Podcast Detail

SANS Stormcast Tuesday, November 4th, 2025: XWiki SolrSearch Exploits and Rapper Feud; AMD Zen 5 RDSEED Bug; More Malicious Open VSX Extensions

If you are not able to play the podcast using the player below: Use this direct link to the audio file: https://traffic.libsyn.com/securitypodcast/9684.mp3

previous
Podcast Logo
XWiki SolrSearch Exploits and Rapper Feud; AMD Zen 5 RDSEED Bug; More Malicious Open VSX Extensions
00:00

My Next Class

Application Security: Securing Web Apps, APIs, and MicroservicesDallasDec 1st - Dec 6th 2025
Network Monitoring and Threat Detection In-DepthOnline | Central European TimeDec 15th - Dec 20th 2025

… more classes


XWiki SolrSearch Exploit Attempts CVE-2025-24893
We have detected a number of exploit attempts against XWiki taking advantage of a vulnerability that was added to the KEV list on Friday.
https://isc.sans.edu/diary/XWiki%20SolrSearch%20Exploit%20Attempts%20%28CVE-2025-24893%29%20with%20link%20to%20Chicago%20Gangs%20Rappers/32444

AMD Zen 5 Random Number Generator Bug
The RDSEED function for AMD’s Zen 5 processors does return 0 more often than it should.
https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7055.html

SleepyDuck malware invades Cursor through Open VSX
Yet another Open VSX extension stealing crypto credentials
https://secureannex.com/blog/sleepyduck-malware/

Application Security: Securing Web Apps, APIs, and MicroservicesDallasDec 1st - Dec 6th 2025
Network Monitoring and Threat Detection In-DepthOnline | Central European TimeDec 15th - Dec 20th 2025
Application Security: Securing Web Apps, APIs, and MicroservicesOrlandoMar 29th - Apr 3rd 2026
Network Monitoring and Threat Detection In-DepthAmsterdamApr 20th - Apr 25th 2026
Application Security: Securing Web Apps, APIs, and MicroservicesSan DiegoMay 11th - May 16th 2026
Network Monitoring and Threat Detection In-DepthOnline | Arabian Standard TimeJun 20th - Jun 25th 2026
Network Monitoring and Threat Detection In-DepthRiyadhJun 20th - Jun 25th 2026
no transcript found