RadioCSIRT – English Edition – (Ep. 61) episode artwork

EPISODE · Dec 25, 2025 · 9 MIN

RadioCSIRT – English Edition – (Ep. 61)

from RadioCSIRT - English Edition · host Marc Frédéric GOMEZ

Welcome to your daily cybersecurity podcast.We open this edition with a geopolitical sequence marking a new phase in transatlantic tensions over digital regulation. The United States have imposed visa restrictions on several European figures involved in regulating technology platforms, including Thierry Breton, former European Commissioner. Washington justifies the decision by accusing European regulators of extraterritorial censorship, notably in the enforcement of the Digital Services Act. The European Union condemned the measure and requested formal explanations, citing an attack on its regulatory sovereignty.We then analyze CVE-2018-25154, a critical buffer overflow vulnerability affecting GNU Barcode version 0.99. The flaw, linked to the Code 93 encoding mechanism, enables arbitrary code execution through crafted input files. The CVSS 3.1 score is critical at 9.8, with high impact on confidentiality, integrity, and availability.We also review CVE-2023-36525, an unauthenticated Blind SQL Injection affecting the WPJobBoard WordPress plugin up to version 5.9.0. The vulnerability is remotely exploitable without privileges or user interaction and exposes affected sites to data leakage and persistent modification risks.In the cybercrime segment, the FBI seized the web3adspanels.org infrastructure, used as a backend to centralize stolen banking credentials from phishing campaigns. The infrastructure enabled account takeover operations against financial institutions and remained active until late 2025.We then cover Urban VPN Proxy, a free VPN browser extension whose recent versions implement interception and exfiltration of AI platform conversations, including prompts, responses, and session metadata, enabled by default.Finally, we address the active exploitation of CVE-2020-12812 on FortiGate firewalls, an older vulnerability still abused to bypass 2FA through inconsistencies between FortiGate and LDAP username case handling.SourcesTech regulation and USA–EU tensions:https://www.01net.com/actualites/pourquoi-les-etats-unis-sattaquent-a-thierry-breton-et-aux-autres-regulateurs-de-la-tech.htmlCVE-2018-25154 – GNU Barcode buffer overflow:https://cvefeed.io/vuln/detail/CVE-2018-25154CVE-2023-36525 – WPJobBoard Blind SQL Injection:https://cvefeed.io/vuln/detail/CVE-2023-36525FBI Seizure – web3adspanels.org:https://securityaffairs.com/186094/cyber-crime/fbi-seized-web3adspanels-org-hosting-stolen-logins.htmlUrban VPN Proxy data harvesting:https://boingboing.net/2025/12/19/this-free-vpn-is-a-massive-security-risk.htmlFortiGate 2FA bypass exploitation:https://cyberpress.org/hackers-abuse-3-year-old-fortigate-flaw/Don’t think, patch!Your feedback is welcome.Email: [email protected]: https://www.radiocsirt.comWeekly Newsletter: https://radiocsirtenglishedition.substack.com/

NOW PLAYING

RadioCSIRT – English Edition – (Ep. 61)

0:00 9:28

No transcript for this episode yet

We transcribe on demand. Request one and we'll notify you when it's ready — usually under 10 minutes.

No similar episodes found.

No similar podcasts found.

Frequently Asked Questions

How long is this episode of RadioCSIRT - English Edition?

This episode is 9 minutes long.

When was this RadioCSIRT - English Edition episode published?

This episode was published on December 25, 2025.

What is this episode about?

Welcome to your daily cybersecurity podcast.We open this edition with a geopolitical sequence marking a new phase in transatlantic tensions over digital regulation. The United States have imposed visa restrictions on several European figures...

Can I download this RadioCSIRT - English Edition episode?

Yes, you can download this episode by clicking the download button on the episode player, or subscribe to the podcast in your preferred podcast app for automatic downloads.
URL copied to clipboard!