notification Archives | Cyberthreat Blog from Fortify24x7

Honeypot: Requests for (Code) Repositories, (Sat, Nov 8th)

by Cyberthreat Blog | Nov 7, 2025 | SANS ISC Bulletins | 0 |

This is just a quick diary entry to report that I saw requests on my honeypot for (code) repositories: /.git/logs/refs/remotes/origin/main /.git/objects/info /.github /.github/dependabot.yml /.github/funding.yml...

VU#263614: Vulnerability in expr-eval JavaScript library can lead to remote code execution.

by Cyberthreat Blog | Nov 7, 2025 | CERT-Vulnerabilities | 0 |

Overview The npm package expr-eval is a JavaScript library that evaluates mathematical expressions and is used in various applications, including NLP and AI. A vulnerability in this library has been disclosed that could allow...

Binary Breadcrumbs: Correlating Malware Samples with Honeypot Logs Using PowerShell [Guest Diary], (Wed, Nov 5th)

by Cyberthreat Blog | Nov 5, 2025 | SANS ISC Bulletins | 0 |

[This is a Guest Diary by David Hammond, an ISC intern as part of the SANS.edu BACS program] My...

Updates to Domainname API, (Wed, Nov 5th)

by Cyberthreat Blog | Nov 5, 2025 | SANS ISC Bulletins | 0 |

For several years, we have offered a “new domain” list of recently registered (or, more accurately, recently discovered) domains. This list is offered via our API (https://isc.sans.edu/api). However, the size of the...

Apple Patches Everything, Again, (Tue, Nov 4th)

by Cyberthreat Blog | Nov 4, 2025 | SANS ISC Bulletins | 0 |

Apple released its expected set of operating system upgrades. This is a minor feature upgrade that also includes fixes for 110 different vulnerabilities. As usual for Apple, many of the vulnerabilities affect multiple operating...

XWiki SolrSearch Exploit Attempts (CVE-2025-24893) with link to Chicago Gangs/Rappers, (Mon, Nov 3rd)

by Cyberthreat Blog | Nov 3, 2025 | SANS ISC Bulletins | 0 |

XWiki describes itself as “The Advanced Open-Source Enterprise Wiki” and considers...

Scans for Port 8530/8531 (TCP). Likely related to WSUS Vulnerability CVE-2025-59287, (Sun, Nov 2nd)

by Cyberthreat Blog | Nov 2, 2025 | SANS ISC Bulletins | 0 |

Sensors reporting firewall logs detected a significant increase in scans for port 8530/TCP and...

X-Request-Purpose: Identifying “research” and bug bounty related scans?, (Thu, Oct 30th)

by Cyberthreat Blog | Oct 30, 2025 | SANS ISC Bulletins | 0 |

This week, I noticed some new HTTP request headers that I had not seen before: X-Request-Purpose:...

How to collect memory-only filesystems on Linux systems, (Wed, Oct 29th)

by Cyberthreat Blog | Oct 28, 2025 | SANS ISC Bulletins | 0 |

I’ve been doing Unix/Linux IR and Forensics for a long time. I logged into a Unix system for...

VU#517845: Authenticated SMTP users may spoof other identities due to ambiguous “From” header interpretation

by Cyberthreat Blog | Oct 28, 2025 | CERT-Vulnerabilities | 0 |

Overview Email message header syntax can be exploited to bypass authentication protocols such as SPF, DKIM, and DMARC. These exploits enable attackers to deliver spoofed emails that appear to originate from trusted sources....

A phishing with invisible characters in the subject line, (Tue, Oct 28th)

by Cyberthreat Blog | Oct 28, 2025 | SANS ISC Bulletins | 0 |

While reviewing malicious messages that were delivered to our handler inbox over the past few...

Bytes over DNS, (Mon, Oct 27th)

by Cyberthreat Blog | Oct 27, 2025 | SANS ISC Bulletins | 0 |

I was intrigued when Johannes talked about malware that uses BASE64 over DNS to communicate. Take...

Tag: notification