Welcome to your daily cybersecurity podcast.

🛰️ DNS4EU: the European Union continues to advance its sovereign DNS resolver project, designed to reduce dependency on non-EU services. The initiative aims to deliver a secure, privacy-respecting, and resilient DNS infrastructure operated entirely within Europe, with integrated filtering and threat-detection capabilities.

🛑 Ransomware – Q3 2025 Overview: recent analysis reveals continued growth in ransomware activity, driven by the increasing professionalization of threat groups, industrialized phishing operations, and expanding affiliate networks targeting SMEs, critical infrastructure, and interconnected suppliers.

🎭 North Korean IT worker schemes: several U.S. nationals have pleaded guilty to acting as intermediaries for North Korean operatives posing as legitimate IT professionals to secure employment in sensitive American companies, bypassing sanctions and screening controls.

🏢 Cisco Catalyst Center: a newly disclosed critical vulnerability impacts the platform, enabling attackers to obtain privileged access within administrative environments. A security update is available and should be applied without delay in infrastructures dependent on Catalyst Center.

🐧 Debian: the Debian Project has released new security updates affecting core components and widely deployed packages, with significant implications for server environments and systems relying on sensitive libraries and services.

⚡️ Don’t think — patch! 🚀

📚 Sources:

🔗 DNS4EU: https://blog.marcfredericgomez.fr/dns4eu-vers-un-dns-europeen-souverain-securise-et-respectueux-de-la-vie-privee/
🔗 Check Point – State of Ransomware Q3 2025: https://research.checkpoint.com/2025/the-state-of-ransomware-q3-2025/
🔗 North Korean IT Workers – The Record: https://therecord.media/multiple-us-nationals-guilty-pleas-north-korean-it-worker-scams
🔗 Cisco Catalyst Center: https://cybersecuritynews.com/cisco-catalyst-center-vulnerability/
🔗 Debian – Security Updates: https://www.debian.org/News/2025/20251115

📞 Share your feedback:
📧 radiocsirt@gmail.com
🌐 www.radiocsirt.org
📰 radiocsirtintl.substack.com

#CyberSecurity #DNS4EU #Ransomware #NorthKorea #Cisco #Debian #RadioCSIRT 🎧🔥

Bonjour and Welcome to your daily cybersecurity podcast.

🧩 AMD Zen 5: AMD confirms a critical flaw in the rdseed instruction causing severe entropy reduction, weakening cryptographic material generated on Zen 5 processors prior to microcode updates.

🛡️ Akira Ransomware: CISA, the FBI, and international partners release major updates on newly observed TTPs and IOCs, highlighting widespread targeting of SMBs and multiple critical infrastructure sectors.

🌐 FortiWeb: Active exploitation of CVE-2025-64446, a relative path traversal vulnerability enabling administrative command execution through crafted HTTP(S) requests.

🏨 Fake Travel Platforms: A Russian-speaking threat actor registered over 4,300 domains imitating Booking, Airbnb, Expedia, and Agoda to steal payment card data via a multilingual phishing kit.

🧬 FormBook Stealer: A new campaign chains weaponized ZIP archives, obfuscated VBS and PowerShell layers, and msiexec.exe injection to deploy an updated variant of the FormBook information stealer.

💼 Logitech: The company confirms a data breach via exploitation of a third-party zero-day vulnerability, claimed by the Clop extortion group, with nearly 1.8 TB of data allegedly leaked.

⚡️ Don’t think — patch! 🚀

📚 Sources:
🔗 AMD Zen 5 RNG: https://www.tomshardware.com/pc-components/cpus/amd-confirms-zen-5-rng-flaw-when-random-isnt-random-enough
🔗 Akira – CISA/FBI: https://www.cisa.gov/news-events/alerts/2025/11/13/cisa-fbi-and-partners-unveil-critical-guidance-protect-against-akira-ransomware-threat
🔗 FortiWeb CVE-2025-64446: https://www.cisa.gov/news-events/alerts/2025/11/14/fortinet-releases-security-advisory-relative-path-traversal-vulnerability-affecting-fortiweb-products
🔗 Fake Travel Sites: https://thehackernews.com/2025/11/russian-hackers-create-4300-fake-travel.html
🔗 FormBook Campaign: https://cybersecuritynews.com/weaponized-zip-archives-and-multi-script-chains-used-to-deploy-formbook-malware
🔗 Logitech / Clop: https://www.bleepingcomputer.com/news/security/logitech-confirms-data-breach-after-clop-extortion-attack

📞 Share your feedback:
📧 radiocsirt@gmail.com
🌐 www.radiocsirt.org
📰 radiocsirtintl.substack.com

#CyberSecurity #AMD #Akira #Fortinet #Phishing #FormBook #Logitech #Clop #Ransomware #Infostealer #RadioCSIRT 🎧🔥

Welcome to your daily cybersecurity podcast.

