SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

Explore the excitement of running AI Gemma 3 on modest hardware, making AI more accessible for experimentation. Delve into a mystery Google Chrome 0-Day vulnerability that poses real risks with its exploitation already underway, despite lacking a CVE. Learn about the alarming SOAPwn attack that exposes .NET applications to serious threats through HTTP client proxies. Stay informed on the implications of these findings for developers and cybersecurity enthusiasts alike!

Discover a potential new variant of an exploit targeting Kubernetes OS command injection. Dive into the React2Shell vulnerability, along with tactical advice on filtering Next.js headers. Learn about the recent Notepad++ update hijack and the importance of verifying software signatures. Uncover a new privilege escalation vulnerability in macOS that remains unpatched. Stay informed on the latest threats and protective measures in the ever-evolving landscape of cybersecurity!

This week, the discussion highlights crucial security updates from Microsoft, including 57 flaws, with some being actively exploited. Adobe addresses vulnerabilities in ColdFusion and Acrobat, raising concerns about potential exploits. Ivanti fixes a critical stored XSS issue in its Endpoint Manager, while Fortinet faces a cryptographic flaw allowing SSO bypass. Lastly, the ruby-saml library gets patched for an incomplete fix from previous vulnerabilities. Stay informed to keep your systems secure!

Discover the security concerns surrounding nanoKVM devices, including insecure firmware updates and weak password issues. Learn about the Ghostframe phishing kit, which skillfully evades detection using unique subdomains. The discussion also covers a significant update from WatchGuard, addressing multiple vulnerabilities, including a notable DoS attack risk. Tune in for insights on flaws, mitigations, and the latest in cyber threats!

Malicious scripts are using AutoIT3's FileInstall to drop shellcodes during execution, revealing new obfuscation techniques. Meanwhile, the React2Shell vulnerability is causing a frantic race to patch systems, with aggressive scanning and exploit attempts. Additionally, a recently patched XXE flaw in the Apache Tika library highlights the importance of updating software, especially for PDF parsing. This episode dives deep into these pressing cybersecurity issues.

A honeypot capture reveals an SSH scan from an IP linked to the Indonesian government, raising questions of whether it's a nation-state attack or a compromised system. Recent updates disclose that exploits for a serious React vulnerability exist, urging vigilance. Additionally, there's an active threat against Array Networks VPN gateways, emphasizing the importance of patching and verifying updates from VPN vendors, even smaller ones. Tune in for crucial insights into these pressing cybersecurity issues!

Honeypots reveal scans with CDN headers, highlighting attempts by attackers to bypass these defenses. A critical vulnerability in React server components has been patched, but exploitation may occur soon. Additionally, PickleScan, a tool for AI model security, has addressed three significant vulnerabilities, ensuring safer PyTorch models. The discussion dives into the implications of these security issues, making the stakes clearer for developers and cybersecurity professionals.

The compromise of the SmartTube Android app reveals how a developer's key was exploited, leading to the release of a malicious version. In another intriguing discussion, a rogue NPM package cleverly disguised itself through prompt injection to avoid detection, exfiltrating sensitive data for two years. Additionally, Angular addressed a critical stored XSS vulnerability linked to SVG and MathML, highlighting ongoing security challenges in web applications. Tune in for insights on the evolving landscape of cyber threats!

Dive into the world of cyber security with an intriguing analysis of ToolShell payloads, exploring how to decode embedded PowerShell commands. Discover Google's December Android update, which fixes critical vulnerabilities already exploited. Uncover the shocking story of the ShadyPanda malware campaign, where innocent browser extensions turned malicious after years of being safe. The episode also highlights the shift to spyware behaviors and offers insights on defensive strategies amid uncertainties in attribution.

A new variant of ClickFix tricks users with a fake Blue Screen of Death to steal information. There's a concerning phishing risk connected to Teams guest access, where attackers can invite users into unprotected environments. Additionally, a recently patched Geoserver vulnerability (CVE-2025-58360) highlights the dangers of exposing XML entities publicly. These insights reveal the evolving landscape of cyber threats and the importance of vigilance.