PodParley PodParley
PodParley
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast) podcast artwork

PODCAST · news

SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

A brief daily summary of what is important in cyber security. The podcast is published every weekday and designed to get you ready for the day with a brief, usually about 5 minute long, summary of current network security related events. The content is late breaking, educational and based on listener input as well as on input received by the SANS Internet Stormcenter. You may submit questions and comments via our contact form at https://isc.sans.edu/contact.html .

Subscribe · 0 Bookmark
  1. 1000

    SANS Stormcast Monday, June 22nd, 2026: IPv4 Mapped Phish; nginx bug; squid bleeds; AMD encryption fix

    eBanking Phishing Delivered Through IPv4-Mapped IPv6 Addresshttps://isc.sans.edu/diary/eBanking%20Phishing%20Delivered%20Through%20IPv4-Mapped%20IPv6%20Address/33090 NGINX ngx_http_v3_module vulnerability CVE-2026-42530https://my.f5.com/manage/s/article/K000161616 Squidbleed (CVE-2026-47729)https://blog.calif.io/p/squidbleed-cve-2026-47729 AMD will reinstate memory encryption on Ryzen 9000 CPUs through a BIOS update in July https://www.tomshardware.com/pc-components/cpus/amd-will-reinstate-memory-encryption-on-ryzen-9000-cpus-through-a-bios-update-in-july-tsme-is-coming-back-after-valuable-community-feedback My Upcoming Classeshttps://www.sans.org/profiles/dr-johannes-ullrich

  2. 999

    SANS Stormcast Thursday, June 18th, 2026: QUIC Challenge; Android 17; Oracle CSPU; JetBrains Plugins;

    The browser blind spot: Why your security tool may not be blocking what you think it is [Guest Diary]https://isc.sans.edu/diary/The%20browser%20blind%20spot%3A%20Why%20your%20security%20tool%20may%20not%20be%20blocking%20what%20you%20think%20it%20is%20%5BGuest%20Diary%5D/33084 Android 17 Security Patcheshttps://source.android.com/docs/security/bulletin/android-17 Oracle Critical Security Patch Update Advisory - June 2026https://www.oracle.com/security-alerts/cspujun2026.html Multiple JetBrains IDE plugins caught stealing AI keyshttps://www.aikido.dev/blog/multiple-jetbrains-ide-plugins-caught-stealing-ai-keys My Upcoming Classeshttps://www.sans.org/profiles/dr-johannes-ullrich

  3. 998

    SANS Stormcast Thursday, June 11th, 2026: Framing Protections; npm improvements; Adobe Patches; New Defender 0-day

    How has use of framing protection security headers changed in the past 3 years?https://isc.sans.edu/diary/How%20has%20use%20of%20framing%20protection%20security%20headers%20changed%20in%20the%20past%203%20years%3F/33068 Preparing for npm v12: install scripts and non-registry sources become opt-inhttps://github.com/orgs/community/discussions/198547 Adobe Patcheshttps://helpx.adobe.com/security.html Rogue Planet new Microsoft Defender Vulnerabilityhttps://github.com/MSNightmare/RoguePlanet My Upcoming Classeshttps://www.sans.org/profiles/dr-johannes-ullrich

  4. 997

    SANS Stormcast Wednesday, June 10th, 2026: Microsoft Patch Tuesday; Miasma Source Published; Fortinet Patches

    Microsoft June 2026 Patch Tuesdayhttps://isc.sans.edu/diary/Microsoft%20June%202026%20Patch%20Tuesday/33064 Miasma Software Supply Chain Attack Toolkit Source Publishedhttps://safedep.io/inside-the-miasma-supply-chain-attack-toolkit/ Fortinet FortiSandbox Vulnerabilityhttps://fortiguard.fortinet.com/psirt/FG-IR-26-141 My Upcoming Classeshttps://www.sans.org/profiles/dr-johannes-ullrich

  5. 996

    SANS Stormcast Tuesday, June 9th, 2026: Azure Repos Infected; Checkpoint VPN 0-Day; Verizon VoLTE missing IPSec integrity prot.

    Azure Functions Action and 72 Other Repositories Disabled After Supply Chain Attackhttps://www.stepsecurity.io/blog/miasma-worm-hits-microsoft-again-azure-functions-action-and-72-other-repositories-disabled-after-supply-chain-attack-targeting-ai-coding-agents Active Exploitation of Check Point VPN Authentication Bypass (CVE-2026-50751)https://blog.checkpoint.com/security/check-point-releases-important-hotfix-for-vulnerabilities-in-deprecated-ikev1-vpn-protocol/ Missing IPsec Integrity Protection for IMS SIP Signaling in Verizon VoLTE Deploymentshttps://kb.cert.org/vuls/id/615987 My Upcoming Classeshttps://www.sans.org/profiles/dr-johannes-ullrich

  6. 995

    SANS Stormcast Monday, June 8th, 2026: Wetransfer Phish; Spying Smart TV; Dashlane Brute Force

