Security Bulletin

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

Since the last update [ 5], over the past few months I added several enhancements to DShield SIEM and webhoneypot sensor collection that included an update to the interface to help with DShield sensor analysis. I updated the main dashboard to have...

The threats may not be malicious, but they are more than many security teams can handle.

Chinese state-backed threat actors are suspected of posing as Michigan congressman John Moolenaar in a series of spear-phishing attacks.

On the Stormcast, Johannes talked about BASE64 and DNS used by a backdoor.

As Kubernetes becomes the foundation of enterprise infrastructure, the underlying operating system must evolve alongside it.

CVE: CVE-2025-8696 Title: DoS attack against the Stork UI from an unauthenticated user Document version: 2.0 Posting date: 10 September 2025 Program impacted: Stork Versions affected: Stork 1.0.0 -> 2.3.0 Severity: High Exploitable: Remotely...

With multiple persistence mechanisms, the modular malware can brute-force passwords, drop payloads, and communicate over different protocols.

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

Firms cooperating with cybercrime syndicates in Burma and Cambodia face sanctions by the US government and enforcement actions by China, but the scams continue to grow.

Nearly half the CVEs Microsoft disclosed in its September security update, including one publicly known bug, enable escalation of privileges.

While the jury is still out, it's clear that use has skyrocketed and security needs to align.