Podcasts about infosec

More Free File Sharing Services Abuse The free file-sharing service catbox.moe is abused by malware. While it officially claims not to allow hosting of executables, it only checks extensions and is easily abused https://isc.sans.edu/diary/More%20Free%20File%20Sharing%20Services%20Abuse/32112 Ongoing SonicWall Secure Mobile Access (SMA) Exploitation Campaign using the OVERSTEP Backdoor A group Google identifies as UNC6148 is exploiting the Sonicwall SMA 100 series appliance. The devices are end of life, but even fully patched devices are exploited. Google assumes that these devices are compromised because credentials were leaked during prior attacks. The attacker installs the OVERSTEP backdoor after compromising the device. https://cloud.google.com/blog/topics/threat-intelligence/sonicwall-secure-mobile-access-exploitation-overstep-backdoor Weaponizing Trust in File Rendering Pipelines RenderShock is a comprehensive zero-click attack strategy that targets passive file preview, indexing, and automation behaviours in modern operating systems and enterprise environments. It leverages built-in trust mechanisms and background processing in file systems, email clients, antivirus tools, and graphical user interfaces to deliver payloads without requiring any user interaction. https://www.cyfirma.com/research/rendershock-weaponizing-trust-in-file-rendering-pipelines/

Keylogger Data Stored in an ADS Xavier came across a keystroke logger that stores data in alternate data streams. The data includes keystroke logs as well as clipboard data https://isc.sans.edu/diary/Keylogger%20Data%20Stored%20in%20an%20ADS/32108 Malvertising Homebrew An attacker has been attempting to trick users into installing a malicious version of Homebrew. The fake software is advertised via paid Google ads and directs users to the attacker s GitHub repo. https://medium.com/deriv-tech/brewing-trouble-dissecting-a-macos-malware-campaign-90c2c24de5dc CVE-2025-5333: Remote Code Execution in Broadcom Altiris IRM LRQA have discovered a critical unauthenticated remote code execution (RCE) vulnerability in the Broadcom Symantec Altiris Inventory Rule Management (IRM) component of Symantec Endpoint Management. https://www.lrqa.com/en/cyber-labs/remote-code-execution-in-broadcom-altiris-irm/ Code highlighting with Cursor AI for $500,000 A syntax highlighting extension for Cursor AI was used to compromise a developer s workstation and steal $500,000 in cryptocurrency. https://securelist.com/open-source-package-for-cursor-ai-turned-into-a-crypto-heist/116908/

DShield Honeypot Log Volume Increase Within the last few months, there has been a dramatic increase in honeypot log volumes and how often these high volumes are seen. This has not just been from Jesse s residential honeypot, which has historically seen higher log volumes, but from all of the honeypots that Jesse runs. https://isc.sans.edu/diary/DShield+Honeypot+Log+Volume+Increase/32100 Google and Microsoft Trusted Them. 2.3 Million Users Installed Them. They Were Malware. Koi Security s investigation of a single verified color picker exposed a coordinated campaign of 18 malicious extensions that infected a massive 2.3 million users across Chrome and Edge. https://blog.koi.security/google-and-microsoft-trusted-them-2-3-million-users-installed-them-they-were-malware-fb4ed4f40ff5 RDP Forensics Comprehensive overview of Windows RDP Forensics https://medium.com/@mathias.fuchs/chasing-ghosts-over-rdp-lateral-movement-in-tiny-bitmaps-328d2babd8ec

Join host Emily Wearmouth for the very special episode of Security Visionaries recorded live at Infosecurity Europe. She's joined by Holly Foxcroft, Ian Golding, and Rich Davis to discuss the crucial conversations CISOs need to have with their CEOs this year. The episode dives into four key areas: cost, risk, innovation, and AI, offering insights and exploring the differing perspectives between tech leaders and CEOs.

Experimental Suspicious Domain Feed Our new experimental suspicious domain feed uses various criteria to identify domains that may be used for phishing or other malicious purposes. https://isc.sans.edu/diary/Experimental%20Suspicious%20Domain%20Feed/32102 Wing FTP Server RCE Vulnerability Exploited CVE-2025-47812 Huntress saw active exploitation of Wing FTP Server remote code execution (CVE-2025-47812) on a customer on July 1, 2025. Organizations running Wing FTP Server should update to the fixed version, version 7.4.4, as soon as possible. https://www.huntress.com/blog/wing-ftp-server-remote-code-execution-cve-2025-47812-exploited-in-wild https://www.rcesecurity.com/2025/06/what-the-null-wing-ftp-server-rce-cve-2025-47812/ FortiWeb Pre-Auth RCE (CVE-2025-25257) An exploit for the FortiWeb RCE Vulnerability is now available and is being used in the wild. https://pwner.gg/blog/2025-07-10-fortiweb-fabric-rce NVIDIA Vulnerable to Rowhammer NVIDIA has received new research related to the industry-wide DRAM issue known as Rowhammer . The research demonstrates a potential Rowhammer attack against an NVIDIA A6000 GPU with GDDR6 Memory. The purpose of this notice is to reinforce already known mitigations to Rowhammer attacks. https://nvidia.custhelp.com/app/answers/detail/a_id/5671/~/security-notice%3A-rowhammer---july-2025

Get your FREE Cybersecurity Salary Guide: https://www.infosecinstitute.com/form/cybersecurity-salary-guide-podcast/?utm_source=youtube&utm_medium=podcast&utm_campaign=podcastJohn Hansman of Truit joins today's Cyber Work episode to share his journey from a "dead-end job" in electronic security to building a thriving managed IT services company. As the co-host of the Business & Bytes podcast, John brings a unique perspective on how small businesses can leverage AI tools to solve fundamental challenges while maintaining strong cybersecurity practices. He shares practical AI tools that business owners are leaving on the table, discusses the mindset shifts required for entrepreneurship, and explains how his company pivoted during the pandemic to emerge stronger than ever.0:00 - Intro to today's episode0:50 - Cybersecurity Salary Guide2:15 - Meet John Hansman4:20 - Early tech experiences and family influence8:45 - The career transition from dead-end job to entrepreneur12:30 - Starting an MSP during the pandemic16:15 - CEO role vs. hands-on technical work20:45 - Business & Bytes podcast format and pivot25:30 - AI tools for small businesses31:20 - John's AI toolbox and custom GPTs36:00 - Career transition stories and mindset challenges42:15 - Getting out of your own head as an entrepreneur47:30 - About Truitt and cybersecurity services50:45 - Wrap up and where to find JohnView Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast/?utm_source=youtube&utm_medium=podcast&utm_campaign=podcastAbout InfosecInfosec's mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay cyber-safe at work and home. More than 70% of the Fortune 500 have relied on Infosec to develop their security talent, and more than 5 million learners worldwide are more cyber-resilient from Infosec IQ's security awareness training. Learn more at infosecinstitute.com.

Send us a textIn this month's installment, Toni De La Fuente shares his journey into cybersecurity, detailing his early experiences with computers and his passion for hacking. He discusses the creation of Prowler, an open-source cloud security tool, and its differences from commercial solutions. The conversation explores cloud security challenges, the importance of open-source solutions, and the dynamics of scaling a startup. Toni also emphasizes the significance of passion in one's career and offers advice for aspiring tech professionals.And yes...we also talk about his LOVE for Iron Maiden ;-)

SSH Tunneling in Action: direct-tcp requests Attackers are compromising ssh servers to abuse them as relays. The attacker will configure port forwarding direct-tcp connections to forward traffic to a victim. In this particular case, the Yandex mail server was the primary victim of these attacks. https://isc.sans.edu/diary/SSH%20Tunneling%20in%20Action%3A%20direct-tcp%20requests%20%5BGuest%20Diary%5D/32094 Fortiguard FortiWeb Unauthenticated SQL injection in GUI (CVE-2025-25257) An improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability [CWE-89] in FortiWeb may allow an unauthenticated attacker to execute unauthorized SQL code or commands via crafted HTTP or HTTPs requests. https://www.fortiguard.com/psirt/FG-IR-25-151 Ruckus Virtual SmartZone (vSZ) and Ruckus Network Director (RND) contain multiple vulnerabilities Ruckus products suffer from a number of critical vulnerabilities. There is no patch available, and users are advised to restrict access to the vulnerable admin interface. https://kb.cert.org/vuls/id/613753

How can you approach your company's leadership to advocate for best security practices? Megan dives into a BIA (Business Impact Analysis) breakdown with triple guest features from FRSecure's Consulting Team. Mea Yang, Coral Morgan, and Kathryn Frickstad-Olson recall client trumphs and challenges they have witnessed with implementing BIAs.Whether you need a 101 course in BIA Practices, want a little guidance with a company conversation, or simply want to learn more about a BIA's purpose and value, this episode is for you!Access our free BIA Starter Kit by downloading today!FRSecure BIA Starter Kit--As always, let us know what you'd like to see next! Send your thoughts to unsecurity@frsecure.com. Follow for more!LinkedIn: FRSecure Instagram: FRSecureOfficial   Facebook: FRSecure BlueSky: FRSecureAbout FRSecure: https://frsecure.com/ FRSecure is a mission-driven information security consultancy headquartered in Minneapolis, MN. Our team of experts is constantly developing solutions and training to assist clients in improving the measurable fundamentals of their information security programs. These fundamentals are lacking in our industry, and while progress is being made, we can't do it alone. Whether you're wondering where to start, or looking for a team of experts to collaborate with you, we are ready to serve.

