Welcome back to Blu's News! Tonight we’re diving deep into the DCU and MCU. We have the wild description of the Supergirl: Woman of Tomorrow trailer (featuring a very rude dog), reports that Fantastic Four: First Steps is putting up historically low numbers on Disney+, and our Top 5 demands Read More
Send a textRetired Rear Admiral Gene Kendall joins cardiologist Dr. Michael Koren to discuss his exciting career, starting as one of the first Black students at Duke University. The former admiral discusses the excitement, disappointment, and life lessons going from a "big fish in a small pond" to an elite Read More
Microsoft Patch Tuesday Microsoft released its regular monthly patch on Tuesday, addressing 57 flaws. https://isc.sans.edu/diary/Microsoft%20Patch%20Tuesday%20December%202025/32550 Adobe Patches Adobe patched five products. The remote code execution in ColdFusion, as well as the code execution issue in Acrobat, will very likely see exploits soon. https://helpx.adobe.com/security.html Ivanti Endpoint Manager Patches Ivanti patched four Read More
In this best-of episode of Everything is Logistics, we’re building the business case for healthy paranoia in freight. I’m pulling together clips from past conversations with Jonathan Ryan (Overhaul), Reid Clements (Highway), and Mark Funk & Shivrani Narayan (SPI Logistics), plus a breakdown with Grace Sharkey (Orderful) on the current Read More
nanoKVM Vulnerabilities The nanoKVM device updates firmware insecurely; however, the microphone that the authors of the advisory referred to as undocumented may actually be documented in the underlying hardware description. https://www.tomshardware.com/tech-industry/cyber-security/researcher-finds-undocumented-microphone-and-major-security-flaws-in-sipeed-nanokvm Ghostframe Phishing Kit The Ghostframe phishing kit uses iFrames and random subdomains to evade detection https://blog.barracuda.com/2025/12/04/threat-spotlight-ghostframe-phishing-kit WatchGuard Advisory WatchGuard Read More
AutoIT3 Compiled Scripts Dropping Shellcodes Malicious AutoIT3 scripts are usign the FileInstall function to include additional scripts at compile time that are dropped as temporary files during execution. https://isc.sans.edu/diary/AutoIT3%20Compiled%20Scripts%20Dropping%20Shellcodes/32542 React2Shell Update The race is on to patch vulnerable systems. Various groups are aggressively scanning the internet with different exploit variants. Read More
Nation-State Attack or Compromised Government? [Guest Diary] An IP address associated with the Indonesian Government attacked one of our interns' honeypots. https://isc.sans.edu/diary/Nation-State%20Attack%20or%20Compromised%20Government%3F%20%5BGuest%20Diary%5D/32536 React Update Working exploits for the React vulnerability patched yesterday are not widely available Array Networks Array AG Vulnerablity A recently patched vulnerability in Array Networks Array AG Read More
Welcome to Episode 416 of the Microsoft Cloud IT Pro Podcast. In this week’s episode, Ben finally has a chance to sit down with Henrik Wojcik. Henrik has been a long-time listener as well as a fellow Microsoft MVP in Security and we finally had the chance to sit down Read More
Attempts to Bypass CDNs Our honeypots recently started receiving scans that included CDN specific headers. https://isc.sans.edu/diary/Attempts%20to%20Bypass%20CDNs/32532 React Vulnerability CVE-2025-55182 React patched a critical vulnerability in React server components. Exploitation is likely imminent. https://react.dev/blog/2025/12/03/critical-security-vulnerability-in-react-server-components Unveiling 3 PickleScan Vulnerabilities The PyTorch AI model security tool, PickleScan, has patched three critical vulnerabilities. https://jfrog.com/blog/unveiling-3-zero-day-vulnerabilities-in-picklescan/
Send a textWe celebrate a rivalry beatdown in Nashville and pivot to a high-stakes showdown with Indianapolis. Trevor Lawrence’s control and a smothering defense shaped a dominant day against the Titans, who were eliminated from the playoff picture Sunday.The specific topics we discussed this week are as follows:• Rivalry stakes Read More
Join us for an eye-opening episode featuring Erin Maccabee, a First Responder Integration Coach with deep insights into the world of first responders and their partners. Erin shares a roadmap for clinicians and first responders looking to navigate the intense emotional challenges of the job, and unveils the crucial “re-entry Read More
Send a textDr. Sara Collins joins Dr. Michael Koren to talk about her journey as a research cardiologist. They discuss Dr. Collins's path through preparatory school, college, med school, and the post-school experience as a cardiologist. They also discuss her role starting a clinical research site in Washington, D.C., and Read More
SmartTube Android App Compromise The key a developer used to sign the Android YouTube player SmartTube was compromised and used to publish a malicious version. https://github.com/yuliskov/SmartTube/issues/5131#issue-3670629826 https://github.com/yuliskov/SmartTube/releases/tag/notification Two Years, 17K Downloads: The NPM Malware That Tried to Gaslight Security Scanners Over the course of two years, a malicious NPM package Read More
Send us a textDid you have a Happy Thanksgiving? Shay-La and Danika did. We get into that gritty not pretty win against Arizona. Jaguars go into Tennessee and beat a not so great Titan team. A game full of flags, fights and punter aggression. Also have you had Cutwater?
Our sister company CargoRex has been monitoring the keywords users are anonymously searching for on the site so in this episode, we’re breaking down what those phrases are. What You’ll LearnThis episode breaks down five months of anonymized CargoRex search data to show what logistics buyers actually look for — Read More
Hunting for SharePoint In-Memory ToolShell Payloads A walk-through showing how to analyze ToolShell payloads, starting with acquiring packets all the way to decoding embedded PowerShell commands. https://isc.sans.edu/diary/%5BGuest%20Diary%5D%20Hunting%20for%20SharePoint%20In-Memory%20ToolShell%20Payloads/32524 Android Security Bulletin December 2025 Google fixed numerous vulnerabilities with its December Android update. Two of these vulnerabilities are already being exploited. https://source.android.com/docs/security/bulletin/2025-12-01 Read More
Send a textDr. Michael Koren joins Kevin Geddings to share an anecdote; an acquaintance seemed to put trust in Mel Gibson on a podcast over the American healthcare system. The doctor analyzes why there has been an erosion of trust in this system, why institutions like the medical community and Read More
Fake adult websites pop realistic Windows Update screen to deliver stealers via ClickFix The latest variant of ClickFix tricks users into copy/pasting commands by displaying a fake blue screen of death. https://www.acronis.com/en/tru/posts/fake-adult-websites-pop-realistic-windows-update-screen-to-deliver-stealers-via-clickfix/ B2B Guest Access Creates an Unprotected Attack Vector Users may be tricked into joining an external Teams workspace Read More
Send a textA chaotic overtime win over Arizona shows both sides of this team: careless turnovers and ice-cold clutch throws. We weigh late-game analytics, celebrate a key return on offense, and map the most interesting playoff path Jacksonville has seen in years.• Wildcard position improving with many winnable games ahead• Read More
Come join me as I enter the world of Ryan newhouser creator of @housacreates . Ryan is a ceative entrepenuer utilizing A.I. and other digital means for his business. Lets find out together how he does his work, why he decided to utilize his talents this way, how he got Read More
