SANS ISC Stormcast, Jan 30th 2025: Python vs. Powershell; Fortinet Exploits and Patch Policy; Voyager PHP Framework Vuln; Zyxel Targeted; VMWare AVI Patch (#)

SANS ISC Stormcast, Jan 30th 2025: Python vs. Powershell; Fortinet Exploits and Patch Policy; Voyager PHP Framework Vuln; Zyxel Targeted; VMWare AVI Patch From PowerShell to a Python Obfuscation Race! This information stealer not only emulates a PDF document convincingly, but also includes its own Python environment for Windows https://isc.sans.edu/diary/From%20PowerShell%20to%20a%20Python%20Obfuscation%20Race!/31634 Alleged Active Exploit Sale of CVE-2024-55591 on Fortinet Devices An exploit for this week's Fortinet vulnerability is for sale on russian forums. Fortinet also requires patching of devices without cloud license within seven days of patch release https://x.com/MonThreat/status/1884577840185643345 https://community.fortinet.com/t5/Support-Forum/Firmware-upgrade-policy/td-p/373376 The Tainted Voyage: Uncovering Voyager's Vulnerabilities Sonarcube identified vulnerabilities in the popular PHP package Voyager. One of them allows arbitrary file uploads. https://www.sonarsource.com/blog/the-tainted-voyage-uncovering-voyagers-vulnerabilities/ Hackers exploit critical unpatched flaw in Zyxel CPE devices A currently unpatches vulnerablity in Zyxel devices is actively exploited. https://www.bleepingcomputer.com/news/security/hackers-exploit-critical-unpatched-flaw-in-zyxel-cpe-devices/ VMSA-2025-0002: VMware Avi Load Balancer addresses an unauthenticated blind SQL Injection vulnerability (CVE-2025-22217) VMWare released a patch for the AVI Load Balancer addressing an unauthenticated blink SQL injection vulnerability. https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25346 keywords: vmware; avi load balancer; sql injection; voyager; laravel; php; zyxel; fortinet; python; powershell; garmin