Handler on Duty: Didier Stevens
Threat Level: green
Podcast Detail
SANS Stormcast Tuesday, September 16th, 2025: Apple Updates; Rust Phishing; Samsung 0-day
If you are not able to play the podcast using the player below: Use this direct link to the audio file: https://traffic.libsyn.com/securitypodcast/9614.mp3
My Next Class
Application Security: Securing Web Apps, APIs, and Microservices | Las Vegas | Sep 22nd - Sep 27th 2025 |
Application Security: Securing Web Apps, APIs, and Microservices | Denver | Oct 4th - Oct 9th 2025 |
Apple Updates
Apple released major updates for all of its operating systems. In addition to new features, these updates patch 33 different vulnerabilities.
https://isc.sans.edu/diary/Apple%20Updates%20Everything%20-%20iOS%20macOS%2026%20Edition/32286
Microsoft End of Life
October 14th, support for Windows 10, Exchange 2016, and Exchange 2019 will end.
https://support.microsoft.com/en-us/windows/windows-10-support-ends-on-october-14-2025-2ca8b313-1946-43d3-b55c-2b95b107f281#:~:text=As%20a%20reminder%2C%20Windows%2010,one%20that%20supports%20Windows%2011.
https://techcommunity.microsoft.com/blog/exchange/t-9-months-exchange-server-2016-and-exchange-server-2019-end-of-support/4366605
Phishing Targeting Rust Developers
Rust developers are reporting similar phishing emails as the emails causing the major NPM compromise last week.
https://github.com/rust-lang/crates.io/discussions/11889#discussion-8886064
Samsung Patches 0-Day
Samsung released its monthly updates for its flagship phones fixing, among other vulnerability, an already exploited 0-day.
https://security.samsungmobile.com/securityUpdate.smsb
Application Security: Securing Web Apps, APIs, and Microservices | Las Vegas | Sep 22nd - Sep 27th 2025 |
Application Security: Securing Web Apps, APIs, and Microservices | Denver | Oct 4th - Oct 9th 2025 |
Application Security: Securing Web Apps, APIs, and Microservices | Dallas | Dec 1st - Dec 6th 2025 |
Application Security: Securing Web Apps, APIs, and Microservices | Orlando | Mar 29th - Apr 3rd 2026 |
Network Monitoring and Threat Detection In-Depth | Amsterdam | Apr 20th - Apr 25th 2026 |
Application Security: Securing Web Apps, APIs, and Microservices | San Diego | May 11th - May 16th 2026 |