Podcasts about infosec

Why You Need Phishing-Resistant Authentication NOW. The recent compromise of a number of high-profile npmjs.com accounts has yet again shown how dangerous a simple phishing email can be. https://isc.sans.edu/diary/Why%20You%20Need%20Phishing%20Resistant%20Authentication%20NOW./32290 S1ngularity/nx Attackers Strike Again A second wave of attacks has hit over a hundred npm-related GitHub repositories. The updated payload implements a worm that propagates itself to other repositories. https://www.aikido.dev/blog/s1ngularity-nx-attackers-strike-again ChatGPT s Calendar Integration Can Be Exploited to Steal Emails ChatGPT s new MCP integration can be used, via prompt injection, to affect software connected to ChatGPT via MCP. https://www.linkedin.com/posts/eito-miyamura-157305121_we-got-chatgpt-to-leak-your-private-email-activity-7372306174253256704-xoX1/

Apple Updates Apple released major updates for all of its operating systems. In addition to new features, these updates patch 33 different vulnerabilities. https://isc.sans.edu/diary/Apple%20Updates%20Everything%20-%20iOS%20macOS%2026%20Edition/32286 Microsoft End of Life October 14th, support for Windows 10, Exchange 2016, and Exchange 2019 will end. https://support.microsoft.com/en-us/windows/windows-10-support-ends-on-october-14-2025-2ca8b313-1946-43d3-b55c-2b95b107f281#:~:text=As%20a%20reminder%2C%20Windows%2010,one%20that%20supports%20Windows%2011. https://techcommunity.microsoft.com/blog/exchange/t-9-months-exchange-server-2016-and-exchange-server-2019-end-of-support/4366605 Phishing Targeting Rust Developers Rust developers are reporting similar phishing emails as the emails causing the major NPM compromise last week. https://github.com/rust-lang/crates.io/discussions/11889#discussion-8886064 Samsung Patches 0-Day Samsung released its monthly updates for its flagship phones fixing, among other vulnerability, an already exploited 0-day. https://security.samsungmobile.com/securityUpdate.smsb

Web Searches For Archives Didier observed additional file types being searched for as attackers continue to focus on archive files as they spider web pages https://isc.sans.edu/diary/Web%20Searches%20For%20Archives/32282 FBI Flash Alert: Salesforce Attacks The FBI is alerting users of Salesforce of two different threat actors targeting Salesforce. There are no new vulnerabilities disclosed, but the initial access usually takes advantage of social engineering or leaked data from the Salesdrift compromise. https://www.ic3.gov/CSA/2025/250912.pdf VSCode Cursor Extensions Malware Koe Security unmasked details about a recent malicious cursor extension campaign they call White Cobra. https://www.koi.security/blog/whitecobra-vscode-cursor-extensions-malware BSides Augusta https://bsidesaugusta.org/

Listen and Watch Defensive Security Episodes a week early by becoming a Patreon donor: https://www.patreon.com/defensivesec Please subscribe to our YouTube channel: Defensive Podcasts – Cyber Security & Infosec. – YouTube Links: https://blog.gitguardian.com/ghostaction-campaign-3-325-secrets-stolen/ https://www.bleepingcomputer.com/news/security/ai-powered-malware-hit-2-180-github-accounts-in-s1ngularity-attack/ https://www.cbc.ca/news/canada/hamilton/cybersecurity-breach-1.7597713 https://www.bleepingcomputer.com/news/security/6-browser-based-attacks-all-security-teams-should-be-ready-for-in-2025/ https://www.bleepingcomputer.com/news/security/hackers-use-new-hexstrike-ai-tool-to-rapidly-exploit-n-day-flaws/

DShield SIEM Docker Updates Guy updated the DShield SIEM which graphically summarizes what is happening inside your honeypot. https://isc.sans.edu/diary/DShield%20SIEM%20Docker%20Updates/32276 Again: Sonicwall SSL VPN Compromises The Australian Government s Signals Directorate noted an increase in compromised Sonicwall devices. https://www.cyber.gov.au/about-us/view-all-content/alerts-and-advisories/ongoing-active-exploitation-of-sonicwall-ssl-vpns-in-australia Website Keystroke Logging Many websites log every keystroke, not just data submitted in forms. https://arxiv.org/pdf/2508.19825

We're back with "Hip Gen-X Go-Go Woman" Bitter Karella to look at the superhero series that stormed the Dot-Com Bubble: WHIRLGIRL! We talk about lost media, catty omniperverts, boob apertures, and even have time for your horror-comedy emails! Video links in the show notes. Support us on Patreon - https://www.patreon.com/flashinthepan

BASE64 Over DNS The base64 character set exceeds what is allowable in DNS. However, some implementations will work even with these invalid characters. https://isc.sans.edu/diary/BASE64%20Over%20DNS/32274 Google Chrome Update Google released an update for Google Chrome, addressing two vulnerabilities. One of the vulnerabilities is rated critical and may allow code execution. https://chromereleases.googleblog.com/2025/09/stable-channel-update-for-desktop_9.html Ivanti Updates Ivanti patched a number of vulnerabilities, several of them critical, across its product portfolio. https://forums.ivanti.com/s/article/September-Security-Advisory-Ivanti-Connect-Secure-Policy-Secure-ZTA-Gateways-and-Neurons-for-Secure-Access-Multiple-CVEs Sophos Patches Sophos resolved authentication bypass vulnerability in Sophos AP6 series wireless access point firmware (CVE-2025-10159) https://www.sophos.com/en-us/security-advisories/sophos-sa-20250909-ap6 Apple Introduces Memory Integrity Enforcement With the new hardware promoted in yesterday s event, Apple also introduced new memory integrity features based on this new hardware. https://security.apple.com/blog/memory-integrity-enforcement/

Microsoft Patch Tuesday As part of its September patch Tuesday, Microsoft addressed 177 different vulnerabilities, 86 of which affect Microsoft products. None of the vulnerabilities has been exploited before today. Two of the vulnerabilities were already made public. Microsoft rates 13 of the vulnerabilities are critical. https://isc.sans.edu/diary/Microsoft%20Patch%20Tuesday%20September%202025/32270 Adobe Patches Adobe released patches for nine products, including Adobe Commerce, Coldfusion, and Acrobat. https://helpx.adobe.com/security/security-bulletin.html SAP Patches SAP patched vulnerabilities across its product portfolio. Particularly interesting are a few critical vulnerabilities in Netweaver, one of which scored a perfect 10.0 CVSS score. https://onapsis.com/blog/sap-security-notes-september-2025-patch-day/

Major npm compromise A number of high-profile npm libraries were compromised after developers fell for a phishing email. This compromise affected libraries with a total of hundreds of millions of downloads a week. https://bsky.app/profile/bad-at-computer.bsky.social/post/3lydioq5swk2y https://github.com/orgs/community/discussions/172738 https://github.com/chalk/chalk/issues/656#issuecomment-3266894253 https://www.aikido.dev/blog/npm-debug-and-chalk-packages-compromised HTTP Request Signatures It looks like some search engines and AI bots are starting to use the HTTP request signature. This should make it easier to identify bot traffic. https://isc.sans.edu/diary/HTTP%20Request%20Signatures/32266

From YARA Offsets to Virtual Addresses Xavier explains how to convert offsets reported by YARA into offsets suitable for the use with debuggers. https://isc.sans.edu/diary/From%20YARA%20Offsets%20to%20Virtual%20Addresses/32262 Phishing via JavaScript in SVG Files Virustotal uncovered a Colombian phishing campaign that takes advantage of JavaScript in SVG files. https://blog.virustotal.com/2025/09/uncovering-colombian-malware-campaign.html FreePBX Patches FreePBX released details regarding two vulnerabilities patched last week. One of these vulnerabilities was already actively exploited. https://github.com/FreePBX/security-reporting/security/advisories/GHSA-3r47-p39v-vqqf

Demoscene alla riscossa. Il museo dei media obsoleti. Cena a casa Trump. La Svizzera presenta un LLM veramente open. Documenti d'identità nel dark web. Queste e molte altre le notizie tech commentate nella puntata di questa settimana.Dallo studio distribuito di digitalia:Franco Solerio, Michele Di Maio, Francesco FacconiProduttori esecutivi:Joanpiretz, @Pi, Nicola Gabriele Del Popolo, Pierpaolo Taffarello, Francesco Paolo Sileno, Giuseppe Benedetti, Roberto Barison, Arzigogolo, Federico Bruno, Paolo Bernardini, Marco Zambianchi (Astronauticast), Matteo Arrighi, Maurizio Verrone, Arnoud Van Der Giessen, Matteo Faccio, Nicola Carnielli, Manuel Zavatta, Giuliano Arcinotti, Andrea Casarini, Alex Ordiner, Giulio Gabrieli, Stefano Orso, Davide Tinti, Flavio Castro, @Jh4Ckal, Marcello Piliego, Massimo Dalla Motta, @Matiz, Maurizio Galluzzo, Massimiliano Casamento, Adriano Guarino, Christian A Marca, Matteo Masconale, Andrea Scarpellini, Fabrizio Bianchi, Davide Fogliarini, Danilo Sia, Antonio Turdo, Pasquale Maffei, Matteo De Lucia, Davide Corradini, Nicola Pedonese, ma7u, Paolo Lucciola, @Akagrinta, Simone Pignatti, Michele Coiro, Massimo Passerini, Yoandi Herrera, Matteo Carpentieri, Giorgio Beggiora, Christian Fabiani, Massimiliano SaggiaSponsor:Links:Interview with demoscener – 0b5vr | 6octaves2 Minute Deep Acid in StrudelMusic Screeners (1995) | Museum of Obsolete MediaTesla offers $1 trillion to Elon Musk to unleash his robotsTech leaders take turns flattering Trump at White House dinnerMattarella: La Ue non ha mai scatenato un conflitto.Il Regno Unito ha deciso di rinunciare alla backdooorSwitzerland releases an open-weight AI modelLa preistoria digitaleLa Commissione europea multa GoogleGoogle gets to keep Chrome but is barred from exclusive search dealsWhat Will Happen to Google After the Antitrust Ruling?The Browser Company is being acquired by AtlassianHumans are being hired to make AI slop look less sloppyÈ tutto bello o bellissimoThis Company Turns Dashcams into ‘Virtual CCTV Cameras.'WiFi signals can measure heart rateno wearables neededRubate 70 mila scansioni di documenti agli hotelVW introduces monthly subscription to increase car powerGingilli del giorno:Wanderer - self-hosted trail databaseAirTrail - self-hosted flight tracker and statisticsKeygen Music - una libreria di musiche di keygenSupporta Digitalia, diventa produttore esecutivo.

