SecLists.Org Security Mailing List Archive

Nmap Development — Unmoderated technical development forum for debating ideas, patches, and suggestions regarding proposed changes to Nmap and related projects. Subscribe to nmap-dev here.

• Current Quarter
• Archived Posts
• RSS Feed
• About List
• nmap-devLatest Posts

Re: dev Digest, Vol 233, Issue 1 Trinidad JR Cristian (Nov 01)
Last Login: SAT NOV 01 2025 11:06:09 CDT

Authentication-Results: mail.ctmartinez5.ch; dkim=pass (Good 1024 bit
rsa-sha256 596) header.d=cert.org header.a=rsa-sha256; dkim=pass
(Good 1024 bit rsa-sha256 596) header.d=amazonses.com
header.a=rsa-sha256
Authentication-Results: mail.ctmartinez5.ch; dmarc=pass (p=none dis=none)
header.from=cert.org
Authentication-Results: mail.outlook.ch;...

Fw: dev Digest, Vol 233, Issue 1 Trinidad JR Cristian (Oct 31)
JE6ar71cU61f: [CARTER[338NYROC14617]ROCHESTER] --Cristian A Trinidad

NET Wrapper for Npcap <- Package delivery for bothe itmes 1&2 .

1-["Lenss":"Eyes-drops","Battery":["Interface":"TjRQouCJ"(1737645151)

Zenmap Nmap @NeonNox Samsung 8 Galaxy kalinux 2&2

2-("KALI":"162.5 mm × 74.8 mm × 8.6...

GitHub PR #3214: Add compatibility fixes for various OSes + multiplatform autobuilds Jordan Ritter (Oct 30)
Just submitted https://github.com/nmap/nmap/pull/3214 — I think the contributing guidelines say to give an extra heads
up via email, so this is that email.

The PR adds compilation fixes for FreeBSD, NetBSD, OpenBSD, Solaris, macOS, and Windows, against current master (on
GitHub, which I understand is synced read-only with SVN).

I got the sense you guys may not have broad OS coverage in the existing TravisCI setup — given all the problems...

RE: Nmap Zenmap version mismatch via Windows .exe installer EXT-Modrell, Anthony via dev (Oct 30)
Hello,

I was looking for an update. I see that the media has not changed via hash since we downloaded and found the mismatch.
Any update would be appreciated.

Thank you,
Tony

From: EXT-Modrell, Anthony
Sent: Wednesday, September 24, 2025 1:42 PM
To: 'dev () nmap org' <dev () nmap org>
Cc: Herren (US), Tracy J <tracy.j.herren () boeing com>; EXT-Baker, Mark A <mark.a.baker2 () boeing com>; EXT-Rivera,
Alexander R...

Re: .NET Wrapper for Npcap Daniel Miller (Oct 30)
Steve,

Npcap ought to work with any existing WinPcap wrapper, since the API is
backwards-compatible. I have not used any C# wrappers myself, though I am
aware of SharpPcap (https://github.com/dotpcap/sharppcap) as another.

Dan

On Wed, Jun 11, 2025 at 6:44 AM Altaffer, Steven via dev <dev () nmap org>
wrote:

Nmap Announce — Moderated list for the most important new releases and announcements regarding the Nmap Security Scanner and related projects. We recommend that all Nmap users subscribe to stay informed.

• Current Year
• Archived Posts
• RSS Feed
• About List
• nmap-announceLatest Posts

Npcap Version 1.82 Released with VLAN Tagging and More Gordon Fyodor Lyon (Apr 28)
Dear Nmap Community,

In preparation for an imminent Nmap release (hopefully this week!), we have
released Version 1.82 of our Npcap Windows packet capture and transmission
driver. It builds upon the recent 1.81 release to add support for VLAN
tagging. This allows you to select for packets directed to a certain VLAN
or just inspect the VLAN headers on any packets received. It's especially
useful for Wireshark users. You can also now send...

Nmap 7.95 released: OS and service detection signatures galore! Gordon Fyodor Lyon (May 05)
Dear Nmap Community,

I just arrived in San Francisco for the RSA conference and am delighted to
announce our Nmap Version 7.95 release! I'm most excited that we finally
tackled our backlog of OS and service detection fingerprint submissions.
We're not talking about dozens or hundreds of them-we processed more than
6,500 fingerprints!

For OS detection, we added 336 signatures, bringing the new total to 6,036.
Additions include iOS 15...

Full Disclosure — A public, vendor-neutral forum for detailed discussion of vulnerabilities and exploitation techniques, as well as tools, papers, news, and events of interest to the community. The relaxed atmosphere of this quirky list provides some comic relief and certain industry gossip. More importantly, fresh vulnerabilities sometimes hit this list many hours or days before they pass through the Bugtraq moderation queue.

• Previous Month
• Archived Posts
• RSS Feed
• About List
• fulldisclosureLatest Posts

SEC Consult SA-20251029-0 :: Unprotected NFC card manipulation leading to free top-up in GiroWeb Cashless Catering Solutions (only legacy customer infrastructure) SEC Consult Vulnerability Lab via Fulldisclosure (Oct 29)
SEC Consult Vulnerability Lab Security Advisory < 20251029-0 >
=======================================================================
title: Unprotected NFC card manipulation leading to free top-up
product: GiroWeb Cashless Catering Solutions
vulnerable version: Only legacy customer infrastructure using outdated
Legic Prime or other insecure NFC cards
fixed version: -
CVE...

Re: [FD] : "Glass Cage" – Zero-Click iMessage → Persistent iOS Compromise + Bricking (CVE-2025-24085 / 24201, CNVD-2025-07885) josephgoyd via Fulldisclosure (Oct 29)
The exploit I caught in the wild and the flow of the attack chain are in this repo:
https://github.com/JGoyd/Glass-Cage-iOS18-CVE-2025-24085-CVE-2025-24201

The report was constructed via log analysis.

