À proposConditionsConfidentialitéContact
 
Actualisation
RadioCSIRT - English Edition

RadioCSIRT - English Edition

Date de sortie : 2025-11-30
© Marc Frédéric GOMEZ
RadioCSIRT - English Edition - QR Code
36 épisodes
Audio
Écouter sur Apple Podcasts
36 épisodes
Audio
Écouter sur Apple Podcasts
Date de sortie : 2025-11-30
© Marc Frédéric GOMEZ
L’épisode le plus récent
RadioCSIRT English Edition – Your Cybersecurity Update for Sunday, 30 November 2025 (Ep.36)

RadioCSIRT English Edition – Your Cybersecurity Update for Sunday, 30 November 2025 (Ep.36)

Welcome to your daily cybersecurity briefing. Cato CTRL Discloses "HashJack" Prompt Injection Cato Networks has revealed a new indirect prompt injection technique called "HashJack" that hides malicious payloads within URL fragments. This method blindsid
Durée : 10:24
Welcome to your daily cybersecurity briefing.
Cato CTRL Discloses "HashJack" Prompt Injection Cato Networks has revealed a new indirect prompt injection technique called "HashJack" that hides malicious payloads within URL fragments. This method blindsides perimeter WAFs but is fully processed by client-side AI browsers like Copilot and Gemini, enabling zero-click data exfiltration and callback phishing.
Superbox Android Devices Linked to BadBox 2.0 BotnetKrebsOnSecurity reports that "Superbox" streaming devices are shipping with pre-rooted firmware and backdoors connecting to Tencent infrastructure. These devices serve as residential exit nodes for the IPidea proxy network, facilitating ad fraud and credential stuffing attacks on a massive scale.
Active Exploitation of Critical GeoServer VulnerabilityThe Canadian Centre for Cyber Security warns of active exploitation of CVE-2025-58360 in GeoServer. This critical vulnerability allows for unauthenticated remote code execution (RCE) via GeoTools and GeoWebCache components, requiring immediate patching for all GIS administrators.
Postfix Vulnerability Allows Security Policy BypassCERT-FR has issued an advisory regarding a logic flaw in the Postfix mail transfer agent. The vulnerability allows remote attackers to circumvent configured SMTP restrictions and access maps. Updating to versions 3.10.6, 3.9.7, or 3.8.13 is mandatory to restore message filtering integrity.
UK NCSC Launches Cyber Action Toolkit for SMBsThe NCSC has released a new toolkit designed to help organizations with fewer than 50 employees secure their digital assets. For enterprise CISOs, this framework serves as a strategic asset to enforce basic hygiene standards within the upstream supply chain.
Don’t Think – Patch Now !
Sources:
Cato Networks – HashJack https://www.catonetworks.com/blog/cato-ctrl-hashjack-first-known-indirect-prompt-injection/KrebsOnSecurity – Android TV Botnet https://krebsonsecurity.com/2025/11/is-your-android-tv-streaming-box-part-of-a-botnet/Canadian Centre for Cyber Security – GeoServer Alert https://www.cyber.gc.ca/fr/alertes-avis/bulletin-securite-geoserver-av25-789CERT-FR – Postfix Advisory https://www.cert.ssi.gouv.fr/avis/CERTFR-2025-AVI-1040/NCSC – SMB Toolkit https://www.ncsc.gov.uk/blog-post/time-small-businesses-actYour feedback is welcome.Email: radiocsirt@gmail.comWebsite: https://www.radiocsirt.comWeekly Newsletter: https://radiocsirtintl.substack.com
Id. d’épisode : 1000738995075
GUID : 393563
Date de publication : 30/11/2025 à 15:23:00

Description

🎙 Marc Frédéric Gomez, cybersecurity expert, brings you daily insights into the latest threats, attacks, and defense strategies you need to know.
🔎 On the agenda:✔️ Analysis of cyberattacks and critical vulnerabilities✔️ Strategic intelligence for CSIRTs, CERTs, and cybersecurity professionals✔️ Sources and references to dive deeper into each topic
💡 Why listen to RadioCSIRT?🚀 Stay up to date in just a few minutes a day🛡️ Anticipate threats with reliable, technical information📢 An essential intelligence source for IT and security professionals
🔗 Listen, share, and secure your environment!📲 Subscribe and leave a ⭐ rating on your favorite platform!

Apple Podcasts : Avis des utilisateurs

Pas d'entrée