SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
Technology Podcasts
A brief daily summary of what is important in information security. The podcast is published every weekday and designed to get you ready for the day with a brief, usually 5 minute long, summary of current network security related events. The content...
Location:
United States
Description:
A brief daily summary of what is important in information security. The podcast is published every weekday and designed to get you ready for the day with a brief, usually 5 minute long, summary of current network security related events. The content is late breaking, educational and based on listener input as well as on input received by the SANS Internet Stormcenter. You may submit questions and comments via our contact form at https://isc.sans.edu/contact.html .
Language:
English
Email:
stormcast@sans.edu
Episodes
SANS Stormcast Thursday, April 9th, 2026: Honeypot Fingerprinting; Microsoft Locks Developer Accounts; ActiveMQ Vuln;
4/8/2026
Honeypot Fingerprinting
https://isc.sans.edu/diary/More%20Honeypot%20Fingerprinting%20Scans/32878
Microsoft Locks Accounts for Privacy/Encryption Related Developers
https://sourceforge.net/p/veracrypt/discussion/general/thread/9620d7a4b3/ https://news.ycombinator.com/item?id=47687884 https://x.com/windscribecom/status/2041929519628443943
https://windowsforum.com/threads/april-2026-windows-update-ends-cross-signed-kernel-driver-trust.410487/
Remote Code Execution in Apache ActiveMQ (CVE-2026-34197)
https://horizon3.ai/attack-research/disclosures/cve-2026-34197-activemq-rce-jolokia/
Duration:00:07:40
SANS Stormcast Wednesday, April 8th, 2026: Pivoting for Webshells; WatchGuard Firebox Patch; Project Glasswing; Kubernetes Misconfigurations
4/7/2026
A Little Bit Pivoting: What Web Shells are Attackers Looking for Today?
https://isc.sans.edu/diary/A%20Little%20Bit%20Pivoting%3A%20What%20Web%20Shells%20are%20Attackers%20Looking%20for%3F/32874
WatchGuard Firebox Arbitrary File Write via Path Traversal in Fireware Web UI
https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2026-00009
Project Glasswing
https://www.anthropic.com/glasswing
Current Threats Against Kubernetes
https://unit42.paloaltonetworks.com/modern-kubernetes-threats/
Duration:00:06:13
SANS Stormcast Tuesday, April 7th, 2026: Redirects in Phishing; Internet Bug Bounty Suspended; Bluehammer; Keycloak MFA Bypass
4/6/2026
How often are redirects used in phishing in 2026?
https://isc.sans.edu/diary/How%20often%20are%20redirects%20used%20in%20phishing%20in%202026%3F/32870
Hackerone Suspends Internet Bug Bounty
https://hackerone.com/ibb?type=team
https://www.linkedin.com/posts/danielstenberg_hackerone-share-7446667043380076545-RX9b/
Bluehammer Windows 0-day Privilege Escalation
https://github.com/Nightmare-Eclipse/BlueHammer
https://deadeclipse666.blogspot.com/2026/04/public-disclosure.html
https://deepwiki.com/Nightmare-Eclipse/BlueHammer
Keycloak MFA Bypass CVE-2026-3429
https://access.redhat.com/security/cve/cve-2026-3429
Duration:00:06:55
SANS Stormcast Monday, April 6th, 2026: TeamPCP Update and Axio Post Mortem; Fortinet 0-Day
4/5/2026
Team PCP Update and Axios Post Mortem
https://isc.sans.edu/diary/32864
https://github.com/axios/axios/issues/10636
Strapi NPM Packages Compromised
https://safedep.io/malicious-npm-strapi-plugin-events-c2-agent/
Fortinet CVE-2026-35616 exctively exploited
https://fortiguard.fortinet.com/psirt/FG-IR-26-099
Duration:00:06:09
SANS Stormcast Friday, April 3rd, 2026: Vite Exploits; OpenSSH 10.3; Claude Code Vuln
4/2/2026
Attempts to Exploit Exposed "Vite" Installs (CVE-2025-30208)