-------- Original Message --------

It seems, the whole account is down

Re: : "Glass Cage" – Zero-Click iMessage → Persistent iOS Compromise + Bricking (CVE-2025-24085 / 24201, CNVD-2025-07885) Christoph Gruber (Oct 29)
It seems, the whole account is down

Dovecot CVE-2025-30189: Auth cache causes access to wrong account Aki Tuomi via Fulldisclosure (Oct 29)
Affected product: Dovecot IMAP Server
Internal reference: DOV-7830
Vulnerability type: CWE-1250 (Improper Preservation of Consistency Between Independent Representations of Shared State)
Vulnerable version: 2.4.0, 2.4.1
Vulnerable component: auth
Report confidence: Confirmed
Solution status: Fixed in 2.4.2
Researcher credits: Erik <erik () broadlux com>
Vendor notification: 2025-07-25
CVE reference: CVE-2025-30189
CVSS: 7.4...

SEC Consult SA-20251027-0 :: Unauthenticated Local File Disclosure in MPDV Mikrolab MIP 2 / FEDRA 2 / HYDRA X Manufacturing Execution System #CVE-2025-12055 SEC Consult Vulnerability Lab via Fulldisclosure (Oct 28)
SEC Consult Vulnerability Lab Security Advisory < 20251027-0 >
=======================================================================
title: Unauthenticated Local File Disclosure
product: MPDV Mikrolab MIP 2 / FEDRA 2 / HYDRA X Manufacturing
Execution System
vulnerable version: 10.14.STD, MIP 2 / FEDRA 2 / HYDRA X with Servicepack 8
Maintenance versions until week...

Stored Cross-Site Scripting (XSS) via SVG File Upload - totaljsv5013 Andrey Stoykov (Oct 28)
# Exploit Title: Stored Cross-Site Scripting (XSS) via SVG File Upload -
totaljsv5013
# Date: 10/2025
# Exploit Author: Andrey Stoykov
# Version: 5013
# Tested on: Debian 12
# Blog:
https://msecureltd.blogspot.com/2025/10/friday-fun-pentest-series-46-stored.html

Stored Cross-Site Scripting (XSS) via SVG File Upload:

Steps to Reproduce:
1. Login with user and visit "Layouts"
2. Visit "Files" and click "Upload"
3....

Stored HTML Injection - Layout Functionality - totaljsv5013 Andrey Stoykov (Oct 28)
# Exploit Title: Stored HTML Injection - Layout Functionality - totaljsv5013
# Date: 10/2025
# Exploit Author: Andrey Stoykov
# Version: 5013
# Tested on: Debian 12
# Blog:
https://msecureltd.blogspot.com/2025/10/friday-fun-pentest-series-45-stored.html

Stored HTML Injection - Layout Functionality:

Steps to Reproduce:
1. Login with user and visit "Layouts"
2. Click on "Create" and enter name for the layout
3. Trap the HTTP...

Stored Cross-Site Scripting (XSS) - Layout Functionality - totaljsv5013 Andrey Stoykov (Oct 28)
# Exploit Title: Stored Cross-Site Scripting (XSS) - Layout Functionality -
totaljsv5013
# Date: 10/2025
# Exploit Author: Andrey Stoykov
# Version: 5013
# Tested on: Debian 12
# Blog:
https://msecureltd.blogspot.com/2025/10/friday-fun-pentest-series-44-stored.html

Stored Cross-Site Scripting (XSS) - Layout Functionality:

Steps to Reproduce:
1. Login with user and visit "Layouts"
2. Click on "Create" and enter name for the...

Current Password not Required When Changing Password - totaljsv5013 Andrey Stoykov (Oct 28)
# Exploit Title: Current Password not Required When Changing Password -
totaljsv5013
# Date: 10/2025
# Exploit Author: Andrey Stoykov
# Version: 5013
# Tested on: Debian 12
# Blog:
https://msecureltd.blogspot.com/2025/10/friday-fun-pentest-series-43-current.html

Current Password not Required When Changing Password:

Steps to Reproduce:
1. Login with user and click on profile icon
2. Select "Change Credentials"
3. The user would not be...

Re: [FD] : "Glass Cage" – Zero-Click iMessage → Persistent iOS Compromise + Bricking (CVE-2025-24085 / 24201, CNVD-2025-07885) Noor Christensen (Oct 28)
Hi Joseph,

Looks like your post with the technical details is down; I'm getting a 404 since
yesterday.

-- kchr

Struts2 and Related Framework Array/Collection DoS Daniel Owens via Fulldisclosure (Oct 28)
Struts2 has, since its inception and to today, contained a significant denial of service (DoS) vulnerability stemming
from how the Struts2 default deserialiser parses and deserialises arrays, collections (including maps), and related
objects. Specifically, Struts2 and related frameworks allow attackers to specify indices and adhere to the
user-supplied indices such that attackers can make arbitrarily large data structures with extremely tiny...

[REVIVE-SA-2025-002] Revive Adserver Vulnerability Matteo Beccati (Oct 25)
========================================================================
Revive Adserver Security Advisory REVIVE-SA-2025-002
------------------------------------------------------------------------
https://www.revive-adserver.com/security/revive-sa-2025-002
------------------------------------------------------------------------
Date: 2025-10-24
Risk Level: High
Applications affected: Revive...

[REVIVE-SA-2025-001] Revive Adserver Vulnerability Matteo Beccati (Oct 25)
========================================================================
Revive Adserver Security Advisory REVIVE-SA-2025-001
------------------------------------------------------------------------
https://www.revive-adserver.com/security/revive-sa-2025-001
------------------------------------------------------------------------
CVE-ID: CVE-2025-27208
Date: 2025-10-22
Risk Level:...

SEC Consult SA-20251021-0 :: Multiple Vulnerabilities in EfficientLab WorkExaminer Professional (CVE-2025-10639, CVE-2025-10640, CVE-2025-10641) SEC Consult Vulnerability Lab via Fulldisclosure (Oct 21)
SEC Consult Vulnerability Lab Security Advisory < 20251021-0 >
=======================================================================
title: Multiple Vulnerabilities
product: EfficientLab WorkExaminer Professional
vulnerable version: <= 4.0.0.52001
fixed version: -
CVE number: CVE-2025-10639, CVE-2025-10640, CVE-2025-10641
impact: Critical
homepage:...

[SYSS-2025-017]: Verbatim Store 'n' Go Secure Portable HDD (security update v1.0.0.6) - Offline brute-force attack Matthias Deeg via Fulldisclosure (Oct 21)
Advisory ID: SYSS-2025-017
Product: Store 'n' Go Secure Portable HDD
Manufacturer: Verbatim
Affected Version(s): Part Number #53401 (GD25LK01-3637-C VER4.0)
Tested Version(s): Part Number #53401 (GD25LK01-3637-C VER4.0)
Vulnerability Type: Use of a Cryptographic Primitive with a Risky
Implementation (CWE-1240)
Risk Level: High...