Setting up Your Own Certificate Authority for Development: Why and How. Some tips on setting up your own internal certificate authority using the smallstep CA. https://isc.sans.edu/diary/Setting%20up%20Your%20Own%20Certificate%20Authority%20for%20Development%3A%20Why%20and%20How./32092 Animation-Driven Tapjacking on Android Attackers can use a click-jacking like trick to trick victims into clicking on animated transparent dialogs opened from other applications. https://taptrap.click/usenix25_taptrap_paper.pdf Adobe Patches Adobe patched 13 different products yesterday. Most concerning are vulnerabilities in Coldfusion that include code execution and arbitrary file disclosure vulnerabilities. https://helpx.adobe.com/security/security-bulletin.html

Microsoft Patch Tuesday, July 2025 Today, Microsoft released patches for 130 Microsoft vulnerabilities and 9 additional vulnerabilities not part of Microsoft's portfolio but distributed by Microsoft. 14 of these are rated critical. Only one of the vulnerabilities was disclosed before being patched, and none of the vulnerabilities have so far been exploited. https://isc.sans.edu/diary/Microsoft%20Patch%20Tuesday%2C%20July%202025/32088 Opposum Attack If a TLS server is configured to allow switching from HTTP to HTTPS on a specific port, an attacker may be able to inject a request into the data stream. https://opossum-attack.com/ Ivanti Security Updates Ivanty fixed vulnerabilities in Ivanty Connect Secure, EPMM, and EPM. In particular the password decryption vulnerabliity may be interesting. https://www.ivanti.com/blog/july-security-update-2025

Register for FREE Infosec Webcasts, Anti-casts & Summits – https://poweredbybhis.com00:00 - PreShow Banter™ — Pre Stream Appropriate03:39 - N. Korean Remote Workers are at it Again! – BHIS - Talkin' Bout [infosec] News 2025-07-0705:41 - Story # 1: Fortune 500 Cyber Spending Pays Off: Large Enterprise Risk Falls 33% Despite Rising Threats20:01 - Story # 2: Jasper Sleet: North Korean remote IT workers' evolving tactics to infiltrate organizations25:49 - Story # 2b: Engineer caught juggling multiple startup jobs is a cautionary tale of ‘extreme' hustle culture, experts say34:47 - Story # 3: Taking SHELLTER: a commercial evasion framework abused in- the- wild42:15 - Story # 3b: Statement Regarding Recent Misuse of Shellter Elite and Elastic Security Labs' Handling46:58 - Story # 4: Ingram Micro outage caused by SafePay ransomware attack49:45 - Story # 5: Germany asks Google, Apple to remove DeepSeek AI from app stores53:13 - Story # 6: This Call of Duty game just hit Xbox Game Pass, but it's infested with RCE hackers — I'd take cover and avoid playing until there's a fix

I cover the latest Patch Tuesday news, more metrics on Windows 11 adoption, some InfoSec stories and much more! Reference Links: https://www.rorymon.com/blog/windows-update-causing-firewall-error-patch-tuesday-news-grok-goes-crazy/

What s My File Name Malware may use the GetModuleFileName API to detect if it was renamed to a name typical for analysis, like sample.exe or malware.exe https://isc.sans.edu/diary/What%27s%20My%20%28File%29Name%3F/32084 Atomic macOS infostealer adds backdoor for persistent attacks Malware analyst discovered a new version of the Atomic macOS info-stealer (also known as 'AMOS') that comes with a backdoor, to attackers persistent access to compromised systems. https://moonlock.com/amos-backdoor-persistent-access HOUKEN SEEKING A PATH BY LIVING ON THE EDGE WITH ZERO-DAYS At the beginning of September 2024, an attacker repeatedly exploited vulnerabilities CVE-2024- 8190, CVE-2024-8963, and CVE-2024-9380 vulnerabilities to remotely execute arbitrary code on vulnerable Ivanti Cloud Service Appliance devices. https://www.cert.ssi.gouv.fr/uploads/CERTFR-2025-CTI-009.pdf SEO Scams Targeting Putty, WinSCP, and AI Tools Paid Google ads are advertising trojaned versions of popuplar tools like ssh and winscp https://arcticwolf.com/resources/blog-uk/malvertising-campaign-delivers-oyster-broomstick-backdoor-via-seo-poisoning-and-trojanized-tools/

Interesting ssh/telnet usernames Some interesting usernames observed in our honeypots https://isc.sans.edu/diary/A%20few%20interesting%20and%20notable%20ssh%20telnet%20usernames/32080 More sudo trouble The host option in Sudo can be exploited to execute commands on unauthorized hosts. https://www.stratascale.com/vulnerability-alert-CVE-2025-32462-sudo-host CitrixBleed2 PoC Posted (CVE-2025-5777) WatchTwer published additional details about the recently patched CitrixBleed vulnerability, including a PoC exploit. https://labs.watchtowr.com/how-much-more-must-we-bleed-citrix-netscaler-memory-disclosure-citrixbleed-2-cve-2025-5777/ Instagram Using Six Day Certificates Instagram changes their TLS certificates daily and they use certificates that are just about to expire in a week. https://hereket.com/posts/instagram-single-day-certificates/

Lo smartphone dei Narcos. Le Community Notes scritte dall'IA. Il caso Velvet Sundown. EU critica Piracy Shield. Ethereum e la tokenizzazione della finanza. Queste e molte altre le notizie tech commentate nella puntata di questa settimana.Dallo studio distribuito di digitalia:Franco Solerio, Michele Di Maio, Massimo De SantoProduttori esecutivi:Eugenio Abriani, Massimo Passerini, Giuseppe Benedetti, Maurizio Verrone, Federico Bruno, Davide Corradini, Giulio Gabrieli, Simone Pignatti, Matteo Carpentieri, Matteo Masconale, Marco Zambianchi (Astronauticast), Sandro Acinapura, Nicola Carnielli, Matteo Molinari, Paolo Bernardini, Davide Tinti, Marco Goglio, Nicola Gabriele Del Popolo, Michele Coiro, Pasquale Maffei, Matteo Arrighi, Andrea Mannelli, Alex Ordiner, Francesco Paolo Sileno, Arzigogolo, Fiorenzo Pilla, Stefano Orso, Flavio Castro, Paolo Boschetti, Massimiliano Saggia, Giuliano Arcinotti, Massimo Dalla Motta, Danilo Sia, Yoandi Herrera, Roberto Esposito, Christian Masper, Roberto Barison, Fabrizio Bianchi, Matteo Faccio, Manuel Zavatta, Anonymous Podcast Guru User, Adriano Guarino, Marcello Piliego, Eros Francani, Antonio Turdo, @Matiz, Andrea Scarpellini, ---, @Akagrinta, Arnoud Van Der Giessen, Nicola Pedonese, Paolo Lucciola, @Jh4Ckal, ma7u, @Dswartze, Diego Venturin, Davide Fogliarini, Salvatore Postiglione, Christian Fabiani, Christian A MarcaSponsor:Squarespace.com - utilizzate il codice coupon "DIGITALIA" per avere il 10% di sconto sul costo del primo acquisto.Links:Il telefono dei narcosThe EU wants to decrypt your private data by 2030Mexican drug cartel hacked FBI officialsAttacchi hacker tramite cuffie e auricolari bluetoothEU Enforces "Disinformation" Code, Risks US Trade ClashCloudflare program charges bots for each crawlCloudflare will now block AI crawlers by defaultMeta's AI climate tool raised false hope of CO₂ removalAI band The Velvet Sundown may be just an art hoax after allAI ‘Band' The Velvet Sundown Used Suno, Is An ‘Art HoaxNudify apps plan to dominate deepfake pornMattel's Plans to Add ChatGPT to ToysAnd Now Malware That Tells AI to Ignore It?It's Known as ‘The List'—and It's a Secret File of AI GeniusesSam Altman: 'Missionaries Will Beat Mercenaries'Metas AI effort sounds just like its failed metaverseUE: Piracy Shield non è conforme al Digital Service ActElon Musk ha detto di aver formato un suo partitoOpenAI CEO Sam Altman says he's 'politically homeless'Ethereum is powering Wall Street's future.Le targhe sui monopattini elettrici e l'“alcolock”I segreti fiscali di DublinoGingilli del giorno:Demenza Digitale - Manfred SpitzerAlgo VPN - script per generare VPN self hostedBashcrawl - impara bash giocando con un MUDSupporta Digitalia, diventa produttore esecutivo.

