SANS Stormcast Monday, June 23rd, 2025: ADS and Python; More Secure Cloud PCs; Zend.to Path Traversal; Parser Differentials
ADS & Python Tools
Didier explains how to use his tools cut-bytes.py and filescanner to extract information from alternate data streams.
https://isc.sans.edu/diary/ADS%20%26%20Python%20Tools/32058
Enhanced security defaults for Windows 365 Cloud PCs
Microsoft announced more secure default configurations for its Windows 365 Cloud PC offerings.
https://techcommunity.microsoft.com/blog/windows-itpro-blog/enhanced-security-defaults-for-windows-365-cloud-pcs/4424914
CVE-2025-34508: Another File Sharing Application, Another Path Traversal
Horizon3 reveals details of a recently patched directory traversal vulnerability in zend.to.
https://horizon3.ai/attack-research/attack-blogs/cve-2025-34508-another-file-sharing-application-another-path-traversal/
Unexpected security footguns in Go's parsers
Go parsers for JSON and XML are not always compatible and can parse data in unexpected ways. This blog by Trails of Bits goes over the various security implications of this behaviour.
https://blog.trailofbits.com/2025/06/17/unexpected-security-footguns-in-gos-parsers/
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
Daily cybersecurity news for practitioners. Vulnerabilities, defenses, threats, network security insight, research and more to make you sound smarter as you get to the office in the morning. New each weekday.
Hvor kan du lytte?
