EPISODE · Nov 29, 2025 · 8 MIN
RadioCSIRT – Your Cybersecurity Update for Saturday, 29 November 2025 (Ep.35)
from RadioCSIRT - English Edition · host Marc Frédéric GOMEZ
Welcome to your daily cybersecurity briefing.CVSS v4.0 – Understanding the New Vulnerability Scoring ModelA new analysis from Malwarebytes provides a clear breakdown of CVSS v4.0, detailing how the updated framework shifts focus toward exploitability, environmental modifiers, and attacker utility. The article highlights changes in severity interpretation, granularity in attack requirements, and the impact of supplemental metrics—key for vulnerability prioritization across CERT, SOC, and risk teams.Tomiris Deploys New Malware ToolsKaspersky researchers have identified new components in the Tomiris malware ecosystem, including updated loaders and covert communications modules. These additions reinforce Tomiris’ operational overlap with Turla-linked activity while demonstrating improvements in stealth, modularity, and long-term persistence tactics used across Central Asian and Middle Eastern networks.CISA Adds New KEV EntryCISA has added one vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog. The advisory stresses active exploitation in the wild and mandates federal agencies to apply mitigation measures before the deadline. The alert underscores CISA’s continued emphasis on exploitation-based risk scoring and operational directives for rapid patching.Legacy Python Bootstrap Scripts Create Supply Chain ExposureA report from The Hacker News warns that outdated Python bootstrap scripts used in legacy automation pipelines can introduce severe supply chain weaknesses. The issue stems from insecure dependency retrieval mechanisms, outdated hashing practices, and implicit trust in remote package sources—raising the risk of tampering and malicious code injection in CI/CD environments.Don’t Think – Patch Now.Sources:Malwarebytes – CVSS v4.0 - https://www.malwarebytes.com/blog/news/2025/11/how-cvss-v4-0-works-characterizing-and-scoring-vulnerabilitiesSecurelist – Tomiris - https://securelist.com/tomiris-new-tools/118143/CISA – KEV Catalog Update - https://www.cisa.gov/news-events/alerts/2025/11/28/cisa-adds-one-known-exploited-vulnerability-catalogThe Hacker News – Python Bootstrap Risk - https://thehackernews.com/2025/11/legacy-python-bootstrap-scripts-create.htmlYour feedback is welcome.Email: [email protected]: https://www.radiocsirt.comWeekly Newsletter: https://radiocsirtintl.substack.com
NOW PLAYING
RadioCSIRT – Your Cybersecurity Update for Saturday, 29 November 2025 (Ep.35)
No transcript for this episode yet
Similar Episodes
Mar 31, 2026 ·143m
Mar 24, 2026 ·88m
Feb 27, 2025 ·73m