SANS ISC Stormcast, Jan 30th 2025: Python vs. Powershell; Fortinet Exploits and Patch Policy; Voyager PHP Framework Vuln; Zyxel Targeted; VMWare AVI Patch

From PowerShell to a Python Obfuscation Race!
This information stealer not only emulates a PDF document convincingly, but also includes its own Python environment for Windows
https://isc.sans.edu/diary/From%20PowerShell%20to%20a%20Python%20Obfuscation%20Race!/31634
Alleged Active Exploit Sale of CVE-2024-55591 on Fortinet Devices
An exploit for this week's Fortinet vulnerability is for sale on russian forums. Fortinet also requires patching of devices without cloud license within seven days of patch release
https://x.com/MonThreat/status/1884577840185643345
https://community.fortinet.com/t5/Support-Forum/Firmware-upgrade-policy/td-p/373376
The Tainted Voyage: Uncovering Voyager's Vulnerabilities
Sonarcube identified vulnerabilities in the popular PHP package Voyager. One of them allows arbitrary file uploads.
https://www.sonarsource.com/blog/the-tainted-voyage-uncovering-voyagers-vulnerabilities/
Hackers exploit critical unpatched flaw in Zyxel CPE devices
A currently unpatches vulnerablity in Zyxel devices is actively exploited.
https://www.bleepingcomputer.com/news/security/hackers-exploit-critical-unpatched-flaw-in-zyxel-cpe-devices/
VMSA-2025-0002: VMware Avi Load Balancer addresses an unauthenticated blind SQL Injection vulnerability (CVE-2025-22217)
VMWare released a patch for the AVI Load Balancer addressing an unauthenticated blink SQL injection vulnerability.
https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25346