    The Evil MSI Background is Back!https://isc.sans.edu/diary/The%20Evil%20MSI%20Background%20is%20Back!/33054 The Smart TV in Your LivingRoom Is a Node in the AIScraping Economyhttps://blog.includesecurity.com/2026/06/the-smart-tv-in-your-livingroom-is-a-node-in-the-aiscraping-economy/ Brute force attack on Dashlane user accountshttps://support.dashlane.com/hc/en-us/articles/36038764990866-Security-advisory-Brute-force-attack-on-Dashlane-user-accounts#update-jun-4 My Upcoming Classeshttps://www.sans.org/profiles/dr-johannes-ullrich

  7. 994

    SANS Stormcast Friday, June 5th, 2026: Coreutils for Windows; Cisco Unified Comm Manager Fix and Exploit; OAuth Orphans

    Microsoft's Coreutils for Windowshttps://isc.sans.edu/diary/Microsoft%27s%20Coreutils%20for%20Windows/33048 Cisco Unified Communications Manager Server-Side Request Forgery Vulnerability CVE-2026-20230https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-ssrf-cXPnHcW Firmware Update for Acer Connect W6x Router https://community.acer.com/en/kb/articles/19672 OAuth marketplace apps keep access after publishers vanishhttps://www.helpnetsecurity.com/2026/06/04/oauth-marketplace-apps-audit/ My Upcoming Classeshttps://www.sans.org/profiles/dr-johannes-ullrich

  8. 993

    SANS Stormcast Thursday, June 4th, 2026: swagger.json Scans; Android Fake Call Detection; Anthropic Dashboard

    Continuing Scans for swagger.jsonhttps://isc.sans.edu/diary/Continuing+Scans+for+swaggerjson/33044/#comments Fake call detection on Androidhttps://blog.google/security/android-fake-call-detection/ Anthropic's coordinated vulnerability disclosure dashboardhttps://red.anthropic.com/2026/cvd/ My Upcoming Classeshttps://www.sans.org/profiles/dr-johannes-ullrich

  9. 992

    SANS Stormcast Wednesday, June 3rd, 2026: SVG Phishing; Android Patches; Poly Voice Vuln; Ivanti Neurons Priv Escelation

    New Wave Of Phishing Emails with SVG Fileshttps://isc.sans.edu/diary/New%20Wave%20Of%20Phishing%20Emails%20with%20SVG%20Files/33040 Android 2026-06-01 security patch level vulnerability detailshttps://source.android.com/docs/security/bulletin/2026/2026-06-01 Poly Voice Possible Remote Control of Certain Poly Devices CVE-2026-0826https://support.hp.com/us-en/document/ish_15052661-15052687-16/hpsbpy04083https://www.rapid7.com/blog/post/ve-cve-2026-0826-critical-unauthenticated-stack-buffer-overflow-hp-poly-vvx-trio-voip-phones-fixed/ Security Advisory Ivanti Neurons for ITSM (CVE-2026-9614)https://hub.ivanti.com/s/article/Security-Advisory-Ivanti-Neurons-for-ITSM-CVE-2026-9614?language=en_US My Upcoming Classeshttps://www.sans.org/profiles/dr-johannes-ullrich

  10. 991

    SANS Stormcast Tuesday, June 2nd, 2026: Netlogon Exploit; Unidentified RAT; Windows Netlogon Exploited; RedHat npm Affected; Dashlane Brutef

    Unidentified RAT pushes NetSupport RAThttps://isc.sans.edu/diary/Unidentified%20RAT%20pushes%20NetSupport%20RAT/33034 CVE-2026-41089: Windows Netlogon Vulnerability Exploitedhttps://ccb.belgium.be/advisories/warning-microsoft-patch-tuesday-may-2026-patches-118-vulnerabilities-16-critical-102 RedHat npm Packages Affectedhttps://www.aikido.dev/blog/red-hat-npm-packages-compromised-credential-stealing-worm Dashlane Locking Accounts after Brute Forcehttps://status.dashlane.com/pages/5aabcb89fccc4b04d3774443 My Upcoming Classeshttps://www.sans.org/profiles/dr-johannes-ullrich

  11. 990

    SANS Stormcast Monday, June 1st, 2026: Bitskrieg; Gogs Unpatched Vuln; Oracle Critical Updates; PAN-OS Exploited;

    Announcing Bitskrieghttps://deadeclipse666.blogspot.com/2026/05/announcing-bitskrieg.html Vulnerability in Gogshttps://www.rapid7.com/blog/post/ve-authenticated-rce-via-argument-injection-gogs-unfixed/ Oracle Critical Security Patch Update Advisory - May 2026https://www.oracle.com/security-alerts/cspumay2026.html GlobalProtect Authentication Bypass Vulnerabilities CVE-2026-0257https://security.paloaltonetworks.com/CVE-2026-0257

  12. 989

    SANS Stormcast Friday, May 29th, 2026: @sans_edu research; Honeypot Log; VPN “Toad”; Silent Ransom Group

