Forecast: Patchy with a 32% backlog surge, CVE squalls causing auth bypass showers, and Lazarus fronts looming—keep your threat umbrellas handy!" 🌩️☔
We kick things off with a deep dive into the chaotic world of CVEs. The CrushFTP vulnerability saga is a case study in how bureaucracy can collide with real-world threats. When a critical auth bypass flaw emerged in March 2025, patches rolled out quickly, but the CVE process stumbled—two different identifiers (CVE-2025-2825 and CVE-2025-31161) were assigned by competing firms, VulnCheck and Outpost24. The resulting confusion left organizations scrambling as exploit activity spiked, with Shadowserver tracking over 1,800 vulnerable instances initially. CrushFTP blamed security researchers for accelerating attacks, while defenders faced the nightmare of reconciling conflicting vulnerability tracking.
The National Vulnerability Database (NVD) isn’t making life easier either. Despite processing CVEs at pre-2024 rates, a 32% surge in submissions has created a growing backlog. NIST’s March 2025 update reveals they’re exploring machine learning to automate tasks, but with older CVEs now being marked “deferred,” many legacy systems might fly under the radar. It’s a stark reminder that even foundational security infrastructure is buckling under scale.
Shifting gears to nation-state threats, North Korean IT workers are running a global shadow IT empire. Google’s threat team uncovered operatives managing 12+ fake personas across Europe and the US, targeting defense contractors and governments. Their projects range from blockchain job marketplaces to AI-driven web apps, funded through crypto and freelance platforms like Upwork. The plot thickens with BYOD policies becoming an unwitting accomplice—these workers exploit virtualized environments to avoid detection, while extortion schemes spike amid increased law enforcement pressure.
Rounding out the episode, we’ll touch on critical advisories from Censys, VulnCheck, runZero, and GreyNoise—including the CrushFTP auth bypass and a new Ivanti Connect Secure RCE flaw.
Can't Watch? Listen Here
