RadioCSIRT English Edition –  (Ep.59) episode artwork

EPISODE · Dec 23, 2025 · 7 MIN

RadioCSIRT English Edition – (Ep.59)

from RadioCSIRT - English Edition · host Marc Frédéric GOMEZ

Welcome to your daily cybersecurity podcast. CISA has added CVE-2023-52163 to its Known Exploited Vulnerabilities Catalog, confirming active exploitation of Digiever DS-2105 Pro network video recorders. This missing authorization flaw allows unauthenticated attackers to bypass security controls. While BOD 22-01 mandates federal agencies to remediate, CISA urges all organizations to prioritize firmware updates. This vulnerability serves as a frequent entry point for actors targeting IoT infrastructure and physical security networks.Genians Security Center reports on APT37's "Artemis" campaign targeting South Korean entities through malicious HWP documents. The attack chain leverages OLE objects and DLL side-loading via the legitimate VolumeId utility to deploy the RoKRAT module. The threat actor employs steganography within images and abuses cloud services like Yandex and pCloud for C2 operations. This multi-stage procedure leverages legitimate execution flows to evade detection by signature-based security solutions.SoundCloud disclosed a cyberattack targeting an ancillary service dashboard, resulting in a data leak affecting 26 million accounts. Exposed data includes email addresses and public profile information; passwords and financial data were not compromised. The incident was followed by DDoS attacks affecting availability. Remediation efforts, specifically reinforcing Identity and Access Management controls, inadvertently caused temporary connectivity issues for VPN users.Socket Security identified two malicious Chrome extensions, named Phantom Shuttle, stealing credentials from 170+ enterprise domains including AWS and GitHub. These extensions use onAuthRequired listeners to inject hardcoded proxy credentials and PAC scripts to reroute sensitive traffic. Operating as a Man-in-the-Middle, the malware exfiltrates plaintext credentials, session cookies, and API keys to the C2 server phantomshuttle[.]space every five minutes.Anna’s Archive released a 300-terabyte dataset containing 86 million scraped Spotify tracks. The breach was achieved through systematic stream-ripping using third-party user accounts over several months. Spotify responded by disabling offending accounts and implementing new safeguards to block automated playback patterns. This massive exfiltration of metadata and audio files represents a significant challenge for digital rights management and creator protection.Sources:CISA KEV Digiever : https://www.cisa.gov/news-events/alerts/2025/12/22/cisa-adds-one-known-exploited-vulnerability-catalogAPT37 Artemis : https://www.genians.co.kr/en/blog/threat_intelligence/dllSoundCloud Breach : https://www.theregister.com/2025/12/16/soundcloud_cyberattack_data_leak/Chrome Phantom Shuttle : https://thehackernews.com/2025/12/two-chrome-extensions-caught-secretly.htmlSpotify Scraping : https://therecord.media/spotify-disables-scraping-annasDon’t think, patch!Your feedback is welcome.Email: [email protected]: https://www.radiocsirt.comWeekly Newsletter: https://radiocsirtenglishedition.substack.com/

NOW PLAYING

RadioCSIRT English Edition – (Ep.59)

0:00 7:18

No transcript for this episode yet

We transcribe on demand. Request one and we'll notify you when it's ready — usually under 10 minutes.

Al-Quran In English Dr. Soha The complete Quran translation in English, Narrated by Dr. Soha. Hosted on Acast. See acast.com/privacy for more information. The Hobbit by J. R. R. Tolkien Audiobook Raghvendra Singh The journey through Middle-earth begins here with J.R.R. Tolkien's classic prelude to his Lord of the Rings trilogy.“A glorious account of a magnificent adventure, filled with suspense and seasoned with a quiet humor that is irresistible... All those, young or old, who love a fine adventurous tale, beautifully told, will take The Hobbit to their hearts.”—The New York Times Book Review"In a hole in the ground there lived a hobbit." So begins one of the most beloved and delightful tales in the English language—Tolkien's prelude to The Lord of the Rings. Set in the imaginary world of Middle-earth, at once a classic myth and a modern fairy tale, The Hobbit is one of literature's most enduring and well-loved novels.Bilbo Baggins is a hobbit who enjoys a comfortable, unambitious life, rarely traveling any farther than his pantry or cellar. But his contentment is disturbed when the wizard Gandalf and a company of dwarves arrive on his doorstep one day to whisk him away CLO Level 3 Lessons Chinese Learn Online (CLO) Learn Mandarin Chinese with our unique structured immersion course. Each lesson continues where the previous one left off. Level 1 lessons are conducted mainly in English. Later levels in the course will be conducted in Chinese that was taught in earlier levels. Learn English with the British Council and Premier League Jack Radford

Frequently Asked Questions

How long is this episode of RadioCSIRT - English Edition?

This episode is 7 minutes long.

When was this RadioCSIRT - English Edition episode published?

This episode was published on December 23, 2025.

What is this episode about?

Welcome to your daily cybersecurity podcast. CISA has added CVE-2023-52163 to its Known Exploited Vulnerabilities Catalog, confirming active exploitation of Digiever DS-2105 Pro network video recorders. This missing authorization flaw allows...

Can I download this RadioCSIRT - English Edition episode?

Yes, you can download this episode by clicking the download button on the episode player, or subscribe to the podcast in your preferred podcast app for automatic downloads.
URL copied to clipboard!