Register for FREE Infosec Webcasts, Anti-casts & Summits – https://poweredbybhis.comChapters:00:00 - PreShow Banter™ — Names on Cups01:39 - Year of the [European Union] Linux Desktop Finally Arrives? | BHIS - Talkin' Bout [infosec] News 2025-06-3003:34 - Story # 1: You should probably delete any sensitive screenshots you have in your phone right now.10:55 - Story # 2: Ongoing Campaign Abuses Microsoft 365's Direct Send to Deliver Phishing Emails14:07 - Story # 3: The year of the European Union Linux desktop may finally arrive24:46 - Story # 4: Restricted data once again leaked on War Thunder forums27:04 - Story # 5: Scale AI Leaks Meta, Google, xAI Confidential Files Through ‘Incredibly Janky' Document Practices31:47 - Story # 6: French police reportedly arrest suspected BreachForums administrators34:22 - Story # 7: Another Wave: North Korean Contagious Interview Campaign Drops 35 New Malicious npm Packages39:41 - Story # 8: CitrixBleed 2: Electric Boogaloo — CVE-2025–577742:16 - Story # 9: Millions of Brother Printers Hit by Critical, Unpatchable Bug47:05 - Story # 10: Canada orders China's Hikvision to close Canadian operations50:13 - Story # 11: US House bans WhatsApp on staff devices over security concerns53:17 - ChickenSec: Chickens are becoming 3rd most popular pet: Tractor Supply CEO56:34 - Story # 12: Norway Dam Hacked, Valve Opened But No Danger58:11 - Review your calendar invites!

Sudo chroot Elevation of Privilege The sudo chroot option can be leveraged by any local user to elevate privileges to root, even if no sudo rules are defined for that user. https://www.stratascale.com/vulnerability-alert-CVE-2025-32463-sudo-chroot Polymorphic ZIP Files A zip file with a corrupt End of Central Directory Record may extract different data depending on the tool used to extract the files. https://hackarcana.com/article/yet-another-zip-trick Cisco Unified Communications Manager Static SSH Credentials Vulnerability A vulnerability in Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an unauthenticated, remote attacker to log in to an affected device using the root account, which has default, static credentials that cannot be changed or deleted. https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-ssh-m4UBdpE7

Scattered Spider Update The threat actor known as Scattered Spider is in the news again, this time focusing on airlines. But the techniques used by Scattered Spider, social engineering, are still some of the most dangerous techniques used by various threat actors. https://cloud.google.com/blog/topics/threat-intelligence/unc3944-proactive-hardening-recommendations?e=48754805 AMI BIOS Vulnerability Exploited CVE-2024-54085 A vulnerability in the Redfish remote access software, including AMI s BIOS, is now being exploited. https://go.ami.com/hubfs/Security%20Advisories/2025/AMI-SA-2025003.pdf https://eclypsium.com/blog/ami-megarac-vulnerabilities-bmc-part-3/ Act now: Secure Boot certificates expire in June 2026 The Microsoft certificates used in Secure Boot are the basis of trust for operating system security, and all will be expiring beginning June 2026. https://techcommunity.microsoft.com/blog/windows-itpro-blog/act-now-secure-boot-certificates-expire-in-june-2026/4426856 The Windows Resiliency Initiative: Building resilience for a future-ready enterprise Microsoft announced more details about its future security and resilience strategy for Windows. In particular, security tools will no longer have kernel access, which is supposed to prevent a repeat of the Cloudflare issue, but may also restrict security tools functionality. https://blogs.windows.com/windowsexperience/2025/06/26/the-windows-resiliency-initiative-building-resilience-for-a-future-ready-enterprise/

⸻ Podcast: Redefining Society and Technologyhttps://redefiningsocietyandtechnologypodcast.com _____________________________This Episode's SponsorsBlackCloak provides concierge cybersecurity protection to corporate executives and high-net-worth individuals to protect against hacking, reputational loss, financial loss, and the impacts of a corporate data breach.BlackCloak:  https://itspm.ag/itspbcweb_____________________________Robbie, From Fiction to Familiar — Robots, AI, and the Illusion of Consciousness June 29, 2025A new transmission from Musing On Society and Technology Newsletter, by Marco CiappelliI recently revisited one of my oldest companions. Not a person, not a memory, but a story. Robbie, the first of Isaac Asimov's famous robot tales.It's strange how familiar words can feel different over time. I first encountered Robbie as a teenager in the 1980s, flipping through a paperback copy of I, Robot. Back then, it was pure science fiction. The future felt distant, abstract, and comfortably out of reach. Robots existed mostly in movies and imagination. Artificial intelligence was something reserved for research labs or the pages of speculative novels. Reading Asimov was a window into possibilities, but they remained possibilities.Today, the story feels different. I listened to it this time—the way I often experience books now—through headphones, narrated by a synthetic voice on a sleek device Asimov might have imagined, but certainly never held. And yet, it wasn't the method of delivery that made the story resonate more deeply; it was the world we live in now.Robbie was first published in 1939, a time when the idea of robots in everyday life was little more than fantasy. Computers were experimental machines that filled entire rooms, and global attention was focused more on impending war than machine ethics. Against that backdrop, Asimov's quiet, philosophical take on robotics was ahead of its time.Rather than warning about robot uprisings or technological apocalypse, Asimov chose to explore trust, projection, and the human tendency to anthropomorphize the tools we create. Robbie, the robot, is mute, mechanical, yet deeply present. He is a protector, a companion, and ultimately, an emotional anchor for a young girl named Gloria. He doesn't speak. He doesn't pretend to understand. But through his actions—loyalty, consistency, quiet presence—he earns trust.Those themes felt distant when I first read them in the '80s. At that time, robots were factory tools, AI was theoretical, and society was just beginning to grapple with personal computers, let alone intelligent machines. The idea of a child forming a deep emotional bond with a robot was thought-provoking but belonged firmly in the realm of fiction.Listening to Robbie now, decades later, in the age of generative AI, alters everything. Today, machines talk to us fluently. They compose emails, generate artwork, write stories, even simulate empathy. Our interactions with technology are no longer limited to function; they are layered with personality, design, and the subtle performance of understanding.Yet beneath the algorithms and predictive models, the reality remains: these machines do not understand us. They generate language, simulate conversation, and mimic comprehension, but it's an illusion built from probability and training data, not consciousness. And still, many of us choose to believe in that illusion—sometimes out of convenience, sometimes out of the innate human desire for connection.In that context, Robbie's silence feels oddly honest. He doesn't offer comfort through words or simulate understanding. His presence alone is enough. There is no performance. No manipulation. Just quiet, consistent loyalty.The contrast between Asimov's fictional robot and today's generative AI highlights a deeper societal tension. For decades, we've anthropomorphized our machines, giving them names, voices, personalities. We've designed interfaces to smile, chatbots to flirt, AI assistants that reassure us they “understand.” At the same time, we've begun to robotize ourselves, adapting to algorithms, quantifying emotions, shaping our behavior to suit systems designed to optimize interaction and efficiency.This two-way convergence was precisely what Asimov spoke about in his 1965 BBC interview, which has been circulating again recently. In that conversation, he didn't just speculate about machines becoming more human-like. He predicted the merging of biology and technology, the slow erosion of the boundaries between human and machine—a hybrid species, where both evolve toward a shared, indistinct future.We are living that reality now, in subtle and obvious ways. Neural implants, mind-controlled prosthetics, AI-driven decision-making, personalized algorithms—all shaping the way we experience life and interact with the world. The convergence isn't on the horizon; it's happening in real time.What fascinates me, listening to Robbie in this new context, is how much of Asimov's work wasn't just about technology, but about us. His stories remain relevant not because he perfectly predicted machines, but because he perfectly understood human nature—our fears, our projections, our contradictions.In Robbie, society fears the unfamiliar machine, despite its proven loyalty. In 2025, we embrace machines that pretend to understand, despite knowing they don't. Trust is no longer built through presence and action, but through the performance of understanding. The more fluent the illusion, the easier it becomes to forget what lies beneath.Asimov's stories, beginning with Robbie, have always been less about the robots and more about the human condition reflected through them. That hasn't changed. But listening now, against the backdrop of generative AI and accelerated technological evolution, they resonate with new urgency.I'll leave you with one of Asimov's most relevant observations, spoken nearly sixty years ago during that same 1965 interview:“The saddest aspect of life right now is that science gathers knowledge faster than society gathers wisdom.”In many ways, we've fulfilled Asimov's vision—machines that speak, systems that predict, tools that simulate. But the question of wisdom, of how we navigate this illusion of consciousness, remains wide open.And, as a matter of fact, this reflection doesn't end here. If today's machines can already mimic understanding—convincing us they comprehend more than they do—what happens when the line between biology and technology starts to dissolve completely? When carbon and silicon, organic and artificial, begin to merge for real?That conversation deserves its own space—and it will. One of my next newsletters will dive deeper into that inevitable convergence—the hybrid future Asimov hinted at, where defining what's human, what's machine, and what exists in-between becomes harder, messier, and maybe impossible to untangle.But that's a conversation for another day.For now, I'll sit with that thought, and with Robbie's quiet, unpretentious loyalty, as the conversation continues.Until next time,Marco_________________________________________________

