DiscoverSANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)SANS Stormcast Thursday, December 11th, 2025: Possible CVE-2024-9042 variant; react2shell exploits; notepad++ update hijacking; macOS priv escalation
SANS Stormcast Thursday, December 11th, 2025: Possible CVE-2024-9042 variant; react2shell exploits; notepad++ update hijacking; macOS priv escalation

SANS Stormcast Thursday, December 11th, 2025: Possible CVE-2024-9042 variant; react2shell exploits; notepad++ update hijacking; macOS priv escalation

Update: 2025-12-11
Share

Description



Possible exploit variant for CVE-2024-9042 (Kubernetes OS Command Injection)

We observed HTTP requests with our honeypot that may be indicative of a new version of an exploit against an older vulnerability. Help us figure out what is going on.

https://isc.sans.edu/diary/Possible%20exploit%20variant%20for%20CVE-2024-9042%20%28Kubernetes%20OS%20Command%20Injection%29/32554

React2Shell: Technical Deep-Dive & In-the-Wild Exploitation of CVE-2025-55182

Wiz has a writeup with more background on the React2Shell vulnerability and current attacks

https://www.wiz.io/blog/nextjs-cve-2025-55182-react2shell-deep-dive

Notepad++ Update Hijacking

Notepad++ s vulnerable update process was exploited

https://notepad-plus-plus.org/news/v889-released/

New macOS PackageKit Privilege Escalation

A PoC was released for a new privilege escalation vulnerability in macOS. Currently, there is no patch.

https://khronokernel.com/macos/2024/06/03/CVE-2024-27822.html
Comments 
In Channel
SANS Stormcast Friday, December 12th, 2025: Local AI Models; Mystery Chrome 0-Day; SOAPwn Attack

SANS Stormcast Friday, December 12th, 2025: Local AI Models; Mystery Chrome 0-Day; SOAPwn Attack

2025-12-1206:56

SANS Stormcast Thursday, December 11th, 2025: Possible CVE-2024-9042 variant; react2shell exploits; notepad++ update hijacking; macOS priv escalation

SANS Stormcast Thursday, December 11th, 2025: Possible CVE-2024-9042 variant; react2shell exploits; notepad++ update hijacking; macOS priv escalation

2025-12-1106:58

SANS Stormcast Wednesday, December 10th, 2025: Microsoft, Adobe, Ivanti, Fortinet, and Ruby patches.

SANS Stormcast Wednesday, December 10th, 2025: Microsoft, Adobe, Ivanti, Fortinet, and Ruby patches.

2025-12-1008:04

SANS Stormcast Tuesday, December 9th, 2025: nanoKVM Vulnerabilities; Ghostframe Phishing; WatchGuard Advisory

SANS Stormcast Tuesday, December 9th, 2025: nanoKVM Vulnerabilities; Ghostframe Phishing; WatchGuard Advisory

2025-12-0906:26

SANS Stormcast Monday, December 8th, 2025: AutoIT3 FileInstall; React2Shell Update; Tika Vuln

SANS Stormcast Monday, December 8th, 2025: AutoIT3 FileInstall; React2Shell Update; Tika Vuln

2025-12-0805:34

SANS Stormcast Friday, December 5th, 2025: Compromised Govt System; React Vuln Update; Array Networks VPN Attacks

SANS Stormcast Friday, December 5th, 2025: Compromised Govt System; React Vuln Update; Array Networks VPN Attacks

2025-12-0504:35

SANS Stormcast Thursday, December 4th, 2025: CDN Headers; React Vulnerabiity; PickleScan Patch

SANS Stormcast Thursday, December 4th, 2025: CDN Headers; React Vulnerabiity; PickleScan Patch

2025-12-0406:44

SANS Stormcast Wednesday, December 3rd, 2025: SmartTube Compromise; NPM Malware Prompt Injection Attempt; Angular XSS Vulnerability

SANS Stormcast Wednesday, December 3rd, 2025: SmartTube Compromise; NPM Malware Prompt Injection Attempt; Angular XSS Vulnerability

2025-12-0306:06

SANS Stormcast Tuesday, December 2nd, 2025: Analyzing ToolShell from Packdets; Android Update; Long Game Malicious Browser Ext.

SANS Stormcast Tuesday, December 2nd, 2025: Analyzing ToolShell from Packdets; Android Update; Long Game Malicious Browser Ext.

