SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast) SANS Stormcast Monday, December 1st, 2025: More ClickFix; Teams Guest Access; Geoserver XXE Vulnerablity
Dec 1, 2025
A new variant of ClickFix tricks users with a fake Blue Screen of Death to steal information. There's a concerning phishing risk connected to Teams guest access, where attackers can invite users into unprotected environments. Additionally, a recently patched Geoserver vulnerability (CVE-2025-58360) highlights the dangers of exposing XML entities publicly. These insights reveal the evolving landscape of cyber threats and the importance of vigilance.
AI Snips
Chapters
Transcript
Episode notes
ClickFix Uses Fake Blue Screen Ruse
- ClickFix evolved to use fake Windows blue screens as a more believable lure for victims.
- Attackers still rely on copy-paste command tricks to execute stealers despite the changed UI bait.
Don't Copy-Paste Commands From Webpages
- Avoid copying and pasting commands from webpages; treat unexpected system prompts as suspicious.
- Remove exposure to such malicious sites by blocking advertising sources and educating users about ClickFix tactics.
Harden Teams Guest Policies
- Review and restrict guest invitations and apply conditional access or separate policies for external Teams.
- Educate users to verify the environment before interacting with links or content in guest Teams spaces.