Bugtraq — The premier general security mailing list. Vulnerabilities are often announced here first, so check frequently!

• Archived Posts
• RSS Feed
• About List

Security Basics — A high-volume list which permits people to ask "stupid questions" without being derided as "n00bs". I recommend this list to network security newbies, but be sure to read Bugtraq and other lists as well.

• Archived Posts
• RSS Feed
• About List

Penetration Testing — While this list is intended for "professionals", participants frequenly disclose techniques and strategies that would be useful to anyone with a practical interest in security and network auditing.

• Archived Posts
• RSS Feed
• About List

Info Security News — Carries news items (generally from mainstream sources) that relate to security.

• Archived Posts
• RSS Feed
• About List

Firewall Wizards — Tips and tricks for firewall administrators

• Archived Posts
• RSS Feed
• About List

IDS Focus — Technical discussion about Intrusion Detection Systems. You can also read the archives of a previous IDS list

• Archived Posts
• RSS Feed
• About List

Web App Security — Provides insights on the unique challenges which make web applications notoriously hard to secure, as well as attack methods including SQL injection, cross-site scripting (XSS), cross-site request forgery, and more.

• Archived Posts
• RSS Feed
• About List

Daily Dave — This technical discussion list covers vulnerability research, exploit development, and security events/gossip. It was started by ImmunitySec founder Dave Aitel and many security luminaries participate. Many posts simply advertise Immunity products, but you can't really fault Dave for being self-promotional on a list named DailyDave.

• Current Quarter
• Archived Posts
• RSS Feed
• About List
• dailydaveLatest Posts

Offensive AI Con Dave Aitel via Dailydave (Oct 08)
So I just got back from "Offensive AI Conference" in San Diego and it was a
great event - for a first time conference it ran especially smoothly, the
attendees were an amazing crowd, and many of the talks were extremely
strong. There's something about a conference that is not recording the
talks that gets people to actually sit and listen to them via the magic of
FOMO, but also, when a conference is "invite only" then you...

PaulDotCom — General discussion of security news, research, vulnerabilities, and the PaulDotCom Security Weekly podcast.

• Archived Posts
• RSS Feed
• About List

Honeypots — Discussions about tracking attackers by setting up decoy honeypots or entire honeynet networks.

• Archived Posts
• RSS Feed
• About List

Microsoft Sec Notification — Beware that MS often uses these security bulletins as marketing propaganda to downplay serious vulnerabilities in their products—note how most have a prominent and often-misleading "mitigating factors" section.

• Archived Posts
• RSS Feed
• About List

Funsec — While most security lists ban off-topic discussion, Funsec is a haven for free community discussion and enjoyment of the lighter, more humorous side of the security community

• Archived Posts
• RSS Feed
• About List

CERT Advisories — The Computer Emergency Response Team has been responding to security incidents and sharing vulnerability information since the Morris Worm hit in 1986. This archive combines their technical security alerts, tips, and current activity lists.

• Archived Posts
• RSS Feed
• About List
• certLatest Posts

Apple Releases Security Updates for Multiple Products CISA (Mar 28)
Cybersecurity and Infrastructure Security Agency (CISA) - Defend Today, Secure Tomorrow

You are subscribed to Cybersecurity Advisories for Cybersecurity and Infrastructure Security Agency. This information
has recently been updated and is now available.

Apple Releases Security Updates for Multiple Products [
https://www.cisa.gov/news-events/alerts/2023/03/28/apple-releases-security-updates-multiple-products ] 03/28/2023 01:00
PM EDT

Apple...

CISA Releases Six Industrial Control Systems Advisories CISA (Mar 23)
Cybersecurity and Infrastructure Security Agency (CISA) - Defend Today, Secure Tomorrow

You are subscribed to Cybersecurity Advisories for Cybersecurity and Infrastructure Security Agency. This information
has recently been updated, and is now available.

CISA Releases Six Industrial Control Systems Advisories [
https://www.cisa.gov/news-events/alerts/2023/03/23/cisa-releases-six-industrial-control-systems-advisories ] 03/23/2023
08:00 AM EDT...

CISA Releases Eight Industrial Control Systems Advisories CISA (Mar 21)
Cybersecurity and Infrastructure Security Agency (CISA) - Defend Today, Secure Tomorrow

You are subscribed to Cybersecurity Advisories for Cybersecurity and Infrastructure Security Agency. This information
has recently been updated, and is now available.

CISA Releases Eight Industrial Control Systems Advisories [
https://www.cisa.gov/news-events/alerts/2023/03/21/cisa-releases-eight-industrial-control-systems-advisories ]
03/21/2023 08:00 AM...

CISA and NSA Release Enduring Security Framework Guidance on Identity and Access Management CISA (Mar 21)
Cybersecurity and Infrastructure Security Agency (CISA) - Defend Today, Secure Tomorrow

You are subscribed to Cybersecurity Advisories for Cybersecurity and Infrastructure Security Agency. This information
has recently been updated, and is now available.

CISA and NSA Release Enduring Security Framework Guidance on Identity and Access Management [...

Open Source Security — Discussion of security flaws, concepts, and practices in the Open Source community

• Current Quarter
• Archived Posts
• RSS Feed
• About List
• oss-secLatest Posts

Re: Questionable CVE's reported against dnsmasq Peter Gutmann (Nov 03)
Russ Allbery <eagle () eyrie org> writes:

Even before getting into that, how do you document that people shouldn't do
certain things with their config files, or by extension which bits are inside
and outside the security boundary? "If an unauthorised party can modify your
config files then bad things can happen" seems redundant, "We take no
responsibility for what happens if you fail to take unspecified steps to
secure...

Re: Questionable CVE's reported against dnsmasq Olle E. Johansson (Nov 02)
As part of the Kamailio project I can say that we did just become aware of these CVEs in your email. They do not make
sense. Trying to get to the report, the config files used to provoke the issue can’t be downloaded.

If you have access to edit the config files, there are much more simple ways to cause damage than to provoke a problem
in the config file parser.

