A brief daily summary of what is important in information security. The podcast is published every weekday and designed to get you ready for the day with a brief, usually 5 minute long, summary of current network security related events. The content is late breaking, educational and based on listener input as well as on input received by the SANS Internet Stormcenter. You may submit questions and comments via our contact form at https://isc.sans.edu/contact.html .
SANS Stormcast Tuesday, April 22nd: Phishing via Google; ChatGPT Fingerprint; Asus AI Cloud Vuln; PyTorch RCE
April 21, 2025
5:35
4.69 MB
Downloads: 0
It's 2025, so why are malicious advertising URLs still going strong?
Phishing attacks continue to take advantage of Google s advertising services. Sadly, this is still the case for obviously malicious links, even after various anti-phishing services flag the URL.
https://isc.sans.edu/diary/It%27s%202025...%20so%20why%20are%20obviously%20malicious%20advertising%20URLs%20still%20going%20strong%3F/31880
ChatGPT Fingerprinting Documents via Unicode
ChatGPT apparently started leaving fingerprints in texts, which it creates by adding invisible Unicode characters like non-breaking spaces.
https://www.rumidocs.com/newsroom/new-chatgpt-models-seem-to-leave-watermarks-on-text
Asus AI Cloud Security Advisory
Asus warns of a remote code execution vulnerability in its routers. The vulnerability is related to the AI Cloud feature. If your router is EoL, disabling the feature will mitigate the vulnerability
https://www.asus.com/content/asus-product-security-advisory/
PyTorch Vulnerability
PyTorch fixed a remote code execution vulnerability exploitable if a malicious model was loaded. This issue was exploitable even with the weight_only=True" setting selected
https://github.com/pytorch/pytorch/security/advisories/GHSA-53q9-r3pm-6pq6