    Research Review Journalhttps://assets.contentstack.io/v3/assets/blt83c410d686aa5f84/blt3cff46f63887f83e/research-review-journalhttps://www.sans.edu/cyber-research Analysis of a Year of Files Uploaded to DShield Sensorshttps://isc.sans.edu/diary/Analysis%20of%20a%20Year%20of%20Files%20Uploaded%20to%20DShield%20Sensors/33026 The Word 'Toad' Gave Any Website Full Control of Chrome's Most Popular VPNhttps://amibeingpwned.com/blog/urban-vpn-postmessage-command-injection Silent Ransom Group Impersonating IT Personnel through Social Engineeringhttps://www.ic3.gov/CSA/2026/260526.pdf

  13. 988

    SANS Stormcast Thursday, May 28th, 2026: Akira Ransomware; Vaultjacking; Poisoned Chatbot and Search Results;

    Reconstructing an Akira Ransomware Kill Chain from Perimeter and Endpoint Logshttps://isc.sans.edu/diary/Reconstructing%20an%20Akira%20Ransomware%20Kill%20Chain%20from%20Perimeter%20and%20Endpoint%20Logs/33024 Vaultjacking: One Captured PIN, the Entire Google Password Manager Vaulthttps://phishu.net/blogs/blog-vaultjacking-phishing-the-google-password-manager-vault-in-the-phishu-framework.html From poisoned search results to GPU mining: A cryptojacking campaign abusing ScreenConnect and Microsoft .NET utilitieshttps://www.microsoft.com/en-us/security/blog/2026/05/26/poisoned-search-results-gpu-mining-cryptojacking-campaign-abusing-screenconnect-microsoft-net-utilities/

  14. 987

    SANS Stormcast Wednesday, May 27th, 2026: Fake Claude Ads; SharePoint Vuln; Angular Vulnerabilities

    Possible ACR Stealer From Page Impersonating Claudehttps://isc.sans.edu/diary/Possible%20ACR%20Stealer%20From%20Page%20Impersonating%20Claude/33018 Microsoft SharePoint Remote Code Execution Vulnerability CVE-2026-45659https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45659 Multiple Vulnerabilities in Angular Language Service VS Code Extensionhttps://github.com/angular/angular/security/advisories/GHSA-ccq4-xmxr-8hcq

  15. 986

    SANS Stormcast Tuesday, May 26th, 2026: VBA in MSFT Access; NPM Stealer; PHP Laravel Compromise; Google API Key Lag;

    Microsoft Access VBAhttps://isc.sans.edu/diary/Microsoft%20Access%20VBA/33012 An Example of Stack String in High Level Languagehttps://isc.sans.edu/diary/An%20Example%20of%20Stack%20String%20in%20High%20Level%20Language/33008 Cross-Platform NPM Stealerhttps://isc.sans.edu/diary/Cross-Platform%20NPM%20Stealer/33006 Laravel Lang Compromised with RCE Backdoor Acrosshttps://socket.dev/blog/laravel-lang-compromise Google API keys keep working after you delete themhttps://www.aikido.dev/blog/google-api-keys-deletion

  16. 985

    SANS Stormcast Friday, May 22nd, 2026: Selective HTTP Proxying; More GitHub Repo Trouble; MSFT Defender Patches;

    Selective HTTP Proxying in Linuxhttps://isc.sans.edu/diary/Selective%20HTTP%20Proxying%20in%20Linux/33002 Megalodon: Mass GitHub Repo Backdooring via CI Workflowshttps://safedep.io/megalodon-mass-github-repo-backdooring-ci-workflows/ MSFT Patches Recent Windows Defender Flaws CVE-2026-41091, CVE-2026-45498, CVE-2026-45584https://x.com/fabian_bader/status/2057198207243804881 Cisco Secure Workload Unauthorized API Access Vulnerability CVE-2026-20223https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-csw-pnbsa-g8WEnuy

  17. 984

    SANS Stormcast Thursday, May 21st, 2026: GitHub Breach; Agentic Threat Intel Feed; NGINX Vuln; YellowKey Fix; Incomplete SonicWall Patch

    GitHub Breachhttps://x.com/github/status/2056949168208552080 Agentic Threat Intelligence Feed - VS Code Extensionshttps://agentmesh.knostic.ai/extensions More NGINX Vulnerabilitieshttps://x.com/nebusecurity/status/2057071579876753643https://my.f5.com/manage/s/article/K000161307 Microsoft Publishes YellowKey Mitigation CVE-2026-45585https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45585 Incomplete Sonicwall Patch CVE-2024-12802https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0001

  18. 983

    SANS Stormcast Wednesday, May 20th, 2026: Assume Supply Chain Compromise; GitHub Action Compromise;

    TeamPCP Supply Chain Campaign: Activity Through 2026-05-17https://isc.sans.edu/diary/TeamPCP%20Supply%20Chain%20Campaign%3A%20Activity%20Through%202026-05-17/32994https://slsa.dev/spec/v0.1/levels Github Action Compromisehttps://www.stepsecurity.io/blog/actions-cool-issues-helper-github-action-compromised-all-tags-point-to-imposter-commit-that-exfiltrates-ci-cd-credentials How Storm-2949 turned a compromised identity into a cloud-wide breachhttps://www.microsoft.com/en-us/security/blog/2026/05/18/storm-2949-turned-compromised-identity-into-cloud-wide-breach/

  19. 982

    SANS Stormcast Tuesday, May 19th, 2026: New libssh in Malware; Exchange 0-Day; MSFT Authenticator Update

