SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast) SANS Stormcast Tuesday, November 4th, 2025: XWiki SolrSearch Exploits and Rapper Feud; AMD Zen 5 RDSEED Bug; More Malicious Open VSX Extensions
Nov 4, 2025
Discover the latest threats in cybersecurity, including exploit attempts targeting XWiki SolrSearch, linking attackers to unusual references. Dive into the AMD Zen 5 RDSEED bug, where random number generation issues could pose security risks. Explore the alarming rise of malicious Open VSX extensions, particularly focusing on the SleepyDuck malware that targets crypto developers. Stay informed about these crucial topics that could impact digital security!
AI Snips
Chapters
Transcript
Episode notes
Unusual XWiki Exploit Patterns
- Exploit attempts for the XWiki SolrSearch vulnerability surged after it was listed in the KEV catalog.
- Attackers used a unique atomicmail.io user-agent and embedded rapper-themed payloads in their scripts.
Rapper-Themed Payloads Observed
- The exploit payload led to a rapper's promotional page instead of a typical malicious site.
- The exploit script names referenced rival Chicago rappers, suggesting a fan-created payload or prank.
Zen 5 RDSEED Returns Invalid Zeros
- AMD Zen 5's RDSEED sometimes returns a zero while flagging success, more often than random chance.
- This weakens cryptographic randomness and could ease brute-force attacks on keys.