Hello and welcome to the Tuesday, November 4th, 2025 edition of the Sands Internet Storm

Storm Centers, Stormcast.

My name is Johannes Ulrich, recording today from Jacksonville, Florida.

And this episode is brought you by the Sandsdut edu master's degree program in information security

engineering. This weekend, we did see a large number of exploit attempts for the ex-viki

solar search vulnerability. This vulnerability was added to the known exploited vulnerability

catalog on Friday,

so no real surprise that we see some exploits for it,

in particular since this war on ability

has gotten quite a bit of coverage over the weekend.

There are a couple odd things about these exploit attempts.

First of all, what took him so long? The original advisory that was

published by XWiki to alert users of this vulnerability actually pretty much had exploit

code attached to it. It had a proof-of-concept exploit that showed you how to take advantage of

this vulnerability, and it was pretty straightforward how to do so.

The other odd thing here was the user agent being used by the actor who, according to our data,

is pretty much responsible for all of the exploits.

Well, this was actually an email address.

The email address is with Atomicmail.io,

which is an encrypted and somewhat anonymous email provider.

So yes, certainly something that an attacker may use,

but not really sure why they're sort of advertising themselves here.

...