A brief daily summary of what is important in information security. The podcast is published every weekday and designed to get you ready for the day with a brief, usually 5 minute long, summary of current network security related events. The content is late breaking, educational and based on listener input as well as on input received by the SANS Internet Stormcenter. You may submit questions and comments via our contact form at https://isc.sans.edu/contact.html .
SANS Stormcast June, June 9th, 2025: Extracting PNG Data; GlueStack Packages Backdoor; MacOS targeted by Clickfix; INETPUB restore script
June 08, 2025
5:43
1.07 MB ( 3.73 MB less)
Downloads: 0
Extracting With pngdump.py
Didier extended his pngdump.py script to make it easier to extract additional data appended to the end of the image file.
https://isc.sans.edu/diary/Extracting%20With%20pngdump.py/32022
16 React Native Packages for GlueStack Backdoored Overnight
16 npm packages with over a million weekly downloads between them were compromised. The compromised packages include a remote admin tool that was seen before in similar attacks.
https://www.aikido.dev/blog/supply-chain-attack-on-react-native-aria-ecosystem
Atomic MacOS Stealer Exploits Clickfix
MacOS users are now also targeted by fake captchas, tricking users into running exploit code.
https://www.cloudsek.com/blog/amos-variant-distributed-via-clickfix-in-spectrum-themed-dynamic-delivery-campaign-by-russian-speaking-hackers
Microsoft INETPUB Script
Microsoft published a simple PowerShell script to restore the inetpub folder in case you removed it by mistake.
https://www.powershellgallery.com/packages/Set-InetpubFolderAcl/1.0