2025-12-0205:49

SANS Stormcast Monday, December 1st, 2025: More ClickFix; Teams Guest Access; Geoserver XXE Vulnerablity

SANS Stormcast Monday, December 1st, 2025: More ClickFix; Teams Guest Access; Geoserver XXE Vulnerablity

2025-12-0105:42

SANS Stormcast Wednesday, November 26th, 2025: Attacks Against Messaging; Passwords in Random Websites; Fluentbit Vuln; #thanksgiving

SANS Stormcast Wednesday, November 26th, 2025: Attacks Against Messaging; Passwords in Random Websites; Fluentbit Vuln; #thanksgiving

2025-11-2606:07

SANS Stormcast Tuesday, November 25th, 2025: URL Mapping and Authentication; SHA1-Hulud; Hacklore

SANS Stormcast Tuesday, November 25th, 2025: URL Mapping and Authentication; SHA1-Hulud; Hacklore

2025-11-2506:11

SANS Stormcast Monday, November 24th, 2025: CSS Padding in Phishing; Oracle Identity Manager Scans Update;

SANS Stormcast Monday, November 24th, 2025: CSS Padding in Phishing; Oracle Identity Manager Scans Update;

2025-11-2404:59

SANS Stormcast Friday, November 21st, 2025: Oracle Idendity Manager Scans; SonicWall DoS Vuln; Adam Wilson (@sans_edu) reducing prompt injection.

SANS Stormcast Friday, November 21st, 2025: Oracle Idendity Manager Scans; SonicWall DoS Vuln; Adam Wilson (@sans_edu) reducing prompt injection.

2025-11-2114:09

SANS Stormcast Thursday, November 20th, 2025: Unicode Issues; FortiWeb More Vulns; DLink DIR-878 Vuln; Operation WrtHug and ASUS Routers

SANS Stormcast Thursday, November 20th, 2025: Unicode Issues; FortiWeb More Vulns; DLink DIR-878 Vuln; Operation WrtHug and ASUS Routers

2025-11-2006:34

SANS Stormcast Wednesday, November 19th, 2025: Kong Tuke; Cloudflare Outage

SANS Stormcast Wednesday, November 19th, 2025: Kong Tuke; Cloudflare Outage

2025-11-1904:38

SANS Stormcast Tuesday, November 18th, 2025: Binary Expression Decoding. Tea NPM Pollution; IBM AIX NIMSH Vulnerability

SANS Stormcast Tuesday, November 18th, 2025: Binary Expression Decoding. Tea NPM Pollution; IBM AIX NIMSH Vulnerability

2025-11-1804:58

SANS Stormcast Monday, November 17th, 2025: New(isch) Fortiweb Vulnerability; Finger and ClickFix

SANS Stormcast Monday, November 17th, 2025: New(isch) Fortiweb Vulnerability; Finger and ClickFix

2025-11-1707:10

SANS Stormcast Friday, November 14th, 2025: SmartApeSG and ClickFix; Formbook Obfuscation Tricks; Sudo-rs Vulnerabilities; SANS Holiday Hack Challenge

SANS Stormcast Friday, November 14th, 2025: SmartApeSG and ClickFix; Formbook Obfuscation Tricks; Sudo-rs Vulnerabilities; SANS Holiday Hack Challenge

2025-11-1410:09

SANS Stormcast Thursday, November 13th, 2025: OWASP Top 10 Update; Cisco/Citrix Exploits; Test post quantum readiness

SANS Stormcast Thursday, November 13th, 2025: OWASP Top 10 Update; Cisco/Citrix Exploits; Test post quantum readiness

2025-11-1306:33

loading
Google Play
Download from Google Play
Castbox
Download from App Store
usUnited States
00:00
00:00
x

0.5x

0.8x

1.0x

1.25x

1.5x

2.0x

3.0x

Sleep Timer

Off

End of Episode

5 Minutes

10 Minutes

15 Minutes

30 Minutes

45 Minutes

60 Minutes

120 Minutes

SANS Stormcast Thursday, December 11th, 2025: Possible CVE-2024-9042 variant; react2shell exploits; notepad++ update hijacking; macOS priv escalation

SANS Stormcast Thursday, December 11th, 2025: Possible CVE-2024-9042 variant; react2shell exploits; notepad++ update hijacking; macOS priv escalation

Dr. Johannes B. Ullrich