Sign up to save your podcasts
Or
Share SANS Stormcast Monday April 14th: Langlow AI Attacks; Fortinet Attack Cleanup; MSFT Inetpub;
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
SANS Stormcast Monday April 14th: Langlow AI Attacks; Fortinet Attack Cleanup; MSFT Inetpub;
Exploit Attempts for Recent Langflow AI Vulnerability (CVE-2025-3248)
After spotting individaul attempts to exploit the recent Langflow vulnerability late last weeks, we now see more systematic internet wide scans attempting to verify the vulnerability.
https://isc.sans.edu/forums/diary/Exploit+Attempts+for+Recent+Langflow+AI+Vulnerability+CVE20253248/31850/
Fortinet Analysis of Threat Actor Activity
Fortinet oberved recent vulnerablities in its devices being used to add a symlink to ease future compromise. The symlink is not removed by prior patches, and Fortinet released additional updates to detect and remove this attack artifact.
https://www.fortinet.com/blog/psirt-blogs/analysis-of-threat-actor-activity
MSFT Inetpub
Microsoft clarrified that its April patches created the inetpub directory on purpose. Users should not remove it.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21204#exploitability
SANSFIRE
https://isc.sans.edu/j/sansfire
View all episodes
By Johannes UllrichExploit Attempts for Recent Langflow AI Vulnerability (CVE-2025-3248)
After spotting individaul attempts to exploit the recent Langflow vulnerability late last weeks, we now see more systematic internet wide scans attempting to verify the vulnerability.
https://isc.sans.edu/forums/diary/Exploit+Attempts+for+Recent+Langflow+AI+Vulnerability+CVE20253248/31850/
Fortinet Analysis of Threat Actor Activity
Fortinet oberved recent vulnerablities in its devices being used to add a symlink to ease future compromise. The symlink is not removed by prior patches, and Fortinet released additional updates to detect and remove this attack artifact.
https://www.fortinet.com/blog/psirt-blogs/analysis-of-threat-actor-activity
MSFT Inetpub
Microsoft clarrified that its April patches created the inetpub directory on purpose. Users should not remove it.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21204#exploitability
SANSFIRE
https://isc.sans.edu/j/sansfire