SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast) SANS Stormcast Wednesday, August 27th, 2025: Analyzing IDNs; Netscaler 0-Day Vuln; Git Vuln Exploited;
Aug 27, 2025
The discussion dives into the risks associated with International Domain Names (IDNs) and how mixed scripts can signal phishing attempts. A Python script is introduced to analyze these names for security flaws. The hosts also spotlight critical vulnerabilities in Citrix Netscaler, one of which is already actively being exploited. Additionally, they cover a Git vulnerability that has been exploited post-patch, emphasizing the urgency of keeping systems updated to fend off potential threats.
AI Snips
Chapters
Transcript
Episode notes
Detect Mixed Scripts In IDNs
- Unicode groups characters into scripts like Latin or Cyrillic which help identify mixed-script domain names used for phishing.
- Johannes Ullrich shows a Python script that detects mixed-script IDNs to flag suspicious domains.
Use Script-Mix Detection For Phishing
- Use mixed-script detection to spot IDNs that combine Latin with Asian or Cyrillic characters for likely phishing domains.
- Check Johannes Ullrich's linked Python script and GitHub repo to automate this detection in your DNS monitoring.
Patch Citrix NetScaler Now
- Patch Citrix NetScaler ADC and Gateway immediately for CVE-2025-7775, CVE-2025-7776, and CVE-2025-8424.
- Prioritize the CVSS 9.2 memory overflow (already exploited) especially for Gateway or triple-virtual-server setups.