Sign up to save your podcasts
Or
Share SANS Stormcast Tuesday, September 23rd, 2025: Ivanti EPMM Exploit; GitHub Impersonation
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
SANS Stormcast Tuesday, September 23rd, 2025: Ivanti EPMM Exploit; GitHub Impersonation
CISA Reports Ivanti EPMM Exploit Sightings
Two different organizations submitted backdoors to CISA, which are believed to have been installed using Ivanti vulnerabilities patched in May.
https://www.cisa.gov/news-events/analysis-reports/ar25-261a
Lastpass Observes Impersonation on GitHub
Lastpass noted a number of companies being impersonated via fake GitHub repositories in order to trick victims to download Mac malware.
https://blog.lastpass.com/posts/attack-targeting-macs-via-github-pages
Oracle Scheduler Ransomware
Ransomware has been discovered that gained access to systems via an exposed Oracle Database Scheduler service.
https://labs.yarix.com/2025/09/elons-proxima-black-shadow-related-ransomware-attack-via-oracle-dbs-external-jobs/
View all episodes
By Johannes UllrichCISA Reports Ivanti EPMM Exploit Sightings
Two different organizations submitted backdoors to CISA, which are believed to have been installed using Ivanti vulnerabilities patched in May.
https://www.cisa.gov/news-events/analysis-reports/ar25-261a
Lastpass Observes Impersonation on GitHub
Lastpass noted a number of companies being impersonated via fake GitHub repositories in order to trick victims to download Mac malware.
https://blog.lastpass.com/posts/attack-targeting-macs-via-github-pages
Oracle Scheduler Ransomware
Ransomware has been discovered that gained access to systems via an exposed Oracle Database Scheduler service.
https://labs.yarix.com/2025/09/elons-proxima-black-shadow-related-ransomware-attack-via-oracle-dbs-external-jobs/