We will have an internal discussion but that will likely lead to the project...

Re: Questionable CVE's reported against dnsmasq Jeremy Stanley (Nov 02)
[...]

[...]

While I find CVSS fairly useless for projects I work on (for the
same reasons Greg K-H eloquently explained in a recent post about
determining the "severity" of Linux Kernel vulnerabilities), we have
the concept of "vulnerabilities nobody's working on fixing" too.
Off-label or discouraged uses of software, or even seemingly
appropriate but not common uses, may lead to vulnerabilities which
the...

Re: Questionable CVE's reported against dnsmasq Solar Designer (Nov 01)
I'm not aware of a machine-readable way, but I was thinking of using
SECURITY.md for this in projects I (co-)maintain.

Here's a historical similarly controversial CVE against GNU tar:

https://nvd.nist.gov/vuln/detail/CVE-2005-2541

Quoting the NVD page above:

It is interesting that although Red Hat seems to dispute this CVE and
doesn't intend to fix it, they nevertheless give it a non-zero CVSS
score (copying here from the CSAF...

Re: Questionable CVE's reported against dnsmasq Russ Allbery (Nov 01)
Demi Marie Obenour <demiobenour () gmail com> writes:

Certainly, I'm simplifying. Developing some sort of language to talk about
this is more than an afternoon with a Markdown editor. But at least in
theory, it feels like it should be possible to say things like that in
some sort of structured way.

untrusted-input: unsafe
untrusted-input: if-escaped
untrusted-input: safe

Obviously this is massively oversimplified, needs more thought...

Re: Questionable CVE's reported against dnsmasq Demi Marie Obenour (Nov 01)
Even this gets tricky. For instance, it is trivially unsafe to pass
untrusted input to a shell *without properly escaping it first*.
However, if the untrusted input is properly escaped, then it is the
shell's job to process the data correctly. The same goes for kernel
command lines in libvirt XML configurations, SaltStack reactor YAML,
Vim script command arguments, and almost certainly many, many more
situations that I am not even aware...

Re: Questionable CVE's reported against dnsmasq Collin Funk (Nov 01)
Hi Russ,

Russ Allbery <eagle () eyrie org> writes:

If it makes you feel better, I do not think it is an "ask the Lazyweb"
question. I actually had the same question.

There is a recent example in GNU Tar CVE-2025-45582 [1] which describes
a situation that has been described in the manual for 15 years. Copying
the relevant text from the manual [2]:

When extracting from two or more untrusted archives, each one should
be...

Re: Questionable CVE's reported against dnsmasq Russ Allbery (Nov 01)
Solar Designer <solar () openwall com> writes:

This is a bit of an "ask the Lazyweb" question since I have done only
minimal research, but is there any way for me to declare, as the software
maintainer, what I consider to be the security boundaries of the software
in a way that can be at least partially machine-readable? I know there are
tons of modeling languages for *building* software, imposing or checking
access control,...

Re: Questionable CVE's reported against dnsmasq Art Manion (Nov 01)
About an hour after posting this I slightly regretted it, my line of
thinking was along the lines of dnsmasq being setuid (it is not on
the systems I have at hand). A agree that some other system that
uses dnsmasq should be responsible for managing privilege separation
if that system allowed low-privileged users to modify config files
that influenced the behavior of privileged programs.

- Art

Re: Questionable CVE's reported against dnsmasq Solar Designer (Oct 31)
The two Bison CVEs mentioned in this thread are already disputed, but if
it's a case of "code not present" (AI or wrongly reported against Bison
rather than another project?), then they should probably get rejected
after a further confirmation? The CVE descriptions currently include:

CVE-2025-8733: "It is still unclear if this vulnerability genuinely
exists. The issue could not be reproduced from a GNU Bison 3.8.2 tarball...

Re: Multiple vulnerabilities in Jenkins plugins Solar Designer (Oct 31)
Thanks. Posting this answer directly in here for those too busy to
visit links and for archival, as taken from the Markdown source:

https://raw.githubusercontent.com/jenkins-infra/jenkins.io/refs/heads/master/content/security/plugins.adoc

Alexander

Re: Xen Security Notice 2 (CVE-2024-35347) AMD CPU Microcode Signature Verification Vulnerability Solar Designer (Oct 31)
Posting the referenced comment directly in here for those too busy to
visit links and for archival:

+NOTE: In order to not fully abandon machines affected by AMD-SB-7033 [1] that
+have not received the BIOS update, the family 19h microcode container now
+includes a second patch for these machines that brings the microcode to the
+highest possible level without the microcode signing fix. While a BIOS update
+is highly recommended to receive the...

Re: Questionable CVE's reported against dnsmasq Art Manion (Oct 31)
Speaking as a CVE Board member, but not for MITRE, I suggest that somebody dispute the dnsmasq (and Bison) CVE IDs.
I'll do this unless somebody else wants to. There is room for improvements to CVE assignment, but the current path is
to file disputes. Perhaps CNAs with "high" dispute counts or ratios warrant some sort of action.

Considering the CVE vulnerability determination rules, if there is no net security impact or gain...

Re: Xen Security Notice 2 (CVE-2024-35347) AMD CPU Microcode Signature Verification Vulnerability nightmare . yeah27 (Oct 31)
This is ancient, pre EFI and etc etc ... but it may be a start for someone.

https://savannah.nongnu.org/projects/biosconfig/

OpenSMTPD: Trivial Local Denial-of-Service via UNIX Domain Socket (CVE-2025-62875) Matthias Gerstner (Oct 31)
Hello list,

this issue was previously posted privately to the distros mailing list.
The embargo ends today. Please find a full formal report below. This
report is also available as rendered HTML on our blog [1].

Summary:

A world-writable `smtpd.sock` allows arbitrary local users to crash an
OpenSMTPD instance in version 7.7.0. Upstream provided a bugfix after a
longer time of silence, but there might still linger a memory leak issue
in the...

Secure Coding — The Secure Coding list (SC-L) is an open forum for the discussion on developing secure applications. It is moderated by the authors of Secure Coding: Principles and Practices.

• Archived Posts
• RSS Feed
• About List

Educause Security Discussion — Securing networks and computers in an academic environment.

