SANS Stormcast Friday, October 3rd, 2025: More .well-known Scans; RedHat Openshift Patch; TOTOLINK Vuln;

Update: 2025-10-03

Description

More .well-known scans

Attackers are using API documentation automatically published in the .well-known directory for reconnaissance.

https://isc.sans.edu/diary/More%20.well-known%20Scans/32340

RedHat Patches Openshift AI Services

A flaw was found in Red Hat Openshift AI Service. A low-privileged attacker with access to an authenticated account, for example, as a data scientist using a standard Jupyter notebook, can escalate their privileges to a full cluster administrator.

https://access.redhat.com/security/cve/cve-2025-10725#cve-affected-packages

TOTOLINK X6000R Vulnerabilities

Paloalto released details regarding three recently patched vulnerabilities in TotalLink-X6000R routers.

https://unit42.paloaltonetworks.com/totolink-x6000r-vulnerabilities/

DrayOS Vulnerability Patched

Draytek fixed a single memory corruption vulnerability in its Vigor series router. An unauthenticated user may use it to execute arbitrary code.

https://www.draytek.com/about/security-advisory/use-of-uninitialized-variable-vulnerabilities

Comments

In Channel

SANS Stormcast Monday, October 6th, 2025: Oracle 0-Day

2025-10-0606:28

SANS Stormcast Friday, October 3rd, 2025: More .well-known Scans; RedHat Openshift Patch; TOTOLINK Vuln;

2025-10-0306:35

SANS Stormcast Thursday, October 2nd, 2025: Honeypot Passwords; OneLogin Vuln; Breaking Intel SGX; OpenSSL Patch

2025-10-0208:11

SANS Stormcast Wednesday, October 1st, 2025: Cookie Auth Issues; Western Digtial Command Injection; sudo exploited;

2025-10-0105:10

SANS Stormcast Tuesday, September 30th, 2025: Apple Patch; PAN Global Protect Scans; SSL.com signed malware

2025-09-3005:06

SANS Stormcast Monday, September 29th, 2025: Convert Timestamps; Cisco Compromises; GitHub Notification Phishing

2025-09-2908:36

SANS Stormcast Friday, September 26th, 2025: Webshells in .well-known; Critical Cisco Vulns Exploited; XCSSET Update; GoAnywhere MFT Exploit Details

2025-09-2605:24

SANS Stormcast Thursday, September 25th, 2025: Hikvision Exploits; Cisco Patches; Sonicawall Anit-Rootkit Patch; Windows 10 Support

2025-09-2505:33

SANS Stormcast Wednesday, September 24th, 2025: DoS against the Analyst; GitHub Improvements; Solarwinds and Supermicro BMC vulnerabilities

2025-09-2407:22

SANS Stormcast Tuesday, September 23rd, 2025: Ivanti EPMM Exploit; GitHub Impersonation

2025-09-2304:49

SANS Stormcast Monday, September 22nd, 2025: Odd HTTP Reuqest; GoAnywhere MFT Bug; EDR Freeze

2025-09-2209:02

SANS Stormcast Friday, September 19th, 2025: Honeypot File Analysis (@sans_edu); SonicWall Breach; DeepSeek Bias; Chrome 0-day

2025-09-1907:14

SANS Stormcast Thursday, September 18th, 2025: DLL Hooking; Entra ID Actor Tokens; Watchguard and NVidia Patches

2025-09-1806:31

SANS Stormcast Wednesday, September 17th, 2025: Phishing Resistants; More npm Attacks; ChatGPT MCP abuse

2025-09-1708:47

SANS Stormcast Tuesday, September 16th, 2025: Apple Updates; Rust Phishing; Samsung 0-day

2025-09-1606:42

SANS Stormcast Monday, September 15th, 2025: More Archives; Salesforce Attacks; White Cobra; BSides Augusta

2025-09-1506:06

SANS Stormcast Friday, September 12th, 2025: DShield SIEM Update; Another Sonicwall Warning; Website Keystroke Logging

2025-09-1206:38

SANS Stormcast Thursday, September 11th, 2025: BASE64 in DNS; Google Chrome, Ivantii and Sophos Patches; Apple Memory Integrity Feature

2025-09-1107:12

SANS Stormcast Wednesday, September 10th, 2025: Microsoft Patch Tuesday;

2025-09-1008:25

SANS Stormcast Tuesday, September 9th, 2025: Major npm compromise; HTTP Request Signature

2025-09-0908:44

00:00

SANS Stormcast Friday, October 3rd, 2025: More .well-known Scans; RedHat Openshift Patch; TOTOLINK Vuln;

#box-pro-ellipsis-175972298395176{-webkit-line-clamp:2;}SANS Stormcast Friday, October 3rd, 2025: More .well-known Scans; RedHat Openshift Patch; TOTOLINK Vuln;

SANS Stormcast Friday, October 3rd, 2025: More .well-known Scans; RedHat Openshift Patch; TOTOLINK Vuln;

Dr. Johannes B. Ullrich

SANS Stormcast Friday, October 3rd, 2025: More .well-known Scans; RedHat Openshift Patch; TOTOLINK Vuln;