    New Malware Libraries means New Signatureshttps://isc.sans.edu/diary/%5BGuest%20Diary%5D%20%20New%20Malware%20Libraries%20means%20New%20Signatures/32986 Addressing Exchange Server May 2026 vulnerability CVE-2026-42897https://techcommunity.microsoft.com/blog/exchange/addressing-exchange-server-may-2026-vulnerability-cve-2026-42897/4518498 Microsoft Authenticator Update CVE-2026-41615https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-41615 ssh-keysign-pwn (CVE-2026-46333) Patches Releasedhttps://almalinux.org/blog/2026-05-15-ssh-keysign-pwn-cve-2026-46333/

  20. 981

    SANS Stormcast Friday, May 15th, 2026: Website Fraud; Outlook Link Preview Bug; NGINX Vuln; Cisco 0-Day

    Tearing apart website fraud to see how it works. (@sans_edu)https://isc.sans.edu/diary/%5BGUEST%20DIARY%5D%20Tearing%20apart%20website%20fraud%20to%20see%20how%20it%20works./32958 Simple bypass of the link preview function in Outlook Junk folderhttps://isc.sans.edu/diary/Simple%20bypass%20of%20the%20link%20preview%20function%20in%20Outlook%20Junk%20folder/32990 NGINX Vulnerabilityhttps://depthfirst.com/nginx-rift Cisco SDWan 0-Dayhttps://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-rpa2-v69WY2SW

  21. 980

    SANS Stormcast Wednesday, May 13th, 2026: Microsoft Patch Tuesday; Large npm/pypi Compromise; Rubygems Attack

    Microsoft Patch Tuesdayhttps://isc.sans.edu/diary/32980 Tanstack npm and others compromisedhttps://socket.dev/blog/tanstack-npm-packages-compromised-mini-shai-hulud-supply-chain-attack Ruby Gems Attackhttps://x.com/maciejmensfeld/status/2054164602577940619

  22. 979

    SANS Stormcast Tuesday, May 12th, 2026: Apple Patches; Encrypted RCS; CAPTCHAs; Checkmarx vs TeamPCP;

    Apple Patches Everythinghttps://isc.sans.edu/diary/Apple%20Patches%20Everything/32976 End-to-End Encrypted RCS Messageshttps://www.apple.com/newsroom/2026/05/end-to-end-encrypted-rcs-messaging-begins-rolling-out-today-in-beta/ Why we use CAPTCHAshttps://isc.sans.edu/diary/Why%20we%20use%20CAPTCHAs/32974 Checkmarx Jenkins AST plugin compromisehttps://checkmarx.com/blog/ongoing-security-updates/

  23. 978

    SANS Stormcast Monday, May 11th, 2026: New Linux Priv Escalation; PAM Backdoors; CPanel Updates; Let’s Encrypt

    Another Universal Linux Local Privilege Escalation (LPE) Vulnerability: Dirty Fraghttps://isc.sans.edu/diary/Another%20Universal%20Linux%20Local%20Privilege%20Escalation%20%28LPE%29%20Vulnerability%3A%20Dirty%20Frag/32968 PAM Backdoors Steel Passwordshttps://flare.io/learn/resources/blog/pamdoora-new-linux-pam-based-backdoor-sale-dark-web CPanel Updateshttps://support.cpanel.net/hc/en-us/sections/360007088193-Security Let s Encrypt Briefly Halts Certificate Issuance https://letsencrypt.status.io

  24. 977

    SANS Stormcast Friday April 24rd, 2026: Apple Update; Bitwarden Compromise; ASP.NET Core Patch

    Apple Patches Exploited Notification Flawhttps://isc.sans.edu/diary/Apple%20Patches%20Exploited%20Notification%20Flaw/32922 Bitwarden CLI Compromisedhttps://socket.dev/blog/bitwarden-cli-compromisedhttps://community.bitwarden.com/t/bitwarden-statement-on-checkmarx-supply-chain-incident/96127 Microsoft Security Advisory CVE-2026-40372 ASP.NET Core Elevation of Privilegehttps://github.com/dotnet/announcements/issues/395

  25. 976

    SANS Stormcast Thursday, April 23rd, 2026: Stealing Telegram Sessions; Oracle CPU; Firefox Patches

    Beyond Cryptojacking: Telegram tdata as a Credential Harvesting Vector, Lessons from a Honeypot Incidenthttps://isc.sans.edu/diary/%5BGuest%20Diary%5D%20Beyond%20Cryptojacking%3A%20Telegram%20tdata%20as%20a%20Credential%20Harvesting%20Vector%2C%20Lessons%20from%20a%20Honeypot%20Incident/32888 Checkmarx Compromisehttps://socket.dev/blog/checkmarx-supply-chain-compromise Oracle Quarterly Critical Patch Updatehttps://www.oracle.com/security-alerts/cpuapr2026.html Firefox 150 - Mythos AI https://blog.mozilla.org/en/privacy-security/ai-security-zero-day-vulnerabilities/

  26. 975

    SANS Stormcast Wednesday, April 22nd, 2026: WAV Malware; GitHub OAUTH Phishing; Perforce Settings

