#195 - Intel Chat: APT tunnelling, BadPilot, CVE-2025-0108, emojis & Kitty Stealer (take 2)
The Cybersecurity Defenders Podcast · Christopher
Audio is streamed directly from the publisher (podcast.wistia.com) as published in their RSS feed. Play Podcasts does not host this file. Rights-holders can request removal through the copyright & takedown page.
Show Notes
In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.
Network traffic tunneling is a technique used by attackers to bypass security controls and exfiltrate data or establish covert communication channels. Threat actors use various tunneling methods, including DNS tunneling, HTTP/S tunneling, and ICMP tunneling, each with its own advantages depending on the target environment.
The "BadPilot" hacking campaign has been linked to Russia's Sandworm threat group, a unit of the GRU known for cyber espionage and disruptive attacks.
GreyNoise has observed active exploitation of CVE-2025-0108, a critical authentication bypass vulnerability in Palo Alto Networks’ PAN-OS. This vulnerability allows unauthenticated attackers to gain administrative access to affected firewall devices, posing a significant risk to organizations relying on PAN-OS for network security.
Security researcher Paul Butler has demonstrated a novel technique for smuggling arbitrary data using emojis, leveraging the way modern text encoding and rendering systems handle Unicode characters.
Kitty Stealer is a newly identified malware targeting macOS systems, designed to steal sensitive user data such as credentials, browser cookies, and cryptocurrency wallets.