Open-VSX Flaw Puts Developers at Risk A flaw in the open-vsx extension marketplace could have let to the compromise of any extension offered by the marketplace. https://blog.koi.security/marketplace-takeover-how-we-couldve-taken-over-every-developer-using-a-vscode-fork-f0f8cf104d44 Bluetooth Vulnerability Could Allow Eavesdropping A vulnerability in the widely used Airoha Bluetooth chipset can be used to compromise devices and use them for eavesdropping. https://insinuator.net/2025/06/airoha-bluetooth-security-vulnerabilities/ Critical Cisco Identity Services Engine Vulnerability Multiple vulnerabilities in Cisco Identity Services Engine (ISE) and Cisco ISE Passive Identity Connector (ISE-PIC) could allow an unauthenticated, remote attacker to issue commands on the underlying operating system as the root user. https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-unauth-rce-ZAd2GnJ6

In this engaging conversation, Chris Glanden interviews Kevin Johnson, a seasoned expert in IT and cybersecurity. Kevin shares his extensive journey from system administration to becoming a leader in penetration testing and ethical hacking. He emphasizes the importance of hands-on learning, the evolution of penetration testing standards, and the role of open source in the industry. The discussion also touches on the significance of community, acknowledgment, and charity work in cybersecurity, along with personal anecdotes and insights into the future of the field.00:00 Introduction to Kevin Johnson03:39 Kevin's Journey in IT and Security06:29 The Evolution of Penetration Testing09:35 Transitioning from IT to Security12:30 The Importance of Hands-On Learning15:28 Involvement in Open Source Projects18:38 The Role of Mentorship in Career Development21:14 Ethical Hacking and Its Misconceptions24:23 The Future of Cybersecurity27:27 Understanding Risk in Cybersecurity29:14 The Evolution of Penetration Testing Standards31:00 The Human Element in Penetration Testing32:46 The Challenges of Automated Pen Testing35:26 Transparency and Knowledge Sharing in Cybersecurity39:36 Standing on the Shoulders of Giants44:41 The Importance of Acknowledgment and Gratitude48:26 The 501st Legion: Charity Through Cosplay53:08 Creating a Cybersecurity-Themed BarSYMLINKS[Secure Ideas Website] Kevin Johnson's cybersecurity consulting and training firm, offering penetration testing, security assessments, and educational resources. It also hosts blog posts and tools created by the Secure Ideas team.[Kevin Johnson on LinkedIn] Kevin's professional LinkedIn profile, where he shares insights on cybersecurity, career development, and industry leadership.[@secureideas on Twitter (X)] – Kevin's Twitter/X account, where he frequently shares thoughts on InfoSec, pen testing practices, open-source contributions, and industry transparency.[Samurai WTF (Web Testing Framework)] – An open-source Linux distribution for web application penetration testing. Co-created and taught by Kevin, this toolkit helped train thousands of security professionals in hands-on ethical hacking.[BASE (Basic Analysis and Security Engine)] – A fork of the discontinued ACID project for Snort, created by Kevin to continue development and improve IDS event analysis. This project marked a pivotal moment in his open-source journey.[SANS Institute] – A premier cybersecurity training organization where Kevin became a senior instructor, authored multiple courses, and earned the GCIA, GCIH, and GCFA certifications that shaped his professional trajectory.[Penetration Testing Execution Standard (PTES)] – http://www.pentest-standard.orgAn industry-defined standard for performing thorough and ethical penetration tests. Kevin is actively involved in modernizing this standard to reflect current tools, risks, and methodologies.[OWASP (Open Worldwide Application Security Project)] – A nonprofit organization focused on improving software security. Kevin previously served on the global board and has long supported OWASP's community-driven tools and educational efforts.

NetScaler ADC and NetScaler Gateway Security Bulletin for CVE-2025-6543 Citrix patched a memory overflow vulnerability leading to unintended control flow and denial of service. https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX694788 Remote code execution in CentOS Web Panel - CVE-2025-48703 An arbitrary file upload vulnerability in the user (not admin) part of Web Panel can be used to execute arbitrary code https://fenrisk.com/rce-centos-webpanel Gogs Arbitrary File Deletion Vulnerability Due to the insufficient patch for the CVE-2024-39931, it's still possible to delete files under the .git directory and achieve remote command execution. https://github.com/gogs/gogs/security/advisories/GHSA-wj44-9vcg-wjq7 Let s Encrypt Will Soon Issue IP Address-Based Certs Let s Encrypt is almost ready to issue certificates for IP address SANs from Let's Encrypt's production environment. They'll only be available under the short-lived profile (which has a 6-day validity period), and that profile will remain allowlist-only for a while. https://community.letsencrypt.org/t/getting-ready-to-issue-ip-address-certificates/238777

Quick Password Brute Forcing Evolution Statistics After collecting usernames and passwords from our ssh and telnet honeypots for about a decade, I took a look back at how scans changed. Attackers are attempting more passwords in each scans than they used to, but the average length of passwords did not change. https://isc.sans.edu/diary/Quick%20Password%20Brute%20Forcing%20Evolution%20Statistics/32068 Introducing FileFix A New Alternative to ClickFix Attacks Attackers may trick the user into copy/pasting strings into file explorer, which will execute commands similar to the ClickFix attack that tricks users into copy pasting the command into the start menu s cmd feature. https://www.mobile-hacker.com/2025/06/24/introducing-filefix-a-new-alternative-to-clickfix-attacks/ Threat Actors Modify and Re-Create Commercial Software to Steal User s Information A fake Sonicwall Netextender clone will steal user s credentials https://www.sonicwall.com/blog/threat-actors-modify-and-re-create-commercial-software-to-steal-users-information

Scans for Ichano AtHome IP Cameras A couple days ago, a few sources started scanning for the username super_yg and the password 123. This is associated with Ichano IP Camera software. https://isc.sans.edu/diary/Scans%20for%20Ichano%20AtHome%20IP%20Cameras/32062 Critical Netscaler Security Update CVE-2025-5777 CVE 2025-5777 is a critical severity vulnerability impacting NetScaler Gateway, i.e. if NetScaler has been configured as Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server. https://www.netscaler.com/blog/news/critical-security-updates-for-netscaler-netscaler-gateway-and-netscaler-console/ WinRar Vulnerability CVE-2025-6218 WinRar may be tricked into extracting files into attacker-determined locations, possibly leading to remote code execution https://www.win-rar.com/singlenewsview.html?&L=0&tx_ttnews%5Btt_news%5D=276&cHash=b5165454d983fc9717bc8748901a64f9

ADS & Python Tools Didier explains how to use his tools cut-bytes.py and filescanner to extract information from alternate data streams. https://isc.sans.edu/diary/ADS%20%26%20Python%20Tools/32058 Enhanced security defaults for Windows 365 Cloud PCs Microsoft announced more secure default configurations for its Windows 365 Cloud PC offerings. https://techcommunity.microsoft.com/blog/windows-itpro-blog/enhanced-security-defaults-for-windows-365-cloud-pcs/4424914 CVE-2025-34508: Another File Sharing Application, Another Path Traversal Horizon3 reveals details of a recently patched directory traversal vulnerability in zend.to. https://horizon3.ai/attack-research/attack-blogs/cve-2025-34508-another-file-sharing-application-another-path-traversal/ Unexpected security footguns in Go's parsers Go parsers for JSON and XML are not always compatible and can parse data in unexpected ways. This blog by Trails of Bits goes over the various security implications of this behaviour. https://blog.trailofbits.com/2025/06/17/unexpected-security-footguns-in-gos-parsers/

