Surge in Scans for Juniper t128 Default User Lasst week, we dedtect a significant surge in ssh scans for the username t128 . This user is used by Juniper s Session Smart Routing, a product they acquired from 128 Technologies which is the reason for the somewhat unusual username. https://isc.sans.edu/diary/Surge%20in%20Scans%20for%20Juniper%20%22t128%22%20Default%20User/31824 Read More
Are you feeling overwhelmed by extreme stress or struggling with feelings of resentment? In this enlightening episode, we feature Dr. Frederic Luskin, the renowned director of the Stanford University Forgiveness Projects. Discover how embracing forgiveness can uplift your spirit and help you regain a sense of peace and fulfillment. We explore Read More
Are you feeling overwhelmed by extreme stress or struggling with feelings of resentment? In this enlightening episode, we feature Dr. Frederic Luskin, the renowned director of the Stanford University Forgiveness Projects. Discover how embracing forgiveness can uplift your spirit and help you regain a sense of peace and fulfillment. We explore Read More
Send a textJudith Abbey, DNP, shares her journey from medical student in Ghana to healthcare entrepreneur in Florida, where she founded On the Go Drip, a mobile IV therapy service delivering treatments directly to patients' homes. Dr. Michael Koren asks her about her history and business, and the two of Read More
Apple Patches Everything Apple released updates for all of its operating systems. Most were released on Monday with WatchOS patches released today on Tuesday. Two already exploited vulnerabilities, which were already patched in the latest iOS and macOS versions, are now patched for older operating systems as well. A total Read More
Send a textCardiologist Dr. Michael Koren joins Kevin Geddings to discuss progress in the world of cholesterol management. Dr. Koren explains the importance of getting cholesterol - especially LDL cholesterol - under control and the potential benefits to heart attack and stroke risk. They discuss some of the problems with Read More
When AI enters the supply chain, your biggest threat might not be a hacker—it might be a rogue Excel sheet buried deep in your processes. In this panel from Manifest, Blythe moderates an insightful discussion with data security leaders on what it really takes to secure supply chains in an AI-powered Read More
Apache Camel Exploit Attempt by Vulnerability Scans A recently patched vulnerability in Apache Camel has been integrated into some vulnerability scanners, like for example OpenVAS. We do see some exploit attempts in our honeypots, but they appear to be part of internal vulnerablity scans https://isc.sans.edu/diary/Apache%20Camel%20Exploit%20Attempt%20by%20Vulnerability%20Scan%20%28CVE-2025-27636%2C%20CVE-2025-29891%29/31814 New Security Requirements for Certificate Read More
A Tale of Two Phishing Sties Two phishing sites may use very different backends, even if the site itself appears to be visually very similar. Phishing kits are often copied and modified, leading to sites using similar visual tricks on the user facing site, but very different backends to host Read More
Sitecore "thumbnailsaccesstoken" Deserialization Scans (and some new reports) CVE-2025-27218 Our honeypots detected a deserialization attack against the CMS Sitecore using a thumnailaccesstoken header. The underlying vulnerability was patched in January, and security firm Searchlight Cyber revealed details about this vulnerability a couple of weeks ago. https://isc.sans.edu/diary/Sitecore%20%22thumbnailsaccesstoken%22%20Deserialization%20Scans%20%28and%20some%20new%20reports%29%20CVE-2025-27218/31806 Blasting Past Webp Google Read More
Welcome to Episode 398 of the Microsoft Cloud IT Pro Podcast. In this episode Ben meets up with Harm Veenstra at the annual Microsoft MVP Summit. They chat a bit about Harm experience as an MVP and his path to becoming an MVP. Then the move into a few technologies Read More
Send a textThe tide is turning in Jacksonville as James Johnson breaks down the Jaguars' strategic approach to free agency under new GM James Gladstone. After years of splashy signings and mixed results, the organization appears to be charting a new course—one built on draft capital, calculated additions, and long-term Read More
Why does it feel like U.S. ports are stuck in the past while the rest of the world is fully automated? This episode with Lauren Beagen—lawyer, founder of The Maritime Professor®, and host of By Land and By Sea—dives into why maritime regulations matter, what tech labor negotiations are really about, Read More
Leveraging CNNs and Entropy-Based Feature Selection to Identify Potential Malware Artifacts of Interest This diary explores a novel methodology for classifying malware by integrating entropy-driven feature selection with a specialized Convolutional Neural Network (CNN). Motivated by the increasing obfuscation tactics used by modern malware authors, we will focus on capturing Read More
Tune in for a compelling episode featuring Lt. Col. Dave Grossman, a distinguished former Army Ranger and leading expert on combat psychology and resilience. This engaging conversation reveals essential techniques for cultivating mental toughness and effectively managing trauma responses in the high-pressure environments confronted by first responders. Discover the significant impact Read More
Send a textOn This week’s episode, Dr. Michael Koren Interviews local media entrepreneur Randall Thomas, host of PB and Jax. They discuss how “The Internet is a Weird Place.” They examine the algorithms, platforms, and biases that make up our experience on the internet. Mr. Thomas explains how the algorithms Read More
XWiki Search Vulnerablity Exploit Attempts (CVE-2024-3721) Our honeypot detected an increase in exploit attempts for an XWiki command injection vulnerablity. The vulnerability was patched last April, but appears to be exploited more these last couple days. The vulnerability affects the search feature and allows the attacker to inject Groovy code Read More
If you've ever asked “Where’s my container?”—this episode is for you. Rene Alvarenga, Senior Director of Product Management at Kaleris, breaks down why visibility is still one of supply chain's biggest unsolved problems. Backed by data from a new report with maritime research firm Thetius, this conversation unpacks the massive disconnect between Read More
Privacy Aware Bots A botnet is using privacy as well as CSRF prevention headers to better blend in with normal browsers. However, in the process they may make it actually easier to spot them. https://isc.sans.edu/diary/Privacy%20Aware%20Bots/31796 Critical Ingress Nightmare Vulnerability ingress-nginx fixed four new vulnerabilities, one of which may lead to Read More
Critical Next.js Vulnerability CVE-2025-29927 A critical vulnerability in how the x-middleware-subrequest header is verified may lead to bypassing authorization in Next.js applications. https://zhero-web-sec.github.io/research-and-things/nextjs-and-the-corrupt-middleware https://github.com/vercel/next.js/security/advisories/GHSA-f82v-jwr5-mffw https://www.runzero.com/blog/next-js/ Microsoft Trust Signing Service Abused Attackers abut the Microsoft Trust Signing Service, a service meant to help developers create signed software, to obtain short lived Read More
