Podcast Detail

SANS Stormcast Friday, September 5th, 2025: Cloudflare Response to 1.1.1.1 Certificate; AI Modem Namespace Reuse; macOS Vulnerability Allowed Keychain Decryption

If you are not able to play the podcast using the player below: Use this direct link to the audio file: https://traffic.libsyn.com/securitypodcast/9600.mp3

Podcast Logo
Cloudflare Response to 1.1.1.1 Certificate; AI Modem Namespace Reuse; macOS Vulnerability Allowed Keychain Decryption
00:00

Unauthorized Issuance of Certificate for 1.1.1.1
Cloudflare published a blog post with more details regarding the bad 1.1.1.1 certificate that was issued by Fina.
https://blog.cloudflare.com/unauthorized-issuance-of-certificates-for-1-1-1-1/

AI Model Namespace Reuse
Deleted accounts on Huggingface can be taken over by other entities unrelated to the original owner.
https://unit42.paloaltonetworks.com/model-namespace-reuse/

macOS vulnerability allowed Keychain and iOS app decryption without a password
Excessive entitlements for the gcore binary facilitated access to key material that was sufficient to access secrets stored in Apple’s keychain.
https://www.helpnetsecurity.com/2025/09/04/macos-gcore-vulnerability-cve-2025-24204/

no transcript found