How Long Until the Phishing Starts? About Two Weeks After setting up a Google Workspace and adding a new user, it took only two weeks for the new employee to receive somewhat targeted phishing emails. https://isc.sans.edu/diary/How%20Long%20Until%20the%20Phishing%20Starts%3F%20About%20Two%20Weeks/32052 Scammers hijack websites of Bank of America, Netflix, Microsoft, and more to insert fake phone numbers Scammers are placing Google ads that point to legitimate companies sites, but are injecting malicious text into the page advertising fake tech support numbers https://www.malwarebytes.com/blog/news/2025/06/scammers-hijack-websites-of-bank-of-america-netflix-microsoft-and-more-to-insert-fake-phone-number What s in an ASP? Creative Phishing Attack on Prominent Academics and Critics of Russia Targeted attacks are tricking victims into creating app-specific passwords to Google resources. https://cloud.google.com/blog/topics/threat-intelligence/creative-phishing-academics-critics-of-russia

In this engaging conversation, Chris Glanden speaks with Pat Gorman AKA InfoSec Pat, a cybersecurity professional with over 12 years of experience. Pat shares his unique journey into the cybersecurity field, discussing his early life, career transitions, and the importance of certifications. He emphasizes the need for practical skills and the value of community engagement in the cybersecurity space. The discussion also touches on the challenges faced by newcomers in the industry and the significance of clear, accessible content for learning. Pat's candid insights and personal anecdotes provide a relatable perspective on navigating the cybersecurity landscape.00:00 Introduction to Barcode Podcast01:02 InfoSec Pat's Journey into Cybersecurity04:42 Transitioning from IT to Cybersecurity10:24 The Importance of Hands-On Learning16:50 Demystifying Cybersecurity for Newcomers21:18 Exploring Career Paths in Cybersecurity27:45 Lessons Learned from Certification Experiences30:54 The Journey to Certification34:44 The Fallout with Offensive Security36:40 Navigating the Certification Landscape38:00 The Importance of Practical Skills41:45 Essential Soft Skills for Pen Testing45:20 Building a Personal Brand and Community Engagement48:10 Overcoming Adversity and Personal Growth52:05 Unique Experiences and Future AspirationsSYMLINKS[InfoSec Pat - YouTube Channel] - Pat Gorman's YouTube channel where he publishes tutorials, walkthroughs, and educational videos on cybersecurity, penetration testing, and lab setups.[InfoSec Pat - Linktree] - Central hub for all of Pat Gorman's social platforms, courses, YouTube channel, and other professional links.[InfoSec Pat - Official Website] - Pat Gorman's official website featuring cybersecurity tutorials, online courses, certifications, and resources for professionals looking to enter or grow in the cybersecurity field.[InfoSec Pat - Merchandise Store] - Official online merchandise store offering InfoSec Pat branded apparel and accessories, designed for fans and members of the cybersecurity community.[InfoSec Pat - Facebook Group: Learn Together with InfoSec Pat] - A public Facebook group led by InfoSec Pat, created for cybersecurity learners and professionals to network, share knowledge, and grow their skills together through community support.

In this episode, Amir sits down with Aaron Painter, CEO of Nametag, to explore how deepfakes and generative AI are reshaping identity security in the workplace. They discuss real-world attacks, such as the MGM breach, and how enterprises are responding with new technologies—from cryptographic identity verification to re-verification protocols. Aaron shares what companies are doing right, where they're vulnerable, and the role of identity in the future of enterprise security.

This episode of the InfoSec Beat podcast focuses on careers in information security. Accenture CISO Kris Burkhardt talks with Kyle Friedman, who leads Security Contracting and Request for Proposal Support for our Information Security Client Data Protection team. She ensures that we have the right provisions in our proposal responses and contracts to run engagements in a secure fashion that works for both Accenture and our clients. Learn about Kyle's unconventional start at Accenture, passion for client data protection, and ability to translate information security topics to people outside the field. Her career advice? Always listen and keep an open mind.

Extracting Data From JPEGs Didier shows how to efficiently extract data from JPEGs using his tool jpegdump.py https://isc.sans.edu/diary/A%20JPEG%20With%20A%20Payload/32048 Windows Recall Export in Europe In its latest insider build for Windows 11, Microsoft is testing an export feature for data stored by Recall. The feature is limited to European users and requires that you note an encryption key that will be displayed only once as Recall is enabled. https://blogs.windows.com/windows-insider/2025/06/13/announcing-windows-11-insider-preview-build-26120-4441-beta-channel/ Anubis Ransomware Now Wipes Data The Anubis ransomware, usually known for standard double extortion, is now also wiping data preventing any recovery even if you pay the ransom. https://www.trendmicro.com/en_us/research/25/f/anubis-a-closer-look-at-an-emerging-ransomware.html Mitel Vulnerabilities CVE-2025-47188 Mitel this week patched a critical path traversal vulnerability (sadly, no CVE), and Infoguard Labs published a PoC exploit for an older file upload vulnerability. https://labs.infoguard.ch/posts/cve-2025-47188_mitel_phone_unauthenticated_rce/ https://www.mitel.com/support/mitel-product-security-advisory-misa-2025-0007

Katz Stealer in JPG Xavier found some multistage malware that uses an Excel Spreadsheet and an HTA file to load an image that includes embeded a copy of Katz stealer. https://isc.sans.edu/diary/More+Steganography/32044 https://unit42.paloaltonetworks.com/malicious-javascript-using-jsfiretruck-as-obfuscation/ JavaScript obfuscated with JSF*CK is being used on over 200,000 websites to direct victims to malware Expired Discord Invite Links Used for Malware Distribution Expired discord invite links are revived as vanity links to direct victims to malware sites https://research.checkpoint.com/2025/from-trust-to-threat-hijacked-discord-invites-used-for-multi-stage-malware-delivery/

Get your FREE Cybersecurity Salary Guide: https://www.infosecinstitute.com/form/cybersecurity-salary-guide-podcast/?utm_source=youtube&utm_medium=podcastAndre McGregor of ForceMetrics shares his incredible journey from reluctant FBI recruit to cybersecurity entrepreneur. Despite initially declining the FBI's recruitment call, Andre went on to become a special agent, tackling high-profile cybercrime cases involving nation-state actors like China, Russia and Iran. Growing up in marginalized communities shaped his commitment to creating safer police-community interactions, leading him to develop ForceMetrics — a platform that gives law enforcement officers real-time contextual data to make better decisions and de-escalate situations. This episode dives deep into cybercrime investigation techniques, the challenges of building secure law enforcement technology, and how data can transform public safety.0:00 - Intro to today's episode1:36 - Cybersecurity Salary Guide2:31 - Meet Andre McGregor4:03 - Early tech experiences and nonprofit work10:50 - FBI recruitment story and cybercrime work15:30 - Nation-state hacking investigations25:28 - Creating ForceMetrics platform29:45 - How ForceMetrics works in practice38:48 - Technical security challenges42:00 - Future of AI in law enforcement43:00 - Career advice for security professionals47:20 - Best career advice received49:20 - More about ForceMetrics and contact infoView Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast/?utm_source=youtube&utm_medium=podcast&utm_campaign=podcastAbout InfosecInfosec's mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay cyber-safe at work and home. More than 70% of the Fortune 500 have relied on Infosec to develop their security talent, and more than 5 million learners worldwide are more cyber-resilient from Infosec IQ's security awareness training. Learn more at infosecinstitute.com.

