SEC595: Applied Data Science and AI/Machine Learning for Cybersecurity Professionals

Experience SANS training through course previews.
Learn MoreLet us help.
Contact usBecome a member for instant access to our free resources.
Sign UpWe're here to help.
Contact UsISC provides a free analysis and warning service to thousands of Internet users and organizations, and is actively working with Internet Service Providers to fight back against the most malicious attackers. https://isc.sans.edu/about.html
Python InfoStealer with Embedded Phishing Webserver
Published: 2025-05-06
Last Updated: 2025-05-06 06:02:58 UTC
by Xavier Mertens (Version: 1)
Infostealers are everywhere for a while now. If this kind of malware is not aggressive, their impact can be much more impacting to the victim. Attackers need always more and more data to be sold or reused in deeper scenarios. A lot of infostealers are similar and have the following capabilities:
* Antidebugging and anti-VM capabilities
* Persistence
* Data scanner (credentials, cookies, wallets, "interesting" keyword in files, ...)
* Exfiltration
I found another malicious Python script that implements all these capabilities. Persistence is implemented via a Registry key and a scheduled task (always have a backup solution ;-) ), a keylogger is started, the clipboard content is captured, a screenshot is taken every minute. All data is exfiltrated to a Telegram channel, encrypted with the Fernet() module ...
Read the full entry:
https://isc.sans.edu/diary/Python+InfoStealer+with+Embedded+Phishing+Webserver/31924/
"Mirai" Now Exploits Samsung MagicINFO CMS (CVE-2024-7399)
Published: 2025-05-05
Last Updated: 2025-05-06 02:10:41 UTC
by Johannes Ullrich (Version: 1)
Last August, Samsung patched an arbitrary file upload vulnerability that could lead to remote code execution. The announcement was very sparse and did not even include affected systems:
SVP-AUG-2024
SVE-2024-50018(CVE-2024-7399)
Weakness : Improper limitation of a pathname to a restricted directory vulnerability in Samsung MagicINFO 9 Server allows attackers to write arbitrary file as system authority.
Patch information : The patch modifies verification logic of the input.
At around the same time, a CVE was assigned to the vulnerability: CVE-2024-7399. The NVD entry has a little bit more details. In particular, it identifies a legacy CMS distributed by Samsung, MagicINFO 9, as the vulnerable software:
Improper limitation of a pathname to a restricted directory vulnerability in Samsung MagicINFO 9 Server version before 21.1050 allows attackers to write arbitrary file as system authority.
Read the full entry:
https://isc.sans.edu/diary/Mirai+Now+Exploits+Samsung+MagicINFO+CMS+CVE20247399/31920/
Example of "Modular" Malware (2025.05.07)
https://isc.sans.edu/diary/Example+of+Modular+Malware/31928/
Steganography Challenge (2025.05.03)
https://isc.sans.edu/diary/Steganography+Challenge/31910/
Steganography Analysis With pngdump.py: Bitstreams (2025.05.01)
https://isc.sans.edu/diary/Steganography+Analysis+With+pngdumppy+Bitstreams/31904/
The list is assembled by pulling recent vulnerabilities from NIST NVD, Microsoft, Twitter mentions of vulnerabilities, ISC Diaries and Podcast, and the CISA list of known exploited vulnerabilities. There are also some unscored, but significant, vulnerabilities at the end. This includes vulnerabilities that have not been added to the NVD yet.
