DiscoverSANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)SANS Stormcast Monday, December 15th, 2025: DLL Entry Points; ClickFix and Finger; Apple Patches
SANS Stormcast Monday, December 15th, 2025: DLL Entry Points; ClickFix and Finger; Apple Patches

SANS Stormcast Monday, December 15th, 2025: DLL Entry Points; ClickFix and Finger; Apple Patches

Update: 2025-12-15
Share

Description



Abusing DLLs EntryPoint for the Fun

DLLs will not just execute code when some of their functions are called, but also as they are loaded.

https://isc.sans.edu/diary/Abusing%20DLLs%20EntryPoint%20for%20the%20Fun/32562

Apple Patches Everything: December 2025 Edition

Apple released patches for all of its operating systems, fixing two already exploited vulnerabilities.

ClickFix Attacks Still Using the Finger

ClickFix Attacks Still Using the Finger

Two examples of ClickFix attacks abusing the finger protocol to load additional malware

Denial of Service and Source Code Exposure in React Server Components

Denial of Service and Source Code Exposure in React Server Components

After last week's critical patch, three more, but less critical, vulnerabilities were identified in React Server Components.

https://react.dev/blog/2025/12/11/denial-of-service-and-source-code-exposure-in-react-server-components
Comments 
loading
In Channel
SANS Stormcast Monday, December 15th, 2025: DLL Entry Points; ClickFix and Finger; Apple Patches

SANS Stormcast Monday, December 15th, 2025: DLL Entry Points; ClickFix and Finger; Apple Patches

2025-12-1506:45

SANS Stormcast Friday, December 12th, 2025: Local AI Models; Mystery Chrome 0-Day; SOAPwn Attack

SANS Stormcast Friday, December 12th, 2025: Local AI Models; Mystery Chrome 0-Day; SOAPwn Attack

2025-12-1206:56

SANS Stormcast Thursday, December 11th, 2025: Possible CVE-2024-9042 variant; react2shell exploits; notepad++ update hijacking; macOS priv escalation

SANS Stormcast Thursday, December 11th, 2025: Possible CVE-2024-9042 variant; react2shell exploits; notepad++ update hijacking; macOS priv escalation

2025-12-1106:58

SANS Stormcast Wednesday, December 10th, 2025: Microsoft, Adobe, Ivanti, Fortinet, and Ruby patches.

SANS Stormcast Wednesday, December 10th, 2025: Microsoft, Adobe, Ivanti, Fortinet, and Ruby patches.

2025-12-1008:04

SANS Stormcast Tuesday, December 9th, 2025: nanoKVM Vulnerabilities; Ghostframe Phishing; WatchGuard Advisory

SANS Stormcast Tuesday, December 9th, 2025: nanoKVM Vulnerabilities; Ghostframe Phishing; WatchGuard Advisory

2025-12-0906:26

SANS Stormcast Monday, December 8th, 2025: AutoIT3 FileInstall; React2Shell Update; Tika Vuln

SANS Stormcast Monday, December 8th, 2025: AutoIT3 FileInstall; React2Shell Update; Tika Vuln

2025-12-0805:34

SANS Stormcast Friday, December 5th, 2025: Compromised Govt System; React Vuln Update; Array Networks VPN Attacks

SANS Stormcast Friday, December 5th, 2025: Compromised Govt System; React Vuln Update; Array Networks VPN Attacks

2025-12-0504:35

SANS Stormcast Thursday, December 4th, 2025: CDN Headers; React Vulnerabiity; PickleScan Patch

SANS Stormcast Thursday, December 4th, 2025: CDN Headers; React Vulnerabiity; PickleScan Patch

2025-12-0406:44

SANS Stormcast Wednesday, December 3rd, 2025: SmartTube Compromise; NPM Malware Prompt Injection Attempt; Angular XSS Vulnerability

SANS Stormcast Wednesday, December 3rd, 2025: SmartTube Compromise; NPM Malware Prompt Injection Attempt; Angular XSS Vulnerability

2025-12-0306:06

SANS Stormcast Tuesday, December 2nd, 2025: Analyzing ToolShell from Packdets; Android Update; Long Game Malicious Browser Ext.

