Podcast Detail

SANS Stormcast Tuesday, November 25th, 2025: URL Mapping and Authentication; SHA1-Hulud; Hacklore

If you are not able to play the podcast using the player below: Use this direct link to the audio file: https://traffic.libsyn.com/securitypodcast/9714.mp3

previous
Podcast Logo
URL Mapping and Authentication; SHA1-Hulud; Hacklore
00:00

My Next Class

Application Security: Securing Web Apps, APIs, and MicroservicesDallasDec 1st - Dec 6th 2025
Network Monitoring and Threat Detection In-DepthOnline | Central European TimeDec 15th - Dec 20th 2025

… more classes


Conflicts between URL mapping and URL based access control.
Mapping different URLs to the same script, and relying on URL based authentication at the same time, may lead to dangerous authentication and access control gaps.
https://isc.sans.edu/diary/Conflicts%20between%20URL%20mapping%20and%20URL%20based%20access%20control./32518

Sha1-Hulud, The Second Coming
A new, destructive variant of the Shai-Hulud worm is currently spreading through NPM/Github repos.
https://www.koi.ai/incident/live-updates-sha1-hulud-the-second-coming-hundred-npm-packages-compromised

Hacklore: Cleaning up Outdated Security Advice
A new website, hacklore.org, has published an open letter from former CISOs and other security leaders aimed at addressing some outdated security advice that is often repeated.
https://www.hacklore.org

no transcript found