What Hump? Thirty Years of Cybersecurity and the Fine Art of Pretending It's Not a Human ProblemA new transmission from Musing On Society and Technology Newsletter, by Marco CiappelliJune 6, 2025A Post-Infosecurity Europe Reflection on the Strange but Predictable Ways We've Spent Thirty Years Pretending Cybersecurity Isn't About People.⸻ Once there was a movie titled “Young Frankenstein” (1974) — a black-and-white comedy directed by Mel Brooks, written with Gene Wilder, and starring Wilder and Marty Feldman, who delivers the iconic “What hump?” line.Let me describe the scene:[Train station, late at night. Thunder rumbles. Dr. Frederick Frankenstein steps off the train, greeted by a hunched figure holding a lantern — Igor.]Igor: Dr. Frankenstein?Dr. Frederick Frankenstein: It's Franken-steen.Igor: Oh. Well, they told me it was Frankenstein.Dr. Frederick Frankenstein: I'm not a Frankenstein. I'm a Franken-steen.Igor (cheerfully): All right.Dr. Frederick Frankenstein (noticing Igor's eyes): You must be Igor.Igor: No, it's pronounced Eye-gor.Dr. Frederick Frankenstein (confused): But they told me it was Igor.Igor: Well, they were wrong then, weren't they?[They begin walking toward the carriage.]Dr. Frederick Frankenstein (noticing Igor's severe hunchback): You know… I'm a rather brilliant surgeon. Perhaps I could help you with that hump.Igor (looks puzzled, deadpan): What hump?[Cut to them boarding the carriage, Igor climbing on the outside like a spider, grinning wildly.]It's a joke, of course. One of the best. A perfectly delivered absurdity that only Mel Brooks and Marty Feldman could pull off. But like all great comedy, it tells a deeper truth.Last night, standing in front of the Tower of London, recording one of our On Location recaps with Sean Martin, that scene came rushing back. We joked about invisible humps and cybersecurity. And the moment passed. Or so I thought.Because hours later — in bed, hotel window cracked open to the London night — I was still hearing it: “What hump?”And that's when it hit me: this isn't just a comedy bit. It's a diagnosis. Here we are at Infosecurity Europe, celebrating its 30th anniversary. Three decades of cybersecurity: a field born of optimism and fear, grown in complexity and contradiction.We've built incredible tools. We've formed global communities of defenders. We've turned “hacker” from rebel to professional job title — with a 401(k), branded hoodies, and a sponsorship deal. But we've also built an industry that — much like poor Igor — refuses to admit something's wrong.The hump is right there. You can see it. Everyone can see it. And yet… we smile and say: “What hump?”We say cybersecurity is a priority. We put it in slide decks. We hold awareness months. We write policies thick enough to be used as doorstops. But then we underfund training. We silo the security team. We click links in emails that say whatever will make us think it's important — just like those pieces of snail mail stamped URGENT that we somehow believe, even though it turns out to be an offer for a new credit card we didn't ask for and don't want. Except this time, the payload isn't junk mail — it's a clown on a spring exploding out of a fun box.Igor The hump moves, shifts, sometimes disappears from view — but it never actually goes away. And if you ask about it? Well… they were wrong then, weren't they?That's because it's not a technology problem. This is the part that still seems hard to swallow for some: Cybersecurity is not a technology problem. It never was.Yes, we need technology. But technology has never been the weak link.The weak link is the same as it was in 1995: us. The same it was before the internet and before computers: Humans.With our habits, assumptions, incentives, egos, and blind spots. We are the walking, clicking, swiping hump in the system. We've had encryption for decades. We've known about phishing since the days of AOL. Zero Trust was already discussed in 2004 — it just didn't have a cool name yet.So why do we still get breached? Why does a ransomware gang with poor grammar and a Telegram channel take down entire hospitals?Because culture doesn't change with patches. Because compliance is not belief. Because we keep treating behavior as a footnote, instead of the core.The Problem We Refuse to See at the heart of this mess is a very human phenomenon:vIf we can't see it, we pretend it doesn't exist.We can quantify risk, but we rarely internalize it. We trust our tech stack but don't trust our users. We fund detection but ignore education.And not just at work — we ignore it from the start. We still teach children how to cross the street, but not how to navigate a phishing attempt or recognize algorithmic manipulation. We give them connected devices before we teach them what being connected means. In this Hybrid Analog Digital Society, we need to treat cybersecurity not as an optional adult concern, but as a foundational part of growing up. Because by the time someone gets to the workforce, the behavior has already been set.And worst of all, we operate under the illusion that awareness equals transformation.Let's be real: Awareness is cheap. Change is expensive. It costs time, leadership, discomfort. It requires honesty. It means admitting we are all Igor, in some way. And that's the hardest part. Because no one likes to admit they've got a hump — especially when it's been there so long, it feels like part of the uniform.We have been looking the other way for over thirty years. I don't want to downplay the progress. We've come a long way, but that only makes the stubbornness more baffling.We've seen attacks evolve from digital graffiti to full-scale extortion. We've watched cybercrime move from subculture to multi-billion-dollar global enterprise. And yet, our default strategy is still: “Let's build a bigger wall, buy a shinier tool, and hope marketing doesn't fall for that PDF again.”We know what works: Psychological safety in reporting. Continuous learning. Leadership that models security values. Systems designed for humans, not just admins.But those are hard. They're invisible on the balance sheet. They don't come with dashboards or demos. So instead… We grin. We adjust our gait. And we whisper, politely:“What hump?”So what Happens now? If you're still reading this, you're probably one of the people who does see it. You see the hump. You've tried to point it out. Maybe you've been told you're imagining things. Maybe you've been told it's “not a priority this quarter.” And maybe now you're tired. I get it.But here's the thing: Nothing truly changes until we name the hump.Call it bias.Call it culture.Call it education.Call it the human condition.But don't pretend it's not there. Not anymore. Because every time we say “What hump?” — we're giving up a little more of the future. A future that depends not just on clever code and cleverer machines, but on something far more fragile:Belief. Behavior. And the choice to finally stop pretending.We joked in front of a thousand-year-old fortress. Because sometimes jokes tell the truth better than keynote stages do. And maybe the real lesson isn't about cybersecurity at all.Maybe it's just this: If we want to survive what's coming next, we have to see what's already here.- The End➤ Infosecurity Europe: https://www.itspmagazine.com/infosecurity-europe-2025-infosec-london-cybersecurity-event-coverageAnd ... we're not done yet ... stay tuned and follow Sean and Marco as they will be On Location at the following conferences over the next few months:➤ Black Hat USA in Las Vegas in August: https://www.itspmagazine.com/black-hat-usa-2025-hacker-summer-camp-2025-cybersecurity-event-coverage-in-las-vegasFOLLOW ALL OF OUR ON LOCATION CONFERENCE COVERAGEhttps://www.itspmagazine.com/technology-and-cybersecurity-conference-coverageShare this newsletter and invite anyone you think would enjoy it!As always, let's keep thinking!— Marco [https://www.marcociappelli.com]

Automated Tools to Assist with DShield Honeypot Investigations https://isc.sans.edu/diary/Automated%20Tools%20to%20Assist%20with%20DShield%20Honeypot%20Investigations%20%5BGuest%20Diary%5D/32038 EchoLeak: Zero-Click Microsoft 365 Copilot Data Leak Microsoft fixed a vulnerability in Copilot that could have been abused to exfiltrate data from Copilot users. Copilot mishandled instructions an attacker included in documents inspected by Copilot and executed them. https://www.aim.security/lp/aim-labs-echoleak-blogpost Thunderbolt Vulnerability Thunderbolt users may be tricked into downloading arbitrary files if an email includes a mailbox:/// URL. https://www.mozilla.org/en-US/security/advisories/mfsa2025-49/

Quasar RAT Delivered Through Bat Files Xavier is walking you through a quick reverse analysis of a script that will injection code extracted from a PNG image to implement a Quasar RAT. https://isc.sans.edu/diary/Quasar%20RAT%20Delivered%20Through%20Bat%20Files/32036 Delayed Windows 11 24H2 Rollout Microsoft slightly throttled the rollout of windows 11 24H2 due to issues stemming from the patch Tuesday fixes. https://learn.microsoft.com/en-us/windows/release-health/windows-message-center#3570 An In-Depth Analysis of CVE-2025-33073 Patch Tuesday fixed an already exploited SMB client vulnerability. A blog by Synacktiv explains the nature of the issue and how to exploit it. https://www.synacktiv.com/en/publications/ntlm-reflection-is-dead-long-live-ntlm-reflection-an-in-depth-analysis-of-cve-2025 Connectwise Rotating Signing Certificates Connectwise is rotating signing certificates after a recent compromise, and will release a new version of its Screen share software soon to harden its configuration. https://www.connectwise.com/company/trust/advisories KDE Telnet URL Vulnerablity The Konsole delivered as part of KDE may be abused to execute arbitrary code via telnet URLs. https://kde.org/info/security/advisory-20250609-1.txt

Microsoft Patch Tuesday Microsoft today released patches for 67 vulnerabilities. 10 of these vulnerabilities are rated critical. One vulnerability has already been exploited and another vulnerability has been publicly disclosed before today. https://isc.sans.edu/diary/Microsoft%20Patch%20Tuesday%20June%202025/32032 Adobe Vulnerabilities Adobe released patches for 7 different applications. Two significant ones are Adobe Commerce and Adobe Acrobat Reader. All vulnerabilities patched for Adobe Commerce can only be exploited by an authenticated user. The Adobe Acrobat Reader vulnerabilities are exploited by a user opening a crafted PDF, and the exploit may execute arbitrary code. https://helpx.adobe.com/security/Home.html

