Best Server Patching Podcasts (2025)

1
SANS Stormcast Thursday, October 16th, 2025: Clipboard Image Stealer; F5 Compromise; Adobe Updates; SAP Patchday 8:40

Play Pause

5h ago8:40

8:40

Clipboard Image Stealer Xavier presents an infostealer in Python that steals images from the clipboard. https://isc.sans.edu/diary/Clipboard%20Pictures%20Exfiltration%20in%20Python%20Infostealer/32372 F5 Compromise F5 announced a wide-ranging compromise today. Source code and information about unpatched vulnerabilities were stolen. https://my.f5.co…

1
SANS Stormcast Wednesday, October 15th, 2025: Microsoft Patchday; Ivanti Advisory; Fortinet Patches 6:22

10m ago6:22

6:22

Microsoft Patch Tuesday Microsoft not only released new patches, but also the last patches for Windows 10, Office 2016, Office 2019, Exchange 2016 and Exchange 2019. https://isc.sans.edu/diary/Microsoft%20Patch%20Tuesday%20October%202025/32368 Ivanti Advisory Ivanti released an advisory with some mitigation steps users can take until the recently m…

1
The “Shotgun” Botnet: How RondoDox Hijacks Routers, Cameras, and Servers Worldwide 23:28

2d ago23:28

23:28

A new and fast-growing botnet dubbed RondoDox is shaking up the global cybersecurity landscape with its “shotgun” exploitation strategy, targeting over 50 known and unknown vulnerabilities across a vast array of internet-connected devices. First detected in mid-2025, the botnet has expanded rapidly, infecting routers, servers, cameras, and DVRs fro…

1
SANS Stormcast Tuesday, October 14th, 2025: ESAFENET Scans; Payroll Priates; MSFT Edge IE Mode 6:02

1d ago6:02

6:02

Scans for ESAFENET CDG V5 We do see some increase in scans for the Chinese secure document management system, ESAFENET. https://isc.sans.edu/diary/Heads%20Up%3A%20Scans%20for%20ESAFENET%20CDG%20V5%20/32364 Investigating targeted payroll pirate attacks affecting US universities Microsoft wrote about how payroll pirates redirect employee paychecks vi…

1
“Inflation Refund” Scam: How Fraudsters Are Stealing Identities Through Texts 19:01

2d ago19:01

19:01

A widespread smishing campaign is sweeping across New York, luring residents with fraudulent text messages about an “Inflation Refund” from the Department of Taxation and Finance. These deceptive messages claim that recipients are eligible for a refund and must click a link to “process” it — a ploy designed to harvest personal and financial informa…

1
Juniper Networks Patches 220 Vulnerabilities in Massive October Security Update 23:29

2d ago23:29

23:29

In one of the year’s most extensive patch cycles, Juniper Networks has released its October 2025 security advisories, addressing a staggering 220 vulnerabilities across its product suite — including Junos OS, Junos Space, Junos Space Security Director, and Junos OS Evolved. Of these, nine critical flaws in Junos Space and Security Director stood ou…

1
Linked Exploitation Campaigns Target Cisco, Fortinet, and Palo Alto Networks Devices 25:08

2d ago25:08

25:08

Cyber intelligence firm GreyNoise has uncovered what appears to be a coordinated exploitation effort targeting network edge appliances from three major security vendors: Cisco, Fortinet, and Palo Alto Networks. After analyzing overlapping IP subnets, identical TCP fingerprints, and synchronized attack patterns, GreyNoise assessed with high confiden…

1
Salesforce Refuses Ransom as Scattered LAPSUS$ Hunters Leak Millions of Records 27:29

3d ago27:29

27:29

A new wave of cyber extortion has rocked the enterprise world as the Scattered LAPSUS$ Hunters—a coalition formed from the notorious Lapsus$, Scattered Spider, and ShinyHunters groups—attempted to ransom Salesforce, claiming to have stolen data from 39 of its customers. When Salesforce refused to negotiate, the hackers retaliated by publishing the …

1
SANS Stormcast Monday, October 13th, 2025: More Oracle Patches; Sonicwall Compromisses; Unpatched Gladinet; 7-Zip Patches 5:56

41m ago5:56

5:56

New Oracle E-Business Suite Patches Oracle released one more patch for the e-business suite. Oracle does not state if it is already exploited, but the timing of the patch suggests that it should be expedited. https://www.oracle.com/security-alerts/alert-cve-2025-61884.html Widespread Sonicwall SSLVPN Compromise Huntress Labs observed the widespread…