• Archived Posts
• RSS Feed
• About List

NANOG — The North American Network Operators' Group discusses fundamental Internet infrastructure issues such as routing, IP address allocation, and containing malicious activity.

• Current Month
• Archived Posts
• RSS Feed
• About List
• nanogLatest Posts

Re: Artificial Juniper SRX limitations preventing IPv6 deployment (and sales) Javier J via NANOG (Nov 03)
I agree with Marco.

and nothing happens.

That is BS. I would gamble 95+% of mobile traffic is ipv6 only. If anything
the telecom's have had to invent new RFCs and workarounds to make sure
clients can get to ipv4 only services. see 464XLAT as an example. see
https://datatracker.ietf.org/doc/html/rfc6877

I'm on an old edgerouter lite3 at home at the moment and have no problem
with my ipv6 prefix delegations. You assign an ID to each...

Update Nov 2: BGP Route Leak Observed on October 29, 2025 — Multi-AS Propagation Involving Tier 1s Terry Keeling via NANOG (Nov 02)
Hi All,

I have been pulling more information, and right now I've identified active BGP hijacking/conflicts visible on
route-views.ny.routeviews.org involving AS30058 (FDCservers.net) with RPKI invalid announcements.
1. Confirmed Hijack - 45.138.210[.]0/24

* Legitimate Origin: AS2914 (NTT) - RPKI Valid
* Invalid Origin: AS30058 (FDCservers) - RPKI Invalid
* Both announcements actively visible in global routing table

2. Route...

Re: Artificial Juniper SRX limitations preventing IPv6 deployment (and sales) Marco Moock via NANOG (Nov 02)
Am 02.11.2025 um 09:36:04 Uhr schrieb Saku Ytti via NANOG:

That's just plain BS. There are various networks with IPv6 nowadays
(have a look a the Google and apnic statistic pages) and various
IPv6-only nets already exist. If it breaks, people will notice it.

Because the amount of networks and machines massively increased during
that time.

Is there any good alternative - or even a concept?
I've never seen that and every time people...

Re: Artificial Juniper SRX limitations preventing IPv6 deployment (and sales) Saku Ytti via NANOG (Nov 02)
I would have no reason to assume there is anything designed or planned
here. It's just people don't use IPv6, and IPv6 things can be broken
and nothing happens.

Even if the feature would work with a larger number of interfaces. I
don't think the design is going to be very desirable, as you cannot
guarantee which prefix is assigned to which interface, which implies
if you add/remove downstream interfaces, you reorder prefixes they...

Artificial Juniper SRX limitations preventing IPv6 deployment (and sales) Andrew Kirch via NANOG (Nov 01)
To those from Juniper,

You are actively harming your own sales, and IPv6 deployment.

On the SRX3xx line, Junos artificially limits update-router-advertisement
to three downstream interfaces. In practice, that means the box will only
automatically inject delegated IPv6 prefixes into RAs on three VLANs.

This is not a hardware limit. This is not a throughput limit. This is not
“the ASIC can’t handle it.” This is an arbitrary cap in...

Re: CAIDA and Internet2 are working on a tool to assist network operators plan their RPKI-ROAs Lee Howard via NANOG (Nov 01)
Wow. Microsoft continues to make email worse. Remember inline threading?

Lee

Weekly Global IPv4 Routing Table Report Routing Table Analysis Role Account via NANOG (Oct 31)
This is an automated weekly mailing describing the state of the Global
IPv4 Routing Table as seen from APNIC's router in Japan.

The posting is sent to APOPS, NANOG, AfNOG, SANOG, PacNOG, SAFNOG
UKNOF, TZNOG, MENOG, BJNOG, SDNOG, CMNOG, LACNOG and the RIPE Routing WG.

Daily listings are sent to bgp-stats () lists apnic net.

For historical data, please see https://thyme.apnic.net.

If you have any comments please contact Philip Smith...

Re: CAIDA and Internet2 are working on a tool to assist network operators plan their RPKI-ROAs Michael Brown via NANOG (Oct 31)
FYI list-ops (and individual people): Outlook reactions can be disabled
<https://meta.discourse.org/t/disallow-outlook-emoji-reactions/380418?u=supermathie>
by adding a header:

x-ms-reactions: disallow

(this could be added to the list's config)

Re: CAIDA and Internet2 are working on a tool to assist network operators plan their RPKI-ROAs Javier J via NANOG (Oct 31)
"[sad] Ron Yokubaitis reacted to your message:"

Why do we all need to care about a reaction to a msg? Also, I didn't deep
dive into internet2 but from my understanding it's just leased light
pathways from the same people we all use. What they do with the photons is
the own thing. feels like a waste of $$ but perhaps I am wrong.

- Javier

RE: CAIDA and Internet2 are working on a tool to assist network operators plan their RPKI-ROAs Ron Yokubaitis via NANOG (Oct 31)
[sad] Ron Yokubaitis reacted to your message:
________________________________
From: Steven Wallace via NANOG <nanog () lists nanog org>
Sent: Thursday, October 30, 2025 5:25:44 PM
To: nanog () nanog org <nanog () nanog org>; North American Network Operators Group <nanog () lists nanog org>
Cc: James Deaton <jdeaton () internet2 edu>; Matthew Luckie <mjl () caida org>; Steven Wallace <ssw () internet2 edu>...

Re: CAIDA and Internet2 are working on a tool to assist network operators plan their RPKI-ROAs niels=nanog--- via NANOG (Oct 31)
* Steven Wallace [Fri 31 Oct 2025, 15:55 CET]:

Thanks for the clarification, that indeed seems useful.

-- Niels.

Re: CAIDA and Internet2 are working on a tool to assist network operators plan their RPKI-ROAs Steven Wallace via NANOG (Oct 31)
We’ve found that including routing history is invaluable when assisting network operators with their ROA planning. A
few real-world examples illustrate how this context has helped:
• Cold-site business continuity: Some organizations announce more specific prefixes from a different
origin AS when activating a cold-site. Routing history reveals this behavior, ensuring the corresponding ROA is in
place so the cold-site can...

NANOG 96 Registration is OPEN! NANOG Support via NANOG (Oct 31)
Dear NANOG Community,

We are excited to announce our return to San Francisco, CA for NANOG 96
<https://nanog.org/events/nanog-96/>, hosted by Netskope
<https://www.netskope.com/>! Join us at the Hyatt San Francisco, February
2-4, 2026 for three full days of education, networking, and collaboration
with the brightest minds in Network Operations and Engineering.