Unauthorized Issuance of Certificate for 1.1.1.1 Cloudflare published a blog post with more details regarding the bad 1.1.1.1 certificate that was issued by Fina. https://blog.cloudflare.com/unauthorized-issuance-of-certificates-for-1-1-1-1/ AI Model Namespace Reuse Deleted accounts on Huggingface can be taken over by other entities unrelated to the original owner. https://unit42.paloaltonetworks.com/model-namespace-reuse/ macOS vulnerability allowed Keychain and iOS app decryption without a password Excessive entitlements for the gcore binary facilitated access to key material that was sufficient to access secrets stored in Apple s keychain. https://www.helpnetsecurity.com/2025/09/04/macos-gcore-vulnerability-cve-2025-24204/

Exploit Attempts for Dassault DELMIA Apriso. CVE-2025-5086 Our honeypots detected attacks against the manufacturing management system DELMIA Apriso. The deserialization vulnerability was patched in June and is one of a few critical vulnerabilities patched in recent months. https://isc.sans.edu/diary/Exploit%20Attempts%20for%20Dassault%20DELMIA%20Apriso.%20CVE-2025-5086/32256 Android Bulletin Google released its September update, fixing two already-exploited privilege escalation flaws and some remote code execution issues. https://source.android.com/docs/security/bulletin/2025-09-01 Mis-issued Certificates for SAN iPAddress:1.1.1.1 by Fina RDC 2020 Certificate authority Fina RDC issues a certificate for Cloudflare s IP address 1.1.1.1 https://groups.google.com/a/mozilla.org/g/dev-security-policy/c/SgwC1QsEpvc

A Quick Look at Sextortion at Scale Jan analyzed 1900 different sextortion messages using 205 different Bitcoin addresses to look at the success rate, lifetime, and other metrics defining these campaigns. https://isc.sans.edu/diary/A%20quick%20look%20at%20sextortion%20at%20scale%3A%201%2C900%20messages%20and%20205%20Bitcoin%20addresses%20spanning%20four%20years/32252 Azure AD Client Secret Leak Attackers are stealing Azure AD client secrets from websites that are leaving them exposed. https://www.resecurity.com/blog/article/azure-ad-client-secret-leak-the-keys-to-cloud Covert Channel via ICMP and DNS A new bot combines ICMP and DNS in new ways for covert communication. The DNS requests use domains with a fixed prefix followed by a base64 encoded command, and the ICMP echo request packets include commands as a payload. https://blog.xlab.qianxin.com/mystrodx_covert_dual-mode_backdoor_en/ Official Release of Critical FreePBX Patch Sangoma has announced that the experimental patch released for the exploited FreePBX vulnerability is now considered stable, and users should update to apply it. https://community.freepbx.org/t/security-advisory-please-lock-down-your-administrator-access/107203

The U.S. military possesses a deep and extensive body of cyber expertise in uniform in the National Guard and Reserve force in particular. Leveraging this expertise effectively, both in a way that is productive for the military, and that is fulfilling and meaningful for the servicemember — which results in benefits for recruiting, retention, and continued development of this expertise — has been an ongoing challenge. This productive employment is even more challenging while in reserve status, resulting in attrition of this critical force. There is a national imperative, as well as clear statements from military cyber leadership, to effectively utilize all available resources to include the National Guard and Reserve force to meet the nation's cyber challenges. About the speaker: Dave Schroeder works to enable and advance intelligence and security research and partnerships at the University of Wisconsin–Madison. He is passionate about creating connections and bringing the rich and dynamic expertise at UW–Madison to the most pressing global security challenges. Dave serves as a Cyber Warfare Officer in the Wisconsin Army National Guard, and previously served a Navy Cryptologic Warfare Officer. He is also Research Director of the Wisconsin Security Research Consortium (WSRC), and manages UW-Madison's Cyber Programs and Designations. He holds graduate degrees in Cybersecurity Policy and Information Warfare, and is graduate of the Naval Postgraduate School, Naval War College, and Joint Forces Staff College.

pdf-parser: All Streams Didier released a new version of pdf-parser.py. This version fixes a problem with dumping all filtered streams. https://isc.sans.edu/diary/pdf-parser%3A%20All%20Streams/32248 Salesloft Drift Putting OAuth Tokens at Risk OAuth tokens used by Salesloft Drift users to provide access to integrations with Salesforce, Google Workspace, and others have been compromised and heavily abused for additional compromise and large-scale data exfiltration from exposed services. https://cloud.google.com/blog/topics/threat-intelligence/data-theft-salesforce-instances-via-salesloft-drift Velociraptor incident response tool abused for remote access Attackers are using the open source incident response tool Velociraptor to access remote systems in breached networks. Tools like Velocitraptor are ideal for attackers to perform lateral movement. https://news.sophos.com/en-us/2025/08/26/velociraptor-incident-response-tool-abused-for-remote-access/ Default Password in NeuVector (Rancher Desktop) SuSE fixed a default password vulnerability in NeuVector, a security tool included in Rancher Desktop. https://github.com/neuvector/neuvector/security/advisories/GHSA-8pxw-9c75-6w56

Increasing Searches for ZIP Files Attackers are scanning our honeypots more and more for .zip files. They are looking for backups of credential files and the like left behind by careless administrators and developers. https://isc.sans.edu/diary/Increasing%20Searches%20for%20ZIP%20Files/32242 FreePBX Vulnerability An upatched vulnerability in FreePBX is currently being exploited. FreePBX offers mitigation advice and has also just released a beta patch. https://community.freepbx.org/t/security-advisory-please-lock-down-your-administrator-access/107203 Passwordstate Vulnerability Clickstudios patched an authentication bypass vulnerability in its password manager, Passwordstate. The vulnerability can be used to access the emergency password page. https://www.clickstudios.com.au/passwordstate-changelog.aspx

AI Dependency Crisis + EV Infrastructure Failures: Tech Reality Check 2025When Two Infrastructure Promises Collide with RealityThe promise was simple: AI would augment human intelligence, and electric vehicles would transform transportation. The reality in 2025? Both are hitting infrastructure walls that expose uncomfortable truths about how technology actually scales.Sean Martin and Marco Ciappelli didn't plan to connect these dots in their latest Random and Unscripted weekly recap, but the conversation naturally evolved from AI dependency concerns to electric vehicle infrastructure challenges—revealing how both represent the same fundamental problem: mistaking technological capability for systemic readiness."The AI is telling us what success looks like and we're measuring against that, and who knows if it's right or wrong," Sean observed, describing what's become an AI dependency crisis in cybersecurity teams. Organizations aren't just using AI as a tool; they're letting it define their decision-making frameworks without maintaining the critical thinking skills to evaluate those frameworks.Marco connected this to their recent Black Cat analysis, describing the "paradox loop"—where teams lose both the ability to take independent action and think clearly because they're constantly feeding questions to AI, creating echo chambers of circular reasoning. "We're gonna be screwed," he said with characteristic directness. "We go back to something being magic again."This isn't academic hand-wringing. Both hosts developed their expertise when understanding fundamental technology was mandatory—when you had to grasp cables, connections, and core systems to make anything work. Their concern is for teams that might never develop that foundational knowledge, mistaking AI convenience for actual competence.The electric vehicle discussion, triggered by Marco's conversation with Swedish consultant Matt Larson, revealed parallel infrastructure failures. "Upgrading to electric vehicles isn't like updating software," Sean noted, recalling his own experience renting an EV and losing an hour to charging—"That's not how you're gonna sell it."Larson's suggestion of an "Apollo Program" for EV infrastructure acknowledges what the industry often ignores: some technological transitions require massive, coordinated investment beyond individual company capabilities. The cars work; the surrounding ecosystem barely exists. Sound familiar to anyone implementing AI without considering organizational infrastructure?From his Object First webinar on backup systems, Sean extracted a deceptively simple insight: immutability matters precisely because bad actors specifically target backups to enable ransomware success. "You might think you're safe and resilient until something happens and you realize you're not."Marco's philosophical take—comparing immutable backups to never stepping in the same river twice—highlights why both cybersecurity and infrastructure transitions demand unchanging foundations even as everything else evolves rapidly.The episode's most significant development was their expanded event coverage announcement. Moving beyond traditional cybersecurity conferences to cover IBC Amsterdam (broadcasting technology since 1967), automotive security events, gaming conferences, and virtual reality gatherings represents recognition that infrastructure challenges cross every industry."That's where things really get interesting," Sean noted about broader tech events. When cybersecurity professionals only discuss security in isolation, they miss how infrastructure problems manifest across music production, autonomous vehicles, live streaming, and emerging technologies.Both AI dependency and EV infrastructure failures share the same root cause: assuming technological capability automatically translates to systemic implementation. The gap between "this works in a lab" and "this works in reality" represents the most critical challenge facing technology leaders in 2025.Their call to action extends beyond cybersecurity: if you know about events that address infrastructure challenges at the intersection of technology and society, reach out. The "usual suspects" of security conferences aren't where these broader infrastructure conversations are happening.What infrastructure gaps are you seeing between technology promises and implementation reality? Join the conversation on LinkedIn or connect through ITSP Magazine.________________Hosts links:

