Stormcast Week of Oct 24, 2025: WSUS RCE, Magento "SessionReaper" exploitation, DNS cache-poisoning fixes, and an Android/Termux infostealer
SANS Internet Storm Center’s Oct 24, 2025 Stormcast flags four items that should immediately shape triage and detection content across enterprise environments: an Android infostealer abusing Termux, active exploitation of Adobe Commerce/Magento “SessionReaper,” new cache-poisoning fixes for BIND and Unbound resolvers, and a released exploit for a critical WSUS deserialization RCE. Reference the minimal Stormcast entry and the full podcast summary for context (ISC diary 32418, podcast detail).
Below is a forensics-first breakdown: what to collect, where to hunt, and how to contain.