https://isc.sans.edu/diary/Attempts%20to%20Exploit%20Exposed%20%22Vite%22%20Installs%20%28CVE-2025-30208%29/32860
OpenSSH 10.3 Release
https://seclists.org/oss-sec/2026/q2/7
Claude Code Vulnerability
https://adversa.ai/claude-code-security-bypass-deny-rules-disabled/
Duration:00:05:15
SANS Stormcast Thursday, April 2nd, 2026: Script Removing ADS/MotW; Google Chrome 0-Day; iOS/iPadOS 18 Update;
4/1/2026
Malicious Script That Gets Rid of ADS
https://isc.sans.edu/diary/Malicious%20Script%20That%20Gets%20Rid%20of%20ADS/32854
Google Chrome Update fixes 21 Vulnerabilities and 0-Day
https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_31.html
Apple Addresses Darksword Vulnerabilities for older devices
https://support.apple.com/en-us/126793
Duration:00:04:01
SANS Stormcast Wednesday, April 1st, 2026: Application Control Bypass; Axios NPM Module Compromise; TeamPCP vs Cloud
3/31/2026
Application Control Bypass for Data Exfiltration
https://isc.sans.edu/diary/Application%20Control%20Bypass%20for%20Data%20Exfiltration/32850
Axios NPM Module Supply Chain Compromise
https://www.stepsecurity.io/blog/axios-compromised-on-npm-malicious-versions-drop-remote-access-trojan
https://www.linkedin.com/events/7444763050819092480/
TeamPCP vs. Cloud Resources
https://www.wiz.io/blog/tracking-teampcp-investigating-post-compromise-attacks-seen-in-the-wild
Duration:00:06:48
SANS Stormcast Tuesday, March 31st, 2026: Honeypot Session Lifetime; Let’s Encrypt Tests Mass Revocation; F5 RCE Exploited
3/30/2026
Honeypot Session Lifetime
https://isc.sans.edu/diary/DShield%20%28Cowrie%29%20Honeypot%20Stats%20and%20When%20Sessions%20Disconnect/32840
Let s Encrypt Tests Mass Revocation
https://community.letsencrypt.org/t/lets-encrypt-2026-mass-revocation-simulation/245960
https://www.certkit.io/blog/ari-solves-mass-certificate-revocation
https://www.certkit.io/blog/lets-encrypt-mass-revocation-simulation
F5 Vulnerability Re-Classified (and already exploited) as RCE
https://my.f5.com/manage/s/article/K000156741
Duration:00:05:13
SANS Stormcast Monday, March 30th, 2026: More TeamPCP: telnyx; Netscaler Exploit; macOS ClickFix Fix; Windows Smart Install
3/29/2026
TeamPCP Update #2: Telnyx PyPi Compromise
https://isc.sans.edu/diary/TeamPCP%20Supply%20Chain%20Campaign%3A%20Update%20002%20-%20Telnyx%20PyPI%20Compromise%2C%20Vect%20Ransomware%20Mass%20Affiliate%20Program%2C%20and%20First%20Named%20Victim%20Claim/32838
Citrix Netscaler Vulnerability Details
https://labs.watchtowr.com/the-sequels-are-never-as-good-but-were-still-in-pain-citrix-netscaler-cve-2026-3055-memory-overread/
macOS Clickfix Warning
https://x.com/ClassicII_MrMac/status/2036797948911141129
Windows Smart Install
https://textslashplain.com/2026/03/24/windows-choose-where-to-get-apps/
Duration:00:08:26
SANS Stormcast Friday, March 27th, 2026: TeamPCP Update; DarkSword vs Patches; LangFlow Exploited
3/26/2026
TeamPCP Supply Chain Campaign: Update 001 - Checkmarx Scope Wider Than Reported, CISA KEV Entry, and Detection Tools Available
https://isc.sans.edu/diary/TeamPCP%20Supply%20Chain%20Campaign%3A%20Update%20001%20-%20Checkmarx%20Scope%20Wider%20Than%20Reported%2C%20CISA%20KEV%20Entry%2C%20and%20Detection%20Tools%20Available/32834
DarkSword and This Weeks iOS Updates
https://cloud.google.com/blog/topics/threat-intelligence/darksword-ios-exploit-chain
LangFlow Exploited
https://www.cisa.gov/news-events/alerts/2026/03/25/cisa-adds-one-known-exploited-vulnerability-catalog
Duration:00:06:13
SANS Stormcast Thursday, March 26th, 2026: Apple Patches; SmatApeSG Update; Trivy/LiteLLM/TeamPCP Update; Google Accelerates Quantum Save Crypto Rollout
3/25/2026
Apple Patches (almost) everything again. March 2026 edition.