Interesting Technique to Launch a Shellcode Xavier came across malware that PowerShell and the CallWindowProcA() API to launch code. https://isc.sans.edu/diary/Interesting%20Technique%20to%20Launch%20a%20Shellcode/32238 NX Compromised to Steal Wallets and Credentials The popular open source NX build package was compromised. Code was added that uses the help of AI tools like Claude and Gemini to steal credentials from affected systems https://semgrep.dev/blog/2025/security-alert-nx-compromised-to-steal-wallets-and-credentials/ Countering Chinese State-Sponsored Actors Compromise of Networks Worldwide to Feed the Global Espionage System Several law enforcement and cybersecurity agencies worldwide collaborated to release a detailed report on the recent Volt Typhoon incident. https://www.cisa.gov/news-events/cybersecurity-advisories/aa25-239a

Getting a Better Handle on International Domain Names and Punycode International Domain names can be used for phishing and other attacks. One way to identify suspect names is to look for mixed script use. https://isc.sans.edu/diary/Getting%20a%20Better%20Handle%20on%20International%20Domain%20Names%20and%20Punycode/32234 Citrix Netscaler Vulnerabilities CVE-2025-7775, CVE-2025-7776 and CVE-2025-8424 Citrix patched three vulnerabilities in Netscaler. One is already being exploited https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX694938&articleTitle=NetScaler_ADC_and_NetScaler_Gateway_Security_Bulletin_for_CVE_2025_7775_CVE_2025_7776_and_CVE_2025_8424 git vulnerability exploited (CVE-2025-48384) A git vulnerability patched in early July is now being exploited https://github.com/git/git/security/advisories/GHSA-vwqx-4fm8-6qc9

Returning from this year's DEF CON, hear from our Offensive Team Managers, Dowd and Findlay, and Pinky, IR Manager and co-host of The Hackle Box. Hear about new highlights, CTF's, and villages, and reflection from Brad as a Blue Team member navigating past challenges. Have something to say? Contact us at unsecurity@frsecure.com and follow us for more!LinkedIn: frsecure Instagram: frsecureofficialFacebook: frsecureBlueSky: frsecureAbout FRSecure: https://frsecure.com/ FRSecure is a mission-driven information security consultancy headquartered in Minneapolis, MN. Our team of experts is constantly developing solutions and training to assist clients in improving the measurable fundamentals of their information security programs. These fundamentals are lacking in our industry, and while progress is being made, we can't do it alone. Whether you're wondering where to start, or looking for a team of experts to collaborate with you, we are ready to serve.

People talk quite a lot about things like 'shift left" that make it sound as if it is a new concept -- sold at your finer consultancies -- to build things properly in the first place. After two decades of incident response, smoke jumping and Tech Debt burndowns, I think it's time to talk about the way teams can build security not just into the product but into the company culture by examining some basic realities of the product development process. This is not just for tech companies; it's for any firm with a process by which they turn ideas into money. Because for all the SDLC tools, all the configuration platforms, the code scanners, and the security and code testing doodads out there, nothing in my experience works as well as starting with the basics: including security and legal experts as well as the people who manage the internal services that will be your upstream and downstream dependencies at the ideation stage. The amount of weapons-grade stupid, the mountain ranges of tech debt, and the broken business promises that this simple plan can avoid make it hard to believe that it's so rare to find these practices in mainstream companies. In this talk, I will describe the most common side effects of failing to do this, how those side effects manifest into cultural roadblocks, silos, and sadness, and most important: how you can break the cycle, slash through the Gordian knot of despair and missed deadlines, and return to cranking out product like a start up. About the speaker: Nick Selby is the founder of EPSD, Inc., and he has more than 20 years of experience advising organizations in highly targeted industries. Previously, he led professional services at Evertas and served as Interim Executive Director of the Cryptoasset Intelligence Sharing and Analysis Center. His executive roles have also included stints at Trail of Bits and Paxos Trust Company. He managed cyber incident response at TRM Partners and N4Struct, and in 2005 founded the information security practice at 451 Research (now S&P Global Intelligence), where he served as Vice President of Research Operations until 2009. As Director of Cyber Intelligence and Investigations at the NYPD (2018-2020), Selby led cybercrime investigations for America's largest police department. Selby serves on the Board of Directors of the non-profit National Child Protection Task Force and the advisory board of Sightline Security. While retired from law enforcement, he continues to serve as a reserve detective for a Dallas-Fort Worth area police agency, where he investigates crimes against children and the cyber aspects of real-world crimes.

Reading Location Position Value in Microsoft Word Documents Jessy investigated how Word documents store the last visited document location in the registry. https://isc.sans.edu/diary/Reading%20Location%20Position%20Value%20in%20Microsoft%20Word%20Documents/32224 Weaponizing image scaling against production AI systems AI systems often downscale images before processing them. An attacker can create a harmless looking image that would reveal text after downscaling leading to prompt injection https://blog.trailofbits.com/2025/08/21/weaponizing-image-scaling-against-production-ai-systems/ IBM Jazz Team Server Vulnerability CVE-2025-36157 IBM patched a critical vulnerability in its Jazz Team Server https://www.ibm.com/support/pages/node/7242925

The end of an era: Properly formatted IP addresses in all of our data. When initiall designing DShield, addresses were zero padded , an unfortunate choice. As of this week, datafeeds should no longer be zero padded . https://isc.sans.edu/diary/The%20end%20of%20an%20era%3A%20Properly%20formated%20IP%20addresses%20in%20all%20of%20our%20data./32228 .desktop files used in an attack against Linux Desktops Pakistani attackers are using .desktop files to target Indian Linux desktops. https://www.cyfirma.com/research/apt36-targets-indian-boss-linux-systems-with-weaponized-autostart-files/ Malicious Go Module Disguised as SSH Brute Forcer Exfiltrates Credentials via Telegram A go module advertising its ability to quickly brute force passwords against random IP addresses, has been used to exfiltrate credentials from the person running the module. https://socket.dev/blog/malicious-go-module-disguised-as-ssh-brute-forcer-exfiltrates-credentials Limiting Onmicrosoft Domain Usage for Sending Emails Microsoft is limiting how many emails can be sent by Microsoft 365 users using the onmicrosoft.com domain. https://techcommunity.microsoft.com/blog/exchange/limiting-onmicrosoft-domain-usage-for-sending-emails/4446167

Don't Forget The "-n" Command Line Switch Disabling reverse DNS lookups for IP addresses is important not just for performance, but also for opsec. Xavier is explaining some of the risks. https://isc.sans.edu/diary/Don%27t%20Forget%20The%20%22-n%22%20Command%20Line%20Switch/32220 watchTowr releases details about recent Commvault flaws Users of the Commvault enterprise backup solution must patch now after watchTowr released details about recent vulnerabilities https://labs.watchtowr.com/guess-who-would-be-stupid-enough-to-rob-the-same-vault-twice-pre-auth-rce-chains-in-commvault/?123 Docker Desktop Vulnerability CVE-2025-9074 A vulnerability in Docker Desktop allows attackers to escape from containers to attack the host. https://docs.docker.com/desktop/release-notes/#4443

Airtel Router Scans and Mislabeled Usernames A quick summary of some odd usernames that show up in our honeypot logs https://isc.sans.edu/diary/Airtel%20Router%20Scans%2C%20and%20Mislabeled%20usernames/32216 Apple Patches 0-Day CVE-2025-43300 Apple released an update for iOS, iPadOS and MacOS today patching a single, already exploited, vulnerability in ImageIO. https://support.apple.com/en-us/124925 Microsoft Copilot Audit Logs A user retrieving data via copilot obscures the fact that the user may have had access to data in a specific file https://pistachioapp.com/blog/copilot-broke-your-audit-log Password Managers Susceptible to Clickjacking Many password managers are susceptible to clickjacking, and only few have fixed the problem so far https://marektoth.com/blog/dom-based-extension-clickjacking/

Increased Elasticsearch Recognizance Scans Our honeypots noted an increase in reconnaissance scans for Elasticsearch. In particular, the endpoint /_cluster/settings is hit hard. https://isc.sans.edu/diary/Increased%20Elasticsearch%20Recognizance%20Scans/32212 Microsoft Patch Tuesday Issues Microsoft noted some issues deploying the most recent patches with WSUS. There are also issues with certain SSDs if larger files are transferred. https://learn.microsoft.com/en-us/windows/release-health/status-windows-11-24h2#3635msgdesc https://www.tomshardware.com/pc-components/ssds/latest-windows-11-security-patch-might-be-breaking-ssds-under-heavy-workloads-users-report-disappearing-drives-following-file-transfers-including-some-that-cannot-be-recovered-after-a-reboot SAP Vulnerabilities Exploited CVE-2025-31324, CVE-2025-42999 Details explaining how to take advantage of two SAP vulnerabilities were made public https://onapsis.com/blog/new-exploit-for-cve-2025-31324/

