A brief daily summary of what is important in information security. The podcast is published every weekday and designed to get you ready for the day with a brief, usually 5 minute long, summary of current network security related events. The content is late breaking, educational and based on listener input as well as on input received by the SANS Internet Stormcenter. You may submit questions and comments via our contact form at https://isc.sans.edu/contact.html .
SANS Stormcast Thursday, July 24th, 2025: Reversing SharePoint Exploit; NPM “is” Compromise;
July 23, 2025
6:53
1.16 MB ( 4.62 MB less)
Downloads: 0
Reversing SharePoint Toolshell Exploits CVE-2025-53770 and CVE-2025-53771
A quick walk-through showing how to decode the payload of recent SharePoint exploits
https://isc.sans.edu/diary/Analyzing%20Sharepoint%20Exploits%20%28CVE-2025-53770%2C%20CVE-2025-53771%29/32138
Compromised JavaScript NPM is Package
The popular npm package is was compromised by malware. Luckily, the malicious code was found quickly, and it was reversed after about five hours.
https://socket.dev/blog/npm-is-package-hijacked-in-expanding-supply-chain-attack
Microsoft Quick Machine Recovery
Microsoft added a new quick machine recovery feature to Windows 11. If the system is stuck in a reboot loop, it will boot to a rescue partition and attempt to find fixes from Microsoft.
https://learn.microsoft.com/en-gb/windows/configuration/quick-machine-recovery/?tabs=intune