SANS Stormcast Monday, December 1st, 2025: More ClickFix; Teams Guest Access; Geoserver XXE Vulnerablity
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
SANS ISC Handlers
4.9 • 696 Ratings
🗓️ 1 December 2025
⏱️ 6 minutes
🧾️ Download transcript
Summary
Fake adult websites pop realistic Windows Update screen to deliver stealers via ClickFix
The latest variant of ClickFix tricks users into copy/pasting commands by displaying a fake blue screen of death.
https://www.acronis.com/en/tru/posts/fake-adult-websites-pop-realistic-windows-update-screen-to-deliver-stealers-via-clickfix/
B2B Guest Access Creates an Unprotected Attack Vector
Users may be tricked into joining an external Teams workspace as a guest, bypassing protections typically enabled for Teams workspaces.
https://www.ontinue.com/resource/blog-microsoft-chat-with-anyone-understanding-phishing-risk/
Geoserver XXE Vulnerability CVE-2025-58360
Geoserver patched an external XML entity (XXE) vulnerability.
https://helixguard.ai/blog/CVE-2025-58360
Transcript
Click on a timestamp to play from that location
| 0:00.0 | Hello and welcome to the Monday, December 1st, 2025 edition of the Sands Internet Storm Centers Stormcast. |
| 0:12.4 | My name is Johannes Ulrich, recording today from Dallas, Texas. |
| 0:17.8 | And this episode is brought you by the sands.edu graduate certificate program in |
| 0:22.7 | cybersecurity leadership. Well, first of all, it looks like this long weekend, at least here in the |
| 0:28.8 | US, was pretty eventless and no emergencies here to report about nothing that you need to do |
| 0:36.0 | right now in order to sort of catch up |
| 0:38.6 | for whatever threat you may have missed this long weekend. |
| 0:42.9 | But we do have a couple sort of smaller things that are certainly worth covering. |
| 0:48.4 | First one is a new development when it comes to click-fix attacks. |
| 0:53.2 | Click-fix attacks do trick victims into |
| 0:57.0 | copy pasting commands into a command prompt to then execute malicious code. The latest version |
| 1:04.6 | was here identified by a cronists and what they observed is attackers using fake blue screens of death. And with that, again, |
| 1:15.6 | tricking users into copy-pasting commands into a command prompt. The ultimate idea is exactly |
| 1:24.1 | the same as click fix, but just the lure is a little bit different |
| 1:28.7 | with the Blue Screen of Death, |
| 1:30.7 | maybe a little bit more plausible at this point, |
| 1:33.1 | given that we hopefully have taught users about ClickFix |
| 1:37.2 | or they have experienced it firsthand, |
| 1:40.0 | while they may not have seen this with a blue screen. |
| 1:44.7 | Apparently the websites with displaying the blue screens are being advertised via Google Ads, |
| 1:51.4 | and the blue screen doesn't show up right away, |
| 1:54.4 | but only after the user interacts a little bit with the website. |
... |
Transcript will be available on the free plan in 16 days. Upgrade to see the full transcript now.
Disclaimer: The podcast and artwork embedded on this page are from SANS ISC Handlers, and are the property of its owner and not affiliated with or endorsed by Tapesearch.
Generated transcripts are the property of SANS ISC Handlers and are distributed freely under the Fair Use doctrine. Transcripts generated by Tapesearch are not guaranteed to be accurate.
Copyright © Tapesearch 2025.