SANS Stormcast Tuesday, December 2nd, 2025: Analyzing ToolShell from Packdets; Android Update; Long Game Malicious Browser Ext.

2025-12-0205:49

SANS Stormcast Monday, December 1st, 2025: More ClickFix; Teams Guest Access; Geoserver XXE Vulnerablity

SANS Stormcast Monday, December 1st, 2025: More ClickFix; Teams Guest Access; Geoserver XXE Vulnerablity

2025-12-0105:42

SANS Stormcast Wednesday, November 26th, 2025: Attacks Against Messaging; Passwords in Random Websites; Fluentbit Vuln; #thanksgiving

SANS Stormcast Wednesday, November 26th, 2025: Attacks Against Messaging; Passwords in Random Websites; Fluentbit Vuln; #thanksgiving

2025-11-2606:07

SANS Stormcast Tuesday, November 25th, 2025: URL Mapping and Authentication; SHA1-Hulud; Hacklore

SANS Stormcast Tuesday, November 25th, 2025: URL Mapping and Authentication; SHA1-Hulud; Hacklore

2025-11-2506:11

SANS Stormcast Monday, November 24th, 2025: CSS Padding in Phishing; Oracle Identity Manager Scans Update;

SANS Stormcast Monday, November 24th, 2025: CSS Padding in Phishing; Oracle Identity Manager Scans Update;

2025-11-2404:59

SANS Stormcast Friday, November 21st, 2025: Oracle Idendity Manager Scans; SonicWall DoS Vuln; Adam Wilson (@sans_edu) reducing prompt injection.

SANS Stormcast Friday, November 21st, 2025: Oracle Idendity Manager Scans; SonicWall DoS Vuln; Adam Wilson (@sans_edu) reducing prompt injection.

2025-11-2114:09

SANS Stormcast Thursday, November 20th, 2025: Unicode Issues; FortiWeb More Vulns; DLink DIR-878 Vuln; Operation WrtHug and ASUS Routers

SANS Stormcast Thursday, November 20th, 2025: Unicode Issues; FortiWeb More Vulns; DLink DIR-878 Vuln; Operation WrtHug and ASUS Routers

2025-11-2006:34

SANS Stormcast Wednesday, November 19th, 2025: Kong Tuke; Cloudflare Outage

SANS Stormcast Wednesday, November 19th, 2025: Kong Tuke; Cloudflare Outage

2025-11-1904:38

SANS Stormcast Tuesday, November 18th, 2025: Binary Expression Decoding. Tea NPM Pollution; IBM AIX NIMSH Vulnerability

SANS Stormcast Tuesday, November 18th, 2025: Binary Expression Decoding. Tea NPM Pollution; IBM AIX NIMSH Vulnerability

2025-11-1804:58

SANS Stormcast Monday, November 17th, 2025: New(isch) Fortiweb Vulnerability; Finger and ClickFix

SANS Stormcast Monday, November 17th, 2025: New(isch) Fortiweb Vulnerability; Finger and ClickFix

2025-11-1707:10

SANS Stormcast Friday, November 14th, 2025: SmartApeSG and ClickFix; Formbook Obfuscation Tricks; Sudo-rs Vulnerabilities; SANS Holiday Hack Challenge

SANS Stormcast Friday, November 14th, 2025: SmartApeSG and ClickFix; Formbook Obfuscation Tricks; Sudo-rs Vulnerabilities; SANS Holiday Hack Challenge

2025-11-1410:09

loading
Google Play
Download from Google Play
Castbox
Download from App Store
usUnited States
00:00
00:00
1.0x

0.5x

0.8x

1.0x

1.25x

1.5x

2.0x

3.0x

Sleep Timer

Off

End of Episode

5 Minutes

10 Minutes

15 Minutes

30 Minutes

45 Minutes

60 Minutes

120 Minutes

SANS Stormcast Monday, December 15th, 2025: DLL Entry Points; ClickFix and Finger; Apple Patches

SANS Stormcast Monday, December 15th, 2025: DLL Entry Points; ClickFix and Finger; Apple Patches

Dr. Johannes B. Ullrich