Hello and welcome to the Tuesday, August 12, 2025 edition of the Sands Internet Storm Centers.

Stormcast, my name is Johannes Ulrich, recording today from Jacksonville, Florida.

And this episode is brought you by the sands.edu credit certificate program in cyber

defense operations. Well, ahead of patch Tuesday, I do want to take a little bit of a different

spin here and talk about a couple vulnerabilities that became known as being exploited the last

couple days. All of these vulnerabilities have patches available,

so these are not strictly speaking zero days,

but still some of these patches are relatively new.

The first one here is the vulnerability in the Erlang OTP variant of SSH. OTP stands for open telecom platform, and that's

where you often find this version of SSH. There's a number of Cisco devices that run Erlang OTP

SSH. So those are the kind of devices where you have to be careful and that you must patch.

When I talked about the patch and the vulnerability as it was released, the exploit is actually

relatively straightforward.

So no big surprise that it is being exploited in the while.

And Palo Alto here collected some of the evidence that they found and how it is being exploited in the wild, and Palo Alto here collected some of the evidence that they found

and how it is being exploited in the wild right now. So definitely something that you must patch now,

and if you have devices that are exposed, that are using this version of SSAH, well, please make sure that you are also checking them for

any existing compromise, rotate password, rotate any seats for two-factor of the Gasion.

Well, an other already exploited vulnerability is a vulnerability in Winnera or before version

7.12.

This vulnerability was patched end of June, and it's one of those classic decompression

warn abilities where an attacker can create an archive that once it's being decompressed or extracted,

...