SANS Archives Page 2 of 462 | Cyberthreat Blog from Fortify24x7

AutoIT3 Compiled Scripts Dropping Shellcodes, (Fri, Dec 5th)

by Cyberthreat Blog | Dec 4, 2025 | SANS ISC Bulletins | 0 |

AutoIT3[1] is a powerful language that helps to built nice applications for Windows environments,...

Nation-State Attack or Compromised Government? [Guest Diary], (Thu, Dec 4th)

by Cyberthreat Blog | Dec 3, 2025 | SANS ISC Bulletins | 0 |

[This is a Guest Diary by Jackie Nguyen, an ISC intern as part of the SANS.edu BACS program] The...

Attempts to Bypass CDNs, (Wed, Dec 3rd)

by Cyberthreat Blog | Dec 3, 2025 | SANS ISC Bulletins | 0 |

Currently, in order to provide basic DDoS protection and filter aggressive bots, some form of Content Delivery Network (CDN) is usually the simplest and most cost-effective way to protect a web application. In a typical setup,...

[Guest Diary] Hunting for SharePoint In-Memory ToolShell Payloads, (Tue, Dec 2nd)

by Cyberthreat Blog | Dec 1, 2025 | SANS ISC Bulletins | 0 |

[This is a Guest Diary by James Woodworth, an ISC intern as part of the SANS.edu Bachelor’s...

Conflicts between URL mapping and URL based access control., (Mon, Nov 24th)

by Cyberthreat Blog | Nov 24, 2025 | SANS ISC Bulletins | 0 |

We continue to encounter high-profile vulnerabilities that relate to how URL mapping (or “aliases”) interac|zsh:1: parse error near `&’ ts with URL-based access control. Last week, we wrote about the Oracle...

Wireshark 4.4.1 Released, (Sun, Nov 23rd)

by Cyberthreat Blog | Nov 23, 2025 | SANS ISC Bulletins | 0 |

Wireshark release 4.6.1 fixes 2 vulnerabilities and 20 bugs. Didier Stevens Senior handler blog.DidierStevens.com (c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United...

YARA-X 1.10.0 Release: Fix Warnings, (Sun, Nov 23rd)

by Cyberthreat Blog | Nov 23, 2025 | SANS ISC Bulletins | 0 |

YARA-X’s 1.10.0 release brings a new command: fix warnings. If you have a rule that would...

Use of CSS stuffing as an obfuscation technique?, (Fri, Nov 21st)

by Cyberthreat Blog | Nov 21, 2025 | SANS ISC Bulletins | 0 |

From time to time, it can be instructive to look at generic phishing messages that are delivered...

Oracle Identity Manager Exploit Observation from September (CVE-2025-61757), (Thu, Nov 20th)

by Cyberthreat Blog | Nov 20, 2025 | SANS ISC Bulletins | 0 |

Searchlight Cyber today released a blog detailing CVE-2025-61757, a vulnerability they reported to Oracle. Oracle released a patch for the vulnerability as part of its October Critical Patch Update, which was released on October...

Unicode: It is more than funny domain names., (Wed, Nov 12th)

by Cyberthreat Blog | Nov 19, 2025 | SANS ISC Bulletins | 0 |

When people discuss the security implications of Unicode, International Domain Names (IDNs) are often highlighted as a risk. However, while visible and often talked about, IDNs are probably not what you should really worry about...

KongTuke activity, (Tue, Nov 18th)

by Cyberthreat Blog | Nov 17, 2025 | SANS ISC Bulletins | 0 |

Introduction Today’s diary is an example of KongTuke activity using fake CAPTCHA pages for a...

Decoding Binary Numeric Expressions, (Mon, Nov 17th)

by Cyberthreat Blog | Nov 16, 2025 | SANS ISC Bulletins | 0 |

In diary entry “Formbook Delivered Through Multiple Scripts”, Xavier mentions that the following line: Nestlers= array(79+1,79,80+7,60+9,82,83,72,69,76,76) decodes to the string POWERSHELL. My tool numbers-to-hex.py...

Tag: SANS