    A .WAV With A Payloadhttps://isc.sans.edu/diary/A%20.WAV%20With%20A%20Payload/32910 The Phishy GitHub Issue Casehttps://blog.atsika.ninja/posts/the-phishy-github-issue-case/ P4WNED: How Insecure Defaults in Perforce Expose Source Code Across the Internethttps://morganrobertson.net/p4wned/

  27. 974

    SANS Stormcast Tuesday, April 21st, 2026: CVE and EPSS; Windows Server 2025 OOB; QEMU Abuse;

    Handling the CVE Flood With EPSShttps://isc.sans.edu/diary/Handling%20the%20CVE%20Flood%20With%20EPSS/32914 Windows Server 2025 Out of Band Patchhttps://learn.microsoft.com/en-us/windows/release-health/windows-message-center#4835 QEMU abused to evade detection and enable ransomware deliveryhttps://www.sophos.com/en-us/blog/qemu-abused-to-evade-detection-and-enable-ransomware-delivery

  28. 973

    SANS Stormcast Monday, April 20th, 2026: Lumma Stealer and Sectop RAT; Windows 0-Day Exploited; NIST NVD Update; FortiSandbox PoC

    Lumma Stealer infection with Sectop RAT (ArechClient2)https://isc.sans.edu/diary/Lumma%20Stealer%20infection%20with%20Sectop%20RAT%20%28ArechClient2%29/32904 Three Recent Windows Defender Vulnerabilities Exploited (one 0-day)https://x.com/HuntressLabs/status/2044882115574091960 FortiSandbox PoC Exploit CVE-2026-39808https://github.com/samu-delucas/CVE-2026-39808?tab=readme-ov-file NIST Updates NVD Operations to Address Record CVE Growthhttps://www.nist.gov/news-events/news/2026/04/nist-updates-nvd-operations-address-record-cve-growth

  29. 972

    SANS Stormcast Friday, April 17th, 2026: DVRs Again; Cisco Again; Windows Defender Again; Sonatype

    Compromised DVRs and Finding Them in the Wildhttps://isc.sans.edu/diary/%5BGuest%20Diary%5D%20Compromised%20DVRs%20and%20Finding%20Them%20in%20the%20Wild/32886 Cisco ISE RCE Vulnerability and WebEx Auth Bypass CVE-2026-20184 CVE-2026-20180 CVE-2026-20186https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-rce-4fverepvhttps://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-cui-cert-8jSZYhWL Windows Defender 0-Day (RedSun)https://github.com/Nightmare-Eclipse/RedSun Sonatype Vulnerability CVE-2026-5189https://support.sonatype.com/hc/en-us/articles/50817138825491-CVE-2026-5189-Nexus-Repository-3-Hardcoded-Credential-in-Internal-Database-Component-2026-04-15

  30. 971

    SANS Stormcast Thursday, April 16th, 2026: AI Credential Scans; Microsoft Update Issues; RDP Warnings; GitHub Action Vulns;

    Scanning for AI Modelshttps://isc.sans.edu/diary/Scanning%20for%20AI%20Models/32896 Microsoft Update Problemshttps://support.microsoft.com/en-us/topic/april-14-2026-kb5082063-os-build-26100-32690-c57e289d-27c9-47cd-a183-72fabc62c5d7#:~:text=Known%20issues%20in%20this%20update Microsoft RDP File Warningshttps://learn.microsoft.com/en-us/windows-server/remote/remote-desktop-services/remotepc/understanding-security-warnings AI GitHub Action Vulnerabilitieshttps://oddguan.com/blog/comment-and-control-prompt-injection-credential-theft-claude-code-gemini-cli-github-copilot/https://www.theregister.com/2026/04/15/claude_gemini_copilot_agents_hijacked/ Wireguard Updatehttps://lists.zx2c4.com/pipermail/wireguard/2026-April/009561.html

  31. 970

    SANS Stormcast Wednesday, April 15th, 2026: Microsoft, Adobe, Fortinet and others Patches

    Microsoft Patch Tuesday April 2026https://isc.sans.edu/forums/diary/Microsoft%20Patch%20Tuesday%20April%202026./32898/ Adobe Patcheshttps://helpx.adobe.com/security/Home.html Fortinet Patcheshttps://fortiguard.fortinet.com/psirt

  32. 969

    SANS Stormcast Tuesday, April 14th, 2026: EncystPHP Webshell; CPUID Compromise; OpenAI Mac Cert Issue; Axios Vulnerability

    Scans for EncystPHP Webshellhttps://isc.sans.edu/diary/Scans%20for%20EncystPHP%20Webshell/32892 CPUID Compromisehttps://securelist.com/tr/cpu-z/119365/https://x.com/d0cTB/status/2042520961824559150 OpenAI Mac Application Update due to Axios Compromisehttps://openai.com/index/axios-developer-tool-compromise/ Axios Vulnerability CVE-2026-40175https://github.com/axios/axios/security/advisories/GHSA-fvcv-3m26-pcqx

  33. 968

    SANS Stormcast Monday, April 13th, 2026: Obfuscated JavaScript; Numbers in Passwords; Adobe Patches 0-Day; ClickFix Fix Bypass

