SANS Stormcast Friday, October 3rd, 2025: More .well-known Scans; RedHat Openshift Patch; TOTOLINK Vuln;
Update: 2025-10-03
Description
More .well-known scans
Attackers are using API documentation automatically published in the .well-known directory for reconnaissance.
https://isc.sans.edu/diary/More%20.well-known%20Scans/32340
RedHat Patches Openshift AI Services
A flaw was found in Red Hat Openshift AI Service. A low-privileged attacker with access to an authenticated account, for example, as a data scientist using a standard Jupyter notebook, can escalate their privileges to a full cluster administrator.
https://access.redhat.com/security/cve/cve-2025-10725#cve-affected-packages
TOTOLINK X6000R Vulnerabilities
Paloalto released details regarding three recently patched vulnerabilities in TotalLink-X6000R routers.
https://unit42.paloaltonetworks.com/totolink-x6000r-vulnerabilities/
DrayOS Vulnerability Patched
Draytek fixed a single memory corruption vulnerability in its Vigor series router. An unauthenticated user may use it to execute arbitrary code.
https://www.draytek.com/about/security-advisory/use-of-uninitialized-variable-vulnerabilities
Comments
In Channel