It’s Cybersecurity Awareness Month!

But you already knew that because every vendor you know told you, amirite? 💀

Every October for the last several years, I've been kinda like... meh! Everyone releases Cybersecurity Awareness Month content, but it never really lands with our community — we’re all about demos and practical stuff.

So this year, I’m shaking things up a bit. 😎

Join me and my Huntress teammate, Truman Kain, this Friday, October 24 at 1:00 PM ET for "Cybersecurity Awareness for Hackers - Practical Education by Huntress and Just Hacking Training.”

We'll go beyond simple awareness and give the hacker's perspective with sweet demos of a free, cool Huntress thing called Simulators! After each simulator demo by Truman, I'll share related recommendations on Just Hacking Training for you, the hands-on hacker, and where to find more technical training for actual practitioners.

Join via your favorite streaming platform: YouTube, Twitch, X, or LinkedIn!

News & Commentary

Redis Lua flaw opens door to RCE 🚪

Let me start off by saying oof. 😅

Redis (an open-source, in-memory data store) just disclosed a critical vulnerability with a CVSS score of 10. Yes, you read that right. The vulnerability, tracked as CVE-2025-49844 (RediShell), allows remote code execution (RCE) through malicious Lua scripts.

Once an attacker gains authenticated access, they can “break out” of the Lua sandbox and run code directly on the host machine. And while attackers do have to achieve valid access before running any code, there are so many internet-exposed Redis instances that make a red alert appropriate for this.

And, uh, this bug has kiiiind of been hanging out in all Redis versions for checks calendar over 13 years. 😅😅😅

Thankfully, there is a patch available—and given the possible outcomes with this vulnerability, I’d highly recommend patching ASAP if you use Redis.

Credential stuffing at work: SonicWall SSLVPN breach 🔓

Been a bit busy at my day job with this one. 😅

The Huntress team recently identified a widespread compromise of SonicWall SSLVPN devices. Attackers appear to be quickly logging into multiple accounts using apparently valid credentials, which suggests stolen credentials are being used rather than brute-force attempts.

Since October 4, we’ve seen 100+ accounts across 16 of our customers’ environments affected, with login activity traced to a specific IP address based in Asia. And while some attackers didn’t stick around, others moved laterally inside networks, scanning and targeting Windows accounts.

All of this is coming right after SonicWall released a security advisory, which acknowledged that they’d seen unauthorized access to firewall configuration backups stored via their cloud service.

We talk a lot about how hackers all too often don’t break in; they walk in. This is the perfect example of that: They stole valid credentials that spared them from having to brute-force their way in. Plus, exposed VPNs are always juicy targets.

If you’re running SonicWall SSLVPNs, I recommend reviewing your access logs ASAP (I know, I know), rotating all your credentials, and locking down remote access. Looking through logs isn’t fun, but neither is holding the door open for threat actors, so choose your own adventure. 🫠

Hackers are abusing a recent Oracle 0-day in Cl0p-esque extortion campaigns 😭

Back in August, a security flaw in Oracle’s E-Business Suite (EBS) software made way for a 0-day to surface. And now, it’s believed that “dozens of organizations” are impacted.

The security flaw is tracked as CVE-2025-61882 with a CVSS score of 9.8. Hackers are pairing it with other vulnerabilities to breach organizations, exfiltrating sensitive data before sending extortion emails from compromised third-party accounts—all signature moves we typically see from ransomware group Cl0p.

The ultimate result? Hackers gain RCE on EBS servers. The payloads include GOLDVEIN, a Java-based downloader, and SAGELEAF/SAGEWAVE, custom malware used for persistence and further exploitation.

This blend of custom malware, targeted exploitation, and social engineering screams advanced ransomware playbook—not to mention planning ahead. This was clearly a sophisticated attack that serves as a good reminder that your public-facing apps aren’t just infrastructure. They’re targets.

Sponsor

Securing AI Agents 101

AI agents are changing how work gets done and are rapidly emerging across enterprise environments: powering automation, chaining tools, and acting across systems.

Securing AI Agents 101 is a one-page resource to help teams build a clear understanding of what AI agents are, how they operate, and where key security considerations show up.

Inside, you’ll find:

• What makes an AI agent different from traditional tools

• Top risks to watch, from shadow AI to excessive permissions

• Four key questions to assess agent usage and exposure

Download the security flashcard and get up to speed quickly.

Email being clipped?

Here’s some actually helpful advice: You can view the email in your browser: https://johnhammond.beehiiv.com/p/cybersecurity-shenanigans-017.

(And as always, thanks for nothing, Clippy. 💙)

Just Hacking Training 🤓
October Announcements

📺 Livestream Previews of In-Person Training 📺

To see what you might miss, I did three livestreams last week to give an insider’s preview of each of the live classes JHT is presenting at BSidesChicago this Halloween, October 31. Before catching my Closing Keynote on November 1, I’d be soooo thankful if you joined me, Mishaal, or Trevor for 8+ hours of unforgettable hacking fun. Don’t forget, early registration pricing of $450 (10% off) includes food AND the online version of the course.

💻 John Hammond - Script-Based Malware Analysis (Livestream Preview!)

Most security professionals are comfortable with scripting methods to analyze incidents. Extending this more familiar process, John focuses on malicious software that can more easily be turned into human readable code, rather than needing to try and make sense of a debugger or disassembler like IDA, GHIDRA, or others. Students will have an array of lessons as a guide through this much more approachable first step into the world of malware analysis.

💻 Mishaal Khan - Level Up OSINT (Livestream Preview!)

It’s no hyperbole to say that Mishaal consistently produces “mind blown” syndrome during his popular online courses and talks, but there’s no substitute for having direct 1-on-1 access for an entire day! Learn actionable techniques to use on the job immediately in his intermediate-level course. See why even John Hammond was left speechless in a recent livestream. Now it’s your turn to interact with him in a live setting that only happens a few times a year… and never at this price!

💻 Trevor Stevado - Hardware Hacking 101 w/ Take-Home Kit! (Livestream Preview!)

This intense 1-day hands-on course introduces participants to fundamental hardware hacking techniques used in embedded systems security research and pentesting. Each lab starts with a basic objective and adds additional layers to challenge yourself. Learn by doing with your own dedicated hardware hacking kit custom-made for this course. Continue your journey in the comfort of your home, because the kit is yours to keep!

💸 10% Early Discount = $450

🎥 Get online access to the course after the event

🍽️ Lunch included!

Want Just Hacking Training at your event? Email sales[at]justhacking[.]com.

New Courses

Additional Releases

Our third-week of the month content for October:

• Free Upskill Challenge – Detection via Deception by Adrian Sanabria

• Blog – Mental Fortitude for Hackers by Aqeel Haseen

Just Hacking Training is a platform providing "Focused Technical Training for All Levels" with 70+ affordable, hands-on options in 4 categories: Courses, Free Upskill Challenges, Hack-Alongs, and CTFs. With new content released twice a month throughout 2025, bi-monthly livestreams with John Hammond & our All-Star contributors, and even some “Name Your Price” options, JHT will advance your career regardless of experience level or budget.

Feels like we’re in a groove with this thing! I invite you to help me shake it up.

Please reply to this email and let me know what you’re loving — and what you’d love to see in the next edition.

Thank you!