Handler on Duty: Jesse La Grew
Threat Level: green
Podcast Detail
SANS Stormcast Thursday, October 9th, 2025: Polymorphic Python; ssh ProxyCommand Vuln;
If you are not able to play the podcast using the player below: Use this direct link to the audio file: https://traffic.libsyn.com/securitypodcast/9648.mp3
My Next Class
| Application Security: Securing Web Apps, APIs, and Microservices | Dallas | Dec 1st - Dec 6th 2025 |
| Application Security: Securing Web Apps, APIs, and Microservices | Orlando | Mar 29th - Apr 3rd 2026 |
Polymorphic Python Malware
Xavier discovered self-modifying Python code on Virustotal. The remote access tool takes advantage of the inspect module to modify code on the fly.
https://isc.sans.edu/diary/Polymorphic%20Python%20Malware/32354
SSH ProxyCommand Vulnerability
A user cloning a git repository may be tricked into executing arbitrary code via the SSH proxycommand option.
https://dgl.cx/2025/10/bash-a-newline-ssh-proxycommand-cve-2025-61984
Framelink Figma MCP Server CVE-2025-53967
Framelink Figma’s MCP server suffers from a remote code execution vulnerability.
iTunes
MP3 Download
RSS Feed
Google
Podbean
Amazon Echo
YouTube
Spreaker
Spotify
Discussion
Login here to join the discussion.
| Application Security: Securing Web Apps, APIs, and Microservices | Dallas | Dec 1st - Dec 6th 2025 |
| Application Security: Securing Web Apps, APIs, and Microservices | Orlando | Mar 29th - Apr 3rd 2026 |
| Network Monitoring and Threat Detection In-Depth | Amsterdam | Apr 20th - Apr 25th 2026 |
| Application Security: Securing Web Apps, APIs, and Microservices | San Diego | May 11th - May 16th 2026 |
Subscribe to the Internet Storm Center YouTube Channel
© 2025 SANS™ Internet Storm Center
Developers: We have an API for you! 