1
SANS Stormcast Friday, October 10th, 2025: RedTail Defenses; SonicWall Breach; Crowdstrike “Issues”; Ivanti 0-days; Mapping Agentic Attack Surface (@sans_edu paper) 15:12

5h ago15:12

15:12

Building Better Defenses: RedTail Observations Defending against attacks like RedTail is more then blocking IoCs, but instead one must focus on the techniques and tactics attackers use. https://isc.sans.edu/diary/Guest+Diary+Building+Better+Defenses+RedTail+Observations+from+a+Honeypot/32312 Sonicwall: It wasn t the user s fault Sonicwall admits to…

1
SANS Stormcast Thursday, October 9th, 2025: Polymorphic Python; ssh ProxyCommand Vuln; 6:12

7d ago6:12

6:12

Polymorphic Python Malware Xavier discovered self-modifying Python code on Virustotal. The remote access tool takes advantage of the inspect module to modify code on the fly. https://isc.sans.edu/diary/Polymorphic%20Python%20Malware/32354 SSH ProxyCommand Vulnerability A user cloning a git repository may be tricked into executing arbitrary code via…

1
SANS Stormcast Wednesday, October 8th, 2025: FreePBX Exploits; Disrupting Teams Threats; Kibana and QT SVG Patches 5:57

22h ago5:57

5:57

By Dr. Johannes B. Ullrich

1
SANS Stormcast Tuesday, October 7th, 2025: More About Oracle; Redis Vulnerability; GoAnywhere Exploited 5:33

2d ago5:33

5:33

By Dr. Johannes B. Ullrich

1
Oneleet Secures $33M Series A to Revolutionize Integrated Cybersecurity 28:08

9d ago28:08

28:08

By Daily Security Review

1
ParkMobile Data Breach Ends in $32.8M Settlement — and a $1 Payout 27:55

9d ago27:55

27:55

By Daily Security Review

1
Discord Confirms Data Breach Linked to Third-Party Support Vendor 25:58

9d ago25:58

25:58

By Daily Security Review

1
Weather Station Gateway Exploited: CISA Adds Meteobridge Bug to KEV List 23:11

9d ago23:11

23:11

By Daily Security Review

1
DrayTek Issues Critical Patch for Router RCE Flaw (CVE-2025-10547) 25:30

10d ago25:30

25:30

A serious unauthenticated remote code execution (RCE) flaw, identified as CVE-2025-10547, has been uncovered in DrayTek’s DrayOS routers. This vulnerability allows attackers to send crafted HTTP or HTTPS requests to the router’s web management interface, potentially leading to memory corruption, system crashes, or full device takeover. The flaw aff…

1
SANS Stormcast Monday, October 6th, 2025: Oracle 0-Day 6:28

3d ago6:28

6:28

Oracle E-Business Suite 0-Day CVE-2025-61882 Last week, the Cl0p ransomware gang sent messages to many businesses stating that an Oracle E-Business Suite vulnerability was used to exfiltrate data. Initially, Oracle believed the root cause to be a vulnerability patched in June, but now Oracle released a patch for a new vulnerability. https://www.ora…

1
SANS Stormcast Friday, October 3rd, 2025: More .well-known Scans; RedHat Openshift Patch; TOTOLINK Vuln; 6:35

6d ago6:35

6:35

More .well-known scans Attackers are using API documentation automatically published in the .well-known directory for reconnaissance. https://isc.sans.edu/diary/More%20.well-known%20Scans/32340 RedHat Patches Openshift AI Services A flaw was found in Red Hat Openshift AI Service. A low-privileged attacker with access to an authenticated account, fo…

1
SANS Stormcast Thursday, October 2nd, 2025: Honeypot Passwords; OneLogin Vuln; Breaking Intel SGX; OpenSSL Patch 8:11

8d ago8:11

8:11

Comparing Honeypot Passwords with HIBP Most passwords used against our honeypots are also found in the Have I been pwn3d list. However, the few percent that are not found tend to be variations of known passwords, extending them to find likely mutations. https://isc.sans.edu/diary/%5BGuest%20Diary%5D%20Comparing%20Honeypot%20Passwords%20with%20HIBP/…

