Nation-State Attack or Compromised Government? [Guest Diary] An IP address associated with the Indonesian Government attacked one of our interns' honeypots. https://isc.sans.edu/diary/Nation-State%20Attack%20or%20Compromised%20Government%3F%20%5BGuest%20Diary%5D/32536 React Update Working exploits for the React vulnerability patched yesterday are not widely available Array Networks Array AG Vulnerablity A recently patched vulnerability in Array Networks Array AG Read More
Welcome to Episode 416 of the Microsoft Cloud IT Pro Podcast. In this week’s episode, Ben finally has a chance to sit down with Henrik Wojcik. Henrik has been a long-time listener as well as a fellow Microsoft MVP in Security and we finally had the chance to sit down Read More
Attempts to Bypass CDNs Our honeypots recently started receiving scans that included CDN specific headers. https://isc.sans.edu/diary/Attempts%20to%20Bypass%20CDNs/32532 React Vulnerability CVE-2025-55182 React patched a critical vulnerability in React server components. Exploitation is likely imminent. https://react.dev/blog/2025/12/03/critical-security-vulnerability-in-react-server-components Unveiling 3 PickleScan Vulnerabilities The PyTorch AI model security tool, PickleScan, has patched three critical vulnerabilities. https://jfrog.com/blog/unveiling-3-zero-day-vulnerabilities-in-picklescan/
Send a textWe celebrate a rivalry beatdown in Nashville and pivot to a high-stakes showdown with Indianapolis. Trevor Lawrence’s control and a smothering defense shaped a dominant day against the Titans, who were eliminated from the playoff picture Sunday.The specific topics we discussed this week are as follows:• Rivalry stakes Read More
Join us for an eye-opening episode featuring Erin Maccabee, a First Responder Integration Coach with deep insights into the world of first responders and their partners. Erin shares a roadmap for clinicians and first responders looking to navigate the intense emotional challenges of the job, and unveils the crucial “re-entry Read More
Send a textDr. Sara Collins joins Dr. Michael Koren to talk about her journey as a research cardiologist. They discuss Dr. Collins's path through preparatory school, college, med school, and the post-school experience as a cardiologist. They also discuss her role starting a clinical research site in Washington, D.C., and Read More
SmartTube Android App Compromise The key a developer used to sign the Android YouTube player SmartTube was compromised and used to publish a malicious version. https://github.com/yuliskov/SmartTube/issues/5131#issue-3670629826 https://github.com/yuliskov/SmartTube/releases/tag/notification Two Years, 17K Downloads: The NPM Malware That Tried to Gaslight Security Scanners Over the course of two years, a malicious NPM package Read More
Send us a textDid you have a Happy Thanksgiving? Shay-La and Danika did. We get into that gritty not pretty win against Arizona. Jaguars go into Tennessee and beat a not so great Titan team. A game full of flags, fights and punter aggression. Also have you had Cutwater?
Our sister company CargoRex has been monitoring the keywords users are anonymously searching for on the site so in this episode, we’re breaking down what those phrases are. What You’ll LearnThis episode breaks down five months of anonymized CargoRex search data to show what logistics buyers actually look for — Read More
Hunting for SharePoint In-Memory ToolShell Payloads A walk-through showing how to analyze ToolShell payloads, starting with acquiring packets all the way to decoding embedded PowerShell commands. https://isc.sans.edu/diary/%5BGuest%20Diary%5D%20Hunting%20for%20SharePoint%20In-Memory%20ToolShell%20Payloads/32524 Android Security Bulletin December 2025 Google fixed numerous vulnerabilities with its December Android update. Two of these vulnerabilities are already being exploited. https://source.android.com/docs/security/bulletin/2025-12-01 Read More
Send a textDr. Michael Koren joins Kevin Geddings to share an anecdote; an acquaintance seemed to put trust in Mel Gibson on a podcast over the American healthcare system. The doctor analyzes why there has been an erosion of trust in this system, why institutions like the medical community and Read More
Fake adult websites pop realistic Windows Update screen to deliver stealers via ClickFix The latest variant of ClickFix tricks users into copy/pasting commands by displaying a fake blue screen of death. https://www.acronis.com/en/tru/posts/fake-adult-websites-pop-realistic-windows-update-screen-to-deliver-stealers-via-clickfix/ B2B Guest Access Creates an Unprotected Attack Vector Users may be tricked into joining an external Teams workspace Read More
Send a textA chaotic overtime win over Arizona shows both sides of this team: careless turnovers and ice-cold clutch throws. We weigh late-game analytics, celebrate a key return on offense, and map the most interesting playoff path Jacksonville has seen in years.• Wildcard position improving with many winnable games ahead• Read More
Come join me as I enter the world of Ryan newhouser creator of @housacreates . Ryan is a ceative entrepenuer utilizing A.I. and other digital means for his business. Lets find out together how he does his work, why he decided to utilize his talents this way, how he got Read More
In this episode, we pull back the curtain on the often-overlooked world of New York City’s Emergency Medical Services. Join us for an eye-opening conversation with Anthony Almojera, a 20-year veteran Lieutenant and passionate advocate for EMS, as he sheds light on the harsh realities of a profession that battles Read More
Send a textDermatologist and clinical researcher Dr. Michael Bernhardt joins Dr. Erich Schramm to unpack the rapidly evolving science of atopic dermatitis. The two doctors discuss the symptoms, science, and treatments for atopic dermatitis, including how much clinical research has changed the landscape and improved outcomes. The two get into Read More
Spyware Allows Cyber Threat Actors to Target Users of Messaging Applications Spyware attacks messaging applications in part by triggering vulnerabilities in messaging applications but also by deploying tools like keystroke loggers and screenshot applications. https://www.cisa.gov/news-events/alerts/2025/11/24/spyware-allows-cyber-threat-actors-target-users-messaging-applications Stop Putting Your Passwords Into Random Websites Yes. Just Stop! https://labs.watchtowr.com/stop-putting-your-passwords-into-random-websites-yes-seriously-you-are-the-problem/ Fluentbit Vulnerability https://www.oligo.security/blog/critical-vulnerabilities-in-fluent-bit-expose-cloud-environments-to-remote-takeover Happy Read More
Conflicts between URL mapping and URL based access control. Mapping different URLs to the same script, and relying on URL based authentication at the same time, may lead to dangerous authentication and access control gaps. https://isc.sans.edu/diary/Conflicts%20between%20URL%20mapping%20and%20URL%20based%20access%20control./32518 Sha1-Hulud, The Second Coming A new, destructive variant of the Shai-Hulud worm is currently Read More
Send a textDr. Michael Koren joins Kevin Geddings to give thanks this week. The doctor gives gratitude to Kevin, his team, clinical research staff, MedEvidence staff, and most of all, patients. Dr. Koren expresses his heartfelt thanks to everyone who pushes science and research forward!Be a part of advancing science Read More
Use of CSS stuffing as an obfuscation technique? Phishing sites stuff their HTML with benign CSS code. This is likely supposed to throw of simple detection engines https://isc.sans.edu/diary/Use%20of%20CSS%20stuffing%20as%20an%20obfuscation%20technique%3F/32510 Critical Oracle Identity Manager Flaw Possibly Exploited as Zero-Day Early exploit attempts for the vulnerability were part of Searchlight Cyber s research Read More