🤖 Anthropic faces controversy over claims that Claude enabled fully automated cyberattacks end-to-end. Several experts question the technical validity and highlight the lack of concrete evidence.

🛡️ Fortinet confirms it silently patched a critical FortiWeb zero-day already exploited in active attacks. The discreet fix was intended to avoid tipping off threat actors monitoring patch cycles.

📞 Cisco Unified CCX: multiple critical vulnerabilities expose call-center infrastructures to compromise, enabling remote code execution and unauthorized access to sensitive systems.

🐉 Google initiates legal action to disrupt a major Chinese SMS phishing triad operating at international scale with a structured criminal infrastructure.

📡 ASUS – CVE-2025-59367: a critical flaw allows attackers to remotely access ASUS DSL routers without authentication, providing full device takeover.

🇰🇵 North Korean APT actors increasingly abuse JSON services to evade traditional detection and enhance the stealth of their command-and-control operations.

🔍 CERT-FR – Operation EndGame: CERT-FR releases a comprehensive CTI analysis detailing an advanced campaign leveraging modular techniques and distributed infrastructures targeting strategic organizations.

⚡️ Don’t think — patch! 🚀

📚 Sources:
🔗 Anthropic: https://www.bleepingcomputer.com/news/security/anthropic-claims-of-claude-ai-automated-cyberattacks-met-with-doubt/
🔗 Fortinet (FortiWeb Zero-Day): https://www.bleepingcomputer.com/news/security/fortinet-confirms-silent-patch-for-fortiweb-zero-day-exploited-in-attacks/
🔗 Cisco Unified CCX: https://cyberpress.org/cisco-unified-ccx-flaws/
🔗 Google – SMS Phishing Triad: https://krebsonsecurity.com/2025/11/google-sues-to-disrupt-chinese-sms-phishing-triad/
🔗 ASUS – CVE-2025-59367: https://securityaffairs.com/184636/security/critical-cve-2025-59367-flaw-lets-hackers-access-asus-dsl-routers-remotely.html
🔗 North Korean JSON Abuse: https://thehackernews.com/2025/11/north-korean-hackers-turn-json-services.html
🔗 CERT-FR – End-Game: https://www.cert.ssi.gouv.fr/cti/CERTFR-2025-CTI-011/

📞 Share your feedback:
📧 radiocsirt@gmail.com
🌐 www.radiocsirt.com
📰 radiocsirtintl.substack.com

#CyberSecurity #Anthropic #Fortinet #Cisco #Google #ASUS #NorthKorea #CERTFR #EndGame #CTI #RadioCSIRT 🎧🔥

⚡️Welcome to your daily cybersecurity podcast.

🌐 Google TAG: Q3 2025 bulletin — over 18,000 YouTube channels, 120 domains, and multiple coordinated networks taken down. Massive activity originating from China, Russia, Azerbaijan, Iran, and Turkey, along with seven distinct operations targeting Moldova.

🛡️ CISA reports ongoing cyber threats against Cisco ASA and Firepower devices. Active exploitation, confirmed compromises, and immediate mitigation and patching strongly recommended.

📊 Nagios (CERT-FR): security advisory published on multiple vulnerabilities affecting Nagios XI and related components. Risks include compromise, remote code execution, and privilege escalation — urgent updates required across all monitoring environments.

⚡️ Don’t think — patch! 🚀

📚 Sources:
🔗 Google TAG – https://blog.google/threat-analysis-group/tag-bulletin-q3-2025/
🔗 CISA – https://www.cisa.gov/news-events/news/cisa-identifies-ongoing-cyber-threats-cisco-asa-and-firepower-devices
🔗 CERT-FR (Nagios) – https://www.cert.ssi.gouv.fr/avis/CERTFR-2025-AVI-0989/

📞 Share your feedback:
📧 radiocsirt@gmail.com
🌐 www.radiocsirt.com
📰 radiocsirtintl.substack.com

#CyberSecurity #GoogleTAG #CISA #Cisco #Nagios #CERTFR #ThreatIntel #Monitoring #RadioCSIRT 🎧🔥

