RadioCSIRT — Your Cybersecurity Update for Sunday, November 9, 2025 (Ep. 12) episode artwork

EPISODE · Nov 9, 2025 · 8 MIN

RadioCSIRT — Your Cybersecurity Update for Sunday, November 9, 2025 (Ep. 12)

from RadioCSIRT - English Edition · host Marc Frédéric GOMEZ

Welcome to your weekend cybersecurity briefing 🕵️‍♂️🔥🐧 Samba — Remote Command Execution (CVE-2025-10230)A critical vulnerability affects Samba in the WINS module. An unauthenticated attacker can inject commands through unfiltered NetBIOS names and execute arbitrary code on the server. CVSS score: 10.0 (Critical). This flaw allows full system compromise. Immediate patching is strongly recommended.🧩 SuiteCRM — Session Persistence After Account Deactivation (CVE-2025-64489)Versions up to 7.14.7 and 8.9.0 fail to revoke sessions when accounts are deactivated. Inactive users can retain access and even reactivate themselves. Severity: High (CVSS 8.3). The issue is fixed in versions 7.14.8 and 8.9.1.🔐 SuiteCRM — RBAC Enforcement Bypass (CVE-2025-64490)Inconsistent role enforcement allows low-privileged users to access or create items in disabled modules. This authorization flaw exposes sensitive data. The patch is available starting from version 8.9.1.💣 NuGet — Time-Bomb Malware Hidden in .NET PackagesResearchers discovered nine malicious packages published between 2023 and 2024, programmed to detonate between 2027 and 2028. Among them, Sharp7Extend targeted Siemens S7 industrial PLCs, corrupting communications and causing operational failures. All packages have been removed, but systems that used them should be considered compromised.🧠 Whisper Leak — Inferring AI Chat Topics from Encrypted TrafficMicrosoft revealed a side-channel attack capable of deducing chatbot conversation topics even through HTTPS encryption. By analyzing packet sizes and timing, attackers can identify sensitive subjects. Countermeasures have been deployed by OpenAI, Microsoft, and Mistral, including the addition of random text sequences to mask token lengths.🐉 China-Linked Espionage — Breach of a U.S. Non-ProfitA China-linked group compromised a U.S. policy organization in April 2025. The attackers exploited multiple public vulnerabilities and used DLL sideloading via vetysafe.exe to maintain stealthy access for weeks. Their objective: long-term espionage and data exfiltration using a RAT associated with APT41.🧱 QNAP — Seven Critical Zero-Days Fixed After Pwn2Own 2025Seven critical zero-days exploited on QNAP NAS devices allowed remote code execution and privilege escalation. The affected systems include QTS 5.2.x and QuTS hero h5.2.x / h5.3.x. Fixes were released on October 24, 2025 in builds QTS 5.2.7.3297 and QuTS hero 5.3.1.3292. QNAP urges immediate updates, password rotation, and network segmentation.⚡️ Don’t think — patch! 🚀📚 Sources:🔗 Samba: https://cvefeed.io/vuln/detail/CVE-2025-10230🔗 SuiteCRM (CVE-2025-64489): https://cvefeed.io/vuln/detail/CVE-2025-64489🔗 SuiteCRM (CVE-2025-64490): https://cvefeed.io/vuln/detail/CVE-2025-64490🔗 The Register – NuGet: https://www.theregister.com/2025/11/07/cybercriminals_plant_destructive_time_bomb/🔗 The Hacker News – Whisper Leak: https://thehackernews.com/2025/11/microsoft-uncovers-whisper-leak-attack.html🔗 Security Affairs – China Espionage: https://securityaffairs.com/184351/apt/china-linked-hackers-target-u-s-non-profit-in-long-term-espionage-campaign.html🔗 Cybersecurity News – QNAP: https://cybersecuritynews.com/qnap-zero-day-vulnerabilities-exploited/📞 Share your feedback:📧 [email protected]🌐 www.radiocsirt.com📰 radiocsirtintl.substack.com

NOW PLAYING

RadioCSIRT — Your Cybersecurity Update for Sunday, November 9, 2025 (Ep. 12)

0:00 8:12

No transcript for this episode yet

We transcribe on demand. Request one and we'll notify you when it's ready — usually under 10 minutes.

Al-Quran In English Dr. Soha The complete Quran translation in English, Narrated by Dr. Soha. Hosted on Acast. See acast.com/privacy for more information. The Hobbit by J. R. R. Tolkien Audiobook Raghvendra Singh The journey through Middle-earth begins here with J.R.R. Tolkien's classic prelude to his Lord of the Rings trilogy.“A glorious account of a magnificent adventure, filled with suspense and seasoned with a quiet humor that is irresistible... All those, young or old, who love a fine adventurous tale, beautifully told, will take The Hobbit to their hearts.”—The New York Times Book Review"In a hole in the ground there lived a hobbit." So begins one of the most beloved and delightful tales in the English language—Tolkien's prelude to The Lord of the Rings. Set in the imaginary world of Middle-earth, at once a classic myth and a modern fairy tale, The Hobbit is one of literature's most enduring and well-loved novels.Bilbo Baggins is a hobbit who enjoys a comfortable, unambitious life, rarely traveling any farther than his pantry or cellar. But his contentment is disturbed when the wizard Gandalf and a company of dwarves arrive on his doorstep one day to whisk him away CLO Level 3 Lessons Chinese Learn Online (CLO) Learn Mandarin Chinese with our unique structured immersion course. Each lesson continues where the previous one left off. Level 1 lessons are conducted mainly in English. Later levels in the course will be conducted in Chinese that was taught in earlier levels. Learn English with the British Council and Premier League Jack Radford

Frequently Asked Questions

How long is this episode of RadioCSIRT - English Edition?

This episode is 8 minutes long.

When was this RadioCSIRT - English Edition episode published?

This episode was published on November 9, 2025.

What is this episode about?

Welcome to your weekend cybersecurity briefing 🕵️‍♂️🔥🐧 Samba — Remote Command Execution (CVE-2025-10230)A critical vulnerability affects Samba in the WINS module. An unauthenticated attacker can inject commands through unfiltered NetBIOS names...

Can I download this RadioCSIRT - English Edition episode?

Yes, you can download this episode by clicking the download button on the episode player, or subscribe to the podcast in your preferred podcast app for automatic downloads.
URL copied to clipboard!