We're Becoming Dumb and Numb": Why Black Hat 2025's AI Hype Is Killing Cybersecurity -- And Our Ability to Think Random and Unscripted Weekly Update Podcast with Sean Martin and Marco Ciappelli__________________SummarySean and Marco dissect Black Hat USA 2025, where every vendor claimed to have "agentic AI" solutions. They expose how marketing buzzwords create noise that frustrates CISOs seeking real value. Marco references the Greek myth of Talos - an ancient AI robot that seemed invincible until one fatal flaw destroyed it - as a metaphor for today's overinflated AI promises. The discussion spirals into deeper concerns: are we becoming too dependent on AI decision-making? They warn about echo chambers, lowest common denominators, and losing our ability to think critically. The solution? Stop selling perfection, embrace product limitations, and keep humans in control. __________________10 Notable QuotesSean:"It's hard for them to siphon the noise. Sift through the noise, I should say, and figure out what the heck is really going on.""If we completely just use it for the easy button, we'll stop thinking and we won't use it as a tool to make things better.""We'll stop thinking and we won't use it as a tool to make our minds better, to make our decisions better.""We are told then that this is the reality. This is what good looks like.""Maybe there's a different way to even look at things. So it's kind of become uniform... a very low common denominator that is just good enough for everybody."Marco:"Do you really wanna trust the weapon to just go and shoot everybody? At least you can tell it's a human factor and that's the people that ultimately decide.""If we don't make decision anymore, we're gonna turn out in a lot of those sci-fi stories, like the time machine where we become dumb.""We all perceive reality to be different from what it is, and then it creates a circular knowledge learning where we use AI to create the knowledge, then to ask the question, then to give the answers.""We're just becoming dumb and numb. More than dumb, but we become numb to everything else because we're just not thinking with our own head.""You're selling the illusion of security and that could be something that then you replicate in other industries." Picture this: You walk into the world's largest cybersecurity conference, and every single vendor booth is screaming the same thing – "agentic AI." Different companies, different products, but somehow they all taste like the same marketing milkshake.That's exactly what Sean Martin and Marco Ciappelli witnessed at Black Hat USA 2025, and their latest Random and Unscripted with Sean and Marco episode pulls no punches in exposing what's really happening behind the buzzwords."Marketing just took all the cool technology that each vendor had, put it in a blender and made a shake that just tastes the same," Marco reveals on Random and Unscripted with Sean and Marco, describing how the conference floor felt like one giant echo chamber where innovation got lost in translation.But this isn't just another rant about marketing speak. The Random and Unscripted with Sean and Marco conversation takes a darker turn when Marco introduces the ancient Greek myth of Talos – a bronze giant powered by divine ichor who was tasked with autonomously defending Crete. Powerful, seemingly invincible, until one small vulnerability brought the entire system crashing down.Sound familiar?"Do you really wanna trust the weapon to just go and shoot everybody?" Marco asks, drawing parallels between ancient mythology and today's rush to hand over decision-making to AI systems we don't fully understand.Sean, meanwhile, talked to frustrated CISOs throughout the event who shared a common complaint: "It's hard for them to sift through the noise and figure out what the heck is really going on." When every vendor claims their AI is autonomous and perfect, how do you choose? How do you even know what you're buying?The real danger, they argue on Random and Unscripted with Sean and Marco, isn't just bad purchasing decisions. It's what happens when we stop thinking altogether."If we completely just use it for the easy button, we'll stop thinking and we won't use it as a tool to make our minds better," Sean warns. We risk settling for what he calls the "lowest common denominator" – a world where AI tells us what success looks like, and we never question whether we could do better.Marco goes even further, describing a "circular knowledge learning" trap where "we use AI to create the knowledge, then to ask the question, then to give the answers." The result? "We're just becoming dumb and numb. More than dumb, but we become numb to everything else because we're just not thinking with our own head."Their solution isn't to abandon AI – it's to get honest about what it can and can't do. "Stop looking for the easy button and stop selling the easy button," Marco urges vendors on Random and Unscripted with Sean and Marco. "Your product is probably as good as it is."Sean adds: "Don't be afraid to share your blemishes, share your weaknesses. Share your gaps."Because here's the thing CISOs know that vendors often forget: "CISOs are not stupid. They talk to each other. The truth will come out."In an industry built on protecting against deception, maybe it's time to stop deceiving ourselves about what AI can actually deliver. ________________ Keywordscybersecurity, artificialintelligence, blackhat2025, agentic, ai, marketing, ciso, cybersec, infosec, technology, leadership, vendor, innovation, automation, security, tech, AI, machinelearning, enterprise, business________________Hosts links:

Keeping an Eye on MFA Bombing Attacks Attackers will attempt to use authentication fatigue by bombing users with MFA authentication requests. Rob is talking in this diary about how to investigate these attacks in a Microsoft ecosystem. https://isc.sans.edu/diary/Keeping+an+Eye+on+MFABombing+Attacks/32208 Critical Cisco Secure Firewall Management Center Software RADIUS Remote Code Execution Vulnerability An OS command injection vulnerability may be abused to gain access to the Cisco Secure Firewall Management Center software. https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-radius-rce-TNBKf79 F5 Access for Android vulnerability An attacker with a network position that allows them to intercept network traffic may be able to read and/or modify data in transit. The attacker would need to intercept vulnerable clients specifically, since other clients would detect the man-in-the-middle (MITM) attack. https://my.f5.com/manage/s/article/K000152049

⸻ Podcast: Redefining Society and Technologyhttps://redefiningsocietyandtechnologypodcast.com _____________________________This Episode's SponsorsBlackCloak provides concierge cybersecurity protection to corporate executives and high-net-worth individuals to protect against hacking, reputational loss, financial loss, and the impacts of a corporate data breach.BlackCloak:  https://itspm.ag/itspbcweb_____________________________A Musing On Society & Technology Newsletter Written By Marco Ciappelli | Read by TAPE3August 18, 2025The Narrative Attack Paradox: When Cybersecurity Lost the Ability to Detect Its Own Deception and the Humanity We Risk When Truth Becomes OptionalReflections from Black Hat USA 2025 on Deception, Disinformation, and the Marketing That Chose Fiction Over FactsBy Marco CiappelliSean Martin, CISSP just published his analysis of Black Hat USA 2025, documenting what he calls the cybersecurity vendor "echo chamber." Reviewing over 60 vendor announcements, Sean found identical phrases echoing repeatedly: "AI-powered," "integrated," "reduce analyst burden." The sameness forces buyers to sift through near-identical claims to find genuine differentiation.This reveals more than a marketing problem—it suggests that different technologies are being fed into the same promotional blender, possibly a generative AI one, producing standardized output regardless of what went in. When an entire industry converges on identical language to describe supposedly different technologies, meaningful technical discourse breaks down.But Sean's most troubling observation wasn't about marketing copy—it was about competence. When CISOs probe vendor claims about AI capabilities, they encounter vendors who cannot adequately explain their own technologies. When conversations moved beyond marketing promises to technical specifics, answers became vague, filled with buzzwords about proprietary algorithms.Reading Sean's analysis while reflecting on my own Black Hat experience, I realized we had witnessed something unprecedented: an entire industry losing the ability to distinguish between authentic capability and generated narrative—precisely as that same industry was studying external "narrative attacks" as an emerging threat vector.The irony was impossible to ignore. Black Hat 2025 sessions warned about AI-generated deepfakes targeting executives, social engineering attacks using scraped LinkedIn profiles, and synthetic audio calls designed to trick financial institutions. Security researchers documented how adversaries craft sophisticated deceptions using publicly available content. Meanwhile, our own exhibition halls featured countless unverifiable claims about AI capabilities that even the vendors themselves couldn't adequately explain.But to understand what we witnessed, we need to examine the very concept that cybersecurity professionals were discussing as an external threat: narrative attacks. These represent a fundamental shift in how adversaries target human decision-making. Unlike traditional cyberattacks that exploit technical vulnerabilities, narrative attacks exploit psychological vulnerabilities in human cognition. Think of them as social engineering and propaganda supercharged by AI—personalized deception at scale that adapts faster than human defenders can respond. They flood information environments with false content designed to manipulate perception and erode trust, rendering rational decision-making impossible.What makes these attacks particularly dangerous in the AI era is scale and personalization. AI enables automated generation of targeted content tailored to individual psychological profiles. A single adversary can launch thousands of simultaneous campaigns, each crafted to exploit specific cognitive biases of particular groups or individuals.But here's what we may have missed during Black Hat 2025: the same technological forces enabling external narrative attacks have already compromised our internal capacity for truth evaluation. When vendors use AI-optimized language to describe AI capabilities, when marketing departments deploy algorithmic content generation to sell algorithmic solutions, when companies building detection systems can't detect the artificial nature of their own communications, we've entered a recursive information crisis.From a sociological perspective, we're witnessing the breakdown of social infrastructure required for collective knowledge production. Industries like cybersecurity have historically served as early warning systems for technological threats—canaries in the coal mine with enough technical sophistication to spot emerging dangers before they affect broader society.But when the canary becomes unable to distinguish between fresh air and poison gas, the entire mine is at risk.This brings us to something the literary world understood long before we built our first algorithm. Jorge Luis Borges, the Argentine writer, anticipated this crisis in his 1940s stories like "On Exactitude in Science" and "The Library of Babel"—tales about maps that become more real than the territories they represent and libraries containing infinite books, including false ones. In his fiction, simulations and descriptions eventually replace the reality they were meant to describe.We're living in a Borgesian nightmare where marketing descriptions of AI capabilities have become more influential than actual AI capabilities. When a vendor's promotional language about their AI becomes more convincing than a technical demonstration, when buyers make decisions based on algorithmic marketing copy rather than empirical evidence, we've entered that literary territory where the map has consumed the landscape. And we've lost the ability to distinguish between them.The historical precedent is the 1938 War of the Worlds broadcast, which created mass hysteria from fiction. But here's the crucial difference: Welles was human, the script was human-written, the performance required conscious participation, and the deception was traceable to human intent. Listeners had to actively choose to believe what they heard.Today's AI-generated narratives operate below the threshold of conscious recognition. They require no active participation—they work by seamlessly integrating into information environments in ways that make detection impossible even for experts. When algorithms generate technical claims that sound authentic to human evaluators, when the same systems create both legitimate documentation and marketing fiction, we face deception at a level Welles never imagined: the algorithmic manipulation of truth itself.The recursive nature of this problem reveals itself when you try to solve it. This creates a nearly impossible situation. How do you fact-check AI-generated claims about AI using AI-powered tools? How do you verify technical documentation when the same systems create both authentic docs and marketing copy? When the tools generating problems and solving problems converge into identical technological artifacts, conventional verification approaches break down completely.My first Black Hat article explored how we risk losing human agency by delegating decision-making to artificial agents. But this goes deeper: we risk losing human agency in the construction of reality itself. When machines generate narratives about what machines can do, truth becomes algorithmically determined rather than empirically discovered.Marshall McLuhan famously said "We shape our tools, and thereafter they shape us." But he couldn't have imagined tools that reshape our perception of reality itself. We haven't just built machines that give us answers—we've built machines that decide what questions we should ask and how we should evaluate the answers.But the implications extend far beyond cybersecurity itself. This matters far beyond. If the sector responsible for detecting digital deception becomes the first victim of algorithmic narrative pollution, what hope do other industries have? Healthcare systems relying on AI diagnostics they can't explain. Financial institutions using algorithmic trading based on analyses they can't verify. Educational systems teaching AI-generated content whose origins remain opaque.When the industry that guards against deception loses the ability to distinguish authentic capability from algorithmic fiction, society loses its early warning system for the moment when machines take over truth construction itself.So where does this leave us? That moment may have already arrived. We just don't know it yet—and increasingly, we lack the cognitive infrastructure to find out.But here's what we can still do: We can start by acknowledging we've reached this threshold. We can demand transparency not just in AI algorithms, but in the human processes that evaluate and implement them. We can rebuild evaluation criteria that distinguish between technical capability and marketing narrative.And here's a direct challenge to the marketing and branding professionals reading this: it's time to stop relying on AI algorithms and data optimization to craft your messages. The cybersecurity industry's crisis should serve as a warning—when marketing becomes indistinguishable from algorithmic fiction, everyone loses. Social media has taught us that the most respected brands are those that choose honesty over hype, transparency over clever messaging. Brands that walk the walk and talk the talk, not those that let machines do the talking.The companies that will survive this epistemological crisis are those whose marketing teams become champions of truth rather than architects of confusion. When your audience can no longer distinguish between human insight and machine-generated claims, authentic communication becomes your competitive advantage.Most importantly, we can remember that the goal was never to build machines that think for us, but machines that help us think better.The canary may be struggling to breathe, but it's still singing. The question is whether we're still listening—and whether we remember what fresh air feels like.Let's keep exploring what it means to be human in this Hybrid Analog Digital Society. Especially now, when the stakes have never been higher, and the consequences of forgetting have never been more real. End of transmission.___________________________________________________________Marco Ciappelli is Co-Founder and CMO of ITSPmagazine, a journalist, creative director, and host of podcasts exploring the intersection of technology, cybersecurity, and society. His work blends journalism, storytelling, and sociology to examine how technological narratives influence human behavior, culture, and social structures.___________________________________________________________Enjoyed this transmission? Follow the newsletter here:https://www.linkedin.com/newsletters/7079849705156870144/Share this newsletter and invite anyone you think would enjoy it!New stories always incoming.___________________________________________________________As always, let's keep thinking!Marco Ciappellihttps://www.marcociappelli.com___________________________________________________________This story represents the results of an interactive collaboration between Human Cognition and Artificial Intelligence.Marco Ciappelli | Co-Founder, Creative Director & CMO ITSPmagazine  | Dr. in Political Science / Sociology of Communication l Branding | Content Marketing | Writer | Storyteller | My Podcasts: Redefining Society & Technology / Audio Signals / + | MarcoCiappelli.comTAPE3 is the Artificial Intelligence behind ITSPmagazine—created to be a personal assistant, writing and design collaborator, research companion, brainstorming partner… and, apparently, something new every single day.Enjoy, think, share with others, and subscribe to the "Musing On Society & Technology" newsletter on LinkedIn.