    Obfuscated JavaScript or Nothinghttps://isc.sans.edu/diary/Obfuscated%20JavaScript%20or%20Nothing/32884 Numbers in Passwordshttps://isc.sans.edu/diary/Number%20Usage%20in%20Passwords%3A%20Take%20Two/32866 Adobe 0-Day Patch CVE-2026-34621https://helpx.adobe.com/security/products/acrobat/apsb26-43.html ClickFix Bypass via ScriptEditorhttps://www.jamf.com/blog/clickfix-macos-script-editor-atomic-stealer/

  34. 967

    SANS Stormcast Thursday, April 9th, 2026: Honeypot Fingerprinting; Microsoft Locks Developer Accounts; ActiveMQ Vuln;

    Honeypot Fingerprintinghttps://isc.sans.edu/diary/More%20Honeypot%20Fingerprinting%20Scans/32878 Microsoft Locks Accounts for Privacy/Encryption Related Developershttps://sourceforge.net/p/veracrypt/discussion/general/thread/9620d7a4b3/ https://news.ycombinator.com/item?id=47687884 https://x.com/windscribecom/status/2041929519628443943https://windowsforum.com/threads/april-2026-windows-update-ends-cross-signed-kernel-driver-trust.410487/ Remote Code Execution in Apache ActiveMQ (CVE-2026-34197)https://horizon3.ai/attack-research/disclosures/cve-2026-34197-activemq-rce-jolokia/

  35. 966

    SANS Stormcast Wednesday, April 8th, 2026: Pivoting for Webshells; WatchGuard Firebox Patch; Project Glasswing; Kubernetes Misconfigurations

    A Little Bit Pivoting: What Web Shells are Attackers Looking for Today?https://isc.sans.edu/diary/A%20Little%20Bit%20Pivoting%3A%20What%20Web%20Shells%20are%20Attackers%20Looking%20for%3F/32874 WatchGuard Firebox Arbitrary File Write via Path Traversal in Fireware Web UIhttps://www.watchguard.com/wgrd-psirt/advisory/wgsa-2026-00009 Project Glasswinghttps://www.anthropic.com/glasswing Current Threats Against Kuberneteshttps://unit42.paloaltonetworks.com/modern-kubernetes-threats/

  36. 965

    SANS Stormcast Tuesday, April 7th, 2026: Redirects in Phishing; Internet Bug Bounty Suspended; Bluehammer; Keycloak MFA Bypass

    How often are redirects used in phishing in 2026?https://isc.sans.edu/diary/How%20often%20are%20redirects%20used%20in%20phishing%20in%202026%3F/32870 Hackerone Suspends Internet Bug Bountyhttps://hackerone.com/ibb?type=teamhttps://www.linkedin.com/posts/danielstenberg_hackerone-share-7446667043380076545-RX9b/ Bluehammer Windows 0-day Privilege Escalationhttps://github.com/Nightmare-Eclipse/BlueHammerhttps://deadeclipse666.blogspot.com/2026/04/public-disclosure.htmlhttps://deepwiki.com/Nightmare-Eclipse/BlueHammer Keycloak MFA Bypass CVE-2026-3429https://access.redhat.com/security/cve/cve-2026-3429

  37. 964

    SANS Stormcast Monday, April 6th, 2026: TeamPCP Update and Axio Post Mortem; Fortinet 0-Day

    Team PCP Update and Axios Post Mortemhttps://isc.sans.edu/diary/32864https://github.com/axios/axios/issues/10636 Strapi NPM Packages Compromisedhttps://safedep.io/malicious-npm-strapi-plugin-events-c2-agent/ Fortinet CVE-2026-35616 exctively exploitedhttps://fortiguard.fortinet.com/psirt/FG-IR-26-099

  38. 963

    SANS Stormcast Friday, April 3rd, 2026: Vite Exploits; OpenSSH 10.3; Claude Code Vuln

    Attempts to Exploit Exposed "Vite" Installs (CVE-2025-30208)https://isc.sans.edu/diary/Attempts%20to%20Exploit%20Exposed%20%22Vite%22%20Installs%20%28CVE-2025-30208%29/32860 OpenSSH 10.3 Releasehttps://seclists.org/oss-sec/2026/q2/7 Claude Code Vulnerabilityhttps://adversa.ai/claude-code-security-bypass-deny-rules-disabled/

  39. 962

    SANS Stormcast Thursday, April 2nd, 2026: Script Removing ADS/MotW; Google Chrome 0-Day; iOS/iPadOS 18 Update;

    Malicious Script That Gets Rid of ADShttps://isc.sans.edu/diary/Malicious%20Script%20That%20Gets%20Rid%20of%20ADS/32854 Google Chrome Update fixes 21 Vulnerabilities and 0-Dayhttps://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_31.html Apple Addresses Darksword Vulnerabilities for older deviceshttps://support.apple.com/en-us/126793

  40. 961

    SANS Stormcast Wednesday, April 1st, 2026: Application Control Bypass; Axios NPM Module Compromise; TeamPCP vs Cloud

