EPISODE · Nov 22, 2025 · 9 MIN
RadioCSIRT – Your cybersecurity update for Saturday, November 22, 2025 (Ep. 27)
from RadioCSIRT - English Edition · host Marc Frédéric GOMEZ
Welcome to your daily cybersecurity podcast.🚨 Active exploitation – Oracle Identity Manager: CISA warns that a remote code execution vulnerability in Oracle Identity Manager is being actively exploited, putting IAM infrastructures at immediate risk.🛠️ SolarWinds Serv-U under fire: Two critical vulnerabilities impact Serv-U, potentially allowing attackers to fully compromise targeted servers.📨 SonicWall issues emergency patches: The vendor releases fixes for two flaws in its Email Security appliances, including a code execution bug (CVE-2025-40604).🚆 Massive data breach in Italy: The Italian railway operator Ferrovie dello Stato suffers a major data leak following an attack on contractor Almaviva.📊 Critical CVSS 10 flaw: Grafana patches a SCIM vulnerability rated 10/10, which could allow total compromise if left unpatched.🏢 ShinyHunters strikes again: Salesforce and Gainsight hit by a new data breach attributed to the group, with confirmed data exfiltration.⚡️ Don’t think—patch! 🚀📚 Sources:🔗 Oracle – CISA warns Oracle Identity Manager RCE flaw is being actively exploitedhttps://www.bleepingcomputer.com/news/security/cisa-warns-oracle-identity-manager-rce-flaw-is-being-actively-exploited/🔗 SolarWinds – Serv-U Critical Vulnerabilitieshttps://thecyberthrone.in/2025/11/22/solarwinds-serv-u-critical-vulnerabilities/🔗 SonicWall – Patches for Email Security Appliances (CVE-2025-40604)https://securityonline.info/sonicwall-patches-two-vulnerabilities-in-email-security-appliances-including-code-execution-flaw-cve-2025-40604/🔗 Data Leak – Italian Railway Operator Hit via Almaviva Hackhttps://securityaffairs.com/184907/data-breach/massive-data-leak-hits-italian-railway-operator-ferrovie-dello-stato-via-almaviva-hack.html🔗 Grafana – SCIM CVSS 10.0 Vulnerability Patchhttps://thehackernews.com/2025/11/grafana-patches-cvss-100-scim-flaw.html🔗 Breach – ShinyHunters Targets Salesforce & Gainsighthttps://www.theregister.com/2025/11/21/shinyhunters_salesforce_gainsight_breach/ 📞 Share your feedback:📧 [email protected]🌐 www.radiocsirt.org📰 radiocsirtintl.substack.com
NOW PLAYING
RadioCSIRT – Your cybersecurity update for Saturday, November 22, 2025 (Ep. 27)
No transcript for this episode yet
Similar Episodes
Mar 31, 2026 ·143m
Mar 24, 2026 ·88m
Feb 27, 2025 ·73m