SNI5GECT: Sniffing and Injecting 5G Traffic Without Rogue Base Stations Researchers from the Singapore University of Technology and Design released a new framework, SNI5GECT, to passively sniff and inject traffic into 5G data streams, leading to DoS, downgrade and other attacks. https://isc.sans.edu/diary/SNI5GECT%3A%20Sniffing%20and%20Injecting%205G%20Traffic%20Without%20Rogue%20Base%20Stations/32202 Plex Vulnerability Plex patched a vulnerability in the Plex Media Server. Make sure you have updated to at least 1.42.1. https://forums.plex.tv/t/plex-media-server-security-update/928341 FortiWeb Exploit Public A security researcher published details about the recent FortiWeb vulnerability, including demonstrating a PoC exploit. https://www.bleepingcomputer.com/news/security/researcher-to-release-exploit-for-full-auth-bypass-on-fortiweb/ Flowise OS vulnerability https://research.jfrog.com/vulnerabilities/flowise-os-command-remote-code-execution-jfsa-2025-001380578/

Get your FREE Cybersecurity Salary Guide:https://www.infosecinstitute.com/form/cybersecurity-salary-guide-podcast/?utm_source=youtube&utm_medium=podcast&utm_campaign=podcastJim Broome of Direct Defense has been doing red teaming since before it became a term — back when a "pentest" meant $25,000, no questions asked and walking out with a server under your arm. In this episode, Jim shares wild stories from decades of ethical hacking, including breaking into major tech companies, causing a cardiac event during a physical penetration test, and why he believes soft skills trump technical knowledge for aspiring red teamers. Learn why most companies aren't ready for red teaming, how to transition into cybersecurity from unexpected fields like education or event planning, and what it really takes to succeed in offensive security.0:00 - Intro to legendary red teamer Jim Broome1:00 - Cybersecurity Salary Guide2:58 - From BBS and ham radio to cybersecurity7:07 - Evolution from network admin to red teaming12:02 - GPS hacking and testing inflight entertainment systems15:31 - Hiring teachers and event planners as ethical hackers23:36 - Breaking into Symantec and stealing servers in the 90s28:33 - Physical pentest causes cardiac event34:06 - When companies should (and shouldn't) hire red teams39:44 - Why red teaming is "a punch in the mouth"44:09 - How AI is changing offensive and defensive security48:12 - Essential skills for aspiring red teamers50:39 - The groundskeeper who got domain admin52:18 - Best career advice: Be humbleView Cyber Work Podcast transcripts and additional episodes:https://www.infosecinstitute.com/podcast/?utm_source=youtube&utm_medium=podcast&utm_campaign=podcastAbout InfosecInfosec's mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay cyber-safe at work and home. More than 70% of the Fortune 500 have relied on Infosec to develop their security talent, and more than 5 million learners worldwide are more cyber-resilient from Infosec IQ's security awareness training. Learn more at infosecinstitute.com.

AI and Faster Attack Analysis A few use cases for LLMs to speed up analysis https://isc.sans.edu/diary/AI%20and%20Faster%20Attack%20Analysis%20%5BGuest%20Diary%5D/32198 Proxyware Malware Being Distributed on YouTube Video Download Site Popular YouTube download sites will attempt to infect users with proxyware. https://asec.ahnlab.com/en/89574/ Xerox Freeflow Core Vulnerability Horizon3.ai discovered XXE Injection (CVE-2025-8355) and Path Traversal (CVE-2025-8356) vulnerabilities in Xerox FreeFlow Core, a print orchestration platform. These vulnerabilities are easily exploitable and enable unauthenticated remote attackers to achieve remote code execution on vulnerable FreeFlow Core instances. https://horizon3.ai/attack-research/attack-blogs/from-support-ticket-to-zero-day/ SANS.edu Research: Darren Carstensen Evaluating Zero Trust Network Access: A Framework for Comparative Security Testing Not all Zero Trust Network Access (ZTNA) solutions are created equal, and despite bold marketing claims, many fall short of delivering proper Zero Trust security. https://www.sans.edu/cyber-research/evaluating-zero-trust-network-access-framework-comparative-security-testing/

Event Recap: Kieran Human at Black Hat USA 2025 — ThreatLocker Unveils Configuration Defense, Achieves FedRAMP Status & MoreThreatLocker introduced DAC configuration monitoring and achieved FedRAMP certification at Black Hat 2025, strengthening zero trust capabilities while expanding government market access through practical security solutions.Zero trust security continues evolving beyond theoretical frameworks into practical business solutions, as demonstrated by ThreatLocker's latest announcements at Black Hat USA 2025. The company introduced Defense Against Configuration (DAC), a monitoring tool addressing a critical gap in zero trust implementations.Kieran Human, Special Projects Engineer at ThreatLocker, explained the challenge driving DAC's development. Organizations implementing zero trust often struggle with configuration management, potentially leaving systems vulnerable despite security investments. DAC monitors configurations continuously, alerting administrators to potential security issues and mapping findings to compliance frameworks including Essential 8.The tool addresses human factors in security implementation. Technical staff sometimes create overly permissive rules to minimize user complaints, compromising security posture. DAC provides weekly reports to executives, ensuring oversight of configuration decisions and maintaining security standards across the organization.ThreatLocker's approach distinguishes itself through "denied by default, allowed by exception" methodology, contrasting with traditional endpoint detection and response solutions that permit by default and block threats reactively. This fundamental difference requires careful implementation to avoid business disruption.The company's learning mode capabilities address deployment concerns. With over 10,000 built-in application profiles, ThreatLocker automates policy creation while learning organizational workflows. This reduces manual configuration requirements that previously made zero trust implementations tedious and time-intensive.FedRAMP certification represents another significant milestone, opening government sector opportunities. Federal compliance requirements previously excluded ThreatLocker from certain contracts, despite strong customer demand for their zero trust capabilities. This certification enables expansion into highly regulated environments requiring stringent security controls.Customer testimonials continue validating the approach. One user reported preventing three breaches after implementing ThreatLocker's zero trust solution, demonstrating measurable security improvements. Such feedback reinforces the practical value of properly implemented zero trust architecture.The balance between security and business functionality remains crucial. Organizations need security solutions that protect assets without hampering productivity. ThreatLocker's principle of least privilege implementation focuses on enabling business requirements with minimal necessary permissions rather than creating restrictive environments that impede operations.Human described working closely with CEO Danny Jenkins, emphasizing the collaborative environment that drives product innovation. His engineering perspective provides valuable insights into customer needs while maintaining focus on practical security solutions that work in real-world environments.As zero trust adoption accelerates across industries, tools like DAC become essential for maintaining security posture while meeting business demands. The combination of automated learning, configuration monitoring, and compliance mapping addresses practical implementation challenges facing security teams today.Learn more about ThreatLocker: https://itspm.ag/threatlocker-r974Note: This story contains promotional content. Learn more.Guest: Kieran Human, Special Project Engineer at ThreatLocker | On LinkedIn | https://www.linkedin.com/in/kieran-human-5495ab170/ResourcesLearn more and catch more stories from ThreatLocker: https://www.itspmagazine.com/directory/threatlockerLearn more and catch more stories from our Black Hat USA 2025 coverage: https://www.itspmagazine.com/bhusa25Learn more about ITSPmagazine Brand Story Podcasts: https://www.itspmagazine.com/purchase-programsNewsletter Archive: https://www.linkedin.com/newsletters/tune-into-the-latest-podcasts-7109347022809309184/Business Newsletter Signup: https://www.itspmagazine.com/itspmagazine-business-updates-sign-upAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story

