A brief daily summary of what is important in information security. The podcast is published every weekday and designed to get you ready for the day with a brief, usually 5 minute long, summary of current network security related events. The content is late breaking, educational and based on listener input as well as on input received by the SANS Internet Stormcenter. You may submit questions and comments via our contact form at https://isc.sans.edu/contact.html .
SANS Stormcast Thursday, August 28th, 2025: Launching Shellcode; NX Compromise; Volt Typhoon Report
August 27, 2025
6:39
5.58 MB
Downloads: 0
Interesting Technique to Launch a Shellcode
Xavier came across malware that PowerShell and the CallWindowProcA() API to launch code.
https://isc.sans.edu/diary/Interesting%20Technique%20to%20Launch%20a%20Shellcode/32238
NX Compromised to Steal Wallets and Credentials
The popular open source NX build package was compromised. Code was added that uses the help of AI tools like Claude and Gemini to steal credentials from affected systems
https://semgrep.dev/blog/2025/security-alert-nx-compromised-to-steal-wallets-and-credentials/
Countering Chinese State-Sponsored Actors Compromise of Networks Worldwide to Feed the Global Espionage System
Several law enforcement and cybersecurity agencies worldwide collaborated to release a detailed report on the recent Volt Typhoon incident.
https://www.cisa.gov/news-events/cybersecurity-advisories/aa25-239a