Scaling Open Source Observability and Managing Risk in the Software Supply Chain – Avi Press In this episode of the Security Repo Podcast, Avi Press, founder and CEO of Scarf, dives deep into the evolving world of open source observability and its intersection with security. He unpacks how better visibility into software usage can inform both defen…

Cryptocurrency Scam Emails and Web Pages As We Enter 2026 Scam emails are directing victims to confidence scams attempting to steal cryptocurrencies. https://isc.sans.edu/diary/Cryptocurrency%20Scam%20Emails%20and%20Web%20Pages%20As%20We%20Enter%202026/32594 Debugging DNS response times with tshark tshark is a powerful tool to debug DNS timing issu…

The stories that defined 2025, the themes to watch in 2026. Ryan Knutson and Jessica Mendoza hear from top editors across the paper. Plus, Ryan's bold proposal to switch Christmas and Valentine's Day. Thanks for listening to the show in 2025. We’ll see you in 2026! Listen to Ryan and Jess’s playlist of their Greatest Hits of 2025. Learn more about …

MongoDB Unauthenticated Attacker Sensitive Memory Leak CVE-2025-14847 Over the Christmas holiday, MongoDB patched a sensitive memory leak vulnerability that is now actively being exploited https://www.mongodb.com/community/forums/t/important-mongodb-patch-available/332977 https://github.com/mongodb/mongo/commit/505b660a14698bd2b5233bd94da3917b585c5…

According to a WSJ analysis, the epicenter for Stand Your Ground killings is in the state where the laws were first enacted: Florida. From 2021 through 2024, the Jacksonville area had a larger share of its homicides classified as justifiable killings by civilians than any U.S. city or county with a population greater than 500,000. WSJ’s Hannah Crit…

Federal officials say Chinese money launderers moved more than $300 billion in illicit transactions through U.S. banks and other financial institutions in recent years. WSJ’s Dylan Tokar explores the rise of these highly lucrative schemes and former federal prosecutor Julie Shemitz takes us inside the federal investigation to bring them down. Ryan …

DLLs & TLS Callbacks As a follow-up to last week's diary about DLL Entrypoints, Didier is looking at TLS ( Thread Local Storage ) and how it can be abused. https://isc.sans.edu/diary/DLLs%20%26%20TLS%20Callbacks/32580 FreeBSD Remote code execution via ND6 Router Advertisements A critical vulnerability in FreeBSD allows for remote code execution. Bu…

How did the U.S. economy do in 2025? With unemployment ticking up, tariffs shaking up global trade and the stock market booming, it has been hard to make sense of it all. Ryan Knutson talks with three WSJ economics reporters–Justin Lahart, Rachel Wolfe and Jeanne Whalen– about the state of the economy as we wrap up the year, and about what to expec…

Hi everyone, It's Dwayne, host of the security repo podcast. The show is taking a 2-week break over the holidays to give you a chance to catch up on our backlog of security conversations. Our next new episode premieres January 7th, 2026. It's one to look forward to. And I wanted to say a huge thank you to each and every one of our listeners and sub…

Positive trends related to public IP range from the year 2025 Fewer ICS systems, as well as fewer systems with outdated SSL versions, are exposed to the internet than before. The trend isn t quite clean for ISC, but SSL2 and SSL3 systems have been cut down by about half. https://isc.sans.edu/diary/Positive%20trends%20related%20to%20public%20IP%20ra…

After a historic church in the heart of Nashville was taken over by a businessman, the family of the church’s original founder, including Christian pop star Amy Grant, says the building was “steeple-jacked.” The businessman leading the church denies the allegations. WSJ’s Cameron McWhirter explains to Ryan Knutson why many American churches are vul…

Maybe a Little Bit More Interesting React2Shell Exploit Attackers are branching out to attack applications that initial exploits may have missed. The latest wave of attacks is going after less common endpoints and attempting to exploit applications that do not have Next.js exposed. https://isc.sans.edu/diary/Maybe%20a%20Little%20Bit%20More%20Intere…

Cloud seeding is a decades-old rain-making technology, and it’s making a comeback in drought-stricken western states. Utah is partnering with a startup called Rainmaker as they try to stabilize the Great Salt Lake, assisted by drones and AI. But those efforts are colliding with weather conspiracy theories that have only gotten more persistent after…

In this episode of the Security Repo Podcast, Douglas Brush, digital forensics expert and self-proclaimed "CISO Whisperer," shares his journey from early IT consulting to guiding CISOs and boards through complex security decisions. He breaks down his “Dad Bod Security” framework, connecting personal health metrics to meaningful cybersecurity goals,…

Beyond RC4 for Windows authentication Microsoft outlined its transition plan to move away from RC4 for authentication and published guidance and tools to facilitate this change. https://www.microsoft.com/en-us/windows-server/blog/2025/12/03/beyond-rc4-for-windows-authentication FortiCloud SSO Login Vuln Exploited Arctic Wolf observed exploit attemp…

Risky investing strategies are on the rise, and Robinhood’s CEO Vlad Tenev is leading the charge. He’s built the company’s trading app not just to buy and sell ordinary stocks, but to make it easier to invest in more exotic financial products. WSJ’s Hannah Erin Lang profiles Tenev and explores the extraordinary success his company has had over the …

More React2Shell Exploits CVE-2025-55182 Our honeypots continue to detect numerous React2Shell variants. Some using slightly modified exploits https://isc.sans.edu/diary/More%20React2Shell%20Exploits%20CVE-2025-55182/32572 The Fragile Lock: Novel Bypasses For SAML Authentication SAML is a tricky protocol to implement correctly, in particular if dif…