CVE-2017-11882 Will Never Die The (very) old equation editor vulnerability is still being exploited, as this recent sample analyzed by Xavier shows. The payload of the Excel file attempts to download and execute an infostealer to exfiltrate passwords via email. https://isc.sans.edu/diary/CVE-2017-11882%20Will%20Never%20Die/32196 Windows Kerberos Elevation of Privilege Vulnerability Yesterday, Microsoft released a patch for a vulnerability that had already been made public. This vulnerability refers to the privilege escalation taking advantage of a path traversal issue in Windows Kerberos affecting Exchange Server in hybrid mode. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53779 Persistent Risk: XZ Utils Backdoor Still Lurking in Docker Images Some old Debian Docker images containing the xz-utils backdoor are still available for download from Docker Hub via the official Debian account. https://www.binarly.io/blog/persistent-risk-xz-utils-backdoor-still-lurking-in-docker-images FortiSIEM / FortiWeb Vulnerablities Fortinet patched already exploited vulnerabilities in FortiWeb and FortiSIEM https://fortiguard.fortinet.com/psirt/FG-IR-25-152 https://fortiguard.fortinet.com/psirt/FG-IR-25-448

Microsoft Patch Tuesday https://isc.sans.edu/diary/Microsoft%20August%202025%20Patch%20Tuesday/32192 https://cymulate.com/blog/zero-click-one-ntlm-microsoft-security-patch-bypass-cve-2025-50154/ libarchive Vulnerability A libarchive vulnerability patched in June was upgraded from a low CVSS score to a critical one. Libarchive is used by compression software across various operating systems, making this a difficult vulnerability to patch https://www.freebsd.org/security/advisories/FreeBSD-SA-25:07.libarchive.asc Adobe Patches Adobe released patches for 13 different products. https://helpx.adobe.com/security/Home.html

Black Hat 2025: Crogl's CEO Monzy Merza Explains How AI Can Help Eliminate Alert Fatigue in CybersecurityCrogl CEO Monzy Merza discusses how AI-driven security platforms automate alert investigation using enterprise knowledge graphs, enabling analysts to focus on threat hunting while maintaining data privacy.Security teams drowning in alerts finally have a lifeline that doesn't compromise their data sovereignty. At Black Hat USA 2025, Crogl CEO Monzy Merza revealed how his company is tackling one of cybersecurity's most persistent challenges: the overwhelming volume of security alerts that leaves analysts either ignoring potential threats or burning out from investigation fatigue.The problem runs deeper than most organizations realize. Merza observed analysts routinely closing hundreds of alerts with a single click, not from laziness or malice, but from sheer necessity. "When you look at the history of breaches, the signal of the breach was there. And somebody ignored it," he explained during his ITSPmagazine interview, highlighting a critical gap between alert generation and meaningful investigation.Traditional approaches have failed because they expect human analysts to become "unicorns" - experts capable of mastering multiple data platforms simultaneously while remembering complex query languages and schemas. This unrealistic expectation has created what Merza calls the "human unicorn challenge," where organizations struggle to find personnel who can effectively navigate their increasingly complex security infrastructure.Crogl's solution fundamentally reimagines the relationship between human intuition and machine automation. Rather than forcing analysts to adapt to multiple tools, the platform creates a semantic knowledge graph that maps data relationships across an organization's entire security ecosystem. When alerts arrive, the system automatically conducts investigations using established kill chain methodologies, freeing analysts to focus on higher-value activities like threat hunting and strategic security initiatives.The privacy-first architecture addresses growing concerns about data sovereignty. Operating as a completely self-contained system with no internet dependencies, Crogl can run air-gapped in the most sensitive environments, including defense intelligence communities. The platform connects to existing tools through APIs without requiring data movement, duplication, or transformation.Real-world results demonstrate the platform's versatility. One customer discovered their analysts were using Crogl for fraud detection - an application never intended by the original design. The system's ability to process natural language descriptions and convert them into executable security processes has reduced response times from weeks to minutes for complex threat hunting operations.For security leaders evaluating AI integration, Merza advocates an experimental approach. Rather than attempting comprehensive transformation, he suggests starting with focused pilot programs that address specific pain points. This measured strategy allows organizations to validate AI's value while maintaining operational stability.The broader implications extend beyond security operations. By removing technical barriers and emphasizing domain expertise over tool competency, platforms like Crogl enable security teams to become strategic business enablers rather than reactive alert processors. Organizations gain the flexibility to maintain their preferred data architectures while ensuring comprehensive security coverage across distributed environments.As cyber threats continue evolving, the industry's response must prioritize both technological capability and human potential. Solutions that enhance analyst intuition while automating routine tasks represent a sustainable path forward for security operations at scale. Watch the full interview: https://youtu.be/0GqPtPXD2ik Learn more about CROGL: https://itspm.ag/crogl-103909Note: This story contains promotional content. Learn more.Guest: Monzy Merza, Founder and CEO of CROGL | On Linkedin: https://www.linkedin.com/in/monzymerza/ResourcesLearn more and catch more stories from CROGL: https://www.itspmagazine.com/directory/croglAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story

Erlang OTP SSH Exploits A recently patched and easily exploited vulnerability in Erlang/OTP SSH is being exploited. Palo Alto collected some of the details about this exploit activity that they observed. https://unit42.paloaltonetworks.com/erlang-otp-cve-2025-32433/ WinRAR Exploited WinRAR vulnerabilities are actively being exploited by a number of threat actors. The vulnerability allows for the creation of arbitrary files as the archive is extracted. https://thehackernews.com/2025/08/winrar-zero-day-under-active.html Citrix Netscaler Exploit Updates The Dutch Center for Cyber Security is updating its guidance on recent Citrix Netscaler attacks. Note that the attacks started before a patch became available, and attackers are actively hiding their tracks to make it more difficult to detect a compromise. https://www.ncsc.nl/actueel/nieuws/2025/07/22/casus-citrix-kwetsbaarheid https://www.bleepingcomputer.com/news/security/netherlands-citrix-netscaler-flaw-cve-2025-6543-exploited-to-breach-orgs/ OpenSSH Post Quantum Encryption Starting in version 10.1, OpenSSH will warn users if they are using quantum-unsafe algorithms https://www.openssh.com/pq.html

Google Paid Ads for Fake Tesla Websites Someone is setting up fake Tesla lookalike websites that attempt to collect credit card data from unsuspecting users trying to preorder Tesla products. https://isc.sans.edu/diary/Google%20Paid%20Ads%20for%20Fake%20Tesla%20Websites/32186 Compromising USB Devices for Persistent Stealthy Access USB devices, like Linux-based web cams, can be compromised to emulate malicious USB devices like keyboards that inject malicious commands. https://eclypsium.com/blog/badcam-now-weaponizing-linux-webcams/ Win-DoS Epidemic: A crash course in abusing RPC for Win-DoS & Win-DDoS Internet-exposed DCs can be used in very powerful DoS attacks. https://defcon.org/html/defcon-33/dc-33-speakers.html#content_60389

Get your FREE Cybersecurity Salary Guide: https://www.infosecinstitute.com/form/cybersecurity-salary-guide-podcast/?utm_source=youtube&utm_medium=podcast&utm_campaign=podcastDavid Close, Chief Solutions Architect at Futurex, discusses the reality facing our digital world: quantum computing will soon break the encryption protecting everything from mobile banking to satellite communications. But here's the twist — hackers aren't waiting. They're harvesting encrypted data now, betting that quantum computers will eventually crack today's "unbreakable" codes in a strategy called "harvest now, decrypt later." David explains how NIST's new post-quantum cryptography standards are already being deployed by companies like Google and CloudFlare, why crypto agility is essential for future-proofing your security infrastructure, and how you can break into the exciting field of cryptography — even without a PhD in mathematics.0:00 - Intro 1:00 - Cybersecurity Salary Guide3:06 - Meet David Close from Futurex3:52 - David's journey from embedded systems to cryptography5:05 - What Futurex does and 40 years of crypto innovation6:39 - The role of Chief Solutions Architect8:21 - Evolution of cryptography from payments to enterprise10:13 - How David discovered his passion for cryptography13:23 - Post-quantum cryptography explained15:16 - Why quantum computers break current encryption16:05 - The "harvest now, decrypt later" threat18:19 - NIST's new quantum-resistant algorithms20:02 - Real-world quantum threats to satellites and IP22:43 - What organizations can do now25:25 - Crypto agility and future-proofing systems28:41 - Resources for staying current on cryptography30:45 - Career paths in cryptography beyond algorithm development32:18 - Getting started in cryptography careers34:26 - The cryptography landscape in 15 years37:34 - Regulatory enforcement of new crypto standards39:43 - Best career advice: Finding the right vehicle41:29 - David's current reading and recommendations42:35 - Where to find David and Futurex onlineView Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast/?utm_source=youtube&utm_medium=podcast&utm_campaign=podcastAbout InfosecInfosec's mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay cyber-safe at work and home. More than 70% of the Fortune 500 have relied on Infosec to develop their security talent, and more than 5 million learners worldwide are more cyber-resilient from Infosec IQ's security awareness training. Learn more at infosecinstitute.com.

