Talk With an Expert

Internet Storm Center Tech Corner

SANS Internet Storm Center StormCast Tuesday, June 3, 2025

Windows SSH C2; Google Removes CAs from trusted list; MSFT issues Emergency Patch to fix Crash issue; Qualcomm Adreno GPU 0-day

https://isc.sans.edu/podcastdetail/9476

Simple SSH Backdoor

Xavier came across a simple SSH backdoor taking advantage of the ssh client preinstalled on recent Windows systems. The backdoor is implemented via an SSH configuration file that instructs the SSH client to connect to a remote system and forward a shell on a random port. This will make the shell accessible to anybody able to connect to the C2 host.

https://isc.sans.edu/diary/Simple+SSH+Backdoor/32000

Google Chrome to Distrust CAs

Google Chrome will remove the Chunghwa Telecom and Netlock certificate authorities from its list of trusted CAs. Any certificates issued after July 31st will not be trusted. Certificates issued before the deadline will be trusted until they expire.

https://security.googleblog.com/2025/05/sustaining-digital-certificate-security-chrome-root-store-changes.html

Microsoft Emergency Update to Fix Crashes Caused by May Patch

Microsoft released an emergency update for a bug caused by one of the patches released in May. Due to the bug, systems may not restart after the patch is applied. This affects, first of all, virtual systems running in Azure and HyperV but apparently has also affected some physical systems.

https://learn.microsoft.com/en-us/windows/release-health/status-windows-11-23h2#kb5058405-might-fail-to-install-with-recovery-error-0xc0000098-in-acpi-sys

Qualcomm Adreno Graphics Processing Unit Patch (Exploited!)

Qualcomm released an update for the driver for its Adreno GPU. The patched vulnerability is already being exploited against Android devices.

https://docs.qualcomm.com/product/publicresources/securitybulletin/june-2025-bulletin.html

SANS Internet Storm Center StormCast Monday, June 2, 2025

PNG with RAT; Cisco IOS XE WLC Exploit; vBulletin Exploit

https://isc.sans.edu/podcastdetail/9474

A PNG Image With an Embedded Gift

Xavier shows how Python code attached to a PNG image can be used to implement a command and control channel or a complete remote admin kit.

https://isc.sans.edu/diary/A+PNG+Image+With+an+Embedded+Gift/31998

Cisco IOS XE WLC Arbitrary File Upload Vulnerability (CVE-2025-20188) Analysis

Horizon3 analyzed a recently patched flaw in Cisco Wireless Controllers. This arbitrary file upload flaw can easily be used to execute arbitrary code.

https://www.darkreading.com/vulnerabilities-threats/exploitation-risk-grows-critical-cisco-bug

Don't Call That "Protected" Method: Dissecting an N-Day vBulletin RCE

A change in PHP 8.1 can expose methods previously expected to be 'safe'. vBulletin fixed a related flaw about a year ago without explicitly highlighting the security impact of the fix. A blog post now exposed the flaw and provided exploit examples. We have seen exploit attempts against honeypots starting May 25th, two days after the blog was published.

https://karmainsecurity.com/dont-call-that-protected-method-vbulletin-rce

View Older Issues

Catch up on recent editions of NewsBites or browse our full archive of expert-curated cybersecurity news.

Browse Archive