SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast) SANS Stormcast Friday, December 12th, 2025: Local AI Models; Mystery Chrome 0-Day; SOAPwn Attack
Dec 12, 2025
Explore the excitement of running AI Gemma 3 on modest hardware, making AI more accessible for experimentation. Delve into a mystery Google Chrome 0-Day vulnerability that poses real risks with its exploitation already underway, despite lacking a CVE. Learn about the alarming SOAPwn attack that exposes .NET applications to serious threats through HTTP client proxies. Stay informed on the implications of these findings for developers and cybersecurity enthusiasts alike!
AI Snips
Chapters
Transcript
Episode notes
Running Gemma 3 On A Mini Lab
- Guy documented installing Gemma 3 on a small home machine using a Horizon chip and a mini PC for a hands-on experiment.
- Johannes Ulrich highlights the Proxmox pitfalls Guy encountered and how the experience reveals backend behavior of local AI models.
Chrome Patch Lacks Details
- Google pushed a Chrome update for an actively exploited flaw but released no CVE or technical details, labeling it "under coordination."
- Johannes suggests the issue likely spans other browsers or shared libraries, requiring vendor coordination before disclosure.
SOAP URL Handling Can Break Isolation
- Watchtowr Labs disclosed a class of SOAP issues in .NET where URL handling can lead to file writes or remote code execution when URLs start with file:.
- The vulnerability stems from how .NET casts request classes, enabling unexpected filesystem operations instead of safe HTTP requests.