SANS Stormcast Monday April 14th: Langlow AI Attacks; Fortinet Attack Cleanup; MSFT Inetpub;

Update: 2025-04-14

Description

Exploit Attempts for Recent Langflow AI Vulnerability (CVE-2025-3248)

After spotting individaul attempts to exploit the recent Langflow vulnerability late last weeks, we now see more systematic internet wide scans attempting to verify the vulnerability.

https://isc.sans.edu/forums/diary/Exploit+Attempts+for+Recent+Langflow+AI+Vulnerability+CVE20253248/31850/

Fortinet Analysis of Threat Actor Activity

Fortinet oberved recent vulnerablities in its devices being used to add a symlink to ease future compromise. The symlink is not removed by prior patches, and Fortinet released additional updates to detect and remove this attack artifact.

https://www.fortinet.com/blog/psirt-blogs/analysis-of-threat-actor-activity

MSFT Inetpub

Microsoft clarrified that its April patches created the inetpub directory on purpose. Users should not remove it.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21204#exploitability

SANSFIRE

https://isc.sans.edu/j/sansfire

Comments

In Channel

SANS Stormcast Friday, May 23rd 2025: Backup Connectivity; Windows 2025 dMSA Abuse; Samlify Vulnerability

2025-05-2307:54

SANS Stormcast Thursday, May 22nd 2025: Crypto Confidence Scams; Extension Mayhem for VS Code and Chrome

2025-05-2206:21

SANS Stormcast Wednesday, May 21st 2025: Researchers Scanning the Internet; Forgotten DNS Records; openpgp.js Vulneraiblity

2025-05-2107:51

SANS Stormcast Tuesday, May 20th 2025: AutoIT Code RAT; Fake Keepass Download; Procolored Printer Software Compromise

2025-05-2006:41

SANS Stormcast Monday, May 18th 2025: xorsearch python functions; pwn2own Berlin; senior govt official impersonation; dynamic domain risk

2025-05-1906:30

SANS Stormcast Friday, May 16th: Increase in Sonicwall Scans; RVTools Compromised?; RountPress

2025-05-1606:26

SANS Stormcast Thursday, May 15th: Google Open Redirects; Adobe, Ivanti, and Samsung patches

2025-05-1506:16

SANS Stormcast Wednesday, May 14th: Microsoft Patch Tuesday; 0-Days patched for Ivanti Endpoint Manager and Fortinet Products

2025-05-1406:38

SANS Stormcast Tuesday, May 12th: Apple Patches; Unipi Technologies Scans;

2025-05-1306:29

SANS Stormcast Monday, May 11th: Steganography Challenge; End-of-Life Routers; ASUS Driverhub; RV-Tools SEO Poisoning

2025-05-1206:39

SANS Stormcast Friday, May 9th: SSH Exfil Tricks; magicINFO still vulnerable; SentinelOne Vulnerability; Commvault insufficient patch

2025-05-0904:57

SANS Stormcast Thursday, May 8th: Modular Malware; Sysaid Vuln; Cisco Wireless Controller Patch; Unifi Protect Camera Patch

2025-05-0805:41

SANS Stormcast Wednesday, May 7th: Infostealer with Webserver; Android Update; CISA Warning

2025-05-0706:44

SANS Stormcast Tuesday, May 6th: Mirai Exploiting Samsung magicInfo 9; Kali Signing Key Lost;

2025-05-0606:57

SANS Stormcast Monday, May 5th: Steganography Challenge; Microsoft Makes Passkeys Default and Moves Away from Authenticator as Password Manager; Magento Components Backdoored.

2025-05-0505:57

SANS Stormcast Friday, May 2nd: More Steganography; Malicious Python Packages GMail C2; BEC to Steal Rent Payments

2025-05-0207:16

SANS Stormcast Thursday, May 1st: Sonicwall Attacks; Cached Windows RDP Credentials

2025-05-0106:28

SANS Stormcast Wednesday, April 30th: SMS Attacks; Apple Airplay Vulnerabilities

2025-04-3008:51

SANS Stormcast Tuesday, April 29th: SRUM-DUMP 3; Policy Puppetry; Choice Jacking; @sansinstitute at #RSAC

2025-04-2907:37

SANS Stormcast Monday, April 28th: Image Steganography; SAP Netweaver Exploited

2025-04-2807:55

00:00

1.0x

SANS Stormcast Monday April 14th: Langlow AI Attacks; Fortinet Attack Cleanup; MSFT Inetpub;

#box-pro-ellipsis-174815396380262{-webkit-line-clamp:2;}SANS Stormcast Monday April 14th: Langlow AI Attacks; Fortinet Attack Cleanup; MSFT Inetpub;

SANS Stormcast Monday April 14th: Langlow AI Attacks; Fortinet Attack Cleanup; MSFT Inetpub;

Dr. Johannes B. Ullrich

SANS Stormcast Monday April 14th: Langlow AI Attacks; Fortinet Attack Cleanup; MSFT Inetpub;