1
FTC vs. Sendit: Lawsuit Alleges Data Theft, Fake Messages, and Subscription Traps 27:25

14d ago27:25

27:25

The Federal Trade Commission (FTC) has filed a high-profile lawsuit against Sendit, a social media companion app popular among teenagers, and its CEO. The case accuses the company of breaking three major U.S. laws designed to protect consumers and children online. First, the FTC alleges that Sendit violated the Children’s Online Privacy Protection …

1
Broadcom Patches VMware Zero-Day: CVE-2025-41244 Exploited by China-Linked UNC5174 25:16

14d ago25:16

25:16

Broadcom has released a critical security update addressing six vulnerabilities across VMware products, including four rated high-severity. At the center of the update is CVE-2025-41244, a local privilege escalation flaw affecting VMware Tools and Aria Operations. What makes this vulnerability particularly alarming is that it was actively exploited…

1
Seven Years, £5.5 Billion, 128,000 Victims – The Case of Yadi Zhang 29:12

14d ago29:12

29:12

In a historic case that has captured global attention, UK authorities have secured a conviction against Zhimin Qian (also known as Yadi Zhang), the Chinese national at the center of one of the largest financial crime investigations of the decade. Following a seven-year probe by the Metropolitan Police, investigators uncovered an elaborate fraud and…

1
Cisco ASA/FTD Flaws Under Siege: 50,000 Devices at Risk from Active Exploits 31:52

14d ago31:52

31:52

Two newly disclosed critical vulnerabilities—CVE-2025-20333 and CVE-2025-20362—are wreaking havoc across the global cybersecurity landscape, with nearly 50,000 Cisco ASA and FTD appliances actively under threat. These flaws enable unauthenticated remote code execution and VPN access compromise, giving attackers an immediate foothold into critical i…

1
MatrixPDF: The New Phishing Toolkit That Turns Safe PDFs into Cyber Weapons 16:12

15d ago16:12

16:12

A new cybercrime toolkit called MatrixPDF is changing the phishing landscape by weaponizing one of the most trusted file formats: PDFs. Marketed on cybercrime forums as an “elite document builder” for phishing simulations and blackteaming, MatrixPDF enables attackers to transform ordinary PDFs into highly convincing phishing lures that bypass email…

1
SANS Stormcast Wednesday, October 1st, 2025: Cookie Auth Issues; Western Digtial Command Injection; sudo exploited; 5:10

8d ago5:10

5:10

Sometimes you don t even need to log in Applications using simple, predictable cookies to verify a user s identity are still exploited, and relatively recent vulnerabilities are still due to this very basic mistake. https://isc.sans.edu/diary/%22user%3Dadmin%22.%20Sometimes%20you%20don%27t%20even%20need%20to%20log%20in./32334 Western Digital My Clo…

1
Asahi Brewery Cyberattack Halts Domestic Operations Across Japan 27:07

15d ago27:07

27:07

Asahi Group Holdings, Ltd.—the brewer behind some of the world’s most iconic beers, including Peroni and Grolsch—has been hit by a crippling cyberattack that froze its Japan-based operations. Ordering and shipping have been suspended, customer call centers and service desks are offline, and the company has been forced into damage control. While Asa…

1
Akira Ransomware Exploits SonicWall Flaw with Record-Breaking Speed 23:58

15d ago23:58

23:58

The Akira ransomware group has once again raised the stakes in cybercrime by exploiting a critical SonicWall vulnerability—CVE-2024-40766—to infiltrate corporate networks through SSL VPN accounts, even those secured with one-time password multi-factor authentication. Once inside, Akira’s affiliates execute one of the most dangerous tactics in moder…

1
Ex-Hacktivist “Sabu” Backs SafeHill’s $2.6M Bet on Continuous Threat Management 28:04

15d ago28:04

28:04

A new cybersecurity startup with an infamous name attached is making headlines. SafeHill—formerly known as Tacticly—has secured $2.6 million in pre-seed funding to accelerate the development of its continuous threat exposure management (CTEM) platform, SecureIQ. Designed to overcome the shortcomings of traditional, point-in-time penetration testing…

1
Jaguar Land Rover Cyberattack Fallout: £1.5B UK Bailout Sparks Fears of More Attacks 27:34

15d ago27:34

27:34

Jaguar Land Rover (JLR), one of the UK’s largest exporters and a key anchor of the nation’s automotive supply chain, has been brought to the brink by a devastating cyberattack. With production lines halted, digital operations crippled, and a data breach confirmed, the UK government stepped in with a massive £1.5 billion support package to stabilize…

