SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

SANS Stormcast Friday, March 28th: Sitecore Exploited; Blasting Past Webp; Splunk and Firefox Vulnerabilities

Mar 28, 2025

A recent deserialization attack targeted Sitecore, exploiting a thumbnail access token header. Google’s Project Zero detailed a zero-click NSO BlastPass exploit in iOS using a WebP vulnerability. Splunk patched several vulnerabilities, including one that allowed code execution for authenticated users. Meanwhile, Mozilla patched an active sandbox escape vulnerability in Firefox. The podcast highlights these critical security issues while urging listeners to stay informed on evolving cyber threats.

06:15

Creator website

AI Summary

AI Chapters

Episode notes

Podcast summary created with Snipd AI

Quick takeaways

A deserialization vulnerability in Sitecore's thumbnail access token header presents significant threats to users, emphasizing the need for better data collection on attack vectors.

The analysis of the BlastPass exploit highlights critical memory management issues within compressed formats, underscoring the importance of secure coding practices for developers.

Deep dives

Exploiting HTTP Headers and Sitecore Vulnerability

The discussion revolves around a vulnerability in Sitecore, a content management system, related to a specific HTTP header known as the thumbnail access token. This header utilizes a .NET object, which when processed, has shown to have deserialization vulnerabilities. A recent examination revealed that requests containing this header closely matched a proof of concept exploit initially reported by Searchlight Cyber, highlighting the potential threat to users. Moving forward, there will be efforts to collect more comprehensive header data to better understand the attack vectors and potential risks associated with this vulnerability.

Investigating HTTP Headers and Sitecore Vulnerabilities

2min

Exploring Recent Exploits and Vulnerabilities in WebP, Splunk, and Firefox

4min

Sitecore "thumbnailsaccesstoken" Deserialization Scans (and some new reports) CVE-2025-27218
Our honeypots detected a deserialization attack against the CMS Sitecore using a thumnailaccesstoken header. The underlying vulnerability was patched in January, and security firm Searchlight Cyber revealed details about this vulnerability a couple of weeks ago.
https://isc.sans.edu/diary/Sitecore%20%22thumbnailsaccesstoken%22%20Deserialization%20Scans%20%28and%20some%20new%20reports%29%20CVE-2025-27218/31806
Blasting Past Webp
Google s Project Zero revealed details how the NSO BLASTPASS exploit took advantage of a Webp image parsing vulnerability in iOS. This zero-click attack was employed in targeted attack back in 2023 and Apple patched the underlying vulnerability in September 2023. But this is the first byte by byte description showing how the attack worked.
https://googleprojectzero.blogspot.com/2025/03/blasting-past-webp.html
Splunk Vulnerabilities
Splunk patched about a dozen of vulnerabilities. None of them are rated critical, but a vulnerability rated High allows authenticated users to execute arbitrary code.
https://advisory.splunk.com/
Firefox 0-day Patched
Mozilla patched a sandbox escape vulnerability that is already being exploited.
https://www.mozilla.org/en-US/security/advisories/mfsa2025-19/

Get the Snipd
podcast app

Unlock the knowledge in podcasts with the podcast player of the future.

AI-powered
podcast player

Listen to all your favourite podcasts with AI-powered features

Discover
highlights

Listen to the best highlights from the podcasts you love and dive into the full episode

Save any
moment

Hear something you like? Tap your headphones to save it with AI-generated key takeaways

Share
& Export

Send highlights to Twitter, WhatsApp or export them to Notion, Readwise & more

AI-powered
podcast player

Listen to all your favourite podcasts with AI-powered features

Discover
highlights

Listen to the best highlights from the podcasts you love and dive into the full episode

SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

SANS Stormcast Friday, March 28th: Sitecore Exploited; Blasting Past Webp; Splunk and Firefox Vulnerabilities

Podcast summary created with Snipd AI

Quick takeaways

Deep dives

Exploiting HTTP Headers and Sitecore Vulnerability

BlastPass Exploit and Compression Vulnerabilities

Get the Snipdpodcast app

AI-poweredpodcast player

Discoverhighlights

Save anymoment

Share& Export

AI-poweredpodcast player

Discoverhighlights

Get the Snipd
podcast app

AI-powered
podcast player

Discover
highlights

Save any
moment

Share
& Export

AI-powered
podcast player

Discover
highlights