SANS ISC Bulletins Archives Page 59 of 459 | Cyberthreat Blog from Fortify24x7

SANS Holiday Hack Challenge 2025, (Sun, Nov 16th)

by Cyberthreat Blog | Nov 15, 2025 | SANS ISC Bulletins | 0 |

The SANS Holiday Hack Challenge™ 2025 is available. (c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

Honeypot: FortiWeb CVE-2025-64446 Exploits, (Sat, Nov 15th)

by Cyberthreat Blog | Nov 15, 2025 | SANS ISC Bulletins | 0 |

Like many have reported, we too noticed exploit attempts for CVE-2025-64446 in our honeypots. These are POST requests to this path: With this User Agent String: And this is the data of the POST request: This creates a new admin...

Microsoft Office Russian Dolls, (Fri, Nov 14th)

by Cyberthreat Blog | Nov 14, 2025 | SANS ISC Bulletins | 0 |

You probably know what are the Russian or Matryoshka dolls. It’s a set of wooden dolls of...

Formbook Delivered Through Multiple Scripts, (Thu, Nov 13th)

by Cyberthreat Blog | Nov 13, 2025 | SANS ISC Bulletins | 0 |

When I’m teachning FOR610[1], I always say to my students that reverse engineering does not only...

SmartApeSG campaign uses ClickFix page to push NetSupport RAT, (Wed, Nov 12th)

by Cyberthreat Blog | Nov 12, 2025 | SANS ISC Bulletins | 0 |

Introduction This diary describes a NetSupport RAT infection I generated in my lab from the...

Microsoft Patch Tuesday for November 2025, (Tue, Nov 11th)

by Cyberthreat Blog | Nov 11, 2025 | SANS ISC Bulletins | 0 |

Today’s Microsoft Patch Tuesday offers fixes for 80 different vulnerabilities. One of the vulnerabilities is already being exploited, and five are rated as critical. Notable Vulnerabilities: %%cve:2025-62215%%: This...

It isn’t always defaults: Scans for 3CX usernames, (Mon, Nov 10th)

by Cyberthreat Blog | Nov 10, 2025 | SANS ISC Bulletins | 0 |

Today, I noticed scans using the username “FTP_3cx” showing up in our logs. 3CX is a well-known maker of business phone system software [1]. My first guess was that this was a default user for one of their systems....

Honeypot: Requests for (Code) Repositories, (Sat, Nov 8th)

by Cyberthreat Blog | Nov 7, 2025 | SANS ISC Bulletins | 0 |

This is just a quick diary entry to report that I saw requests on my honeypot for (code) repositories: /.git/logs/refs/remotes/origin/main /.git/objects/info /.github /.github/dependabot.yml /.github/funding.yml...

Binary Breadcrumbs: Correlating Malware Samples with Honeypot Logs Using PowerShell [Guest Diary], (Wed, Nov 5th)

by Cyberthreat Blog | Nov 5, 2025 | SANS ISC Bulletins | 0 |

[This is a Guest Diary by David Hammond, an ISC intern as part of the SANS.edu BACS program] My...

Updates to Domainname API, (Wed, Nov 5th)

by Cyberthreat Blog | Nov 5, 2025 | SANS ISC Bulletins | 0 |

For several years, we have offered a “new domain” list of recently registered (or, more accurately, recently discovered) domains. This list is offered via our API (https://isc.sans.edu/api). However, the size of the...

Apple Patches Everything, Again, (Tue, Nov 4th)

by Cyberthreat Blog | Nov 4, 2025 | SANS ISC Bulletins | 0 |

Apple released its expected set of operating system upgrades. This is a minor feature upgrade that also includes fixes for 110 different vulnerabilities. As usual for Apple, many of the vulnerabilities affect multiple operating...

XWiki SolrSearch Exploit Attempts (CVE-2025-24893) with link to Chicago Gangs/Rappers, (Mon, Nov 3rd)

by Cyberthreat Blog | Nov 3, 2025 | SANS ISC Bulletins | 0 |

XWiki describes itself as “The Advanced Open-Source Enterprise Wiki” and considers...

Category: SANS ISC Bulletins