Recent Posts
Podcast•Dec 16, 2025•5 min
SANS Stormcast Tuesday, December 16th, 2025: Current React2Shell Example; SAML Woes; MSMQ Issues After Patch;
The episode reviews recent activity around the React2Shell exploit, noting that while variants continue to appear in SANS honeypots, the technique is largely mature and even Iranian actors are now merely scanning for it. It then delves into ongoing SAML weaknesses, especially in Ruby libraries that use inconsistent XML parsers, allowing signed error messages to be repurposed for forged assertions. Finally, the hosts warn of a new Microsoft Windows update bug that can cause MSMQ failures on Server 2016/2019 and Windows 10, with no fix yet available.
By SANS Internet StormCast
Podcast•Dec 15, 2025•6 min
SANS Stormcast Monday, December 15th, 2025: DLL Entry Points; ClickFix and Finger; Apple Patches
The episode covered four main topics: how malware can exploit DLL entry points that run on load, the resurgence of ClickFix attacks using the obsolete finger command over port 79, a massive Apple patch addressing 48 vulnerabilities—including two actively exploited...
By SANS Internet StormCast
Podcast•Dec 12, 2025•6 min
SANS Stormcast Friday, December 12th, 2025: Local AI Models; Mystery Chrome 0-Day; SOAPwn Attack
The episode covers three main topics: running the Gemma 3 AI model locally on modest hardware, a newly patched but undisclosed Chrome zero‑day vulnerability, and the SOAPwn flaw that lets attackers exploit .NET SOAP services via malicious file:// URLs. Guy Bruneau’s...
By SANS Internet StormCast
Podcast•Dec 11, 2025•6 min
SANS Stormcast Thursday, December 11th, 2025: Possible CVE-2024-9042 Variant; React2shell Exploits; Notepad++ Update Hijacking; macOS Priv Escalation
The episode reviews a possible new variant of the CVE‑2024‑9042 Kubernetes OS command injection, noting its reliance on the $() syntax and the need for log‑query privileges. It then delves into React‑to‑Shell attacks (CVE‑2025‑55182), emphasizing that the underlying flaw lies...
By SANS Internet StormCast
Podcast•Dec 10, 2025•8 min
SANS Stormcast Wednesday, December 10th, 2025: Microsoft, Adobe, Ivanti, Fortinet, and Ruby Patches.
The episode reviews the latest Patch Tuesday releases, highlighting Microsoft’s 57 fixes—including a privileged‑escalation bug in the Cloud Files Mini‑filters driver that’s already being exploited and new warnings for PowerShell’s Invoke‑WebRequest and AI co‑pilot integrations—while noting critical flaws remain in...
By SANS Internet StormCast