OctoSQL & Vulnerability Data OctoSQL is a neat tool to query files in different formats using SQL. This can, for example, be used to query the JSON vulnerability files from CISA or NVD and create interesting joins between different files. https://isc.sans.edu/diary/OctoSQL+Vulnerability+Data/32026 Mirai vs. Wazuh The Mirai botnet has now been observed exploiting a vulnerability in the open-source EDR tool Wazuh. https://www.akamai.com/blog/security-research/botnets-flaw-mirai-spreads-through-wazuh-vulnerability DNS4EU The European Union created its own public recursive resolver to offer a public resolver compliant with European privacy laws. This resolver is currently operated by ENISA, but the intent is to have a commercial entity operate and support it by a commercial entity. https://www.joindns4.eu/ WordPress FAIR Package Manager Recent legal issues around different WordPress-related entities have made it more difficult to maintain diverse sources of WordPress plugins. With WordPress plugins usually being responsible for many of the security issues, the Linux Foundation has come forward to support the FAIR Package Manager, a tool intended to simplify the management of WordPress packages. https://github.com/fairpm

Extracting With pngdump.py Didier extended his pngdump.py script to make it easier to extract additional data appended to the end of the image file. https://isc.sans.edu/diary/Extracting%20With%20pngdump.py/32022 16 React Native Packages for GlueStack Backdoored Overnight 16 npm packages with over a million weekly downloads between them were compromised. The compromised packages include a remote admin tool that was seen before in similar attacks. https://www.aikido.dev/blog/supply-chain-attack-on-react-native-aria-ecosystem Atomic MacOS Stealer Exploits Clickfix MacOS users are now also targeted by fake captchas, tricking users into running exploit code. https://www.cloudsek.com/blog/amos-variant-distributed-via-clickfix-in-spectrum-themed-dynamic-delivery-campaign-by-russian-speaking-hackers Microsoft INETPUB Script Microsoft published a simple PowerShell script to restore the inetpub folder in case you removed it by mistake. https://www.powershellgallery.com/packages/Set-InetpubFolderAcl/1.0

Be Careful With Fake Zoom Client Downloads Miscreants are tricking victims into downloading fake Zoom clients (and likely other meeting software) by first sending them fake meeting invites that direct victims to a page that offers malware for download as an update to the Zoom client. https://isc.sans.edu/diary/Be%20Careful%20With%20Fake%20Zoom%20Client%20Downloads/32014 Python tarfile Vulnerability Recently, the Python tarfile module introduced a filter option to help mitigate some of the insecure behavior common to software unpacking archives. This filter is, however, not working quite as well as it should. https://mail.python.org/archives/list/security-announce@python.org/thread/MAXIJJCUUMCL7ATZNDVEGGHUMQMUUKLG/ Hewlett Packard Enterprise Insight Remote Support processAttachmentDataStream Directory Traversal Remote Code Execution Vulnerability HP fixed, among other vulnerabilities, a critical remote code execution vulnerability in Insight Remote Support (IRS) https://www.zerodayinitiative.com/advisories/ZDI-25-325/

Phishing e-mail that hides malicious links from Outlook users Jan found a phishing email that hides the malicious link from Outlook users. The email uses specific HTML comment clauses Outlook interprets to render or not render specific parts of the email s HTML code. Jan suggests that the phishing email is intented to not expose users of https://isc.sans.edu/diary/Phishing%20e-mail%20that%20hides%20malicious%20link%20from%20Outlook%20users/32010 Amazon changing default logging from blocking to non-blocking Amazon will change the default logging mode from blocking to non-blocking. Non-blocking logging will not stop the application if logging fails, but may result in a loss of logs. https://aws.amazon.com/blogs/containers/preventing-log-loss-with-non-blocking-mode-in-the-awslogs-container-log-driver/ Cisco Removes Backdoor Cisco fixed a Cisco Identity Services Engine on Cloud Platforms Static Credential Vulnerability. https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-aws-static-cred-FPMjUcm7 Infoblox Vulnerability Details disclosed Details regarding several vulnerabilities recently patched in Infoblox s NetMRI have been made public. In particular an unauthenticated remote code execution issue should be considered critical. https://rhinosecuritylabs.com/research/infoblox-multiple-cves/

vBulletin Exploits CVE-2025-48827, CVE-2025-48828 We do see exploit attempts for the vBulletin flaw disclosed about a week ago. The flaw is only exploitable if vBulltin is run on PHP 8.1, and was patched over a year ago. However, vBulltin never disclosed the type of vulnerability that was patched. https://isc.sans.edu/diary/vBulletin%20Exploits%20%28CVE-2025-48827%2C%20CVE-2025-48828%29/32006 Google Chrome 0-Day Patched Google released a security update for Google Chrome patching three flaws. One of these is already being exploited. https://chromereleases.googleblog.com/ Roundcube Update Roundcube patched a vulnerability that allows any authenticated user to execute arbitrary code. https://roundcube.net/news/2025/06/01/security-updates-1.6.11-and-1.5.10 HP Vulnerabilities in StoreOnce HP patched multiple vulnerabilities in StoreOnce. These issues could lead to remote code execution https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbst04847en_us&docLocale=en_US

Simple SSH Backdoor Xavier came across a simple SSH backdoor taking advantage of the ssh client preinstalled on recent Windows systems. The backdoor is implemented via an SSH configuration file that instructs the SSH client to connect to a remote system and forward a shell on a random port. This will make the shell accessible to anybody able to connect to the C2 host. https://isc.sans.edu/diary/Simple%20SSH%20Backdoor/32000 Google Chrome to Distrust CAs Google Chrome will remove the Chunghwa Telecom and Netlock certificate authorities from its list of trusted CAs. Any certificates issued after July 31st will not be trusted. Certificates issued before the deadline will be trusted until they expire. https://security.googleblog.com/2025/05/sustaining-digital-certificate-security-chrome-root-store-changes.html Microsoft Emergency Update to Fix Crashes Caused by May Patch Microsoft released an emergency update for a bug caused by one of the patches released in May. Due to the bug, systems may not restart after the patch is applied. This affects, first of all, virtual systems running in Azure and HyperV but apparently has also affected some physical systems. https://learn.microsoft.com/en-us/windows/release-health/status-windows-11-23h2#kb5058405-might-fail-to-install-with-recovery-error-0xc0000098-in-acpi-sys Qualcomm Adreno Graphics Processing Unit Patch (Exploited!) Qualcomm released an update for the driver for its Adreno GPU. The patched vulnerability is already being exploited against Android devices. https://docs.qualcomm.com/product/publicresources/securitybulletin/june-2025-bulletin.html

In this On Location episode during OWASP AppSec Global 2025 in Barcelona, Maria Mora, Staff Application Security Engineer and active OWASP lifetime member, shares how her experience at the OWASP AppSec Global conference in Barcelona has reaffirmed the power of community in security. While many attendees chase back-to-back talks and technical training, Maria highlights something often overlooked—connection. Whether at the member lounge ping-pong table, during late-night beach meetups, or over keynote reflections, it's the relationships and shared purpose that make this event resonate.Maria emphasizes how her own journey into OWASP began with uncertainty but evolved into a meaningful path of participation. Through volunteering, serving on the events committee, and mentoring others, she has expanded not only her technical toolkit but also her ability to collaborate and communicate—skills she notes are essential in InfoSec but rarely prioritized. By stepping into the OWASP community, she's learned that you don't need decades of experience to contribute—just a willingness to start.Keynotes and sessions this year reinforced a similar message: security isn't just about hard skills. It's about bridging academia and industry, engaging first-time attendees, and creating welcoming spaces where no one feels like an outsider. Talks like Sarah Jané's encouraged attendees to find their own ways to give back, whether by submitting to the call for papers, helping with logistics, or simply sparking hallway conversations.Maria also points to how OWASP structures participation to make it accessible. Through demo rooms, project hubs, and informal lounge chats, attendees find ways to contribute to global initiatives like the OWASP Top 10 or volunteer-led trainings. Whether it's your first conference or your tenth, there's always room to jump in.For Maria, OWASP no longer feels like a secret club—it's a growing, open collective focused on helping people bring their best selves to security. That's the power of community: not just lifting up software, but lifting up each other.And for those thinking of taking the next step, Maria reminds us that the call for papers for OWASP DC is open through June 24th. As she puts it, “We all have something valuable to share—sometimes you just need the nudge to start.”GUEST: Maria Mora | Staff Application Security Engineer and OWASP events committee member | https://www.linkedin.com/in/riamaria/HOST: Sean Martin, Co-Founder at ITSPmagazine and Host of Redefining CyberSecurity Podcast | https://www.seanmartin.comSPONSORSManicode Security: https://itspm.ag/manicode-security-7q8iRESOURCESLearn more and catch more stories from OWASP AppSec Global 2025 Barcelona coverage: https://www.itspmagazine.com/owasp-global-appsec-barcelona-2025-application-security-event-coverage-in-catalunya-spainCatch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverageWant to tell your Brand Story Briefing as part of our event coverage? Learn More

