SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast) SANS Stormcast Tuesday, September 30th, 2025: Apple Patch; PAN Global Protect Scans; SSL.com signed malware
Sep 30, 2025
Apple has rolled out important patches fixing a font parsing vulnerability across its platforms. There’s a rising number of scans targeting a specific vulnerability in Palo Alto Global Protect, highlighting concerns for security. Additionally, new insights reveal the Nimbus Manticore malware is utilizing valid SSL.com certificates, complicating detection efforts. Tune in for a deep dive into these pressing cybersecurity topics!
AI Snips
Chapters
Transcript
Episode notes
Single Font Parsing Vulnerability
- Apple released a single security fix in iOS, iPadOS, macOS 26 for a font parser vulnerability that can corrupt process memory.
- The bug could hint at possible code execution even though Apple did not state active exploitation.
Patch GlobalProtect CVE-2024-3400 Now
- Scan and patch Palo Alto GlobalProtect instances for CVE-2024-3400 because exploits remain widespread and trivial.
- Remove or patch vulnerable portals to prevent attackers from writing files via path traversal.
Scanning Behavior Reveals Exploit Steps
- The exploitation creates files in the portal images directory to test vulnerability and may later upload web shells.
- The initial probe uses file-write checks (error code changes) rather than immediately delivering a shell.