Product: SonicWall SSLVPN SMA100
CVSS Score: 0
** KEV since 2021-11-03 **
NVD:
https://nvd.nist.gov/vuln/detail/CVE-2021-20016
ISC Podcast:
Product: SonicWall SMA 500V Firmware
CVSS Score: 0
** KEV since 2025-05-01 **
NVD:
Product: Samsung MagicINFO 9 Server
CVSS Score: 0
NVD:
https://nvd.nist.gov/vuln/detail/CVE-2024-7399
ISC Diary:
https://isc.sans.edu/diary/31920
ISC Podcast:
Product: Multiple Apple products
CVSS Score: 9.8
NVD:
https://nvd.nist.gov/vuln/detail/CVE-2025-24252
NVD References:
-
https://support.apple.com/en-us/122371
-
https://support.apple.com/en-us/122372
-
https://support.apple.com/en-us/122373
-
https://support.apple.com/en-us/122374
-
https://support.apple.com/en-us/122375
-
https://support.apple.com/en-us/122377
-
Product: Mozilla Firefox and Thunderbird
CVSS Score: 9.1
NVD:
https://nvd.nist.gov/vuln/detail/CVE-2025-4083
NVD References:
-
https://bugzilla.mozilla.org/show_bug.cgi?id=1958350
-
https://www.mozilla.org/security/advisories/mfsa2025-28/
-
https://www.mozilla.org/security/advisories/mfsa2025-29/
-
https://www.mozilla.org/security/advisories/mfsa2025-30/
-
https://www.mozilla.org/security/advisories/mfsa2025-31/
-
Product: Slims (Senayan Library Management Systems)
CVSS Score: 9.8
NVD:
Product: Coresmartcontracts Uniswap
CVSS Score: 9.8
NVD:
https://nvd.nist.gov/vuln/detail/CVE-2025-25962
NVD References:
-
https://github.com/CVEProject/docs/blob/gh-pages/requester/reservation-guidelines.md
-
Product: YesWiki
CVSS Score: 10.0
NVD:
https://nvd.nist.gov/vuln/detail/CVE-2025-46348
NVD References:
-
https://github.com/YesWiki/yeswiki/commit/0d4efc880a727599fa4f6d7a64cc967afe475530
-
https://github.com/YesWiki/yeswiki/security/advisories/GHSA-wc9g-6j9w-hr95
Product: vLLM
CVSS Score: 10.0
NVD:
https://nvd.nist.gov/vuln/detail/CVE-2025-32444
NVD References:
-
https://github.com/vllm-project/vllm/security/advisories/GHSA-hj4w-hm2g-p6w5
-
https://github.com/vllm-project/vllm/security/advisories/GHSA-x3m8-f7g5-qhm7
Product: PHPGurukul Park Ticketing Management System v2.0
CVSS Score: 9.8
NVD:
https://nvd.nist.gov/vuln/detail/CVE-2025-45017
NVD:
https://nvd.nist.gov/vuln/detail/CVE-2025-45018
NVD:
https://nvd.nist.gov/vuln/detail/CVE-2025-45019
NVD References:
-
-
-
Product: XWiki Platform
CVSS Score: 9.0
NVD:
https://nvd.nist.gov/vuln/detail/CVE-2025-32973
NVD References:
-
https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-x7wv-5qg4-vmr6
-
Product: XWiki Platform
CVSS Score: 9.0
NVD:
https://nvd.nist.gov/vuln/detail/CVE-2025-32974
NVD References:
-
https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-mvgm-3rw2-7j4r
-
Product: XWiki Contrib Syntax Markdown
CVSS Score: 9.0
NVD:
https://nvd.nist.gov/vuln/detail/CVE-2025-46558
NVD References:
-
https://github.com/xwiki-contrib/syntax-markdown/security/advisories/GHSA-8g2j-rhfh-hq3r
-
Product: Azure
CVSS Score: 9.9
NVD:
https://nvd.nist.gov/vuln/detail/CVE-2025-30390
NVD References:
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-30390
Product: Azure Bot Framework SDK
CVSS Score: 9.8
NVD:
https://nvd.nist.gov/vuln/detail/CVE-2025-30392
NVD References:
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-30392
Product: SourceCodester Simple Barangay Management System v1.0
CVSS Score: 9.8
NVD:
Product: Ladybird LibJS
CVSS Score: 9.0
NVD:
https://nvd.nist.gov/vuln/detail/CVE-2025-47154
NVD References:
-
https://jessie.cafe/posts/pwning-ladybirds-libjs/
-
Product: ADOdb PHP database class library
CVSS Score: 10.0
NVD:
https://nvd.nist.gov/vuln/detail/CVE-2025-46337
NVD References:
-
https://github.com/ADOdb/ADOdb/issues/1070
