SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast) SANS Stormcast Monday, November 10th, 2025: Code Repo Requests; Time Delayed ICS Attacks; Encrypted LLM Traffic Sidechannel Attacks
6 snips
Nov 10, 2025 Attackers are increasingly scanning for exposed code repositories, prompting calls for proactive security measures. Newly discovered malicious NuGet packages are delivering time-delayed attacks targeting industrial control systems, raising alarms in cybersecurity circles. Additionally, research reveals that encrypted traffic to large language models can leak user prompt information based on packet sizes, highlighting new vulnerabilities. Stay tuned to understand these emerging threats and how to protect against them!
AI Snips
Chapters
Transcript
Episode notes
Prevent Public Exposure Of Code Repos
- Do keep source code repositories and .git directories out of your web document root and scan for accidental exposures.
- Proactively scan your web apps because attackers will likely find leaked repos in less than a day.
NuGet Packages Target Industrial Control Systems
- Malicious NuGet packages targeted ICS developers by publishing both benign and trojanized libraries like a Sharp7 extended API.
- Authors included long, randomized activation delays, some waiting years before destructive behavior triggers.
Vet And Test Third-Party Packages
- Do vet third-party packages thoroughly and prefer official, well-reviewed libraries before adding them to ICS projects.
- Test packages in environments that can detect time-delayed or randomized activation behavior.