Why Attend

NANOG 96 is designed for engineers, operators, and technical...

Discussion: Draft on RPKI Trust Anchor Constraints in SIDROPS Sofia Silva Berenguer via NANOG (Oct 30)
(Apologies for duplication)

Hello all,

The NRO RPKI Program [1] has published a blog post explaining the proposed solution to concerns with the current RPKI
Trust Anchor configuration, now documented in the Internet-Draft
https://www.ietf.org/archive/id/draft-nro-sidrops-ta-constraints-00.txt

The draft defines a mechanism that allows RPKI Trust Anchors (TAs) to declare which TA is authoritative for which
Internet Number Resources, helping...

Re: CAIDA and Internet2 are working on a tool to assist network operators plan their RPKI-ROAs Job Snijders via NANOG (Oct 30)
Dear Malte,

RFC 9455 essentially recommends to "maximally deaggregate" prefix
information into distinct ROA objects, however, this practise results a
massive overhead for the validation process in RPKI caches. I believe
these effects previously were underestimated: this practise seems to
result in non-linear growth of resource consumption.

With progressive insight, BCP 238 is *NOT* the best practise for the
general case. The growth...

Interesting People — David Farber moderates this list for discussion involving internet governance, infrastructure, and any other topics he finds fascinating

• Archived Posts
• RSS Feed
• About List

The RISKS Forum — Peter G. Neumann moderates this regular digest of current events which demonstrate risks to the public in computers and related systems. Security risks are often discussed.

• Current Quarter
• Archived Posts
• RSS Feed
• About List
• risksLatest Posts

(no subject) RISKS List Owner (Oct 25)
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
precedence: bulk
Subject: Risks Digest 34.78

RISKS-LIST: Risks-Forum Digest Saturday 25 October 2025 Volume 34 : Issue 78

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, founder and still moderator

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <...

(no subject) RISKS List Owner (Oct 16)

(no subject) RISKS List Owner (Oct 11)
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
precedence: bulk
Subject: Risks Digest 34.77

RISKS-LIST: Risks-Forum Digest Saturday 11 October 2025 Volume 34 : Issue 77

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, founder and still moderator

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <...

(no subject) RISKS List Owner (Aug 18)
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
precedence: bulk
Subject: Risks Digest 34.75

RISKS-LIST: Risks-Forum Digest Monday 18 August 2025 Volume 34 : Issue 75

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, founder and still moderator

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org...

(no subject) RISKS List Owner (Jul 31)
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
precedence: bulk
Subject: Risks Digest 34.76

RISKS-LIST: Risks-Forum Digest Thursday 31 July 2025 Volume 34 : Issue 76

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, founder and still moderator

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org...

(no subject) RISKS List Owner (Jul 29)
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
precedence: bulk
Subject: Risks Digest 34.74

RISKS-LIST: Risks-Forum Digest Tuesday 29 July 2025 Volume 34 : Issue 74

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, founder and still moderator

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org...

(no subject) RISKS List Owner (Jul 22)
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
precedence: bulk
Subject: Risks Digest 34.73

RISKS-LIST: Risks-Forum Digest Tuesday 22 July 2025 Volume 34 : Issue 73

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, founder and still moderator

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org...

(no subject) RISKS List Owner (Jul 19)
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
precedence: bulk
Subject: Risks Digest 34.72

RISKS-LIST: Risks-Forum Digest Saturday 19 July 2025 Volume 34 : Issue 72

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, founder and still moderator

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org...

(no subject) RISKS List Owner (Jul 07)
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
precedence: bulk
Subject: Risks Digest 34.70

RISKS-LIST: Risks-Forum Digest Monday 7 July 2025 Volume 34 : Issue 70

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, founder and still moderator

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org>...

BreachExchange — BreachExchange focuses on all things data breach. Topics include actual data breaches, cyber insurance, risk management, metrics and more. This archive includes its predecessor, the Data Loss news and discussion lists.

• Archived Posts
• RSS Feed
• About List
• datalossLatest Posts

Healthcare organizations face rising ransomware attacks – and are paying up Matthew Wheeler (Jun 03)
https://www.theregister.com/2022/06/03/healthcare-ransomware-pay-sophos/

Healthcare organizations, already an attractive target for ransomware given
the highly sensitive data they hold, saw such attacks almost double between
2020 and 2021, according to a survey released this week by Sophos.

The outfit's team also found that while polled healthcare orgs are quite
likely to pay ransoms, they rarely get all of their data returned if they
do...

A digital conflict between Russia and Ukraine rages on behind the scenes of war Matthew Wheeler (Jun 03)
https://wskg.org/npr_story_post/a-digital-conflict-between-russia-and-ukraine-rages-on-behind-the-scenes-of-war/

SEATTLE — On the sidelines of a conference in Estonia on Wednesday, a
senior U.S. intelligence official told British outlet Sky News that the
U.S. is running offensive cyber operations in support of Ukraine.

“My job is to provide a series of options to the secretary of defense and
the president, and so that’s what I do,” said...

Researchers Uncover Malware Controlling Thousands of Sites in Parrot TDS Network Matthew Wheeler (Jun 03)
https://thehackernews.com/2022/06/researchers-uncover-malware-controlling.html

The Parrot traffic direction system (TDS) that came to light earlier this
year has had a larger impact than previously thought, according to new
research.

Sucuri, which has been tracking the same campaign since February 2019 under
the name "NDSW/NDSX," said that "the malware was one of the top infections"
detected in 2021, accounting for more than...

FBI, CISA: Don't get caught in Karakurt's extortion web Matthew Wheeler (Jun 03)
https://www.theregister.com/2022/06/03/fbi_cisa_warn_karakurt_extortion/

The Feds have warned organizations about a lesser-known extortion gang
Karakurt, which demands ransoms as high as $13 million and, some
cybersecurity folks say, may be linked to the notorious Conti crew.

In a joint advisory [PDF] this week, the FBI, CISA and US Treasury
Department outlined technical details about how Karakurt operates, along
with actions to take,...