A PNG Image With an Embedded Gift Xavier shows how Python code attached to a PNG image can be used to implement a command and control channel or a complete remote admin kit. https://isc.sans.edu/diary/A+PNG+Image+With+an+Embedded+Gift/31998 Cisco IOS XE WLC Arbitrary File Upload Vulnerability (CVE-2025-20188) Analysis Horizon3 analyzed a recently patched flaw in Cisco Wireless Controllers. This arbitrary file upload flaw can easily be used to execute arbitrary code. https://horizon3.ai/attack-research/attack-blogs/cisco-ios-xe-wlc-arbitrary-file-upload-vulnerability-cve-2025-20188-analysis/ Don't Call That "Protected" Method: Dissecting an N-Day vBulletin RCE A change in PHP 8.1 can expose methods previously expected to be safe . vBulletin fixed a related flaw about a year ago without explicitly highlighting the security impact of the fix. A blog post now exposed the flaw and provided exploit examples. We have seen exploit attempts against honeypots starting May 25th, two days after the blog was published. https://karmainsecurity.com/dont-call-that-protected-method-vbulletin-rce

AI models today have a 50% chance of successfully completing a task that would take an expert human one hour. Seven months ago, that number was roughly 30 minutes — and seven months before that, 15 minutes. (See graph.)These are substantial, multi-step tasks requiring sustained focus: building web applications, conducting machine learning research, or solving complex programming challenges.Today's guest, Beth Barnes, is CEO of METR (Model Evaluation & Threat Research) — the leading organisation measuring these capabilities.Links to learn more, video, highlights, and full transcript: https://80k.info/bbBeth's team has been timing how long it takes skilled humans to complete projects of varying length, then seeing how AI models perform on the same work. The resulting paper “Measuring AI ability to complete long tasks” made waves by revealing that the planning horizon of AI models was doubling roughly every seven months. It's regarded by many as the most useful AI forecasting work in years.Beth has found models can already do “meaningful work” improving themselves, and she wouldn't be surprised if AI models were able to autonomously self-improve as little as two years from now — in fact, “It seems hard to rule out even shorter [timelines]. Is there 1% chance of this happening in six, nine months? Yeah, that seems pretty plausible.”Beth adds:The sense I really want to dispel is, “But the experts must be on top of this. The experts would be telling us if it really was time to freak out.” The experts are not on top of this. Inasmuch as there are experts, they are saying that this is a concerning risk. … And to the extent that I am an expert, I am an expert telling you you should freak out.Chapters:Cold open (00:00:00)Who is Beth Barnes? (00:01:19)Can we see AI scheming in the chain of thought? (00:01:52)The chain of thought is essential for safety checking (00:08:58)Alignment faking in large language models (00:12:24)We have to test model honesty even before they're used inside AI companies (00:16:48)We have to test models when unruly and unconstrained (00:25:57)Each 7 months models can do tasks twice as long (00:30:40)METR's research finds AIs are solid at AI research already (00:49:33)AI may turn out to be strong at novel and creative research (00:55:53)When can we expect an algorithmic 'intelligence explosion'? (00:59:11)Recursively self-improving AI might even be here in two years — which is alarming (01:05:02)Could evaluations backfire by increasing AI hype and racing? (01:11:36)Governments first ignore new risks, but can overreact once they arrive (01:26:38)Do we need external auditors doing AI safety tests, not just the companies themselves? (01:35:10)A case against safety-focused people working at frontier AI companies (01:48:44)The new, more dire situation has forced changes to METR's strategy (02:02:29)AI companies are being locally reasonable, but globally reckless (02:10:31)Overrated: Interpretability research (02:15:11)Underrated: Developing more narrow AIs (02:17:01)Underrated: Helping humans judge confusing model outputs (02:23:36)Overrated: Major AI companies' contributions to safety research (02:25:52)Could we have a science of translating AI models' nonhuman language or neuralese? (02:29:24)Could we ban using AI to enhance AI, or is that just naive? (02:31:47)Open-weighting models is often good, and Beth has changed her attitude to it (02:37:52)What we can learn about AGI from the nuclear arms race (02:42:25)Infosec is so bad that no models are truly closed-weight models (02:57:24)AI is more like bioweapons because it undermines the leading power (03:02:02)What METR can do best that others can't (03:12:09)What METR isn't doing that other people have to step up and do (03:27:07)What research METR plans to do next (03:32:09)This episode was originally recorded on February 17, 2025.Video editing: Luke Monsour and Simon MonsourAudio engineering: Ben Cordell, Milo McGuire, Simon Monsour, and Dominic ArmstrongMusic: Ben CordellTranscriptions and web: Katy Moore

Alternate Data Streams: Adversary Defense Evasion and Detection Good Primer of alternate data streams and how they are abused, as well as how to detect and defend against ADS abuse. https://isc.sans.edu/diary/Alternate%20Data%20Streams%20%3F%20Adversary%20Defense%20Evasion%20and%20Detection%20%5BGuest%20Diary%5D/31990 Connectwise Breach Affects ScreenConnect Customers Connectwise s ScreenConnect solution was compromised, leading to attacks against a small number of customers. This is yet another example of how attackers are taking advantage of remote access solutions. https://www.connectwise.com/company/trust/advisories Mark Your Calendar: APT41 Innovative Tactics Google detected attacks leveraging Google s calendar solution as a command and control channel. https://cloud.google.com/blog/topics/threat-intelligence/apt41-innovative-tactics Webs of Deception: Using the SANS ICS Kill Chain to Flip the Advantage to the Defender Defending a small Industrial Control System (ICS) against sophisticated threats can seem futile. The resource disparity between small ICS defenders and sophisticated attackers poses a significant security challenge. https://www.sans.edu/cyber-research/webs-deception-using-sans-ics-kill-chain-flip-advantage-defender/

Exploring a Use Case of Artificial Intelligence Assistance with Understanding an Attack Jennifer Wilson took a weird string found in a recent honeypot sample and worked with ChatGPT to figure out what it is all about. https://isc.sans.edu/diary/%5BGuest%20Diary%5D%20Exploring%20a%20Use%20Case%20of%20Artificial%20Intelligence%20Assistance%20with%20Understanding%20an%20Attack/31980 Ransomware Deployed via SimpleHelp Vulnerabilities Ransomware actors are using vulnerabilities in SimpleHelp to gain access to victim s networks via MSPs. The exploited vulnerabilities were patched in January. https://news.sophos.com/en-us/2025/05/27/dragonforce-actors-target-simplehelp-vulnerabilities-to-attack-msp-customers/ OS Command Injection in Everetz Equipment Broadcast equipment manufactured by Everetz is susceptible to an OS command injection vulnerability. Everetz has not responded to researchers reporting the vulnerability so far and there is no patch available. https://www.onekey.com/resource/security-advisory-remote-code-execution-on-evertz-svdn-cve-2025-4009

SSH authorized_keys File One of the most common techniques used by many bots is to add rogue keys to the authorized_keys file, implementing an SSH backdoor. Managing these files and detecting unauthorized changes is not hard and should be done if you operate Unix systems. https://isc.sans.edu/diary/Securing%20Your%20SSH%20authorized_keys%20File/31986 REMOTE COMMAND EXECUTION ON SMARTBEDDED METEOBRIDGE (CVE-2025-4008) Weatherstation software Meteobridge suffers from an easily exploitable unauthenticated remote code execution vulnerability https://www.onekey.com/resource/security-advisory-remote-command-execution-on-smartbedded-meteobridge-cve-2025-4008 https://forum.meteohub.de/viewtopic.php?t=18687 Manageengine ADAuditPlus SQL Injection Zoho patched two SQL Injection vulnerabilities in its ManageEngine ADAuditPlus product https://www.manageengine.com/products/active-directory-audit/cve-2025-41407.html https://www.manageengine.com/products/active-directory-audit/cve-2025-36527.html Dero Miner Infects Containers through Docker API Kaspersky found yet another botnet infecting docker containers to spread crypto coin miners. The initial access happens via exposed docker APIs. https://securelist.com/dero-miner-infects-containers-through-docker-api/116546/

SVG Steganography Steganography is not only limited to pixel-based images but can be used to embed messages into vector-based formats like SVG. https://isc.sans.edu/diary/SVG%20Steganography/31978 Fortinet Vulnerability Details CVE-2025-32756 Horizon3.ai shows how it was able to find the vulnerability in Fortinet s products, and how to possibly exploit this issue. The vulnerability is already being exploited in the wild and was patched May 13th https://horizon3.ai/attack-research/attack-blogs/cve-2025-32756-low-rise-jeans-are-back-and-so-are-buffer-overflows/ Remote Prompt Injection in GitLab Duo Leads to Source Code Theft An attacker may leave instructions (prompts) for GitLab Duo embedded in the source code. This could be used to exfiltrate source code and secrets or to inject malicious code into an application. https://www.legitsecurity.com/blog/remote-prompt-injection-in-gitlab-duo