A brief daily summary of what is important in information security. The podcast is published every weekday and designed to get you ready for the day with a brief, usually 5 minute long, summary of current network security related events. The content is late breaking, educational and based on listener input as well as on input received by the SANS Internet Stormcenter. You may submit questions and comments via our contact form at https://isc.sans.edu/contact.html .
SANS Stormcast Tuesday, August 26th, 2025: Decoding Word Reading Location; Image Downscaling AI Vulnerability; IBM Jazz Team Server Vuln
August 25, 2025
5:01
4.21 MB
Downloads: 0
Reading Location Position Value in Microsoft Word Documents
Jessy investigated how Word documents store the last visited document location in the registry.
https://isc.sans.edu/diary/Reading%20Location%20Position%20Value%20in%20Microsoft%20Word%20Documents/32224
Weaponizing image scaling against production AI systems
AI systems often downscale images before processing them. An attacker can create a harmless looking image that would reveal text after downscaling leading to prompt injection
https://blog.trailofbits.com/2025/08/21/weaponizing-image-scaling-against-production-ai-systems/
IBM Jazz Team Server Vulnerability CVE-2025-36157
IBM patched a critical vulnerability in its Jazz Team Server
https://www.ibm.com/support/pages/node/7242925