Podcast Episodes
Back to SearchSANS Stormcast Tuesday, December 16th, 2025: Current React2Shell Example; SAML woes; MSMQ issues after patch;
Episode 9740
More React2Shell Exploits CVE-2025-55182
Our honeypots continue to detect numerous React2Shell variants. Some using slightly modified exploits
https://isc.sans.edu/diary/More%20React2Shell%20Exploit…
Published on 11 hours ago
SANS Stormcast Monday, December 15th, 2025: DLL Entry Points; ClickFix and Finger; Apple Patches
Episode 9738
Abusing DLLs EntryPoint for the Fun
DLLs will not just execute code when some of their functions are called, but also as they are loaded.
https://isc.sans.edu/diary/Abusing%20DLLs%20EntryPoint%20for…
Published on 1 day, 11 hours ago
SANS Stormcast Friday, December 12th, 2025: Local AI Models; Mystery Chrome 0-Day; SOAPwn Attack
Episode 9736
Using AI Gemma 3 Locally with a Single CPU
Installing AI models on modes hardware is possible and can be useful to experiment with these models on premise
https://isc.sans.edu/diary/Using%20AI%20Gem…
Published on 4 days, 11 hours ago
SANS Stormcast Thursday, December 11th, 2025: Possible CVE-2024-9042 variant; react2shell exploits; notepad++ update hijacking; macOS priv escalation
Episode 9734
Possible exploit variant for CVE-2024-9042 (Kubernetes OS Command Injection)
We observed HTTP requests with our honeypot that may be indicative of a new version of an exploit against an older vulner…
Published on 5 days, 11 hours ago
SANS Stormcast Wednesday, December 10th, 2025: Microsoft, Adobe, Ivanti, Fortinet, and Ruby patches.
Episode 9732
Microsoft Patch Tuesday
Microsoft released its regular monthly patch on Tuesday, addressing 57 flaws.
https://isc.sans.edu/diary/Microsoft%20Patch%20Tuesday%20December%202025/32550
Adobe Patches
Ado…
Published on 6 days, 12 hours ago
SANS Stormcast Tuesday, December 9th, 2025: nanoKVM Vulnerabilities; Ghostframe Phishing; WatchGuard Advisory
Episode 9730
nanoKVM Vulnerabilities
The nanoKVM device updates firmware insecurely; however, the microphone that the authors of the advisory referred to as undocumented may actually be documented in the under…
Published on 1 week ago
SANS Stormcast Monday, December 8th, 2025: AutoIT3 FileInstall; React2Shell Update; Tika Vuln
Episode 9728
AutoIT3 Compiled Scripts Dropping Shellcodes
Malicious AutoIT3 scripts are usign the FileInstall function to include additional scripts at compile time that are dropped as temporary files during e…
Published on 1 week, 1 day ago
SANS Stormcast Friday, December 5th, 2025: Compromised Govt System; React Vuln Update; Array Networks VPN Attacks
Episode 9726
Nation-State Attack or Compromised Government? [Guest Diary]
An IP address associated with the Indonesian Government attacked one of our interns' honeypots.
https://isc.sans.edu/diary/Nation-State%…
Published on 1 week, 4 days ago
SANS Stormcast Thursday, December 4th, 2025: CDN Headers; React Vulnerabiity; PickleScan Patch
Episode 9724
Attempts to Bypass CDNs
Our honeypots recently started receiving scans that included CDN specific headers.
https://isc.sans.edu/diary/Attempts%20to%20Bypass%20CDNs/32532
React Vulnerability CVE-2025…
Published on 1 week, 5 days ago
SANS Stormcast Wednesday, December 3rd, 2025: SmartTube Compromise; NPM Malware Prompt Injection Attempt; Angular XSS Vulnerability
Episode 9722
SmartTube Android App Compromise
The key a developer used to sign the Android YouTube player SmartTube was compromised and used to publish a malicious version.
https://github.com/yuliskov/SmartTube/…
Published on 1 week, 6 days ago