SANS Stormcast Wednesday, October 29th, 2025: Invisible Subject Character Phishing; Tomcat PUT Vuln; BIND9 Spoofing Vuln PoC
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
SANS ISC Handlers
4.9 • 696 Ratings
🗓️ 29 October 2025
⏱️ 8 minutes
🧾️ Download transcript
Summary
Phishing with Invisible Characters in the Subject Line
Phishing emails use invisible UTF-8 encoded characters to break up keywords used to detect phishing (or spam). This is aided by mail clients not rendering some characters that should be rendered.
https://isc.sans.edu/diary/A%20phishing%20with%20invisible%20characters%20in%20the%20subject%20line/32428
Apache Tomcat PUT Directory Traversal
Apache released an update to Tomcat fixing a directory traversal vulnerability in how the PUT method is used. Exploits could upload arbitrary files, leading to remote code execution.
https://lists.apache.org/thread/n05kjcwyj1s45ovs8ll1qrrojhfb1tog
BIND9 DNS Spoofing Vulnerability
A PoC exploit is now available for the recently patched BIND9 spoofing vulnerability
https://gist.github.com/N3mes1s/f76b4a606308937b0806a5256bc1f918
Transcript
Click on a timestamp to play from that location
| 0:00.0 | Hello and welcome to the Wednesday, October 29th, 2025 edition of the Sands Internet Storm Center's Stormcast. |
| 0:12.2 | My name is Johannes Ulrich, recording today from Jacksonville, Florida. |
| 0:17.3 | And this episode is brought you by the Sands.edu credit certificate program in cloud security. |
| 0:24.8 | Well, in Diaries today, we got an interesting new fishing trick that Jan wrote about. |
| 0:30.7 | It involves invisible characters in the subject of the email. |
| 0:37.0 | Now, the trick has been quite common in the body of the email, |
| 0:41.3 | where it's being used to break up words that are often being used to trigger span filters, |
| 0:46.1 | but now attackers are also using it in the subject line, |
| 0:50.0 | probably for the same reason. |
| 0:52.1 | Here, the subject as seen by the user is your password is about to expire. |
| 0:57.2 | So a classic fishing subject line that, of course, may get blocked by common fishing filters, |
| 1:03.3 | but here the attacker is then inserting invisible characters. |
| 1:09.1 | Now, strictly speaking, the characters being used here are not really invisible. |
| 1:14.6 | One, for example, that Jan observed here is the soft hyphen, which should still be displayed as a |
| 1:21.7 | hyphen, but many email clients, like, for example, Outlook in this example, do not display them |
| 1:27.1 | as part of the subject of an email, |
| 1:30.0 | so they basically just disappear. |
| 1:33.5 | And that's sort of how they're bypassing these filters. |
| 1:38.1 | You cannot just look for, hey, are they using some odd spaces |
| 1:41.8 | or things like this? |
| 1:43.3 | But you also have to look for characters that |
| 1:46.2 | may be legit in some contexts, but are here just used to break up the text. |
... |
Please login to see the full transcript.
Disclaimer: The podcast and artwork embedded on this page are from SANS ISC Handlers, and are the property of its owner and not affiliated with or endorsed by Tapesearch.
Generated transcripts are the property of SANS ISC Handlers and are distributed freely under the Fair Use doctrine. Transcripts generated by Tapesearch are not guaranteed to be accurate.
Copyright © Tapesearch 2025.