1
CISA’s Sunset Clause: What Happens if America’s Cyber Threat Shield Expires? 24:00

16d ago24:00

24:00

The Cybersecurity Information Sharing Act (CISA), first enacted in 2015, is facing a critical expiration deadline in September 2025. Without reauthorization, the law that shields companies from liability when sharing cyber threat data with the federal government and industry peers will vanish, leaving organizations exposed to lawsuits and reputatio…

1
SANS Stormcast Tuesday, September 30th, 2025: Apple Patch; PAN Global Protect Scans; SSL.com signed malware 5:06

9d ago5:06

5:06

Apple Patches Apple released patches for iOS, macOS, and visionOS, fixing a single font parsing vulnerability https://isc.sans.edu/diary/Apple%20Patches%20Single%20Vulnerability%20CVE-2025-43400/32330 Increase in Scans for Palo Alto Global Protect Vulnerability (CVE-2024-3400). Our honeypots detected an increase in scans for a Palo Alto Global Prot…

1
Crypto Theft on macOS: XCSSET Malware Swaps Wallet Addresses in Real Time 23:49

16d ago23:49

23:49

A new and more dangerous variant of the XCSSET macOS malware has been uncovered by Microsoft, revealing an expanded arsenal of capabilities aimed at financial theft and deeper system compromise. Originally known for spreading through malicious Xcode projects, XCSSET has steadily evolved into one of the most persistent malware families targeting App…

1
Nine High-Severity Vulnerabilities Expose Cognex Legacy Cameras to Cyber Threats 26:21

16d ago26:21

26:21

Cybersecurity researchers at Nozomi Networks have uncovered nine high-severity vulnerabilities in several older models of Cognex industrial cameras, including the widely deployed In-Sight 2000, 7000, 8000, and 9000 series. These machine vision systems are vital for modern manufacturing—guiding robots, inspecting products, and ensuring quality contr…

1
Microsoft Cuts Services to Israeli Military Unit After Surveillance Revelations 28:39

16d ago28:39

28:39

Microsoft has taken the unprecedented step of cutting off services to an Israeli military unit after internal and external investigations revealed its cloud and AI products were being used for mass surveillance of Palestinians in Gaza and the West Bank. This dramatic reversal came only after sustained reporting by The Associated Press and The Guard…

1
Ghana, Senegal, Ivory Coast at the Center of Interpol’s Multi-Nation Cybercrime Takedown 27:23

16d ago27:23

27:23

Interpol has announced the results of a sweeping cybercrime operation across 14 African nations, leading to the arrest of 260 individuals behind romance scams and sextortion schemes. The crackdown, conducted in July and August, exposed the alarming scale of digital exploitation sweeping the continent. Victims—more than 1,400 in total—were deceived,…

1
Harrods Data Breach Exposes Customer Details in Third-Party Hack 22:17

17d ago22:17

22:17

Britain is facing a troubling wave of cyberattacks that has shaken some of its most high-profile organizations. Harrods, the world-renowned luxury retailer, confirmed that customer names and contact details were compromised after attackers infiltrated a third-party vendor’s system. While account passwords and payment data were spared, the breach hi…

1
SANS Stormcast Monday, September 29th, 2025: Convert Timestamps; Cisco Compromises; GitHub Notification Phishing 8:36

10d ago8:36

8:36

Converting Timestamps in .bash_history Unix shells offer the ability to add timestamps to commands in the .bash_history file. This is often done in the form of Unix timestamps. This new tool converts these timestamps into a more readable format. https://isc.sans.edu/diary/New%20tool%3A%20convert-ts-bash-history.py/32324 Cisco ASA/FRD Compromises Ex…

1
SANS Stormcast Friday, September 26th, 2025: Webshells in .well-known; Critical Cisco Vulns Exploited; XCSSET Update; GoAnywhere MFT Exploit Details 6:52

14d ago6:52

6:52

Webshells Hiding in .well-known Places Our honeypots registered an increase in scans for URLs in the .well-known directory, which appears to be looking for webshells. https://isc.sans.edu/diary/Webshells%20Hiding%20in%20.well-known%20Places/32320 Cisco Patches Critical Exploited Vulnerabilities Cisco released updates addressing already-exploited vu…

1
SANS Stormcast Thursday, September 25th, 2025: Hikvision Exploits; Cisco Patches; Sonicawall Anit-Rootkit Patch; Windows 10 Support 5:33

