EPISODE · Oct 29, 2025 · 7 MIN
RadioCSIRT English Version - Your Daily Cyber Security News, Oct 29th, 2025 (Ep.1)
from RadioCSIRT - English Edition · host Marc Frédéric GOMEZ
Welcome to your daily cybersecurity briefing ⚡️🐱👤 Apache Tomcat — Multiple VulnerabilitiesSeveral flaws affect Tomcat (10.1.x < 10.1.47, 11.0.x < 11.0.12, 9.0.x < 9.0.110), potentially leading to code execution, denial of service (DoS), and security policy bypass. Updates required.🐧 Kali Linux — 2025.3New snapshot featuring 10 new tools, major wireless improvements (including Nexmon on Raspberry Pi), and refreshed images/VMs.🧩 WordPress — CVE-2025-4665 (CFDB7)A vulnerability in the Contact Form CFDB7 plugin allows SQL Injection and PHP Object Injection. Update or disable the plugin if it’s no longer maintained.🌊 AISURU — Record-Breaking DDoS AttacksThe AISURU botnet has been linked to DDoS attacks peaking at 20 Tbps against consumer targets, operating under a “DDoS-for-hire” model. Strengthen your scrubbing/anycast capabilities.🎣 Phishing — Invisible Character ObfuscationRecent campaigns use invisible characters in subject lines to evade filters and detection. Review normalization and detection rules at the gateway level.🕊️ United Nations — Cybercrime TreatyThe United States declined to sign the new UN cybercrime treaty, despite over 70 countries signing it in Hanoi. This may impact international cooperation and mutual legal assistance.📒 CISA KEV — Additions from October 28, 2025Two vulnerabilities in Dassault Systèmes DELMIA Apriso were added to the KEV catalog: CVE-2025-6204 (code injection) and CVE-2025-6205 (missing authorization). Prioritize patching.⚡️ Don’t think, just patch!📚 Sources:https://www.cert.ssi.gouv.fr/avis/CERTFR-2025-AVI-0933/https://www.linuxjournal.com/content/kali-linux-20253-lands-enhanced-wireless-capabilities-ten-new-tools-infrastructure-refreshhttps://cvefeed.io/vuln/detail/CVE-2025-4665https://securityaffairs.com/183969/malware/aisuru-botnet-is-behind-record-20tb-sec-ddos-attacks.htmlhttps://cyberpress.org/phishing-attack/https://therecord.media/us-declines-signing-cybercrime-treatyhttps://www.cisa.gov/news-events/alerts/2025/10/28/cisa-adds-two-known-exploited-vulnerabilities-catalog📞 Share your feedback:📧 [email protected]🌐 www.radiocsirt.com📰 radiocsirtinl.substack.com#CyberSecurity #ApacheTomcat #KaliLinux #WordPress #CFDB7 #AISURU #Phishing #CybercrimeTreaty #CISA #CVE20256204 #CVE20256205 #CVE202555752 #CVE202555754 #CVE202561795 #CVE20254665 #RadioCSIRT
NOW PLAYING
RadioCSIRT English Version - Your Daily Cyber Security News, Oct 29th, 2025 (Ep.1)
No transcript for this episode yet
Similar Episodes
No similar episodes found.
Similar Podcasts
No similar podcasts found.