SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast) SANS Stormcast Monday, November 24th, 2025: CSS Padding in Phishing; Oracle Identity Manager Scans Update;
Nov 24, 2025
Discover how phishing sites are using CSS stuffing to confuse detection engines with harmless code. Explore the alarming news about a critical vulnerability in Oracle Identity Manager that could be exploited as a zero-day attack. Plus, learn about ClamAV's efforts to clean up and streamline its signature database to improve security efforts. This discussion highlights the ever-evolving landscape of cyber threats and the innovative methods attackers employ.
AI Snips
Chapters
Transcript
Episode notes
CSS Stuffing As Phishing Obfuscation
- Phishing actors embed large amounts of benign CSS to obfuscate malicious HTML and evade simple detectors.
- This CSS stuffing shifts detection signals away from the harmful content, complicating automated filtering.
Oracle Identity Manager Zero‑Day Activity
- A critical Oracle Identity Manager vulnerability appeared to have early exploit attempts in the wild.
- Researchers from Searchlight Cyber observed initial exploit activity tied to their investigations.
Patch Oracle Identity Manager Now
- Update or patch Oracle Identity Manager immediately if you use it and monitor logs for unusual access.
- Prioritize mitigations and incident response because early exploit attempts were reported.