14d ago5:33

5:33

Exploit Attempts Against Older Hikvision Camera Vulnerability Out honeypots observed an increase in attacks against some older Hikvision issues. A big part of the problem is weak passwords, and the ability to send credentials as part of the URL. https://isc.sans.edu/diary/Exploit%20Attempts%20Against%20Older%20Hikvision%20Camera%20Vulnerability/323…

1
SANS Stormcast Wednesday, September 24th, 2025: DoS against the Analyst; GitHub Improvements; Solarwinds and Supermicro BMC vulnerabilities 7:22

22d ago7:22

7:22

Distracting the Analyst for Fun and Profit Our undergraduate intern, Tyler House analyzed what may have been a small DoS attack that was likely more meant to distract than to actually cause a denial of service https://isc.sans.edu/diary/%5BGuest%20Diary%5D%20Distracting%20the%20Analyst%20for%20Fun%20and%20Profit/32308 GitHub s plan for a more secur…

1
Steam Game BlockBlasters Turns Malicious, Drains $150K in Crypto 29:37

22d ago29:37

29:37

What happens when a trusted gaming platform becomes a weapon for cybercriminals? That’s exactly what unfolded with BlockBlasters, a free-to-play platformer on Steam that turned from harmless fun into a malicious cryptocurrency-draining scheme. For nearly two months, BlockBlasters appeared safe, even earning “Very Positive” reviews. But in late Augu…

1
Beyond the Inbox: The Rising Threat of Non-Email Phishing Attacks 26:15

22d ago26:15

26:15

Phishing is no longer just an email problem. A new wave of non-email phishing attacks is targeting employees through social media, instant messaging apps, SMS, malicious search engine ads, and even collaboration tools like Slack and Teams. These campaigns are designed to bypass traditional defenses—leaving organizations exposed while attackers expl…

1
Stellantis Data Breach Exposes Contact Info in Third-Party Provider Attack 24:09

22d ago24:09

24:09

Automotive giant Stellantis, the world’s fifth-largest automaker, has confirmed a data breach affecting its North American customers after attackers compromised a third-party service provider’s platform. While no financial data was exposed, the company acknowledged that customer contact details were stolen, prompting advisories to remain vigilant a…

1
HoundBytes Launches WorkHorse to Eliminate SOC Tier 1 Bottlenecks 20:34

22d ago20:34

20:34

Cybersecurity firm HoundBytes has officially launched WorkHorse, an automated security analyst designed to solve one of the biggest pain points in modern Security Operations Centers (SOCs): the Tier 1 bottleneck. Overwhelmed by a constant flood of raw alerts, Tier 1 analysts often suffer from burnout and slow triage times, putting organizations at …

1
Toronto’s Mycroft Raises $3.5M to Bring AI Security Officers to Startups 29:58

23d ago29:58

29:58

Toronto-based cybersecurity startup Mycroft has stepped out of stealth with a bold promise: to give startups and small-to-midsize businesses (SMBs) the kind of enterprise-grade security typically reserved for Fortune 500 companies. Acting as an AI-powered “Security and Compliance Officer,” Mycroft deploys autonomous AI agents that manage an organiz…

1
SANS Stormcast Tuesday, September 23rd, 2025: Ivanti EPMM Exploit; GitHub Impersonation 4:49

23d ago4:49

4:49

CISA Reports Ivanti EPMM Exploit Sightings Two different organizations submitted backdoors to CISA, which are believed to have been installed using Ivanti vulnerabilities patched in May. https://www.cisa.gov/news-events/analysis-reports/ar25-261a Lastpass Observes Impersonation on GitHub Lastpass noted a number of companies being impersonated via f…

1
FBI Issues Guidance as Fraudsters Pose as IC3 to Extort Victims 10:29

23d ago10:29

10:29

The FBI has issued a warning to the public about a cyber campaign impersonating the Internet Crime Complaint Center (IC3), using spoofed websites to trick victims into handing over sensitive information and money. Between December 2023 and February 2025, the agency received more than 100 reports of malicious activity tied to fake IC3 domains. Threa…

1
Fraudulent GitHub Repos Spread Atomic Stealer Malware Targeting macOS Users 22:08

23d ago22:08

22:08

A new cyber campaign is actively targeting macOS users with the Atomic Stealer (AMOS) malware, leveraging fake GitHub repositories disguised as legitimate software downloads. Security researchers tracking the campaign report that the operators are impersonating trusted brands such as LastPass, 1Password, Dropbox, Notion, and Shopify to lure unsuspe…