https://isc.sans.edu/diary/Apple%20Patches%20%28almost%29%20everything%20again.%20March%202026%20edition./32830
SmartApeSG campaign pushes Remcos RAT, NetSupport RAT, StealC, and Sectop RAT (ArechClient2)
https://isc.sans.edu/diary/SmartApeSG%20campaign%20pushes%20Remcos%20RAT%2C%20NetSupport%20RAT%2C%20StealC%2C%20and%20Sectop%20RAT%20%28ArechClient2%29/32826
Trivy/LiteLLM/TeamPCP Updates
https://www.sans.org/webcasts/when-security-scanner-became-weapon
https://rosesecurity.dev/2026/03/24/sha-pinning-is-not-enough.html
Google Moves Up Quantum Crypto Deadline
https://blog.google/innovation-and-ai/technology/safety-security/cryptography-migration-timeline/
Duration:00:06:56
SANS Stormcast Wednesday, March 25th, 2026: IP KVM Usage; TeampPCP, Trivy, liteLLM and More
3/24/2026
---
Special Webcast about Trivy Supply Chain Attacks
https://www.sans.org/webcasts/when-security-scanner-became-weapon
---
Detecting IP KVM Usage
https://isc.sans.edu/diary/Detecting%20IP%20KVMs/32824
TeamPCP, Trivy, liteLLM, Iran and more
https://www.aikido.dev/blog/teampcp-stage-payload-canisterworm-iran
https://www.aquasec.com/blog/trivy-supply-chain-attack-what-you-need-to-know/
https://blog.gitguardian.com/trivys-march-supply-chain-attack-shows-where-secret-exposure-hurts-most/
https://www.sysdig.com/blog/teampcp-expands-supply-chain-compromise-spreads-from-trivy-to-checkmarx-github-actions
Duration:00:11:54
SANS Stormcast Tuesday, March 24th, 2026: Tax Scam to EDR Kill; Netscaler Patches; gRPC-Go Authz Bypass;
3/23/2026
From W-2 to BYOVD: How a Tax Search Leads to Kernel-Mode AV/EDR Kill
https://www.huntress.com/blog/w2-malvertising-to-kernel-mode-edr-kill
NetScaler ADC and NetScaler Gateway Security Bulletin for CVE-2026-3055 and CVE-2026-4368
https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX696300
gRPC-Go Authorization bypass via missing leading slash in :path CVE-2026-33186
https://github.com/grpc/grpc-go/security/advisories/GHSA-p77j-4mvh-x3m3
Duration:00:05:41
SANS Stormcast Monday, March 23rd, 2026: GSocket Backdoor in Bash; Oracle Security Alert; Rockwell Attacks
3/22/2026
GSocket Backdoor Delivered Through Bash Script
https://isc.sans.edu/diary/GSocket+Backdoor+Delivered+Through+Bash+Script/32816/#comments
Oracle Security Alert CVE-2026-21992 Released
https://blogs.oracle.com/security/alert-cve-2026-21992
Rockwell Automation Reiterates Customer Guidance to Disconnect Devices from the Internet and Harden PLCs to Protect from Cyber Threats
https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1771.html
Duration:00:05:34
SANS Stormcast Friday, March 20th, 2026: Cowrie Strings; MSFT Intune Hardening; Unifi Network Update;
3/19/2026
Interesting Cowrie Strings
https://isc.sans.edu/diary/Interesting+Message+Stored+in+Cowrie+Logs/32810
Microsoft Intune Hardening Advice
https://techcommunity.microsoft.com/blog/intunecustomersuccess/best-practices-for-securing-microsoft-intune/4502117
