#195 - Intel Chat: APT tunnelling, BadPilot, CVE-2025-0108, emojis & Kitty Stealer (take 2)

In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.

Network traffic tunneling is a technique used by attackers to bypass security controls and exfiltrate data or establish covert communication channels. Threat actors use various tunneling methods, including DNS tunneling, HTTP/S tunneling, and ICMP tunneling, each with its own advantages depending on the target environment.

The "BadPilot" hacking campaign has been linked to Russia's Sandworm threat group, a unit of the GRU known for cyber espionage and disruptive attacks.

GreyNoise has observed active exploitation of CVE-2025-0108, a critical authentication bypass vulnerability in Palo Alto Networks’ PAN-OS. This vulnerability allows unauthenticated attackers to gain administrative access to affected firewall devices, posing a significant risk to organizations relying on PAN-OS for network security.

Security researcher Paul Butler has demonstrated a novel technique for smuggling arbitrary data using emojis, leveraging the way modern text encoding and rendering systems handle Unicode characters.

Kitty Stealer is a newly identified malware targeting macOS systems, designed to steal sensitive user data such as credentials, browser cookies, and cryptocurrency wallets.