Podcast Detail

SANS Stormcast Tuesday, August 12th, 2025: Erlang OTP SSH Exploits (Palo Alto Networks); Winrar Exploits; Netscaler Exploits; OpenSSH Pushing PQ Crypto;

If you are not able to play the podcast using the player below: Use this direct link to the audio file: https://traffic.libsyn.com/securitypodcast/9566.mp3

previous
Podcast Logo
Erlang OTP SSH Exploits (Palo Alto Networks); Winrar Exploits; Netscaler Exploits; OpenSSH Pushing PQ Crypto;
00:00

Erlang OTP SSH Exploits
A recently patched and easily exploited vulnerability in Erlang/OTP SSH is being exploited. Palo Alto collected some of the details about this exploit activity that they observed.
https://unit42.paloaltonetworks.com/erlang-otp-cve-2025-32433/

WinRAR Exploited
WinRAR vulnerabilities are actively being exploited by a number of threat actors. The vulnerability allows for the creation of arbitrary files as the archive is extracted.
https://thehackernews.com/2025/08/winrar-zero-day-under-active.html

Citrix Netscaler Exploit Updates
The Dutch Center for Cyber Security is updating its guidance on recent Citrix Netscaler attacks. Note that the attacks started before a patch became available, and attackers are actively hiding their tracks to make it more difficult to detect a compromise.
https://www.ncsc.nl/actueel/nieuws/2025/07/22/casus-citrix-kwetsbaarheid
https://www.bleepingcomputer.com/news/security/netherlands-citrix-netscaler-flaw-cve-2025-6543-exploited-to-breach-orgs/

OpenSSH Post Quantum Encryption
Starting in version 10.1, OpenSSH will warn users if they are using quantum-unsafe algorithms
https://www.openssh.com/pq.html


no transcript found