SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast) SANS Stormcast Thursday, November 20th, 2025: Unicode Issues; FortiWeb More Vulns; DLink DIR-878 Vuln; Operation WrtHug and ASUS Routers
4 snips
Nov 20, 2025 Dive into the complexities of Unicode, where seemingly funny domain names hide serious vulnerabilities. Discover multiple vulnerabilities in the FortiWeb API and CLI, exacerbated by active exploits. Learn about the troubling DLink DIR-878 router issues, which won't receive patches due to its end-of-life status. Uncover the alarming Operation WrtHug, exposing how thousands of ASUS routers have fallen victim to a global espionage campaign. Tune in for insights on mitigating these threats with better admin controls!
AI Snips
Chapters
Transcript
Episode notes
Hidden Unicode Pitfalls
- Unicode has subtle features like variance selectors and bidirectional text that can change displayed text versus interpreted text.
- Web apps using UTF-8 are likely exposed to unexpected Unicode-based injection or obfuscation risks.
Unicode Is A Widespread Risk
- Character conversions and regex handling can introduce XSS or SQL injection via Unicode.
- Developers often ignore Unicode like IPv6, yet nearly every UTF-8 web app uses it and may be vulnerable.
Silent FortiWeb Patch Turned Real
- Fortinet quietly disclosed and patched a second FortiWeb vulnerability after it was already exploited in the wild.
- The bug scored 6.7 CVSS and required authentication, yet still saw real-world exploitation.