the ConcaChampions plus a look at the GHSA action from the network last night...
Presented by Kaiser PermanenteSDH tours the state and updates everyone on the latest in GHSA soccerGuestsTia Graves- Girls head coach at GACFrank Zamora- boys head coach at Johnson-GainesvilleJeremy Moore- boys and girls head coach at Toombs CountyCoaches Graves and Zamora help preview their matches against the other school Friday night on the network and Coach Moore looks at his seasons-to-date
For your Wall Pass Wednesday, we recap the night in The Pinelands with Jeff Davis and Appling County in GHSA SoccerTyler Pilgrim from Scarves N Spikes drops by to join Jon and Jarrett for his mid-week deep dive into Atlanta United as they put Red Bulls in the rear view and prep for Messi and FriendsWe also go over MLS in CONCACAF- and it wasn't a good night...Plus, the world of UCL and news and notes for your Wednesday involving the Premier League and a few teams with roster choices and big aspirations...
SANS Internet Stormcenter Daily Network/Cyber Security and Information Security Stormcast
Shellcode Encoded in UUIDs Attackers are using UUIDs to encode Shellcode. The 128 Bit (or 16 Bytes) encoded in each UUID are converted to shell code to implement a cobalt strike beacon https://isc.sans.edu/diary/Shellcode%20Encoded%20in%20UUIDs/31752 Moxa CVE-2024-12297 Expanded to PT Switches Moxa in January first releast an update to address a fronted authorizaation logic disclosure vulnerability. It now updated the advisory and included the PT series switches as vulenrable. https://www.moxa.com/en/support/product-support/security-advisory/mpsa-241408-cve-2024-12297-frontend-authorization-logic-disclosure-vulnerability-identified-in-pt-switches Opentext Insufficently Protected Credentials https://portal.microfocus.com/s/article/KM000037455?language=en_US Livewire Volt API vulnerability https://github.com/livewire/volt/security/advisories/GHSA-v69f-5jxm-hwvv
SANS Internet Stormcenter Daily Network/Cyber Security and Information Security Stormcast
DShield Traffic Analysis using ELK The "DShield SIEM" includes an ELK dashboard as part of the Honeypot. Learn how to find traffic of interest with this tool. https://isc.sans.edu/diary/DShield%20Traffic%20Analysis%20using%20ELK/31742 Zen and the Art of Microcode Hacking Google released details, including a proof of concept exploit, showing how to take advantage of the recently patched AMD microcode vulnerability https://bughunters.google.com/blog/5424842357473280/zen-and-the-art-of-microcode-hacking CVE-2024-56161 VIM Vulnerability An attacker may execute arbitrary code by tricking a user to open a crafted tar file in VIM https://github.com/vim/vim/security/advisories/GHSA-wfmf-8626-q3r3 Snil Mail Fake Ransom Note A copy cat group is impersonating ransomware actors. The group sends snail mail to company executives claiming to have stolen company data and threatening to leak it unless a payment is made. https://www.guidepointsecurity.com/blog/snail-mail-fail-fake-ransom-note-campaign-preys-on-fear/
SANS Internet Stormcenter Daily Network/Cyber Security and Information Security Stormcast
Common Crawl includes Common Leaks The "Common Crawl" dataset, a large dataset created by spidering website, contains as expected many API keys and other secrets. This data is often used to train large language models https://trufflesecurity.com/blog/research-finds-12-000-live-api-keys-and-passwords-in-deepseek-s-training-data Github Repositories Exposed by Copilot As it is well known, Github's Copilot is using data from public GitHub repositories to train it's model. However, it appears that repositories who were briefly left open and later made private have been included as well, allowing Copilot users to retrieve files from these repositories. https://www.lasso.security/blog/lasso-major-vulnerability-in-microsoft-copilot MITRE Caldera Framework Allows Unauthenticated Code Execution The MITRE Caldera adversary emulation framework allows for unauthenticted code execution by allowing attackers to specify compiler options https://medium.com/@mitrecaldera/mitre-caldera-security-advisory-remote-code-execution-cve-2025-27364-5f679e2e2a0e modsecurity Rule Bypass Attackers may bypass the modsecurity web application firewall by prepending encoded characters with 0. https://github.com/owasp-modsecurity/ModSecurity/security/advisories/GHSA-42w7-rmv5-4x2j
SANS Internet Stormcenter Daily Network/Cyber Security and Information Security Stormcast
Attacker of of Ephemeral Ports Attackers often use ephermeral ports to reach out to download additional resources or exfiltrate data. This can be used, with care, to detect possible compromises. https://isc.sans.edu/diary/%5BGuest%20Diary%5D%20Malware%20Source%20Servers%3A%20The%20Threat%20of%20Attackers%20Using%20Ephemeral%20Ports%20as%20Service%20Ports%20to%20Upload%20Data/31710 Compromised Visal Studio Code Extension downloaded by Millions Amit Assaraf identified a likely compromised Visual Studio Code theme that was installed by millions of potential victims. Amit did not disclose the exact malicious behaviour, but is asking for victims to contact them for details. https://medium.com/@amitassaraf/a-wolf-in-dark-mode-the-malicious-vs-code-theme-that-fooled-millions-85ed92b4bd26 ByBit Theft Due to Compromised Developer Workstation ByBit and Safe{Wallet} disclosed that the record breaking ethereum theft was due to a compromised Safe{Wallet} developer workstation. A replaced JavaScript file targeted ByBit and altered a transaction signed by ByBit. https://x.com/benbybit/status/1894768736084885929 https://x.com/safe/status/1894768522720350673 PoC for NAKIVO Backup Replication Vulnerability This vulnerability allows the compromise of NAKIVO backup systems. The vulnerability was patched silently in November, and never disclosed by NAKIVO. Instead, WatchTowr now disloses details including a proof of concept exploit. https://labs.watchtowr.com/the-best-security-is-when-we-all-agree-to-keep-everything-secret-except-the-secrets-nakivo-backup-replication-cve-2024-48248/ OpenH264 Vulnerability https://github.com/cisco/openh264/security/advisories/GHSA-m99q-5j7x-7m9x rsync vulnerability exploited https://www.cisa.gov/known-exploited-vulnerabilities-catalog