Page de couverture de RadioCSIRT - Weekly English Edition

RadioCSIRT - Weekly English Edition

RadioCSIRT - Weekly English Edition

Auteur(s): Marc Frédéric GOMEZ
Écouter gratuitement

À propos de cet audio

🎙 Marc Frédéric Gomez, cybersecurity expert, brings you daily insights into the latest threats, attacks, and defense strategies you need to know.

🔎 On the agenda:
✔️ Analysis of cyberattacks and critical vulnerabilities
✔️ Strategic intelligence for CSIRTs, CERTs, and cybersecurity professionals
✔️ Sources and references to dive deeper into each topic

💡 Why listen to RadioCSIRT?
🚀 Stay up to date in just a few minutes a day
🛡️ Anticipate threats with reliable, technical information
📢 An essential intelligence source for IT and security professionals

🔗 Listen, share, and secure your environment!
📲 Subscribe and leave a ⭐ rating on your favorite platform!

Marc Frédéric GOMEZ Politique
Épisodes
  • RadioCSIRT English Version - Your Cyber Security Podcast, Feb 29th, 2026 (Ep.71)

    RadioCSIRT English Version - Your Cyber Security Podcast, Feb 29th, 2026 (Ep.71)
    Feb 28 2026

    We open this recap with the Winter Olympic Games in Milano Cortina, facing a wave of cyberattacks attributed to Russia. According to The Register, Italy’s Minister of Foreign Affairs confirmed the targeting of diplomatic offices and Olympic infrastructure. The defensive posture is further strained by supply chain tensions, as Cloudflare’s CEO threatened to withdraw pro bono protection services following a regulatory dispute with Italian authorities.

    In France, ZDNet reported an espionage case in Gironde involving a clandestine interception station operated from a rented Airbnb property. Two Chinese nationals were charged. The seized equipment was designed for sniffing Starlink communications and intercepting military frequencies, illustrating direct risk at the physical communications layer.

    We then move to active exploitation and emergency response requirements around Cisco Catalyst SD-wan. Australia’s cyber authorities published an alert on exploitation of Cisco SD-wan appliances. Cisa added CVE 2026 20127 and CVE 2022 20775 to the Known Exploited Vulnerabilities catalog and issued Emergency Directive twenty-six zero three, requiring immediate inventory, forensic artifact collection, patching, and compromise assessment, with a deadline of February twenty-seventh, twenty twenty-six. certfr confirmed active exploitation through alert certfr twenty twenty-six ALE zero zero two, and BleepingComputer reported exploitation activity dating back to twenty twenty-three.

    On the malware front, multiple campaigns highlight attacker focus on routers, developers, and stealth tooling. Cisco Talos detailed the dismantling of the DKnife interception framework used since twenty nineteen. Talos also documented the Dohdoor backdoor campaign using DNS over HTTPS through Cloudflare, delivered via DLL sideloading and process hollowing, with EDR bypass techniques involving syscall unhooking in ntdll dot dll. Kaspersky GReAT reported Arkanix Stealer operating as Malware as a Service, with both Python and C plus plus implementations, AES GCM communications, and indications of LLM-assisted development.

    Developer ecosystems remain a key battleground. Microsoft warned of fake Next dot js repositories used as job interview lures delivering in-memory JavaScript payloads, and GitLab banned one hundred thirty-one accounts linked to the Contagious Interview operation and the Wagemole scheme. Socket identified the SANDWORM underscore MODE campaign abusing at least nineteen malicious npm packages through typosquatting, including a module targeting AI coding assistants via malicious MCP server injection combined with prompt injection.

    We also cover phishing at industrial scale. As reported by KrebsOnSecurity, the Starkiller phishing as a service platform dynamically loads real login pages and acts as a reverse proxy, relaying keystrokes, form submissions, and session tokens through attacker infrastructure, effectively defeating multi-factor authentication by capturing the full authentication flow.