Welcome to your special edition Patch Tuesday briefing 🕵️‍♂️🔥

📌 Microsoft – November 2025 Patch Tuesday: 63 flaws fixed including 1 zero-day
Microsoft has released patches for 63 vulnerabilities this month, including one zero-day actively exploited (CVE-2025-62215) affecting the Windows Kernel. Critical issues include RCE in GDI+ (CVE-2025-60724), Office (CVE-2025-62199), and Visual Studio (CVE-2025-62214), as well as an EoP in DirectX Graphics Kernel (CVE-2025-60716). Key “Exploitation More Likely” issues affect CEIP (CVE-2025-59512), CSC service (CVE-2025-60705) and multiple WinSock driver flaws (CVE-2025-60719, CVE-2025-62217, CVE-2025-62213).
Prioritise: patch the zero-day immediately, deploy the critical updates without delay, and address the Important but high-risk EoPs. Also incorporate updates from Adobe, Cisco, SAP, QNAP, Google/Android and others into your patch window.

📚 Sources:
🔗 Marc Frederic GOMEZ Blog’s: https://blog.marcfredericgomez.com/microsoft-patch-tuesday-november-2025/
🔗 Bleeping Computer – Microsoft November 2025 Patch Tuesday fixes 1 zero-day, 63 flaws: https://www.bleepingcomputer.com/news/microsoft/microsoft-november-2025-patch-tuesday-fixes-1-zero-day-63-flaws/
🔗 Talos Intelligence Blog – Microsoft Patch Tuesday November 2025: https://blog.talosintelligence.com/microsoft-patch-tuesday-november-2025/
🔗 Microsoft Security Update Guide – November 2025: https://msrc.microsoft.com/update-guide

📞 Share your feedback:
📧 radiocsirt@gmail.com
🌐 www.radiocsirt.com
📰 radiocsirtintl.substack.com

#CyberSecurity #Microsoft #PatchTuesday #CVE202562215 #CERT #SOC #CSIRT #CISO #VulnerabilityManagement #BlueTeam #RadioCSIRT 🎧🔥

🔐 KeePassXC: full transparency on AI use in development — no AI functions integrated, and every contribution is subject to full human review.

🏢 NCSC (UK): launch of the Cyber Action Toolkit, a free and interactive tool designed to help small businesses strengthen their cybersecurity with simple, practical steps.

💥 Triofox (CVE-2025-12480): active exploitation of a critical flaw (CVSS 9.1) allowing remote code execution through the built-in antivirus feature. Mandiant urges immediate patching.

📱 APT37: the North Korean threat group is abusing Google Find Hub to geolocate and remotely wipe Android smartphones belonging to South Korean victims.

💾 3CX: massive scans targeting FTP backup servers — reminder: avoid FTP for sensitive data and verify SSH/Telnet shared accounts.

🕵️ Fantasy Hub: a new “spyware-as-a-service” for rent, complete with fake Android apps, customization kits, and customer support.

🦊 Mozilla Firefox: new built-in defenses against fingerprinting, reducing online tracking without breaking website compatibility.

⚡️ Don’t think — patch! 🚀

📚 Sources:
🔗 Malwarebytes – Fantasy Hub : https://www.malwarebytes.com/blog/news/2025/11/fantasy-hub-is-spyware-for-rent-complete-with-fake-app-kits-and-support
🔗 SANS ISC – 3CX FTP scans : https://isc.sans.edu/diary/rss/32464
🔗 Bleeping Computer – Firefox anti-fingerprinting : https://www.bleepingcomputer.com/news/security/mozilla-firefox-gets-new-anti-fingerprinting-defenses/
🔗 Bleeping Computer – APT37 / Find Hub : https://www.bleepingcomputer.com/news/security/apt37-hackers-abuse-google-find-hub-in-android-data-wiping-attacks/
🔗 The Hacker News – Triofox exploit : https://thehackernews.com/2025/11/hackers-exploiting-triofox-flaw-to.html
🔗 NCSC – Cyber Action Toolkit : https://www.ncsc.gov.uk/blog-post/cat-breaking-down-resilience-barriers
🔗 KeePassXC – Code quality & AI policy : https://keepassxc.org/blog/2025-11-09-about-keepassxcs-code-quality-control/

📞 Share your feedback:
📧 radiocsirt@gmail.com
🌐 www.radiocsirt.com
📰 radiocsirtintl.substack.com

CyberSecurity #KeePassXC #NCSC #Triofox #APT37 #3CX #Firefox #Spyware #RadioCSIRT