A brief daily summary of what is important in information security. The podcast is published every weekday and designed to get you ready for the day with a brief, usually 5 minute long, summary of current network security related events. The content is late breaking, educational and based on listener input as well as on input received by the SANS Internet Stormcenter. You may submit questions and comments via our contact form at https://isc.sans.edu/contact.html .
SANS Stormcast Friday, October 24th, 2025: Android Infostealer; SessionReaper Exploited; BIND/unbound DNS Spoofing fix; WSUS Exploit
October 23, 2025
6:25
1.01 MB ( 4.37 MB less)
Downloads: 0
Infostealer Targeting Android Devices
This infostealer, written in Python, specifically targets Android phones. It takes advantage of Termux to gain access to data and exfiltrates it via Telegram.
https://isc.sans.edu/diary/Infostealer%20Targeting%20Android%20Devices/32414
Attackers exploit recently patched Adobe Commerce Vulnerability CVE-2025-54236
Six weeks after Adobe's emergency patch, SessionReaper (CVE-2025-54236) has entered active exploitation. E-Commerce security company SanSec has detected multiple exploit attempts.
https://sansec.io/research/sessionreaper-exploitation
Patch for BIND and unbound nameservers CVE-2025-40780
The Internet Systems Consortium (ISC.org), as well as the Unbound project, patched a flaw that may allow for DNS spoofing due to a weak random number generator.
https://kb.isc.org/docs/cve-2025-40780
WSUS Exploit Released CVE-2025-59287
Hawktrace released a walk through showing how to exploit the recently patched WSUS vulnerability
https://hawktrace.com/blog/CVE-2025-59287