This episode shows how attackers are bypassing phishing filter by abusing the "shy" softhyphen HTML entitiy. We got an update from Apple fixing a 0-day vulnerability in addition to a number of other issues. watchTowr show how to exploit an interesting FortiOS vulnerability and we have patches for Github Desktop and Apache Solr

An unusal shy z-wasp phish

https://isc.sans.edu/diary/An%20unusual%20%22shy%20z-wasp%22%20phishing/31626

How the soft hyphen "shy" HTML entity can be abused to bypass e-mail filters

Apple Patches

https://support.apple.com/en-us/100100

Apple released patches for all of its operating systems, fixing a 0-day vulnerability among many others issues

Get Fortirekt I am the Super_admin now

https://labs.watchtowr.com/get-fortirekt-i-am-the-super_admin-now-fortios-authentication-bypass-cve-2024-55591/

Details about a recent FortiOS Vulnerability

GitHub Desktop Vulnerability

https://thehackernews.com/2025/01/github-desktop-vulnerability-risks.html

Apache Solr Vulnerability

https://solr.apache.org/security.html#cve-2024-52012-apache-solr-configset-upload-on-windows-allows-arbitrary-path-write-access

Rss Apple Podcaster
Podden och tillhörande omslagsbild på den här sidan tillhör Johannes B. Ullrich. Innehållet i podden är skapat av Johannes B. Ullrich och inte av, eller tillsammans med, Poddtoppen.

SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

SANS ISC Stormcast, Jan 28th 2025: Z-Shy Phishing; Apple Patches 0-Day; Fortinet Exploit Details; Github and Apache Solr Patches

00:00