-
https://github.com/ADOdb/ADOdb/security/advisories/GHSA-8x27-jwjr-8545
Product: KUNBUS Revolution Pi OS Bookworm
CVSS Score: 10.0
NVD:
https://nvd.nist.gov/vuln/detail/CVE-2025-24522
NVD References:
-
http://packages.revolutionpi.de/pool/main/p/pictory/
-
https://www.cisa.gov/news-events/ics-advisories/icsa-25-121-01
Product: KUNBUS PiCtory
CVSS Score: 9.8
NVD:
https://nvd.nist.gov/vuln/detail/CVE-2025-32011
NVD References:
-
http://packages.revolutionpi.de/pool/main/p/pictory/
-
https://www.cisa.gov/news-events/ics-advisories/icsa-25-121-01
Product: KUNBUS PiCtory
CVSS Score: 9.0
NVD:
https://nvd.nist.gov/vuln/detail/CVE-2025-35996
NVD References:
-
http://packages.revolutionpi.de/pool/main/p/pictory/
-
https://www.cisa.gov/news-events/ics-advisories/icsa-25-121-01
Product: Sematell ReplyOne
CVSS Score: 9.1
NVD:
https://nvd.nist.gov/vuln/detail/CVE-2024-48905
NVD References:
-
https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2024-082.txt
Product: Le-yan Le-show medical practice management system
CVSS Score: 9.8
NVD:
https://nvd.nist.gov/vuln/detail/CVE-2025-3708
NVD References:
-
https://www.twcert.org.tw/en/cp-139-10086-dbfd0-2.html
-
Product: Flowring Technology Agentflow
CVSS Score: 9.8
NVD:
https://nvd.nist.gov/vuln/detail/CVE-2025-3709
NVD References:
-
https://www.twcert.org.tw/en/cp-139-10090-112f7-2.html
-
Product: Mydata Informatics Ticket Sales Automation
CVSS Score: 9.8
NVD:
https://nvd.nist.gov/vuln/detail/CVE-2025-2812
NVD References:
Product: Honeywell MB-Secure
CVSS Score: 9.9
NVD:
https://nvd.nist.gov/vuln/detail/CVE-2025-2605
NVD References:
https://www.honeywell.com/us/en/product-security#security-notices
Product: Wavlink WL-WN530H4
CVSS Score: 9.8
NVD:
https://nvd.nist.gov/vuln/detail/CVE-2025-44868
NVD References:
https://github.com/Summermu/VulnForIoT/tree/main/Wavlink_WL-WN530H4/ping_test/readme.md
Product: Tenda AC9
CVSS Score: 9.8
NVD:
https://nvd.nist.gov/vuln/detail/CVE-2025-44872
NVD:
https://nvd.nist.gov/vuln/detail/CVE-2025-44877
NVD References:
-
https://github.com/Summermu/VulnForIoT/tree/main/Tenda_AC/AC9_formsetUsbUnload
-
https://github.com/Summermu/VulnForIoT/tree/main/Tenda_AC/AC9_formSetSambaConf
Product: Tenda AC9
CVSS Score: 9.8
NVD:
https://nvd.nist.gov/vuln/detail/CVE-2025-45042
NVD References:
https://github.com/Ghostsuzhijian/Iot-/blob/main/ac9_telnetd/rx3_telnetd.md
Product: WSO2 API Manager
CVSS Score: 9.1
NVD:
https://nvd.nist.gov/vuln/detail/CVE-2025-2905
NVD References:
Product: Output Messenger
CVSS Score: 9.8
NVD:
https://nvd.nist.gov/vuln/detail/CVE-2025-27920
NVD References:
-
https://www.outputmessenger.com/cve-2025-27920/
-
Product: kashipara Online Service Management Portal V1.0
CVSS Score: 9.8
NVD:
https://nvd.nist.gov/vuln/detail/CVE-2025-45322
NVD References:
Product: OpenCTI platform
CVSS Score: 9.1
NVD:
https://nvd.nist.gov/vuln/detail/CVE-2025-24977
NVD References:
https://github.com/OpenCTI-Platform/opencti/security/advisories/GHSA-mf88-g2wq-p7qm
Product: foxcms v1.2.5
CVSS Score: 9.1
NVD:
https://nvd.nist.gov/vuln/detail/CVE-2025-45238
NVD References:
-
https://gist.github.com/chao112122/27010786774f2bb584cc715fb027b95c
-
Product: Google Chrome
CVSS Score: 9.8
NVD:
https://nvd.nist.gov/vuln/detail/CVE-2025-4052
NVD References:
-
https://chromereleases.googleblog.com/2025/04/stable-channel-update-for-desktop_29.html
-
Product: itranswarp v2.19
CVSS Score: 9.8
NVD:
https://nvd.nist.gov/vuln/detail/CVE-2025-45607
NVD References:
Product: hope-boot v1.0.0
CVSS Score: 9.8
NVD:
https://nvd.nist.gov/vuln/detail/CVE-2025-45611