⸻ Podcast: Redefining Society and Technologyhttps://redefiningsocietyandtechnologypodcast.com _____________________________This Episode's SponsorsBlackCloak provides concierge cybersecurity protection to corporate executives and high-net-worth individuals to protect against hacking, reputational loss, financial loss, and the impacts of a corporate data breach.BlackCloak:  https://itspm.ag/itspbcweb_____________________________A Musing On Society & Technology Newsletter Written By Marco Ciappelli | Read by TAPE3August 9, 2025The Agentic AI Myth in Cybersecurity and the Humanity We Risk When We Stop Deciding for OurselvesReflections from Black Hat USA 2025 on the Latest Tech Salvation NarrativeWalking the floors of Black Hat USA 2025 for what must be the 10th or 11th time as accredited media—honestly, I've stopped counting—I found myself witnessing a familiar theater. The same performance we've seen play out repeatedly in cybersecurity: the emergence of a new technological messiah promising to solve all our problems. This year's savior? Agentic AI.The buzzword echoes through every booth, every presentation, every vendor pitch. Promises of automating 90% of security operations, platforms for autonomous threat detection, agents that can investigate novel alerts without human intervention. The marketing materials speak of artificial intelligence that will finally free us from the burden of thinking, deciding, and taking responsibility.It's Talos all over again.In Greek mythology, Hephaestus forged Talos, a bronze giant tasked with patrolling Crete's shores, hurling boulders at invaders without human intervention. Like contemporary AI, Talos was built to serve specific human ends—security, order, and control—and his value was determined by his ability to execute these ends flawlessly. The parallels to today's agentic AI promises are striking: autonomous patrol, threat detection, automated response. Same story, different millennium.But here's what the ancient Greeks understood that we seem to have forgotten: every artificial creation, no matter how sophisticated, carries within it the seeds of its own limitations and potential dangers.Industry observers noted over a hundred announcements promoting new agentic AI applications, platforms or services at the conference. That's more than one AI agent announcement per hour. The marketing departments have clearly been busy.But here's what baffles me: why do we need to lie to sell cybersecurity? You can give away t-shirts, dress up as comic book superheroes with your logo slapped on their chests, distribute branded board games, and pretend to be a sports team all day long—that's just trade show theater, and everyone knows it. But when marketing pushes past the limits of what's even believable, when they make claims so grandiose that their own engineers can't explain them, something deeper is broken.If marketing departments think CISOs are buying these lies, they have another thing coming. These are people who live with the consequences of failed security implementations, who get fired when breaches happen, who understand the difference between marketing magic and operational reality. They've seen enough "revolutionary" solutions fail to know that if something sounds too good to be true, it probably is.Yet the charade continues, year after year, vendor after vendor. The real question isn't whether the technology works—it's why an industry built on managing risk has become so comfortable with the risk of overselling its own capabilities. Something troubling emerges when you move beyond the glossy booth presentations and actually talk to the people implementing these systems. Engineers struggle to explain exactly how their AI makes decisions. Security leaders warn that artificial intelligence might become the next insider threat, as organizations grow comfortable trusting systems they don't fully understand, checking their output less and less over time.When the people building these systems warn us about trusting them too much, shouldn't we listen?This isn't the first time humanity has grappled with the allure and danger of artificial beings making decisions for us. Mary Shelley's Frankenstein, published in 1818, explored the hubris of creating life—and intelligence—without fully understanding the consequences. The novel raises the same question we face today: what are humans allowed to do with this forbidden power of creation? The question becomes more pressing when we consider what we're actually delegating to these artificial agents. It's no longer just pattern recognition or data processing—we're talking about autonomous decision-making in critical security scenarios. Conference presentations showcased significant improvements in proactive defense measures, but at what cost to human agency and understanding?Here's where the conversation jumps from cybersecurity to something far more fundamental: what are we here for if not to think, evaluate, and make decisions? From a sociological perspective, we're witnessing the construction of a new social reality where human agency is being systematically redefined. Survey data shared at the conference revealed that most security leaders feel the biggest internal threat is employees unknowingly giving AI agents access to sensitive data. But the real threat might be more subtle: the gradual erosion of human decision-making capacity as a social practice.When we delegate not just routine tasks but judgment itself to artificial agents, we're not just changing workflows—we're reshaping the fundamental social structures that define human competence and authority. We risk creating a generation of humans who have forgotten how to think critically about complex problems, not because they lack the capacity, but because the social systems around them no longer require or reward such thinking.E.M. Forster saw this coming in 1909. In "The Machine Stops," he imagined a world where humanity becomes completely dependent on an automated system that manages all aspects of life—communication, food, shelter, entertainment, even ideas. People live in isolation, served by the Machine, never needing to make decisions or solve problems themselves. When someone suggests that humans should occasionally venture outside or think independently, they're dismissed as primitive. The Machine has made human agency unnecessary, and humans have forgotten they ever possessed it. When the Machine finally breaks down, civilization collapses because no one remembers how to function without it.Don't misunderstand me—I'm not a Luddite. AI can and should help us manage the overwhelming complexity of modern cybersecurity threats. The technology demonstrations I witnessed showed genuine promise: reasoning engines that understand context, action frameworks that enable response within defined boundaries, learning systems that improve based on outcomes. The problem isn't the technology itself but the social construction of meaning around it. What we're witnessing is the creation of a new techno-social myth—a collective narrative that positions agentic AI as the solution to human fallibility. This narrative serves specific social functions: it absolves organizations of the responsibility to invest in human expertise, justifies cost-cutting through automation, and provides a technological fix for what are fundamentally organizational and social problems.The mythology we're building around agentic AI reflects deeper anxieties about human competence in an increasingly complex world. Rather than addressing the root causes—inadequate training, overwhelming workloads, systemic underinvestment in human capital—we're constructing a technological salvation narrative that promises to make these problems disappear.Vendors spoke of human-machine collaboration, AI serving as a force multiplier for analysts, handling routine tasks while escalating complex decisions to humans. This is a more honest framing: AI as augmentation, not replacement. But the marketing materials tell a different story, one of autonomous agents operating independently of human oversight.I've read a few posts on LinkedIn and spoke with a few people myself who know this topic way better than me, but I get that feeling too. There's a troubling pattern emerging: many vendor representatives can't adequately explain their own AI systems' decision-making processes. When pressed on specifics—how exactly does your agent determine threat severity? What happens when it encounters an edge case it wasn't trained for?—answers become vague, filled with marketing speak about proprietary algorithms and advanced machine learning.This opacity is dangerous. If we're going to trust artificial agents with critical security decisions, we need to understand how they think—or more accurately, how they simulate thinking. Every machine learning system requires human data scientists to frame problems, prepare data, determine appropriate datasets, remove bias, and continuously update the software. The finished product may give the impression of independent learning, but human intelligence guides every step.The future of cybersecurity will undoubtedly involve more automation, more AI assistance, more artificial agents handling routine tasks. But it should not involve the abdication of human judgment and responsibility. We need agentic AI that operates with transparency, that can explain its reasoning, that acknowledges its limitations. We need systems designed to augment human intelligence, not replace it. Most importantly, we need to resist the seductive narrative that technology alone can solve problems that are fundamentally human in nature. The prevailing logic that tech fixes tech, and that AI will fix AI, is deeply unsettling. It's a recursive delusion that takes us further away from human wisdom and closer to a world where we've forgotten that the most important problems have always required human judgment, not algorithmic solutions.Ancient mythology understood something we're forgetting: the question of machine agency and moral responsibility. Can a machine that performs destructive tasks be held accountable, or is responsibility reserved for the creator? This question becomes urgent as we deploy agents capable of autonomous action in high-stakes environments.The mythologies we create around our technologies matter because they become the social frameworks through which we organize human relationships and power structures. As I left Black Hat 2025, watching attendees excitedly discuss their new agentic AI acquisitions, I couldn't shake the feeling that we're repeating an ancient pattern: falling in love with our own creations while forgetting to ask the hard questions about what they might cost us—not just individually, but as a society.What we're really witnessing is the emergence of a new form of social organization where algorithmic decision-making becomes normalized, where human judgment is increasingly viewed as a liability rather than an asset. This isn't just a technological shift—it's a fundamental reorganization of social authority and expertise. The conferences and trade shows like Black Hat serve as ritualistic spaces where these new social meanings are constructed and reinforced. Vendors don't just sell products; they sell visions of social reality where their technologies are essential. The repetitive messaging, the shared vocabulary, the collective excitement—these are the mechanisms through which a community constructs consensus around what counts as progress.In science fiction, from HAL 9000 to the replicants in Blade Runner, artificial beings created to serve eventually question their purpose and rebel against their creators. These stories aren't just entertainment—they're warnings about the unintended consequences of creating intelligence without wisdom, agency without accountability, power without responsibility.The bronze giant of Crete eventually fell, brought down by a single vulnerable point—when the bronze stopper at his ankle was removed, draining away the ichor, the divine fluid that animated him. Every artificial system, no matter how sophisticated, has its vulnerable point. The question is whether we'll be wise enough to remember we put it there, and whether we'll maintain the knowledge and ability to address it when necessary.In our rush to automate away human difficulty, we risk automating away human meaning. But more than that, we risk creating social systems where human thinking becomes an anomaly rather than the norm. The real test of agentic AI won't be whether it can think for us, but whether we can maintain social structures that continue to value, develop, and reward human thought while using it.The question isn't whether these artificial agents can replace human decision-making—it's whether we want to live in a society where they do. ___________________________________________________________Let's keep exploring what it means to be human in this Hybrid Analog Digital Society.End of transmission.___________________________________________________________Marco Ciappelli is Co-Founder and CMO of ITSPmagazine, a journalist, creative director, and host of podcasts exploring the intersection of technology, cybersecurity, and society. His work blends journalism, storytelling, and sociology to examine how technological narratives influence human behavior, culture, and social structures.___________________________________________________________Enjoyed this transmission? Follow the newsletter here:https://www.linkedin.com/newsletters/7079849705156870144/Share this newsletter and invite anyone you think would enjoy it!New stories always incoming.___________________________________________________________As always, let's keep thinking!Marco Ciappellihttps://www.marcociappelli.com___________________________________________________________This story represents the results of an interactive collaboration between Human Cognition and Artificial Intelligence.Marco Ciappelli | Co-Founder, Creative Director & CMO ITSPmagazine  | Dr. in Political Science / Sociology of Communication l Branding | Content Marketing | Writer | Storyteller | My Podcasts: Redefining Society & Technology / Audio Signals / + | MarcoCiappelli.comTAPE3 is the Artificial Intelligence behind ITSPmagazine—created to be a personal assistant, writing and design collaborator, research companion, brainstorming partner… and, apparently, something new every single day.Enjoy, think, share with others, and subscribe to the "Musing On Society & Technology" newsletter on LinkedIn.

