Podcast•Dec 16, 2025•5 min
SANS Stormcast Tuesday, December 16th, 2025: Current React2Shell Example; SAML Woes; MSMQ Issues After Patch;
The episode reviews recent activity around the React2Shell exploit, noting that while variants continue to appear in SANS honeypots, the technique is largely mature and even Iranian actors are now merely scanning for it. It then delves into ongoing SAML weaknesses, especially in Ruby libraries that use inconsistent XML parsers, allowing signed error messages to be repurposed for forged assertions. Finally, the hosts warn of a new Microsoft Windows update bug that can cause MSMQ failures on Server 2016/2019 and Windows 10, with no fix yet available.
By SANS Internet StormCast
Podcast•Dec 15, 2025•6 min
SANS Stormcast Monday, December 15th, 2025: DLL Entry Points; ClickFix and Finger; Apple Patches
The episode covered four main topics: how malware can exploit DLL entry points that run on load, the resurgence of ClickFix attacks using the obsolete finger command over port 79, a massive Apple patch addressing 48 vulnerabilities—including two actively exploited...
By SANS Internet StormCast
Podcast•Dec 12, 2025•21 min
7MS #705: A Phishing Campaign Fail Tale
In this episode, the host recounts a recent phishing campaign that initially attracted many victims but was abruptly terminated, highlighting how even well‑executed attacks can fail due to unforeseen factors. The discussion underscores the importance of understanding the broader attack...
By 7 Minute Security
Podcast•Dec 12, 2025•6 min
SANS Stormcast Friday, December 12th, 2025: Local AI Models; Mystery Chrome 0-Day; SOAPwn Attack
The episode covers three main topics: running the Gemma 3 AI model locally on modest hardware, a newly patched but undisclosed Chrome zero‑day vulnerability, and the SOAPwn flaw that lets attackers exploit .NET SOAP services via malicious file:// URLs. Guy Bruneau’s...
By SANS Internet StormCast
Podcast•Dec 11, 2025•50 min
Don’t Let Public Ports Bite.
The episode covers three major security threats: a bot‑driven Monotype font‑licensing extortion that collapsed when a knowledgeable employee disproved the claims; a massive Walmart robocall scam using AI‑generated voices to steal personal data, prompting FCC action against the U.S. voice...
By Hacking Humans
Podcast•Dec 11, 2025•6 min
SANS Stormcast Thursday, December 11th, 2025: Possible CVE-2024-9042 Variant; React2shell Exploits; Notepad++ Update Hijacking; macOS Priv Escalation
The episode reviews a possible new variant of the CVE‑2024‑9042 Kubernetes OS command injection, noting its reliance on the $() syntax and the need for log‑query privileges. It then delves into React‑to‑Shell attacks (CVE‑2025‑55182), emphasizing that the underlying flaw lies...
By SANS Internet StormCast
Podcast•Dec 10, 2025•58 min
Risky Business #818 -- React2Shell Is a Fun One
Patrick Gray and Adam Boileau unpack a week of cyber news, led by the shocking CVSS 10/10 React2Shell vulnerability that lets attackers execute code on React JavaScript servers—a flaw quickly weaponized by Chinese APT groups. They also note Linux’s new...
By Risky Business
Podcast•Dec 10, 2025•8 min
SANS Stormcast Wednesday, December 10th, 2025: Microsoft, Adobe, Ivanti, Fortinet, and Ruby Patches.
The episode reviews the latest Patch Tuesday releases, highlighting Microsoft’s 57 fixes—including a privileged‑escalation bug in the Cloud Files Mini‑filters driver that’s already being exploited and new warnings for PowerShell’s Invoke‑WebRequest and AI co‑pilot integrations—while noting critical flaws remain in...
By SANS Internet StormCast