Welcome to your daily cybersecurity podcast.

We open this edition with several security advisories published by CERT-FR regarding critical vulnerabilities affecting major components of the Linux ecosystem and enterprise environments. The bulletins notably concern Ubuntu, Red Hat, and IBM products, which are exposed to flaws that may allow privilege escalation, arbitrary code execution, or compromise of confidentiality. These vulnerabilities affect widely deployed components in server and cloud infrastructures, highlighting the need for rigorous patch management in critical environments.

We then analyze a vulnerability affecting the Roundcube webmail, referenced as CVE-2025-68461. This flaw allows a remote attacker to exploit input handling mechanisms in order to compromise session security or execute malicious code in the context of the targeted user. Given the widespread use of Roundcube in email infrastructures, this vulnerability represents a significant risk for Internet-exposed organizations.

Finally, we review a security vulnerability patched by Microsoft, identified as CVE-2025-13699. This flaw affects a Windows system component and may be exploited to bypass security mechanisms or gain elevated privileges. Microsoft has released fixes through its update guide and recommends prompt application to reduce the risk of active exploitation.

Sources

• CERT-FR – Ubuntu vulnerabilities: https://www.cert.ssi.gouv.fr/avis/CERTFR-2025-AVI-1139/
• CERT-FR – Red Hat vulnerabilities: https://www.cert.ssi.gouv.fr/avis/CERTFR-2025-AVI-1141/
• CERT-FR – IBM product vulnerabilities: https://www.cert.ssi.gouv.fr/avis/CERTFR-2025-AVI-1137/
• Roundcube vulnerability – CVE-2025-68461:https://cyberveille.esante.gouv.fr/alertes/roundcube-cve-2025-68461-2025-12-26
• Microsoft – CVE-2025-13699:https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-13699

Don’t think, patch!

Your feedback is welcome.
Email: radiocsirt@gmail.com
Website: https://www.radiocsirt.com
Weekly Newsletter: https://radiocsirtenglishedition.substack.com/

Welcome to your daily cybersecurity podcast.

We open this edition with a case combining cybercrime and intelligence activities in Eastern Europe. In Georgia, the former head of counterintelligence has been arrested as part of an investigation into large-scale scam centers. Authorities suspect he facilitated or protected structured fraud operations targeting international victims, once again highlighting the convergence of organized crime, corruption, and cyber fraud.

We then analyze a phishing campaign targeting cryptocurrency users through fake emails impersonating Grubhub. The messages promise a tenfold return on cryptocurrency sent by victims. Funds are immediately redirected to attacker-controlled wallets with no possibility of recovery, illustrating a classic yet still highly effective use of social engineering applied to digital assets.

Finally, we examine an operation attributed to Evasive Panda, a China-linked threat actor, which conducted espionage activities using a hijacked DNS infrastructure. The attackers leveraged advanced DNS resolution and traffic redirection techniques to deliver stealthy malicious payloads while bypassing multiple network detection mechanisms. This campaign highlights the continued evolution of APT tradecraft in state-sponsored cyber espionage.

Sources

• Arrest in Georgia – scam centers:https://therecord.media/republic-of-georgia-former-spy-chief-arrested-scam-centers
• Crypto phishing campaign – fake Grubhub emails:https://www.bleepingcomputer.com/news/security/fake-grubhub-emails-promise-tenfold-return-on-sent-cryptocurrency/
• Evasive Panda APT – malicious DNS infrastructure:https://thehackernews.com/2025/12/china-linked-evasive-panda-ran-dns.html

Don’t think, patch!

Your feedback is welcome.
Email: radiocsirt@gmail.com
Website: https://www.radiocsirt.com
Weekly Newsletter: https://radiocsirtenglishedition.substack.com/

Welcome to your daily cybersecurity podcast.

We open this edition with a geopolitical sequence marking a new phase in transatlantic tensions over digital regulation. The United States have imposed visa restrictions on several European figures involved in regulating technology platforms, including Thierry Breton, former European Commissioner. Washington justifies the decision by accusing European regulators of extraterritorial censorship, notably in the enforcement of the Digital Services Act. The European Union condemned the measure and requested formal explanations, citing an attack on its regulatory sovereignty.

We then analyze CVE-2018-25154, a critical buffer overflow vulnerability affecting GNU Barcode version 0.99. The flaw, linked to the Code 93 encoding mechanism, enables arbitrary code execution through crafted input files. The CVSS 3.1 score is critical at 9.8, with high impact on confidentiality, integrity, and availability.

We also review CVE-2023-36525, an unauthenticated Blind SQL Injection affecting the WPJobBoard WordPress plugin up to version 5.9.0. The vulnerability is remotely exploitable without privileges or user interaction and exposes affected sites to data leakage and persistent modification risks.

In the cybercrime segment, the FBI seized the web3adspanels.org infrastructure, used as a backend to centralize stolen banking credentials from phishing campaigns. The infrastructure enabled account takeover operations against financial institutions and remained active until late 2025.

We then cover Urban VPN Proxy, a free VPN browser extension whose recent versions implement interception and exfiltration of AI platform conversations, including prompts, responses, and session metadata, enabled by default.

Finally, we address the active exploitation of CVE-2020-12812 on FortiGate firewalls, an older vulnerability still abused to bypass 2FA through inconsistencies between FortiGate and LDAP username case handling.

Sources

• Tech regulation and USA–EU tensions:https://www.01net.com/actualites/pourquoi-les-etats-unis-sattaquent-a-thierry-breton-et-aux-autres-regulateurs-de-la-tech.html
• CVE-2018-25154 – GNU Barcode buffer overflow:https://cvefeed.io/vuln/detail/
• CVE-2018-25154CVE-2023-36525 – WPJobBoard Blind SQL Injection:https://cvefeed.io/vuln/detail/CVE-2023-36525
• FBI Seizure – web3adspanels.org:https://securityaffairs.com/186094/cyber-crime/fbi-seized-web3adspanels-org-hosting-stolen-logins.html
• Urban VPN Proxy data harvesting:https://boingboing.net/2025/12/19/this-free-vpn-is-a-massive-security-risk.htmlFortiGate 2FA bypass exploitation:https://cyberpress.org/hackers-abuse-3-year-old-fortigate-flaw/

Don’t think, patch!

Your feedback is welcome.
Email: radiocsirt@gmail.com
Website: https://www.radiocsirt.com
Weekly Newsletter: https://radiocsirtenglishedition.substack.com/