Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SANS Stormcast Monday, December 1st, 2025: More ClickFix; Teams Guest Access; Geoserver XXE Vulnerablity

SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

Johannes B. Ullrich

SANS Stormcast Monday, December 1st, 2025: More ClickFix; Teams Guest Access; Geoserver XXE Vulnerablity

DEC 1, 20255 MIN
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

SANS Stormcast Monday, December 1st, 2025: More ClickFix; Teams Guest Access; Geoserver XXE Vulnerablity

DEC 1, 20255 MIN

Description

<br/> Fake adult websites pop realistic Windows Update screen to deliver stealers via ClickFix<br/> The latest variant of ClickFix tricks users into copy/pasting commands by displaying a fake blue screen of death.<br/> <a href="https://www.acronis.com/en/tru/posts/fake-adult-websites-pop-realistic-windows-update-screen-to-deliver-stealers-via-clickfix/">https://www.acronis.com/en/tru/posts/fake-adult-websites-pop-realistic-windows-update-screen-to-deliver-stealers-via-clickfix/</a><br/> B2B Guest Access Creates an Unprotected Attack Vector<br/> Users may be tricked into joining an external Teams workspace as a guest, bypassing protections typically enabled for Teams workspaces.<br/> <a href="https://www.ontinue.com/resource/blog-microsoft-chat-with-anyone-understanding-phishing-risk/">https://www.ontinue.com/resource/blog-microsoft-chat-with-anyone-understanding-phishing-risk/</a><br/> Geoserver XXE Vulnerability CVE-2025-58360<br/> Geoserver patched an external XML entity (XXE) vulnerability.<br/> <a href="https://helixguard.ai/blog/CVE-2025-58360">https://helixguard.ai/blog/CVE-2025-58360</a><br/>