Handler on Duty: Guy Bruneau
Threat Level: green
Podcast Detail
SANS Stormcast Thursday, December 11th, 2025: Possible CVE-2024-9042 variant; react2shell exploits; notepad++ update hijacking; macOS priv escalation
If you are not able to play the podcast using the player below: Use this direct link to the audio file: https://traffic.libsyn.com/securitypodcast/9734.mp3
Possible CVE-2024-9042 variant; react2shell exploits; notepad++ update hijacking; macOS priv escalation
00:00
My Next Class
| Network Monitoring and Threat Detection In-Depth | Online | Central European Time | Dec 15th - Dec 20th 2025 |
| Application Security: Securing Web Apps, APIs, and Microservices | Orlando | Mar 29th - Apr 3rd 2026 |
Possible exploit variant for CVE-2024-9042 (Kubernetes OS Command Injection)
We observed HTTP requests with our honeypot that may be indicative of a new version of an exploit against an older vulnerability. Help us figure out what is going on.
https://isc.sans.edu/diary/Possible%20exploit%20variant%20for%20CVE-2024-9042%20%28Kubernetes%20OS%20Command%20Injection%29/32554
React2Shell: Technical Deep-Dive & In-the-Wild Exploitation of CVE-2025-55182
Wiz has a writeup with more background on the React2Shell vulnerability and current attacks
https://www.wiz.io/blog/nextjs-cve-2025-55182-react2shell-deep-dive
Notepad++ Update Hijacking
Notepad++’s vulnerable update process was exploited
https://notepad-plus-plus.org/news/v889-released/
New macOS PackageKit Privilege Escalation
A PoC was released for a new privilege escalation vulnerability in macOS. Currently, there is no patch.
https://khronokernel.com/macos/2024/06/03/CVE-2024-27822.html
iTunes
MP3 Download
RSS Feed
Google
Podbean
Amazon Echo
YouTube
Spreaker
Spotify
Discussion
Login here to join the discussion.
| Network Monitoring and Threat Detection In-Depth | Online | Central European Time | Dec 15th - Dec 20th 2025 |
| Application Security: Securing Web Apps, APIs, and Microservices | Orlando | Mar 29th - Apr 3rd 2026 |
| Network Monitoring and Threat Detection In-Depth | Amsterdam | Apr 20th - Apr 25th 2026 |
| Application Security: Securing Web Apps, APIs, and Microservices | San Diego | May 11th - May 16th 2026 |
| Network Monitoring and Threat Detection In-Depth | Online | Arabian Standard Time | Jun 20th - Jun 25th 2026 |
| Network Monitoring and Threat Detection In-Depth | Riyadh | Jun 20th - Jun 25th 2026 |
| Application Security: Securing Web Apps, APIs, and Microservices | Washington | Jul 13th - Jul 18th 2026 |
Subscribe to the Internet Storm Center YouTube Channel
© 2025 SANS™ Internet Storm Center
Developers: We have an API for you! 