Podcast Detail

SANS Stormcast Friday, June 27th, 2025: Open-VSX Flaw; Airoha Bluetooth Vulnerablity; Critical Cisco Identity Service Engine Vuln;

If you are not able to play the podcast using the player below: Use this direct link to the audio file: https://traffic.libsyn.com/securitypodcast/9508.mp3

previous
Podcast Logo
Open-VSX Flaw; Airoha Bluetooth Vulnerablity; Critical Cisco Identity Service Engine Vuln;
00:00

Open-VSX Flaw Puts Developers at Risk
A flaw in the open-vsx extension marketplace could have let to the compromise of any extension offered by the marketplace.
https://blog.koi.security/marketplace-takeover-how-we-couldve-taken-over-every-developer-using-a-vscode-fork-f0f8cf104d44

Bluetooth Vulnerability Could Allow Eavesdropping
A vulnerability in the widely used Airoha Bluetooth chipset can be used to compromise devices and use them for eavesdropping.
https://insinuator.net/2025/06/airoha-bluetooth-security-vulnerabilities/

Critical Cisco Identity Services Engine Vulnerability
Multiple vulnerabilities in Cisco Identity Services Engine (ISE) and Cisco ISE Passive Identity Connector (ISE-PIC) could allow an unauthenticated, remote attacker to issue commands on the underlying operating system as the root user.
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-unauth-rce-ZAd2GnJ6

no transcript found