    Application Control Bypass for Data Exfiltrationhttps://isc.sans.edu/diary/Application%20Control%20Bypass%20for%20Data%20Exfiltration/32850 Axios NPM Module Supply Chain Compromisehttps://www.stepsecurity.io/blog/axios-compromised-on-npm-malicious-versions-drop-remote-access-trojanhttps://www.linkedin.com/events/7444763050819092480/ TeamPCP vs. Cloud Resourceshttps://www.wiz.io/blog/tracking-teampcp-investigating-post-compromise-attacks-seen-in-the-wild

  41. 960

    SANS Stormcast Tuesday, March 31st, 2026: Honeypot Session Lifetime; Let’s Encrypt Tests Mass Revocation; F5 RCE Exploited

    Honeypot Session Lifetimehttps://isc.sans.edu/diary/DShield%20%28Cowrie%29%20Honeypot%20Stats%20and%20When%20Sessions%20Disconnect/32840 Let s Encrypt Tests Mass Revocationhttps://community.letsencrypt.org/t/lets-encrypt-2026-mass-revocation-simulation/245960https://www.certkit.io/blog/ari-solves-mass-certificate-revocationhttps://www.certkit.io/blog/lets-encrypt-mass-revocation-simulation F5 Vulnerability Re-Classified (and already exploited) as RCEhttps://my.f5.com/manage/s/article/K000156741

  42. 959

    SANS Stormcast Monday, March 30th, 2026: More TeamPCP: telnyx; Netscaler Exploit; macOS ClickFix Fix; Windows Smart Install

    TeamPCP Update #2: Telnyx PyPi Compromisehttps://isc.sans.edu/diary/TeamPCP%20Supply%20Chain%20Campaign%3A%20Update%20002%20-%20Telnyx%20PyPI%20Compromise%2C%20Vect%20Ransomware%20Mass%20Affiliate%20Program%2C%20and%20First%20Named%20Victim%20Claim/32838 Citrix Netscaler Vulnerability Detailshttps://labs.watchtowr.com/the-sequels-are-never-as-good-but-were-still-in-pain-citrix-netscaler-cve-2026-3055-memory-overread/ macOS Clickfix Warninghttps://x.com/ClassicII_MrMac/status/2036797948911141129 Windows Smart Installhttps://textslashplain.com/2026/03/24/windows-choose-where-to-get-apps/

  43. 958

    SANS Stormcast Friday, March 27th, 2026: TeamPCP Update; DarkSword vs Patches; LangFlow Exploited

    TeamPCP Supply Chain Campaign: Update 001 - Checkmarx Scope Wider Than Reported, CISA KEV Entry, and Detection Tools Availablehttps://isc.sans.edu/diary/TeamPCP%20Supply%20Chain%20Campaign%3A%20Update%20001%20-%20Checkmarx%20Scope%20Wider%20Than%20Reported%2C%20CISA%20KEV%20Entry%2C%20and%20Detection%20Tools%20Available/32834 DarkSword and This Weeks iOS Updateshttps://cloud.google.com/blog/topics/threat-intelligence/darksword-ios-exploit-chain LangFlow Exploitedhttps://www.cisa.gov/news-events/alerts/2026/03/25/cisa-adds-one-known-exploited-vulnerability-catalog

  44. 957

    SANS Stormcast Thursday, March 26th, 2026: Apple Patches; SmatApeSG Update; Trivy/LiteLLM/TeamPCP Update; Google Accelerates Quantum Save Cr

    Apple Patches (almost) everything again. March 2026 edition.https://isc.sans.edu/diary/Apple%20Patches%20%28almost%29%20everything%20again.%20March%202026%20edition./32830 SmartApeSG campaign pushes Remcos RAT, NetSupport RAT, StealC, and Sectop RAT (ArechClient2)https://isc.sans.edu/diary/SmartApeSG%20campaign%20pushes%20Remcos%20RAT%2C%20NetSupport%20RAT%2C%20StealC%2C%20and%20Sectop%20RAT%20%28ArechClient2%29/32826 Trivy/LiteLLM/TeamPCP Updateshttps://www.sans.org/webcasts/when-security-scanner-became-weaponhttps://rosesecurity.dev/2026/03/24/sha-pinning-is-not-enough.html Google Moves Up Quantum Crypto Deadlinehttps://blog.google/innovation-and-ai/technology/safety-security/cryptography-migration-timeline/

  45. 956

    SANS Stormcast Wednesday, March 25th, 2026: IP KVM Usage; TeampPCP, Trivy, liteLLM and More

    --- Special Webcast about Trivy Supply Chain Attackshttps://www.sans.org/webcasts/when-security-scanner-became-weapon --- Detecting IP KVM Usagehttps://isc.sans.edu/diary/Detecting%20IP%20KVMs/32824 TeamPCP, Trivy, liteLLM, Iran and morehttps://www.aikido.dev/blog/teampcp-stage-payload-canisterworm-iranhttps://www.aquasec.com/blog/trivy-supply-chain-attack-what-you-need-to-know/https://blog.gitguardian.com/trivys-march-supply-chain-attack-shows-where-secret-exposure-hurts-most/https://www.sysdig.com/blog/teampcp-expands-supply-chain-compromise-spreads-from-trivy-to-checkmarx-github-actions

