ZARZA We are Zarza, the prestigious firm behind major projects in information technology.
Listen "SANS Stormcast Tuesday, December 16th, 2025: Current React2Shell Example; SAML woes; MSMQ issues after patch; "
Episode Synopsis
More React2Shell Exploits CVE-2025-55182
Our honeypots continue to detect numerous React2Shell variants. Some using slightly modified exploits
https://isc.sans.edu/diary/More%20React2Shell%20Exploits%20CVE-2025-55182/32572
The Fragile Lock: Novel Bypasses For SAML Authentication
SAML is a tricky protocol to implement correctly, in particular if different XML parsers are used that may not always agree on how to parse a specific message
https://portswigger.net/research/the-fragile-lock
December Updates Causes issues with Microsoft Message Queuing
https://learn.microsoft.com/en-us/windows/release-health/status-windows-10-22h2#message-queuing--msmq--might-fail-with-the-december-2025-windows-security-update
More episodes of the podcast SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
SANS Stormcast Monday, December 15th, 2025: DLL Entry Points; ClickFix and Finger; Apple Patches
15/12/2025
SANS Stormcast Friday, December 12th, 2025: Local AI Models; Mystery Chrome 0-Day; SOAPwn Attack
12/12/2025
SANS Stormcast Wednesday, December 10th, 2025: Microsoft, Adobe, Ivanti, Fortinet, and Ruby patches.
10/12/2025
In God we trust