NVD References:
Product: xmall v1.1
CVSS Score: 9.8
NVD:
https://nvd.nist.gov/vuln/detail/CVE-2025-45612
NVD References:
Product: yaoqishan v0.0.1-SNAPSHOT
CVSS Score: 9.8
NVD:
https://nvd.nist.gov/vuln/detail/CVE-2025-45615
NVD References:
Product: brcc v1.2.0
CVSS Score: 9.8
NVD:
https://nvd.nist.gov/vuln/detail/CVE-2025-45616
NVD References:
Product: SeaCMS v13.3
CVSS Score: 9.8
NVD:
https://nvd.nist.gov/vuln/detail/CVE-2025-44071
NVD References:
https://github.com/202110420106/CVE/blob/master/seacms/seacms_rce.md
Product: SeaCMS v13.3
CVSS Score: 9.8
NVD:
https://nvd.nist.gov/vuln/detail/CVE-2025-44072
NVD:
https://nvd.nist.gov/vuln/detail/CVE-2025-44074
NVD References:
-
https://github.com/202110420106/CVE/blob/master/seacms/seacms_manage_sql.md
-
https://github.com/202110420106/CVE/blob/master/seacms/seacms_topic_sql.md
Product: Kibana
CVSS Score: 9.1
NVD:
https://nvd.nist.gov/vuln/detail/CVE-2025-25014
NVD References:
https://discuss.elastic.co/t/kibana-8-17-6-8-18-1-or-9-0-1-security-update-esa-2025-07/377868
Product: Quarkus quarkus-security-webauthn
CVSS Score: 9.1
NVD:
https://nvd.nist.gov/vuln/detail/CVE-2024-12225
NVD References:
-
https://access.redhat.com/security/cve/CVE-2024-12225
-
https://bugzilla.redhat.com/show_bug.cgi?id=2330484
CVE-2025-27007 - Incorrect Privilege Assignment vulnerability in Brainstorm Force SureTriggers allows Privilege Escalation.This issue affects SureTriggers: from n/a through 1.0.82.
Product: Brainstorm Force SureTriggers
Active Installations: 100,000+
CVSS Score: 9.8
NVD:
https://nvd.nist.gov/vuln/detail/CVE-2025-27007
NVD References:
-
-
CVE-2025-3746 - The OTP-less one tap Sign in plugin for WordPress is vulnerable to privilege escalation and account takeover in versions 2.0.14 to 2.0.59, allowing unauthenticated attackers to change email addresses and reset passwords.
Product: WordPress OTP-less one tap Sign in plugin
Active Installations: This plugin has been closed as of April 30, 2025 and is not available for download. This closure is temporary, pending a full review.
CVSS Score: 9.8
NVD:
https://nvd.nist.gov/vuln/detail/CVE-2025-3746
NVD References:
-
https://plugins.trac.wordpress.org/browser/otpless/tags/2.0.59./includes/class-login.php
-
CVE-2025-3918 - The Job Listings plugin for WordPress is vulnerable to Privilege Escalation through unauthenticated attackers elevating their privileges by manipulating user roles.
Product: WordPress Job Listings plugin
Active Installations: This plugin has been closed as of May 1, 2025 and is not available for download. This closure is temporary, pending a full review.
CVSS Score: 9.8
NVD:
https://nvd.nist.gov/vuln/detail/CVE-2025-3918
NVD References:
-
-
https://wordpress.org/plugins/job-listings/#developers
-
CVE-2025-1909 - The BuddyBoss Platform Pro plugin for WordPress up to version 2.7.01 is vulnerable to authentication bypass through Apple OAuth, allowing unauthenticated attackers to impersonate any user with access to the email.
Product: BuddyBoss Platform Pro plugin for WordPress
Active Installations: Unknown. Update to version 2.7.10, or a newer patched version
CVSS Score: 9.8
NVD:
https://nvd.nist.gov/vuln/detail/CVE-2025-1909
NVD References:
-
https://www.buddyboss.com/resources/buddyboss-platform-pro-releases/
-
https://www.buddyboss.com/resources/buddyboss-platform-pro-releases/2-7-10/
-
CVE-2025-0855 - The PGS Core plugin for WordPress is vulnerable to PHP Object Injection in all versions up to 5.8.0, allowing unauthenticated attackers to inject a PHP Object and potentially execute harmful actions.