  46. 955

    SANS Stormcast Tuesday, March 24th, 2026: Tax Scam to EDR Kill; Netscaler Patches; gRPC-Go Authz Bypass;

    From W-2 to BYOVD: How a Tax Search Leads to Kernel-Mode AV/EDR Killhttps://www.huntress.com/blog/w2-malvertising-to-kernel-mode-edr-kill NetScaler ADC and NetScaler Gateway Security Bulletin for CVE-2026-3055 and CVE-2026-4368https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX696300 gRPC-Go Authorization bypass via missing leading slash in :path CVE-2026-33186https://github.com/grpc/grpc-go/security/advisories/GHSA-p77j-4mvh-x3m3

  47. 954

    SANS Stormcast Monday, March 23rd, 2026: GSocket Backdoor in Bash; Oracle Security Alert; Rockwell Attacks

    GSocket Backdoor Delivered Through Bash Scripthttps://isc.sans.edu/diary/GSocket+Backdoor+Delivered+Through+Bash+Script/32816/#comments Oracle Security Alert CVE-2026-21992 Releasedhttps://blogs.oracle.com/security/alert-cve-2026-21992 Rockwell Automation Reiterates Customer Guidance to Disconnect Devices from the Internet and Harden PLCs to Protect from Cyber Threatshttps://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1771.html

  48. 953

    SANS Stormcast Friday, March 20th, 2026: Cowrie Strings; MSFT Intune Hardening; Unifi Network Update;

    Interesting Cowrie Stringshttps://isc.sans.edu/diary/Interesting+Message+Stored+in+Cowrie+Logs/32810 Microsoft Intune Hardening Advicehttps://techcommunity.microsoft.com/blog/intunecustomersuccess/best-practices-for-securing-microsoft-intune/4502117https://www.cisa.gov/news-events/alerts/2026/03/18/cisa-urges-endpoint-management-system-hardening-after-cyberattack-against-us-organization Unifi Network Updatehttps://community.ui.com/releases/Security-Advisory-Bulletin-062-062/c29719c0-405e-4d4a-8f26-e343e99f931b

  49. 952

    SANS Stormcast Thursday, March 19th, 2026: Adminer Scans; Apple WebKit Patch; another telnetd vuln; screenconnect vuln

    Scans for "adminer"https://isc.sans.edu/diary/Scans%20for%20%22adminer%22/32808 Background Security Improvement for WebKithttps://support.apple.com/en-us/126604 Remote Pre-Auth Buffer Overflow in GNU Inetutils telnetd (LINEMODE SLC)https://lists.gnu.org/archive/html/bug-inetutils/2026-03/msg00031.html ScreenConnect 26.1 Security Hardeninghttps://www.connectwise.com/company/trust/security-bulletins/2026-03-17-screenconnect-bulletin

  50. 951

    SANS Stormcast Wednesday, March 18th, 2026: IPv4 mapped IPv6; KVM Vulnerabilities; AWS Bedrock DNS Covert Channel

    IPv4 Mapped IPv6 Addresseshttps://isc.sans.edu/diary/IPv4%20Mapped%20IPv6%20Addresses/32804 More IP KVM Vulnerabilitieshttps://eclypsium.com/blog/your-kvm-is-the-weak-link-how-30-dollar-devices-can-own-your-entire-network/ AWS Bedrock AgentCore Code Interpreter DNS Leakhttps://www.beyondtrust.com/blog/entry/pwning-aws-agentcore-code-interpreter

View all 1,000 episodes →

Type above to search every episode's transcript for a word or phrase. Matches are scoped to this podcast.

Searching…

We're indexing this podcast's transcripts for the first time — this can take a minute or two. We'll show results as soon as they're ready.

No matches for "" in this podcast's transcripts.

Showing of matches

No topics indexed yet for this podcast.

Loading reviews...

ABOUT THIS SHOW

A brief daily summary of what is important in cyber security. The podcast is published every weekday and designed to get you ready for the day with a brief, usually about 5 minute long, summary of current network security related events. The content is late breaking, educational and based on listener input as well as on input received by the SANS Internet Stormcenter. You may submit questions and comments via our contact form at https://isc.sans.edu/contact.html .

HOSTED BY

Johannes B. Ullrich

Produced by SANS ISC Handlers

CATEGORIES

news

Frequently Asked Questions

How many episodes does SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast) have?

SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast) currently has 50 episodes available on PodParley. New episodes are automatically indexed when they're published to the podcast feed.

What is SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast) about?

A brief daily summary of what is important in cyber security. The podcast is published every weekday and designed to get you ready for the day with a brief, usually about 5 minute long, summary of current network security related events. The content is late breaking, educational and based on...

How often does SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast) release new episodes?

SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast) has 50 episodes. Check the episode list to see recent publication dates and frequency.

Where can I listen to SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)?

You can listen to SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast) on PodParley by clicking any episode. We provide an embedded audio player for direct listening, and you can also subscribe via your preferred podcast app using the RSS feed.

Who hosts SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)?

SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast) is created and hosted by Johannes B. Ullrich.
URL copied to clipboard!