Welcome to your daily cybersecurity podcast. French authorities arrested a 22-year-old individual following Interior Ministry system compromise. The intrusion exposed email accounts and confidential documents including judicial records and wanted persons databases. The attack was claimed on BreachForums. The suspect maintained network persistence for several days. Paris Prosecutor charged unauthorized access to state systems as […]

Welcome to your daily cybersecurity podcast. The Clop ransomware group, also tracked as Cl0p, is conducting a new data theft extortion campaign targeting Internet-exposed Gladinet CentreStack servers. Ongoing investigations confirm active scanning, successful intrusions, and the placement of extortion notes on compromised systems. The initial access vector remains unidentified, raising the possibility of a zero-day […]

Welcome to your daily cybersecurity podcast. CISA adds CVE-2025-59718 to its Known Exploited Vulnerabilities catalog on December 16th. The flaw affects Fortinet FortiOS, FortiSwitchMaster, FortiProxy, and FortiWeb through improper cryptographic signature verification in FortiCloud SSO SAML authentication. Unauthenticated attackers can bypass authentication via crafted SAML messages. Active exploitation confirmed. CVE-2025-59719 addresses the same underlying issue. […]

Welcome to your daily cybersecurity podcast. QNAP discloses a high-severity authentication bypass vulnerability tracked as CVE-2025-59385. The flaw allows remote attackers to spoof authentication mechanisms and access protected resources without credentials. The issue affects QTS and QuTS hero systems and is remotely exploitable with no user interaction. Patches are available in QTS 5.2.7.3297 and QuTS […]

Welcome to your daily cybersecurity podcast. Horizon3.ai exposes three critical FreePBX vulnerabilities. The most severe, CVE-2025-66039 scored 9.3, enables complete authentication bypass via simple forged Authorization header. Two additional flaws provide SQL injection and PHP web shell upload for remote code execution. Patches available but require manual CLI configuration and audit of instances exposed before […]

Welcome to your daily cybersecurity podcast. Apple and Google rush to fix actively exploited Zero-Day flaws. CISA has added CVE-2025-14174 to its KEV catalog, flagging a critical memory corruption vulnerability in the Chromium engine that affects Chrome, Edge, and Brave. Simultaneously, Apple has deployed patches for this same flaw alongside CVE-2025-43529, a WebKit Use-After-Free bug. […]

Welcome to your daily cybersecurity podcast. Palo Alto Networks Unit 42 exposes Ashen Lepus, a Hamas-affiliated APT actor active since 2018. The group deploys a new .NET modular malware suite named AshTag, targeting governmental and diplomatic entities across the Middle East with confirmed geographic expansion toward Oman and Morocco. The multi-stage infection chain initiates through […]

Welcome to this special RadioCSIRT cybersecurity briefing. In this episode, we take an in-depth look at the MITRE Top 25 Common Weakness Enumerations (CWE) for 2025, moving beyond a simple ranking to analyze the structural weaknesses that continue to drive real-world compromises. This analysis focuses on how recurring flaws such as cross-site scripting, sql injection, […]

Welcome to your daily cybersecurity podcast. The Linux kernel 5.4 officially reaches end-of-life. After years of LTS support, this version—massively deployed across Ubuntu, Android, and embedded systems—will no longer receive upstream security patches. This creates a critical risk for industrial and network equipment remaining on this version without a rapid migration path. Check Point dissects […]

Welcome to your daily cybersecurity podcast. Microsoft refuses to fix a critical RCE vulnerability in the .NET framework affecting the SoapHttpClientProtocol class. Revealed at Black Hat Europe by researcher Piotr Bazydło from WatchTowr, the flaw enables arbitrary file writes through SOAP URL manipulation. Exploitation relies on unexpected support for FILE and FTP protocols by a […]