SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

SANS Stormcast Tuesday, May 27th 2025: SVG Steganography; Fortinet PoC; GitLab Duo Prompt Injection

May 27, 2025
Discover the intriguing world of SVG steganography, where messages can be cleverly hidden in vector graphics. Tune in to hear about a critical vulnerability in Fortinet products that’s already facing exploitation in the wild. The podcast also delves into an emerging threat: remote prompt injection in GitLab Duo, exposing potential risks linked to source code manipulation. Uncover how these issues could compromise both data security and integrity in the tech landscape.
Ask episode
AI Snips
Chapters
Transcript
Episode notes
INSIGHT

SVG Enables New Steganography Methods

  • SVG images provide an alternative for steganography outside bitmap-based formats like JPEG.
  • SVG's vector nature and XML structure enable subtle data encoding through line segments and color adjustments without compression loss.
ADVICE

Encrypt Data Before Embedding

  • To secure hidden data in SVG images, encrypt your payload before embedding it.
  • Avoid relying solely on SVG encoding for security; pre-encrypt data for confidentiality.
ANECDOTE

AI Tools Help Find Fortinet Flaw

  • Horizon3.ai used GitHub Copilot and ChatGPT to discover and exploit a critical Fortinet vulnerability.
  • The flaw in authentication cookies allows remote code execution without authentication.
Get the Snipd Podcast app to discover more snips from this episode
Get the app