DOJ Seizes 3 Web Domains Used to Sell Stolen Data and DDoS Services Matthew Wheeler (Jun 02)
https://thehackernews.com/2022/06/doj-seizes-3-web-domains-used-to-sell.html

The U.S. Department of Justice (DoJ) on Wednesday announced the seizure of
three domains used by cybercriminals to trade stolen personal information
and facilitate distributed denial-of-service (DDoS) attacks for hire.

This includes weleakinfo[.]to, ipstress[.]in, and ovh-booter[.]com, the
former of which allowed its users to traffic hacked personal data and
offered a...

Chinese Hackers Begin Exploiting Latest Microsoft Office Zero-Day Vulnerability Matthew Wheeler (Jun 02)
https://thehackernews.com/2022/05/chinese-hackers-begin-exploiting-latest.html

An advanced persistent threat (APT) actor aligned with Chinese state
interests has been observed weaponizing the new zero-day flaw in Microsoft
Office to achieve code execution on affected systems.

"TA413 CN APT spotted [in-the-wild] exploiting the Follina zero-day using
URLs to deliver ZIP archives which contain Word Documents that use the
technique,"...

US military hackers conducting offensive operations in support of Ukraine, says head of Cyber Command Matthew Wheeler (Jun 02)
https://www.three.fm/news/world-news/us-military-hackers-conducting-offensive-operations-in-support-of-ukraine-says-head-of-cyber-command/

US military hackers have conducted offensive operations in support of
Ukraine, the head of US Cyber Command has told Sky News.

In an exclusive interview, General Paul Nakasone also explained how "hunt
forward" operations were allowing the United States to search out foreign
hackers and identify...

SideWinder Hackers Launched Over a 1, 000 Cyber Attacks Over the Past 2 Years Matthew Wheeler (May 31)
https://thehackernews.com/2022/05/sidewinder-hackers-launched-over-1000.html

An "aggressive" advanced persistent threat (APT) group known as SideWinder
has been linked to over 1,000 new attacks since April 2020.

"Some of the main characteristics of this threat actor that make it stand
out among the others, are the sheer number, high frequency and persistence
of their attacks and the large collection of encrypted and obfuscated...

Hackers are Selling US University Credentials Online, FBI Says Matthew Wheeler (May 31)
https://tech.co/news/hackers-are-selling-us-university-credentials-online-fbi-says

The Federal Bureau of Investigation has warned US universities and colleges
that it has found banks of login credentials and other data relating to VPN
access circulating on cybercriminals forums.

The fear is that such data will be sold and subsequently used by malicious
actors to orchestrate attacks on other accounts owned by the same students,
in the hope...

Interpol Nabs 3 Nigerian Scammers Behind Malware-based Attacks Matthew Wheeler (May 31)
https://thehackernews.com/2022/05/interpol-nabs-3-nigerian-scammers.html

Interpol on Monday announced the arrest of three suspected global scammers
in Nigeria for using remote access trojans (RATs) such as Agent Tesla to
facilitate malware-enabled cyber fraud.

"The men are thought to have used the RAT to reroute financial
transactions, stealing confidential online connection details from
corporate organizations, including oil and gas...

U.S. Warns Against North Korean Hackers Posing as IT Freelancers Matthew Wheeler (May 18)
https://thehackernews.com/2022/05/us-warns-against-north-korean-hackers.html

Highly skilled software and mobile app developers from the Democratic
People's Republic of Korea (DPRK) are posing as "non-DPRK nationals" in
hopes of landing freelance employment in an attempt to enable the regime's
malicious cyber intrusions.

That's according to a joint advisory from the U.S. Department of State, the
Department of the...

FBI and NSA say: Stop doing these 10 things that let the hackers in Matthew Wheeler (May 18)
https://www.zdnet.com/article/fbi-and-nsa-say-stop-doing-these-10-things-that-let-the-hackers-in/

Cyber attackers regularly exploit unpatched software vulnerabilities, but
they "routinely" target security misconfigurations for initial access, so
the US Cybersecurity and Infrastructure Security Agency (CISA) and its
peers have created a to-do list for defenders in today's heightened threat
environment.

CISA, the FBI and National...

Fifth of Businesses Say Cyber-Attack Nearly Broke Them Matthew Wheeler (May 18)
https://www.infosecurity-magazine.com/news/fifth-of-businesses-cyber-attack/

A fifth of US and European businesses have warned that a serious
cyber-attack nearly rendered them insolvent, with most (87%) viewing
compromise as a bigger threat than an economic downturn, according to
Hiscox.

The insurer polled over 5000 businesses in the US, UK, Ireland, France,
Spain, Germany, the Netherlands and Belgium to compile its annual Hiscox
Cyber...

Hacker And Ransomware Designer Charged For Use And Sale Of Ransomware, And Profit Sharing Arrangements With Cybercriminals Matthew Wheeler (May 18)
https://www.shorenewsnetwork.com/2022/05/16/hacker-and-ransomware-designer-charged-for-use-and-sale-of-ransomware-and-profit-sharing-arrangements-with-cybercriminals/

A criminal complaint was unsealed today in federal court in Brooklyn, New
York, charging Moises Luis Zagala Gonzalez (Zagala), also known as
“Nosophoros,” “Aesculapius” and “Nebuchadnezzar,” a citizen of France and
Venezuela who resides in Venezuela, with attempted...

State of Ransomware shows huge growth in threat and impacts Matthew Wheeler (May 04)
https://www.continuitycentral.com/index.php/news/technology/7275-state-of-ransomware-shows-huge-growth-in-threat-and-impacts

Sophos has released its annual survey and review of real-world ransomware
experiences in its ‘State of Ransomware 2022’ report. This shows that 66
percent of organizations surveyed were hit with ransomware in 2021, up from
37 percent in 2020.

The average ransom paid by organizations that had data encrypted in their...

Metasploit — Development discussion for Metasploit, the premier open source remote exploitation tool

• Archived Posts
• RSS Feed
• About List

Wireshark — Discussion of the free and open source Wireshark network sniffer. No other sniffer (commercial or otherwise) comes close. This archive combines the Wireshark announcement, users, and developers mailing lists.

• Archived Posts
• RSS Feed
• About List

Snort — Everyone's favorite open source IDS, Snort. This archive combines the snort-announce, snort-devel, snort-users, and snort-sigs lists.