Compass CEO Robert Reffkin wants to change the way Americans buy and sell homes by encouraging sellers to list their homes privately when they first hit the market. That strategy is challenging companies like Zillow, which have made information about home listings accessible to buyers. WSJ’s Nicole Friedman explains why Compass wants to overhaul th…

Abusing DLLs EntryPoint for the Fun DLLs will not just execute code when some of their functions are called, but also as they are loaded. https://isc.sans.edu/diary/Abusing%20DLLs%20EntryPoint%20for%20the%20Fun/32562 Apple Patches Everything: December 2025 Edition Apple released patches for all of its operating systems, fixing two already exploited…

While some viewers complain that AI-generated ads look uncanny, brands like Coca-Cola are making them anyway. WSJ’s Katie Deighton explains how Coke remade their iconic “Holidays Are Coming” ad with artificial intelligence, and what that signals for the ad industry’s future. Jessica Mendoza hosts. Further Listening: - The Era of AI Layoffs Has Begu…

Using AI Gemma 3 Locally with a Single CPU Installing AI models on modes hardware is possible and can be useful to experiment with these models on premise https://isc.sans.edu/diary/Using%20AI%20Gemma%203%20Locally%20with%20a%20Single%20CPU%20/32556 Mystery Google Chrome 0-Day Vulnerability Google released an update for Google Chrome fixing a vulne…

OpenAI kickstarted the AI race, but is it now at risk of falling behind Google? As the company behind ChatGPT releases its latest update to fend off Google's Gemini, WSJ’S Berber Jin explains OpenAI CEO Sam Altman's urgent "code red" memo to all employees and why the strategy will come at a cost. Jessica Mendoza hosts. Further Listening: - Is the A…

Possible exploit variant for CVE-2024-9042 (Kubernetes OS Command Injection) We observed HTTP requests with our honeypot that may be indicative of a new version of an exploit against an older vulnerability. Help us figure out what is going on. https://isc.sans.edu/diary/Possible%20exploit%20variant%20for%20CVE-2024-9042%20%28Kubernetes%20OS%20Comma…

Starting next year, babies born from 2025 to 2028 can receive $1,000 to start investment accounts. The initiative has gotten corporate America excited, with financial institutions vying for a role in the program, and philanthropists like Dell Technologies CEO Michael Dell pledging billions of dollars in donations. WSJ’s Alexander Saeedy unpacks how…

Microsoft Patch Tuesday Microsoft released its regular monthly patch on Tuesday, addressing 57 flaws. https://isc.sans.edu/diary/Microsoft%20Patch%20Tuesday%20December%202025/32550 Adobe Patches Adobe patched five products. The remote code execution in ColdFusion, as well as the code execution issue in Acrobat, will very likely see exploits soon. h…

Earlier this year, OpenAI and chip-designer Advanced Micro Devices, or AMD, announced a multibillion-dollar partnership to collaborate on AI data centers that will run on AMD processors, one of the most direct challenges yet to industry leader Nvidia. WSJ’s Robbie Whelan spoke to the CEO of AMD Lisa Su about the deal, her company and the prospect o…

nanoKVM Vulnerabilities The nanoKVM device updates firmware insecurely; however, the microphone that the authors of the advisory referred to as undocumented may actually be documented in the underlying hardware description. https://www.tomshardware.com/tech-industry/cyber-security/researcher-finds-undocumented-microphone-and-major-security-flaws-in…

This morning, Paramount Skydance launched a $77.9 billion hostile takeover offer for Warner Bros. Discovery. It occurred just days after Warner had agreed to a $72 billion deal with Netflix. WSJ’s Joe Flint reports on the twists and turns of the battle to control Warner and, if Netflix succeeds, how it would change Hollywood. Ryan Knutson hosts. Fu…

AutoIT3 Compiled Scripts Dropping Shellcodes Malicious AutoIT3 scripts are usign the FileInstall function to include additional scripts at compile time that are dropped as temporary files during execution. https://isc.sans.edu/diary/AutoIT3%20Compiled%20Scripts%20Dropping%20Shellcodes/32542 React2Shell Update The race is on to patch vulnerable syst…

The Kremlin pitched the White House on peace in Ukraine through business deals. To Europe’s dismay, President Trump and his envoy are on board. WSJ’s Drew Hinshaw and Joe Parkinson take us inside the Trump administration's new approach to diplomacy with Russia and how it could shake up the U.S.'s longstanding alliances. Jessica Mendoza hosts. Furth…

Nation-State Attack or Compromised Government? [Guest Diary] An IP address associated with the Indonesian Government attacked one of our interns' honeypots. https://isc.sans.edu/diary/Nation-State%20Attack%20or%20Compromised%20Government%3F%20%5BGuest%20Diary%5D/32536 React Update Working exploits for the React vulnerability patched yesterday are n…

The U.S. wine industry hasn’t had it this bad since Prohibition. WSJ’s Laura Cooper reports from Sonoma County, California, a major region for American wine production, on why growers are drowning in unsold grapes, shrinking demand and trade-war fallout. Jessica Mendoza hosts. Further Listening: - Who Wants Non-Alcoholic Beer? Everyone, Apparently.…

Attempts to Bypass CDNs Our honeypots recently started receiving scans that included CDN specific headers. https://isc.sans.edu/diary/Attempts%20to%20Bypass%20CDNs/32532 React Vulnerability CVE-2025-55182 React patched a critical vulnerability in React server components. Exploitation is likely imminent. https://react.dev/blog/2025/12/03/critical-se…

As part of a year-long investigation, WSJ’s Shalini Ramachandran and Betsy McKay have been reporting on two of the most commonly prescribed psychiatric medications in America: benzodiazepines and antidepressants. These drugs weren’t intended for long-term use, but some Americans end up on them for years. Betsy and Shalini spoke to many patients who…