RadioCSIRT – Your Cybersecurity Update for Saturday, November 15, 2025 (Ep.487)
Échec de l'ajout au panier.
Échec de l'ajout à la liste d'envies.
Échec de la suppression de la liste d’envies.
Échec du suivi du balado
Ne plus suivre le balado a échoué
RadioCSIRT – Your Cybersecurity Update for Saturday, November 15, 2025 (Ep.487)
-
Narrateur(s):
-
Auteur(s):
À propos de cet audio
Bonjour and Welcome to your daily cybersecurity podcast.
🧩 AMD Zen 5: AMD confirms a critical flaw in the rdseed instruction causing severe entropy reduction, weakening cryptographic material generated on Zen 5 processors prior to microcode updates.
🛡️ Akira Ransomware: CISA, the FBI, and international partners release major updates on newly observed TTPs and IOCs, highlighting widespread targeting of SMBs and multiple critical infrastructure sectors.
🌐 FortiWeb: Active exploitation of CVE-2025-64446, a relative path traversal vulnerability enabling administrative command execution through crafted HTTP(S) requests.
🏨 Fake Travel Platforms: A Russian-speaking threat actor registered over 4,300 domains imitating Booking, Airbnb, Expedia, and Agoda to steal payment card data via a multilingual phishing kit.
🧬 FormBook Stealer: A new campaign chains weaponized ZIP archives, obfuscated VBS and PowerShell layers, and msiexec.exe injection to deploy an updated variant of the FormBook information stealer.
💼 Logitech: The company confirms a data breach via exploitation of a third-party zero-day vulnerability, claimed by the Clop extortion group, with nearly 1.8 TB of data allegedly leaked.
⚡️ Don’t think — patch! 🚀
📚 Sources:
🔗 AMD Zen 5 RNG: https://www.tomshardware.com/pc-components/cpus/amd-confirms-zen-5-rng-flaw-when-random-isnt-random-enough
🔗 Akira – CISA/FBI: https://www.cisa.gov/news-events/alerts/2025/11/13/cisa-fbi-and-partners-unveil-critical-guidance-protect-against-akira-ransomware-threat
🔗 FortiWeb CVE-2025-64446: https://www.cisa.gov/news-events/alerts/2025/11/14/fortinet-releases-security-advisory-relative-path-traversal-vulnerability-affecting-fortiweb-products
🔗 Fake Travel Sites: https://thehackernews.com/2025/11/russian-hackers-create-4300-fake-travel.html
🔗 FormBook Campaign: https://cybersecuritynews.com/weaponized-zip-archives-and-multi-script-chains-used-to-deploy-formbook-malware
🔗 Logitech / Clop: https://www.bleepingcomputer.com/news/security/logitech-confirms-data-breach-after-clop-extortion-attack
📞 Share your feedback:
📧 radiocsirt@gmail.com
🌐 www.radiocsirt.org
📰 radiocsirtintl.substack.com
#CyberSecurity #AMD #Akira #Fortinet #Phishing #FormBook #Logitech #Clop #Ransomware #Infostealer #RadioCSIRT 🎧🔥