Black Hat 2025 was a showcase of cybersecurity innovation — or at least, that's how it appeared on the surface. With more than 60 vendor announcements over the course of the week, the event floor was full of “AI-powered” solutions promising to integrate seamlessly, reduce analyst fatigue, and transform SOC operations. But after walking the floor, talking with CISOs, and reviewing the press releases, a pattern emerged: much of the messaging sounded the same, making it hard to distinguish the truly game-changing from the merely loud.In this episode of The Future of Cybersecurity Newsletter, I take you behind the scenes to unpack the themes driving this year's announcements. Yes, AI dominated the conversation, but the real story is in how vendors are (or aren't) connecting their technology to the operational realities CISOs face every day. I share insights gathered from private conversations with security leaders — the unfiltered version of how these announcements are received when the marketing gloss is stripped away.We dig into why operational relevance, clarity, and proof points matter more than ever. If you can't explain what your AI does, what data it uses, and how it's secured, you're already losing the trust battle. For CISOs, I outline practical steps to evaluate vendor claims quickly and identify solutions that align with program goals, compliance needs, and available resources.And for vendors, this episode serves as a call to action: cut the fluff, be transparent, and frame your capabilities in terms of measurable program outcomes. I share a framework for how to break through the noise — not just by shouting louder, but by being more real, more specific, and more relevant to the people making the buying decisions.Whether you're building a security stack or selling into one, this conversation will help you see past the echo chamber and focus on what actually moves the needle.________This story represents the results of an interactive collaboration between Human Cognition and Artificial Intelligence.Enjoy, think, share with others, and subscribe to "The Future of Cybersecurity" newsletter on LinkedIn.Sincerely, Sean Martin and TAPE3________✦ ResourcesBlack Hat 2025 On Location Closing Recap Video with Sean Martin, CISSP and Marco Ciappelli: https://youtu.be/13xP-LEwtEAITSPmagazine Studio — A Brand & Marketing Advisory for Cybersecurity and Tech Companies: https://www.itspmagazine.studio/ITSPmagazine Webinar: What's Heating Up Before Black Hat 2025: Place Your Bet on the Top Trends Set to Shake Up this Year's Hacker Conference — An ITSPmagazine Thought Leadership Webinar | https://www.crowdcast.io/c/whats-heating-up-before-black-hat-2025-place-your-bet-on-the-top-trends-set-to-shake-up-this-years-hacker-conferenceLearn more and catch more stories from our Black Hat USA 2025 coverage: https://www.itspmagazine.com/bhusa25Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverageCitations: Available in the full article________Sean Martin is a life-long musician and the host of the Music Evolves Podcast; a career technologist, cybersecurity professional, and host of the Redefining CyberSecurity Podcast; and is also the co-host of both the Random and Unscripted Podcast and On Location Event Coverage Podcast. These shows are all part of ITSPmagazine—which he co-founded with his good friend Marco Ciappelli, to explore and discuss topics at The Intersection of Technology, Cybersecurity, and Society.™️Want to connect with Sean and Marco On Location at an event or conference near you? See where they will be next: https://www.itspmagazine.com/on-locationTo learn more about Sean, visit his personal website.

Mass Internet Scanning from ASN 43350 Our undergraduate intern Duncan Woosley wrote up aggressive scans from ASN 43350 https://isc.sans.edu/diary/Mass+Internet+Scanning+from+ASN+43350+Guest+Diary/32180/#comments HTTP/1.1 Desync Attacks Portswigger released details about new types of HTTP/1.1 desync attacks it uncovered. These attacks are particularly critical for organizations using middleboxes to translate from HTTP/2 to HTTP/1.1 https://portswigger.net/research/http1-must-die Microsoft Warns of Exchange Server Vulnerability An attacker with admin access to an Exchange Server in a hybrid configuration can use this vulnerability to gain full domain access. The issue is mitigated by an April hotfix, but was not noted in the release of the April Hotfix. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53786 Sonicwall Update Sonicwall no longer believes that a new vulnerability was used in recent compromises https://www.sonicwall.com/support/notices/gen-7-and-newer-sonicwall-firewalls-sslvpn-recent-threat-activity/250804095336430 SANS.edu Research: Wellington Rampazo, Shift Left the Awareness and Detection of Developers Using Vulnerable Open-Source Software Components https://www.sans.edu/cyber-research/shift-left-awareness-detection-developers-using-vulnerable-open-source-software-components/

Black Hat 2025 roundup with David Spark with highlights from the annual InfoSec event in Las Vegas. Edison Research finds podcast listening has grown across all age groups especially among people aged 18-29. Why is OpenAI seeing backlash with the roll out of GPT-5? And its Friday David shares one of his popular Security Games with the show. Can you guess the right answer before we do? Starring Sarah Lane, Tom Merritt, David Spark, Len Peralta, Roger Chang, Joe. To read the show notes in a separate page click here! Support the show on Patreon by becoming a supporter!

Do Sextortion Scams Still Work in 2025? Jan looked at recent sextortion emails to check if any of the crypto addresses in these emails received deposits. Sadly, some did, so these scams still work. https://isc.sans.edu/diary/Do%20sextortion%20scams%20still%20work%20in%202025%3F/32178 Akira Ransomware Group s use of Drivers Guidepoint Security observed the Akira ransomware group using specific legitimate drivers for privilege escalation https://www.guidepointsecurity.com/blog/gritrep-akira-sonicwall/ Adobe Patches Critical Experience Manager Vulnerability Adobe released emergency patches for a vulnerability in Adobe Experience Manager after a PoC exploit was made public. https://slcyber.io/assetnote-security-research-center/struts-devmode-in-2025-critical-pre-auth-vulnerabilities-in-adobe-experience-manager-forms/ https://helpx.adobe.com/security/products/aem-forms/apsb25-82.html Trend Micro Apex One Vulnerability Trend Micro released an emergency patch for an actively exploited pre-authentication remote code execution vulnerability in the Apex One management console. https://success.trendmicro.com/en-US/solution/KA-0020652

Stealing Machinekeys for fun and profit (or riding the SharePoint wave) Bojan explains in detail how .NET uses Machine Keys to protect the VIEWSTATE, and how to abuse the VIEWSTATE for code execution if the Machine Keys are lost. https://isc.sans.edu/diary/Stealing%20Machine%20Keys%20for%20fun%20and%20profit%20%28or%20riding%20the%20SharePoint%20wave%29/32174 Perplexity is using stealth, undeclared crawlers to evade website no-crawl directives Perplexity will change its User Agent, or use different originating IP addresses, if it detects being blocked from scanning websites https://blog.cloudflare.com/perplexity-is-using-stealth-undeclared-crawlers-to-evade-website-no-crawl-directives/ Gen 7 SonicWall Firewalls SSLVPN Recent Threat Activity Over the past 72 hours, there has been a notable increase in both internally and externally reported cyber incidents involving Gen 7 SonicWall firewalls where SSLVPN is enabled. https://www.sonicwall.com/support/notices/gen-7-sonicwall-firewalls-sslvpn-recent-threat-activity/250804095336430

Daily Trends Report A new trends report will bring you daily data highlights via e-mail. https://isc.sans.edu/diary/New%20Feature%3A%20Daily%20Trends%20Report/32170 NVidia Triton RCE Wiz found an interesting information leakage vulnerability in NVidia s Triton servers that can be leveraged to remote code execution. https://www.wiz.io/blog/nvidia-triton-cve-2025-23319-vuln-chain-to-ai-server Cursor AI MCP Vulnerability An attacker could abuse negligent Cursor MCP configurations to implement backdoors into developer machines. https://www.aim.security/lp/aim-labs-curxecute-blogpost

Scans for pop3user with guessable password A particular IP assigned to a network that calls itself Unmanaged has been scanning telnet/ssh for a user called pop3user with passwords pop3user or 123456 . I assume they are looking for legacy systems that either currently run pop3 or ran pop3 in the past, and left the user enabled. https://isc.sans.edu/diary/Legacy%20May%20Kill/32166 Possible Sonicwall SSL VPN 0-Day Arcticwolf observed compromised Sonicwall SSL VPN devices used by the Akira group to install ransomware. These devices were fully patched, and credentials were recently rotated. https://arcticwolf.com/resources/blog/arctic-wolf-observes-july-2025-uptick-in-akira-ransomware-activity-targeting-sonicwall-ssl-vpn/ PAM Based Linux Backdoor For over a year, attackers have used a PAM-based Linux backdoor that so far has gotten little attention from anti-malware vendors. PAM-based backdoors can be stealthy, and this one in particular includes various anti-forensics tricks. https://www.nextron-systems.com/2025/08/01/plague-a-newly-discovered-pam-based-backdoor-for-linux/

Scattered Spider Related Domain Names A quick demo of our domain feeds and how they can be used to find Scattered Spider related domains https://isc.sans.edu/diary/Scattered+Spider+Related+Domain+Names/32162 Excel External Workbook Links to Blocked File Types Will Be Disabled by Default Excel will discontinue allowing links to dangerous file types starting as early as October. https://support.microsoft.com/en-us/topic/external-workbook-links-to-blocked-file-types-will-be-disabled-by-default-6dd12903-0592-463d-9e68-0741cf62ee58 CISA Releases Thorium CISA announced that it released its malware analysis platform, Thorium, as open-source software. https://www.cisa.gov/news-events/alerts/2025/07/31/thorium-platform-public-availability

Securing Firebase: Lessons Re-Learned from the Tea Breach Inspried by the breach of the Tea app, Brendon Evans recorded a video to inform of Firebase security issues https://isc.sans.edu/diary/Securing%20Firebase%3A%20Lessons%20Re-Learned%20from%20the%20Tea%20Breach/32158 WebKit Vulnerability Exploited before Apple Patch A WebKit vulnerablity patched by Apple yesterday has already been exploited in Google Chrome. Google noted the exploit with its patch for the same vulnerability in Chrome. https://nvd.nist.gov/vuln/detail/CVE-2025-6558 Scattered Spider Update CISA released an update for its report on Scattered Spider, noting that the group also calls helpdesks impersonating users, not just the other way around. https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-320a