    Finally, critical vulnerabilities affected AI development environments. Check Point Research documented vulnerabilities in Anthropic’s Claude Code enabling command execution via project hooks, MCP consent bypass through project configuration, and clear-text exfiltration of Anthropic API keys by redirecting the ANTHROPIC underscore BASE underscore URL variable to an attacker-controlled endpoint. In parallel, Linux ecosystem updates included Linux seven point zero entering release candidate status, while incident response and law enforcement actions included Eurojust’s takedown of a fraudulent call centre in Dnipro.

    All sources are available on https://www.radiocsirt.com/podcast/your-cybersecurity-news-for-saturday-february-28-2026-ep-71/

    Don’t think, patch!

    Your feedback is welcome.
    Email: radiocsirt@gmail.com
    Website:https://www.radiocsirt.com
    Weekly Newsletter:https://radiocsirtenglishedition.substack.com/
    Voir plus Voir moins
    32 min
  • Ep. 70 - RadioCSIRT English Edition – Your Cybersecurity News: Jan 31 – Feb 6, 2026

    Ep. 70 - RadioCSIRT English Edition – Your Cybersecurity News: Jan 31 – Feb 6, 2026
    Feb 8 2026
    We open this weekly recap with a critical alert regarding the active exploitation of a Microsoft Office Zero-Day, CVE-2026-21509. According to CERT-UA, the Russian-linked group APT28 has integrated this flaw into phishing campaigns targeting Ukrainian administrations and several EU nations, utilizing a complex infection chain involving WebDAV and the Covenant post-exploitation framework. In a simultaneous blow to software supply chains, the official update mechanism for Notepad++ was hijacked by the state-sponsored actor Violet Typhoon to distribute malware. While threats against productivity tools rise, Mozilla is pivoting toward privacy by announcing that Firefox 148 will allow users to centrally disable all generative AI features.The infrastructure landscape faced significant pressure this week as the CISA issued a binding operational directive requiring federal agencies to retire all End-of-Life (EoL) equipment within 12 months, citing their role as persistent entry points for Edge-based attacks. Meanwhile, the AISURU botnet shattered global records by launching a hyper-volumetric DDoS attack peaking at 31.4 Tbps, fueled by 2 million compromised Android devices. On the regulatory front, the European Commission warned TikTok of potential fines reaching 6% of its global turnover for violating the Digital Services Act (DSA) through "addictive by design" features, while U.S. authorities successfully seized major piracy domains operated from Bulgaria.Regarding cyber-extortion, the group Scattered Lapsus ShinyHunters continues to defy traditional ransomware models by combining data theft with physical harassment and social engineering. In Germany, authorities warned of Signal account takeovers targeting high-profile individuals via fraudulent QR code pairing. To counter evolving threats, Microsoft unveiled a new scanner designed to detect backdoors within Large Language Models (LLMs), and the UK’s NCSC provided a strategic reality check on Cloud Security Posture Management (CSPM), emphasizing that while vital, these tools are only one piece of the broader cloud security puzzle.SourcesSaturday, January 31, 2026Clubic – https://www.clubic.com/actualite-598390-data-centers-ce-que-revele-la-premiere-reunion-a-bercy-sur-les-projets-en-cours-et-a-venir-en-france.htmlThe Record – https://therecord.media/bulgaria-piracy-sites-streaming-gaming-seized-usUnit 42 – https://unit42.paloaltonetworks.com/russian-cyberthreat-2026-winter-olympics/CERT Santé – https://cyberveille.esante.gouv.fr/alertes/grafana-cve-2026-21720-2026-01-29SANS ISC – https://isc.sans.edu/diary/rss/32668Sunday, February 1, 2026Google TAG – https://blog.google/threat-analysis-group/tag-bulletin-q4-2025/CERT-FR – https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0102/BleepingComputer – https://www.bleepingcomputer.com/news/security/mandiant-details-how-shinyhunters-abuse-sso-to-steal-cloud-data/The Hacker News – https://thehackernews.com/2026/01/iran-linked-redkitten-cyber-campaign.htmlMonday, February 2, 2026The Register – https://www.theregister.com/2026/02/02/russialinked_apt28_microsoft_office_bug/ The Hacker News – https://thehackernews.com/2026/02/notepad-official-update-mechanism.htmlBleepingComputer – https://www.bleepingcomputer.com/news/software/mozilla-will-let-you-turn-off-all-firefox-ai-features/SANS ISC – https://isc.sans.edu/diary/rss/32674Tuesday, February 3, 2026Zscaler ThreatLabz – https://www.zscaler.com/blogs/security-research/technical-analysis-anatsa-campaigns-android-banking-malware-active-googleEFF – https://www.encryptitalready.org/Centre canadien pour la cybersécurité – https://www.cyber.gc.ca/fr/alertes-avis/bulletin-securite-kubernetes-av26-078Wednesday, February 4, 2026CERT-FR – https://www.cert.ssi.gouv.fr/cti/CERTFR-2026-CTI-001/NCSC – https://www.ncsc.gov.uk/blog-post/cspm-silver-bullet-or-another-piece-in-the-cloud-puzzleThe Hacker News – https://thehackernews.com/2026/02/microsoft-develops-scanner-to-detect.htmlCISA – https://www.cisa.gov/news-events/alerts/2026/02/03/cisa-adds-four-known-exploited-vulnerabilities-catalogThursday, February 5, 2026The Record – https://therecord.media/cisa-gives-federal-agencies-one-year-end-of-life-devicesThe Hacker News – https://thehackernews.com/2026/02/aisurukimwolf-botnet-launches-record.htmlThe Register – https://www.theregister.com/2026/02/05/asia_government_spies_hacked_37_critical_networks/BleepingComputer – https://www.bleepingcomputer.com/news/security/hackers-compromise-nginx-servers-to-redirect-user-traffic/Friday, February 6, 2026KrebsOnSecurity – https://krebsonsecurity.com/2026/02/please-dont-feed-the-scattered-lapsus-shiny-hunters/BleepingComputer – https://www.bleepingcomputer.com/news/security/european-commission-says-tiktok-facing-fine-over-addictive-design/BleepingComputer – https://www.bleepingcomputer.com/news/security/germany-warns-of-signal-account-hijacking-targeting-senior-figures/CISA – https:...
    Voir plus Voir moins
    8 min
  • RadioCSIRT English Version - Ep. 69: CISA's KEV Surge, Sandworm Returns & The ChatGPT Leak

