A brief daily summary of what is important in information security. The podcast is published every weekday and designed to get you ready for the day with a brief, usually 5 minute long, summary of current network security related events. The content is late breaking, educational and based on listener input as well as on input received by the SANS Internet Stormcenter. You may submit questions and comments via our contact form at https://isc.sans.edu/contact.html .
SANS Stormcast Wednesday, October 29th, 2025: Invisible Subject Character Phishing; Tomcat PUT Vuln; BIND9 Spoofing Vuln PoC
October 28, 2025
8:04
1.34 MB ( 5.44 MB less)
Downloads: 0
Phishing with Invisible Characters in the Subject Line
Phishing emails use invisible UTF-8 encoded characters to break up keywords used to detect phishing (or spam). This is aided by mail clients not rendering some characters that should be rendered.
https://isc.sans.edu/diary/A%20phishing%20with%20invisible%20characters%20in%20the%20subject%20line/32428
Apache Tomcat PUT Directory Traversal
Apache released an update to Tomcat fixing a directory traversal vulnerability in how the PUT method is used. Exploits could upload arbitrary files, leading to remote code execution.
https://lists.apache.org/thread/n05kjcwyj1s45ovs8ll1qrrojhfb1tog
BIND9 DNS Spoofing Vulnerability
A PoC exploit is now available for the recently patched BIND9 spoofing vulnerability
https://gist.github.com/N3mes1s/f76b4a606308937b0806a5256bc1f918