Hello and welcome to the Monday, November 10th, 2025 edition of the Sands Inlet Storm Center's

Stormcast. My name is Johannes Ulrich, recording today from Jacksonville, Florida.

And this episode is brought you by the Sands.edu credit certificate program in cybersecurity engineering.

Quick a reminder from DDA today that our honeypots continuously are seeing a lot of attempts to download source code repostories from your web service.

This often happens sort of accidentally where these dot-git

and directories like this are being made life as part of pushing a website life. So definitely

be super careful about this. The attackers are constantly scanning for this. And when I'm talking

about, you know,

for example, not embedding credentials and such in GitHub repositories, that question always comes

up where, well, you know, what if I keep my GitHub repository private? Well, yeah, it's private,

but for how long and all it takes is a small configuration mistake like this

in order to leak not just your source code, but also possible secrets that you're keeping with your source code.

So be super careful here and also proactively scan your web publications for any leak directories like this.

You can expect that it takes probably way less than a day for an attacker to find these files.

And Socket has discovered an interesting set of new malicious.

Dotnet packages distributed via Nuget.

There are a couple of things that are really different and novel compared to some of the

other malicious packages that we have talked about in the past.

I think it was just last week or so that I mentioned that pretty much all of the attacks

that we have seen so far were we're really heavily targeting crypto coin

developers. Well, this one is different. It's going specifically after developers that are working

with industrial control systems, in particular targeting, for example, a library related to Siemens PLCs.

...