    RadioCSIRT English Version - Ep. 69: CISA's KEV Surge, Sandworm Returns & The ChatGPT Leak
    Jan 31 2026

    This week, the vulnerability floodgates opened. From an 11-year-old Telnet flaw to critical VMware exploits, the CISA KEV catalog is overflowing. But the biggest shocker? Operational security failures at the highest levels of government.

    In this episode of RadioCSIRT English Edition:

    🚨 Critical Patch Overload: A massive week for the CISA KEV catalog, featuring Oracle, VMware vCenter (CVSS 9.8), and a critical bypass in Fortinet.

    🦖 The Return of Sandworm: ESET uncovers "DynoWiper," a new malware targeting the Polish energy sector, marking the 10th anniversary of the Ukraine grid attack.

    🤖 OpSec Failures: The CISA Acting Director leaks classified docs to ChatGPT, and why your BitLocker keys might not be safe with Microsoft.

    🕸️ Botnet Consolidation: The Kimwolf botnet grows, potentially merging with Badbox 2.0 to control millions of Android devices.

    🇫🇷 Digital Sovereignty: France bids farewell to Teams and Zoom, deploying its sovereign "Visio" platform government-wide.

    Tune in for your weekly dose of critical cybersecurity intelligence.

    🔗 Links & Resources: https://www.radiocsirt.com/podcast/ep-69-cisas-kev-surge-sandworm-returns-the-chatgpt-leak/
    Voir plus Voir moins
    9 min
Pas encore de commentaire