Product: WordPress PGS Core plugin
Active Installations: Unknwon. Update to version 5.9.0, or a newer patched version
CVSS Score: 9.8
NVD:
https://nvd.nist.gov/vuln/detail/CVE-2025-0855
NVD References:
-
https://docs.potenzaglobalsolutions.com/docs/ciyashop-wp/changelog/
-
CVE-2025-3844 - The PeproDev Ultimate Profile Solutions plugin for WordPress allows unauthenticated attackers to login as other users, including administrators, due to an Authentication Bypass vulnerability in versions 1.9.1 to 7.5.2.
Product: PeproDev Ultimate Profile Solutions plugin for WordPress
Active Installations: This plugin has been closed as of May 5, 2025 and is not available for download. This closure is temporary, pending a full review.
CVSS Score: 9.8
NVD:
https://nvd.nist.gov/vuln/detail/CVE-2025-3844
NVD References:
-
https://plugins.trac.wordpress.org/browser/peprodev-ups/tags/7.5.2/login/login.php#L1483
-
https://plugins.trac.wordpress.org/browser/peprodev-ups/tags/7.5.2/login/login.php#L2836
-
Product: Brainstorm Force SureTriggers
Active Installations: 100,000+
CVSS Score: 9.8
NVD:
https://nvd.nist.gov/vuln/detail/CVE-2025-27007
NVD References:
-
-
Product: WordPress OTP-less one tap Sign in plugin
Active Installations: This plugin has been closed as of April 30, 2025 and is not available for download. This closure is temporary, pending a full review.
CVSS Score: 9.8
NVD:
https://nvd.nist.gov/vuln/detail/CVE-2025-3746
NVD References:
-
https://plugins.trac.wordpress.org/browser/otpless/tags/2.0.59./includes/class-login.php
-
Product: WordPress Job Listings plugin
Active Installations: This plugin has been closed as of May 1, 2025 and is not available for download. This closure is temporary, pending a full review.
CVSS Score: 9.8
NVD:
https://nvd.nist.gov/vuln/detail/CVE-2025-3918
NVD References:
-
-
https://wordpress.org/plugins/job-listings/#developers
-
Product: BuddyBoss Platform Pro plugin for WordPress
Active Installations: Unknown. Update to version 2.7.10, or a newer patched version
CVSS Score: 9.8
NVD:
https://nvd.nist.gov/vuln/detail/CVE-2025-1909
NVD References:
-
https://www.buddyboss.com/resources/buddyboss-platform-pro-releases/
-
https://www.buddyboss.com/resources/buddyboss-platform-pro-releases/2-7-10/
-
Product: WordPress PGS Core plugin
Active Installations: Unknwon. Update to version 5.9.0, or a newer patched version
CVSS Score: 9.8
NVD:
https://nvd.nist.gov/vuln/detail/CVE-2025-0855
NVD References:
-
https://docs.potenzaglobalsolutions.com/docs/ciyashop-wp/changelog/
-
Product: PeproDev Ultimate Profile Solutions plugin for WordPress
Active Installations: This plugin has been closed as of May 5, 2025 and is not available for download. This closure is temporary, pending a full review.
CVSS Score: 9.8
NVD:
https://nvd.nist.gov/vuln/detail/CVE-2025-3844
NVD References:
-
https://plugins.trac.wordpress.org/browser/peprodev-ups/tags/7.5.2/login/login.php#L1483
-
https://plugins.trac.wordpress.org/browser/peprodev-ups/tags/7.5.2/login/login.php#L2836
-
New Wiz Research: Data Security Exposure Snapshot Wiz Research analyzed over 150,000 cloud accounts to understand how organizations are managing data exposure, access control, and misconfigurations in the cloud.
Join us for the SANS Emerging Threats Summit Solutions Track on May 14 to explore real-world strategies for tackling tomorrow's cybersecurity risks. Learn from top experts as they share actionable insights on AI, ICS/OT vulnerabilities, quantum challenges, and more.
Join us for the SANS Emerging Threats Summit Solutions Track on May 14 to explore real-world strategies for tackling tomorrow's cybersecurity risks. Learn from top experts as they share actionable insights on AI, ICS/OT vulnerabilities, quantum challenges, and more.
Webcast | Resiliency and Business Continuity in the Cloud Era | May 22, 1:00 pm ET Join Dave Shackleford and Chris Newman as they discuss: - How cloud use is growing and changing, with some emphasis on zero trust and user access strategies - The types of security controls most organizations have implemented in the cloud ¥ Changing compliance and regulatory requirements - Why-and how-we need to rethink business continuity to ensure consistent coverage, even when outages occur Save your seat today: