SANS Stormcast Wednesday, October 29th, 2025: Invisible Subject Character Phishing; Tomcat PUT Vuln; BIND9 Spoofing Vuln PoC

Update: 2025-10-29

Description

Phishing with Invisible Characters in the Subject Line

Phishing emails use invisible UTF-8 encoded characters to break up keywords used to detect phishing (or spam). This is aided by mail clients not rendering some characters that should be rendered.

https://isc.sans.edu/diary/A%20phishing%20with%20invisible%20characters%20in%20the%20subject%20line/32428

Apache Tomcat PUT Directory Traversal

Apache released an update to Tomcat fixing a directory traversal vulnerability in how the PUT method is used. Exploits could upload arbitrary files, leading to remote code execution.

https://lists.apache.org/thread/n05kjcwyj1s45ovs8ll1qrrojhfb1tog

BIND9 DNS Spoofing Vulnerability

A PoC exploit is now available for the recently patched BIND9 spoofing vulnerability

https://gist.github.com/N3mes1s/f76b4a606308937b0806a5256bc1f918

Comments

In Channel

SANS Stormcast Thursday, October 30th, 2025: Memory Only Filesystems Forensics; Azure Outage; docker-compose patch

2025-10-3006:07

SANS Stormcast Wednesday, October 29th, 2025: Invisible Subject Character Phishing; Tomcat PUT Vuln; BIND9 Spoofing Vuln PoC

2025-10-2908:04

SANS Stormcast Tuesday, October 28th, 2025: Bytes over DNS; Unifi Access Vuln; OpenAI Atlas Prompt Injection

2025-10-2806:17

SANS Stormcast Monday, October 27th, 2025: Bilingual Phishing; Kaitai Struct WebIDE

2025-10-2706:20

SANS Stormcast Friday, October 24th, 2025: Android Infostealer; SessionReaper Exploited; BIND/unbound DNS Spoofing fix; WSUS Exploit

2025-10-2406:25

SANS Stormcast Thursday, October 23rd, 2025: Blue Angle Software Exploit; Oracle CPU; Rust tar library vulnerability.

2025-10-2307:28

SANS Stormcast Wednesday, October 22nd, 2025: NTP Pool; Xubuntu Compromise; Squid Vulnerability; Lanscope Vuln;

2025-10-2206:37

SANS Stormcast Tuesday, October 21st, 2025: Syscall() Obfuscation; AWS down; Beijing Time Attack

2025-10-2009:17

SANS Stormcast Monday, October 20th, 2025: Malicious Tiktok; More Google Ad Problems; Satellite Insecurity

2025-10-1906:14

SANS Stormcast Friday, October 17th, 2025: New Slack Workspace; Cisco SNMP Exploited; BIOS Backdoor; @sans_edu reseach: Active Defense

2025-10-1721:28

SANS Stormcast Thursday, October 16th, 2025: Clipboard Image Stealer; F5 Compromise; Adobe Updates; SAP Patchday

2025-10-1508:40

SANS Stormcast Wednesday, October 15th, 2025: Microsoft Patchday; Ivanti Advisory; Fortinet Patches

2025-10-1406:22

SANS Stormcast Tuesday, October 14th, 2025: ESAFENET Scans; Payroll Priates; MSFT Edge IE Mode

2025-10-1306:02

SANS Stormcast Monday, October 13th, 2025: More Oracle Patches; Sonicwall Compromisses; Unpatched Gladinet; 7-Zip Patches

2025-10-1205:56

SANS Stormcast Friday, October 10th, 2025: RedTail Defenses; SonicWall Breach; Crowdstrike “Issues”; Ivanti 0-days; Mapping Agentic Attack Surface (@sans_edu paper)

2025-10-1015:12

SANS Stormcast Thursday, October 9th, 2025: Polymorphic Python; ssh ProxyCommand Vuln;

2025-10-0906:12

SANS Stormcast Wednesday, October 8th, 2025: FreePBX Exploits; Disrupting Teams Threats; Kibana and QT SVG Patches

2025-10-0805:57

SANS Stormcast Tuesday, October 7th, 2025: More About Oracle; Redis Vulnerability; GoAnywhere Exploited

2025-10-0705:33

SANS Stormcast Monday, October 6th, 2025: Oracle 0-Day

2025-10-0606:28

SANS Stormcast Friday, October 3rd, 2025: More .well-known Scans; RedHat Openshift Patch; TOTOLINK Vuln;

2025-10-0306:35

00:00

SANS Stormcast Wednesday, October 29th, 2025: Invisible Subject Character Phishing; Tomcat PUT Vuln; BIND9 Spoofing Vuln PoC

#box-pro-ellipsis-176183138879253{-webkit-line-clamp:2;}SANS Stormcast Wednesday, October 29th, 2025: Invisible Subject Character Phishing; Tomcat PUT Vuln; BIND9 Spoofing Vuln PoC

SANS Stormcast Wednesday, October 29th, 2025: Invisible Subject Character Phishing; Tomcat PUT Vuln; BIND9 Spoofing Vuln PoC

Dr. Johannes B. Ullrich

SANS Stormcast Wednesday, October 29th, 2025: Invisible Subject Character Phishing; Tomcat PUT Vuln; BIND9 Spoofing Vuln PoC