Share
Risky Business is a weekly information security podcast featuring news and in-depth interviews with industry luminaries. Launched in February 2007, Risky Business is a must-listen digest for information security pros. With a running time of approximately 50-60 minutes, Risky Business is pacy; a security podcast without the waffle.
…
continue reading
SANS Stormcast Wednesday, July 16th, 2025: ADS Keystroke Logger; Fake Homebrew; Broadcom Altiris RCE; Malicious Cursor AI Extensions
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
Manage episode 494709704 series 19634
Content provided by SANS ISC Handlers and Johannes B. Ullrich. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by SANS ISC Handlers and Johannes B. Ullrich or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://staging.podcastplayer.com/legal.
Keylogger Data Stored in an ADS
Xavier came across a keystroke logger that stores data in alternate data streams. The data includes keystroke logs as well as clipboard data
https://isc.sans.edu/diary/Keylogger%20Data%20Stored%20in%20an%20ADS/32108
Malvertising Homebrew
An attacker has been attempting to trick users into installing a malicious version of Homebrew. The fake software is advertised via paid Google ads and directs users to the attacker s GitHub repo.
https://medium.com/deriv-tech/brewing-trouble-dissecting-a-macos-malware-campaign-90c2c24de5dc
CVE-2025-5333: Remote Code Execution in Broadcom Altiris IRM
LRQA have discovered a critical unauthenticated remote code execution (RCE) vulnerability in the Broadcom Symantec Altiris Inventory Rule Management (IRM) component of Symantec Endpoint Management.
https://www.lrqa.com/en/cyber-labs/remote-code-execution-in-broadcom-altiris-irm/
Code highlighting with Cursor AI for $500,000
A syntax highlighting extension for Cursor AI was used to compromise a developer s workstation and steal $500,000 in cryptocurrency.
https://securelist.com/open-source-package-for-cursor-ai-turned-into-a-crypto-heist/116908/
…
continue reading
Xavier came across a keystroke logger that stores data in alternate data streams. The data includes keystroke logs as well as clipboard data
https://isc.sans.edu/diary/Keylogger%20Data%20Stored%20in%20an%20ADS/32108
Malvertising Homebrew
An attacker has been attempting to trick users into installing a malicious version of Homebrew. The fake software is advertised via paid Google ads and directs users to the attacker s GitHub repo.
https://medium.com/deriv-tech/brewing-trouble-dissecting-a-macos-malware-campaign-90c2c24de5dc
CVE-2025-5333: Remote Code Execution in Broadcom Altiris IRM
LRQA have discovered a critical unauthenticated remote code execution (RCE) vulnerability in the Broadcom Symantec Altiris Inventory Rule Management (IRM) component of Symantec Endpoint Management.
https://www.lrqa.com/en/cyber-labs/remote-code-execution-in-broadcom-altiris-irm/
Code highlighting with Cursor AI for $500,000
A syntax highlighting extension for Cursor AI was used to compromise a developer s workstation and steal $500,000 in cryptocurrency.
https://securelist.com/open-source-package-for-cursor-ai-turned-into-a-crypto-heist/116908/
3072 episodes
))
