Talk With an Expert

Internet Storm Center Tech Corner

SANS Internet Storm Center StormCast Tuesday, July 15, 2025

Web Honeypot Log Volume; Browser Extension Malware; RDP Forensics

https://isc.sans.edu/podcastdetail/9526

DShield Honeypot Log Volume Increase

Within the last few months, there has been a dramatic increase in honeypot log volumes and how often these high volumes are seen. This has not just been from Jesse’s residential honeypot, which has historically seen higher log volumes, but from all of the honeypots that Jesse runs.

https://isc.sans.edu/diary/DShield+Honeypot+Log+Volume+Increase/32100

Google and Microsoft Trusted Them. 2.3 Million Users Installed Them. They Were Malware.

Koi Security’s investigation of a single “verified” color picker exposed a coordinated campaign of 18 malicious extensions that infected a massive 2.3 million users across Chrome and Edge.

https://blog.koi.security/google-and-microsoft-trusted-them-2-3-million-users-installed-them-they-were-malware-fb4ed4f40ff5

RDP Forensics

Comprehensive overview of Windows RDP Forensics

https://medium.com/@mathias.fuchs/chasing-ghosts-over-rdp-lateral-movement-in-tiny-bitmaps-328d2babd8ec

SANS Internet Storm Center StormCast Monday, July 14, 2025, 2025

Suspect Domain Feed; Wing FTP Exploited; FortiWeb Exploited; NVIDIA GPU Rowhammer

https://isc.sans.edu/podcastdetail/9524

Experimental Suspicious Domain Feed

Our new experimental suspicious domain feed uses various criteria to identify domains that may be used for phishing or other malicious purposes.

https://isc.sans.edu/diary/Experimental+Suspicious+Domain+Feed/32102

Wing FTP Server RCE Vulnerability Exploited CVE-2025-47812

Huntress saw active exploitation of Wing FTP Server remote code execution (CVE-2025-47812) on a customer on July 1, 2025. Organizations running Wing FTP Server should update to the fixed version, version 7.4.4, as soon as possible.

https://www.huntress.com/blog/wing-ftp-server-remote-code-execution-cve-2025-47812-exploited-in-wild

https://www.rcesecurity.com/2025/06/what-the-null-wing-ftp-server-rce-cve-2025-47812/

FortiWeb Pre-Auth RCE (CVE-2025-25257)

An exploit for the FortiWeb RCE Vulnerability is now available and is being used in the wild.

https://pwner.gg/blog/2025-07-10-fortiweb-fabric-rce

NVIDIA Vulnerable to Rowhammer

NVIDIA has received new research related to the industry-wide DRAM issue known as “Rowhammer”. The research demonstrates a potential Rowhammer attack against an NVIDIA A6000 GPU with GDDR6 Memory. The purpose of this notice is to reinforce already known mitigations to Rowhammer attacks.

https://nvidia.custhelp.com/app/answers/detail/a_id/5671/~/security-notice%3A-rowhammer---july-2025

View Older Issues

Catch up on recent editions of NewsBites or browse our full archive of expert-curated cybersecurity news.

Browse Archive