", "associatedMedia": { "@type": "MediaObject", "contentUrl": "https://traffic.libsyn.com/securitypodcast/9466.mp3" }, "image":{ "@type":"ImageObject", "url": "https://jaxpodcastersunited.com/wp-content/uploads/2025/05/SANS-Daily-Stormcast-Banner.webp", "width":"696", "height":"696" }, "datePublished":"May 26, 2025" }, { "@context": "http://schema.org/", "@type": "BreadcrumbList", "itemListElement": [ { "@type": "ListItem", "position": 1, "item": { "@id": "https://jaxpodcastersunited.com/", "name": "Home" } }, { "@type": "ListItem", "position": 2, "item": { "@id": "https://jaxpodcastersunited.com/podcast/", "name": "Podcast" } }, { "@type": "ListItem", "position": 3, "item": { "@id": "https://jaxpodcastersunited.com/podcast/sans-stormcast-tuesday-may-27th-2025-svg-steganography-fortinet-poc-gitlab-duo-prompt-injection/", "name": "SANS Stormcast Tuesday, May 27th 2025: SVG Steganography; Fortinet PoC; GitLab Duo Prompt Injection" } } ] }, { "@context": "https://schema.org", "@type": "WebPage", "url" : "https://jaxpodcastersunited.com/podcast/sans-stormcast-tuesday-may-27th-2025-svg-steganography-fortinet-poc-gitlab-duo-prompt-injection/", "name": "SANS Stormcast Tuesday, May 27th 2025: SVG Steganography; Fortinet PoC; GitLab Duo Prompt Injection", "description": "

", "thumbnailUrl": "https://jaxpodcastersunited.com/wp-content/uploads/2025/05/SANS-Daily-Stormcast-Banner.webp", "datePublished":"", "author": { "@type": "Person", "name": "", "description" : "", "url" : "https://jaxpodcastersunited.com/about-us/", "image":{ "@type":"ImageObject", "url":"https://secure.gravatar.com/avatar/d00b3ca4be55be60dff941e0bbcbb888?s=150&d=mm&r=g", "width":"696", "height":"696" }, "sameAs": [ "https://www.linkedin.com/in/blythebrum/", "https://www.youtube.com/channel/UCsyEdr6eSDPexCs83nAHE2g", "https://www.instagram.com/digidispatch/" ] } } ]

SANS Stormcast Tuesday, May 27th 2025: SVG Steganography; Fortinet PoC; GitLab Duo Prompt Injection

May 26, 2025

Episode Transcript

SVG Steganography
Steganography is not only limited to pixel-based images but can be used to embed messages into vector-based formats like SVG.
https://isc.sans.edu/diary/SVG%20Steganography/31978
Fortinet Vulnerability Details CVE-2025-32756
Horizon3.ai shows how it was able to find the vulnerability in Fortinet s products, and how to possibly exploit this issue. The vulnerability is already being exploited in the wild and was patched May 13th
https://horizon3.ai/attack-research/attack-blogs/cve-2025-32756-low-rise-jeans-are-back-and-so-are-buffer-overflows/
Remote Prompt Injection in GitLab Duo Leads to Source Code Theft
An attacker may leave instructions (prompts) for GitLab Duo embedded in the source code. This could be used to exfiltrate source code and secrets or to inject malicious code into an application.
https://www.legitsecurity.com/blog/remote-prompt-injection-in-gitlab-duo

See full episode transcriptTranscript is autogenerated by AI

Digital Dispatch Podcast Podcast Artwork Image

SANS Daily Stormcast

Johannes Ullrich

Contact Show