• Current Quarter
• Archived Posts
• RSS Feed
• About List
• snortLatest Posts

Snort Subscriber Rules Update 2025-10-30 Research via Snort-sigs (Oct 30)
Talos Snort Subscriber Rules Update

Synopsis:
This release adds and modifies rules in several categories.

Details:
Talos has added and modified multiple rules in the malware-cnc,
os-windows and server-webapp rule sets to provide coverage for emerging
threats from these technologies.

For a complete list of new and modified rules please see:

https://www.snort.org/advisories

Snort Subscriber Rules Update 2025-10-28 Research via Snort-sigs (Oct 28)
Talos Snort Subscriber Rules Update

Synopsis:
This release adds and modifies rules in several categories.

Details:
Talos has added and modified multiple rules in the file-office and
server-webapp rule sets to provide coverage for emerging threats from
these technologies.

For a complete list of new and modified rules please see:

https://www.snort.org/advisories

Snort Subscriber Rules Update 2025-10-23 Research via Snort-sigs (Oct 23)
Talos Snort Subscriber Rules Update

Synopsis:
This release adds and modifies rules in several categories.

Details:
Talos has added and modified multiple rules in the and server-webapp
rule sets to provide coverage for emerging threats from these
technologies.

For a complete list of new and modified rules please see:

https://www.snort.org/advisories

Snort Subscriber Rules Update 2025-10-21 Research via Snort-sigs (Oct 21)
Talos Snort Subscriber Rules Update

Synopsis:
This release adds and modifies rules in several categories.

Details:
Talos has added and modified multiple rules in the malware-cnc,
malware-tools and server-webapp rule sets to provide coverage for
emerging threats from these technologies.

For a complete list of new and modified rules please see:

https://www.snort.org/advisories

Snort Subscriber Rules Update 2025-10-16 Research via Snort-sigs (Oct 16)
Talos Snort Subscriber Rules Update

Synopsis:
This release adds and modifies rules in several categories.

Details:
Talos has added and modified multiple rules in the malware-cnc,
policy-other and server-webapp rule sets to provide coverage for
emerging threats from these technologies.

For a complete list of new and modified rules please see:

https://www.snort.org/advisories

Snort Subscriber Rules Update 2025-10-14 Research via Snort-sigs (Oct 14)
Talos Snort Subscriber Rules Update

Synopsis:
Talos is aware of vulnerabilities affecting products from Microsoft
Corporation.

Details:
Microsoft Vulnerability CVE-2025-24052:
A coding deficiency exists in Microsoft Windows Agere Modem Driver that
may lead to an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with:
Snort 2: GID 1, SIDs 65391 through 65392,
Snort...

Porting Snort3 to Windows Bob Cook via Snort-devel (Oct 10)
Hello,

In the Snort3 GitHub there are several issues raised and closed in regards to a port to Windows, but seems this
activity hasn't yet come into the publicly visible branches.

My company has previously worked with the Snort2 codebase to build and deliver it for the Windows platforms as part of
our endpoint security product. We intend to perform similar work for Snort3, and would like to collaborate on this
effort with the Snort3...

Snort Subscriber Rules Update 2025-10-09 Research via Snort-sigs (Oct 09)
Talos Snort Subscriber Rules Update

Synopsis:
This release adds and modifies rules in several categories.

Details:
Talos has added and modified multiple rules in the file-image and
server-webapp rule sets to provide coverage for emerging threats from
these technologies.

For a complete list of new and modified rules please see:

https://www.snort.org/advisories

Snort Subscriber Rules Update 2025-10-07 Research via Snort-sigs (Oct 07)
Talos Snort Subscriber Rules Update

Synopsis:
This release adds and modifies rules in several categories.

Details:
Talos has added and modified multiple rules in the
indicator-compromise, malware-tools and server-webapp rule sets to
provide coverage for emerging threats from these technologies.

For a complete list of new and modified rules please see:

https://www.snort.org/advisories

Snort Subscriber Rules Update 2025-10-02 Research via Snort-sigs (Oct 02)
Talos Snort Subscriber Rules Update

Synopsis:
This release adds and modifies rules in several categories.

Details:
Talos has added and modified multiple rules in the and server-webapp
rule sets to provide coverage for emerging threats from these
technologies.

For a complete list of new and modified rules please see:

https://www.snort.org/advisories

Snort Subscriber Rules Update 2025-09-30 Research via Snort-sigs (Sep 30)
Talos Snort Subscriber Rules Update

Synopsis:
This release adds and modifies rules in several categories.

Details:
Talos has added and modified multiple rules in the and server-webapp
rule sets to provide coverage for emerging threats from these
technologies.

For a complete list of new and modified rules please see:

https://www.snort.org/advisories

Snort Subscriber Rules Update 2025-09-25 Research via Snort-sigs (Sep 25)
Talos Snort Subscriber Rules Update

Synopsis:
This release adds and modifies rules in several categories.

Details:
Talos has added and modified multiple rules in the file-flash,
file-image, os-windows and server-webapp rule sets to provide coverage
for emerging threats from these technologies.

For a complete list of new and modified rules please see:

https://www.snort.org/advisories

Snort Subscriber Rules Update 2025-09-23 Research via Snort-sigs (Sep 23)
Talos Snort Subscriber Rules Update

Synopsis:
This release adds and modifies rules in several categories.

Details:
Talos has added and modified multiple rules in the and server-webapp
rule sets to provide coverage for emerging threats from these
technologies.

For a complete list of new and modified rules please see:

https://www.snort.org/advisories

Snort Subscriber Rules Update 2025-09-18 Research via Snort-sigs (Sep 18)
Talos Snort Subscriber Rules Update

Synopsis:
This release adds and modifies rules in several categories.

Details:
Talos has added and modified multiple rules in the file-other,
malware-cnc, malware-other, os-windows and server-webapp rule sets to
provide coverage for emerging threats from these technologies.

For a complete list of new and modified rules please see:

https://www.snort.org/advisories

Snort Subscriber Rules Update 2025-09-15 Research via Snort-sigs (Sep 15)
Talos Snort Subscriber Rules Update

Synopsis:
This release adds and modifies rules in several categories.

Details:
Talos has added and modified multiple rules in the and server-webapp
rule sets to provide coverage for emerging threats from these
technologies.

For a complete list of new and modified rules please see:

https://www.snort.org/advisories