https://www.cisa.gov/news-events/alerts/2026/03/18/cisa-urges-endpoint-management-system-hardening-after-cyberattack-against-us-organization
Unifi Network Update
https://community.ui.com/releases/Security-Advisory-Bulletin-062-062/c29719c0-405e-4d4a-8f26-e343e99f931b
Duration:00:05:45
SANS Stormcast Thursday, March 19th, 2026: Adminer Scans; Apple WebKit Patch; another telnetd vuln; screenconnect vuln
3/18/2026
Scans for "adminer"
https://isc.sans.edu/diary/Scans%20for%20%22adminer%22/32808
Background Security Improvement for WebKit
https://support.apple.com/en-us/126604
Remote Pre-Auth Buffer Overflow in GNU Inetutils telnetd (LINEMODE SLC)
https://lists.gnu.org/archive/html/bug-inetutils/2026-03/msg00031.html
ScreenConnect 26.1 Security Hardening
https://www.connectwise.com/company/trust/security-bulletins/2026-03-17-screenconnect-bulletin
Duration:00:05:55
SANS Stormcast Wednesday, March 18th, 2026: IPv4 mapped IPv6; KVM Vulnerabilities; AWS Bedrock DNS Covert Channel
3/18/2026
IPv4 Mapped IPv6 Addresses
https://isc.sans.edu/diary/IPv4%20Mapped%20IPv6%20Addresses/32804
More IP KVM Vulnerabilities
https://eclypsium.com/blog/your-kvm-is-the-weak-link-how-30-dollar-devices-can-own-your-entire-network/
AWS Bedrock AgentCore Code Interpreter DNS Leak
https://www.beyondtrust.com/blog/entry/pwning-aws-agentcore-code-interpreter
Duration:00:06:00
SANS Stormcast Tuesday, March 17th, 2026: Proxy URLs; Local Network Address Restrictions; Advanced Phishing
3/16/2026
/proxy/ URL scans with IP addresses
https://isc.sans.edu/forums/diary/proxy+URL+scans+with+IP+addresses/32800/
Local Network Address Restrictions
https://learn.microsoft.com/en-us/deployedge/ms-edge-local-network-access#how-to-mitigate-impact-for-cross-origin-iframes https://learn.microsoft.com/en-us/deployedge/microsoft-edge-relnote-stable-channel
European Security Vendor Targeted by Hackers Fronting as Cisco Domain
https://specopssoft.com/blog/phishing-campaign-cisco/
Duration:00:07:50
SANS Stormcast Monday, March 16th, 2026: SmartApeSG and Remcos RAT; React Based Phishing; Google Chrome Patches; AdGaurd Vuln
3/15/2026
SmartApeSG campaign uses ClickFix page to push Remcos RAT
https://isc.sans.edu/diary/SmartApeSG%20campaign%20uses%20ClickFix%20page%20to%20push%20Remcos%20RAT/32796
A React-based phishing page with credential exfiltration via EmailJS
https://isc.sans.edu/diary/32794
Google Chrome announced two zero-day fixes, then removed one.
https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_12.html
AdGuard Vulnerability
https://github.com/AdguardTeam/AdGuardHome/releases/tag/v0.107.73
Duration:00:06:13
SANS Stormcast Friday, March 13th, 2026: IOT Device Discovery; Apple Patches; Veeam Patches
3/12/2026
When your IoT Device Logs in as Admin, It s too Late!
https://isc.sans.edu/diary/When%20your%20IoT%20Device%20Logs%20in%20as%20Admin%2C%20It%3Fs%20too%20Late!%20%5BGuest%20Diary%5D/32788
Apple Patches
https://support.apple.com/en-us/100100
Veeam Patches
https://www.veeam.com/kb4830
Duration:00:05:19