SANS Stormcast Thursday, August 7th, 2025: Sextortion Update; Adobe and Trend Micro release emergency patches
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
SANS ISC Handlers
4.9 • 696 Ratings
🗓️ 7 August 2025
⏱️ 5 minutes
🧾️ Download transcript
Summary
Do Sextortion Scams Still Work in 2025?
Jan looked at recent sextortion emails to check if any of the crypto addresses in these emails received deposits. Sadly, some did, so these scams still work.
https://isc.sans.edu/diary/Do%20sextortion%20scams%20still%20work%20in%202025%3F/32178
Akira Ransomware Group s use of Drivers
Guidepoint Security observed the Akira ransomware group using specific legitimate drivers for privilege escalation
https://www.guidepointsecurity.com/blog/gritrep-akira-sonicwall/
Adobe Patches Critical Experience Manager Vulnerability
Adobe released emergency patches for a vulnerability in Adobe Experience Manager after a PoC exploit was made public.
https://slcyber.io/assetnote-security-research-center/struts-devmode-in-2025-critical-pre-auth-vulnerabilities-in-adobe-experience-manager-forms/
https://helpx.adobe.com/security/products/aem-forms/apsb25-82.html
Trend Micro Apex One Vulnerability
Trend Micro released an emergency patch for an actively exploited pre-authentication remote code execution vulnerability in the Apex One management console.
https://success.trendmicro.com/en-US/solution/KA-0020652
Transcript
Click on a timestamp to play from that location
| 0:00.0 | Hello and welcome to the Thursday, August 7th, 2025 edition of the Sands and then at Storms Centers. |
| 0:07.0 | Stormcast, my name is Johannes Ulrich, recording today from Jacksonville, Florida. |
| 0:12.2 | And this episode is brought you by the Sands.edu Graduate Certificate Program in Cybersecurity |
| 0:18.8 | Leadership. |
| 0:20.5 | Sextortion scams, well, they were a big thing like a few years ago and have died down a |
| 0:25.6 | little bit, but ever so often there's like a flare-up of them. Like the last couple weeks, I received |
| 0:30.2 | about a dozen or so emails with this cooperation offer subject in line. Jan now took a quick |
| 0:37.2 | look to figure out whether or not any of these scamps are still |
| 0:41.7 | successful. |
| 0:42.9 | He looked at a couple dozen different email addresses and the associated cryptocurrency |
| 0:47.3 | addresses that were attached to those emails. |
| 0:51.8 | And, well, sadly, a couple of them did get deposits in line with what they |
| 0:57.7 | asked for as part of these extortion scams. |
| 1:01.4 | This is really sort of a little bit an awareness issue, but then also remember that even though |
| 1:06.8 | the scam itself is old, not everybody may actually have received a copy. |
| 1:12.9 | And then depending on current circumstances, people may or may not be more vulnerable to this. |
| 1:19.3 | Just read on social media from someone who's actually very cyber aware and such, |
| 1:25.6 | and that they fell for like one of those UPS scams lately and |
| 1:31.1 | enter their credit card number trying to basically have their package redelivered and they |
| 1:36.9 | were actually just waiting for a package that all depends on the circumstances whether or not |
| 1:41.9 | someone falls for these these style of messages course, are also relatively easy to filter automatically, |
| 1:49.6 | which is probably why I haven't really seen many of them, because my spam filters and such |
... |
Transcript will be available on the free plan in 16 days. Upgrade to see the full transcript now.
Disclaimer: The podcast and artwork embedded on this page are from SANS ISC Handlers, and are the property of its owner and not affiliated with or endorsed by Tapesearch.
Generated transcripts are the property of SANS ISC Handlers and are distributed freely under the Fair Use doctrine. Transcripts generated by Tapesearch are not guaranteed to be accurate.
Copyright © Tapesearch 2025.