SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

Danger of Libredtail https://isc.sans.edu/diary/Danger%20of%20Libredtail%20%5BGuest%20Diary%5D/32936 FreeBSD dhclient vulnerability https://www.freebsd.org/security/advisories/FreeBSD-SA-26:12.dhclient.asc Linux Copy-Fail Vulnerability CVE-2026-31431 https://copy.fail Bryan Nice Research Paper https://www.linkedin.com/in/bryannice/ https://www.sans.edu/cyber-research/detecting-ai-pickling

Today's Odd Web Requests https://isc.sans.edu/diary/Today%27s%20Odd%20Web%20Requests/32934 Incomplete Patch of APT28's Zero-Day Leads to CVE-2026-32202 https://www.akamai.com/blog/security-research/2026/apr/incomplete-patch-apt28s-zero-day-cve-2026-32202 Assess Secure Boot status with Microsoft Defender https://techcommunity.microsoft.com/blog/MicrosoftDefenderATPBlog/assess-secure-boot-status-with-microsoft-defender/4510356 Deprecating Legacy TLS and Endpoints for POP and IMAP in Exchange Online https://techcommunity.microsoft.com/blog/exchange/deprecating-legacy-tls-and-endpoints-for-pop-and-imap-in-exchange-online/4515201 SAP Related npm Packages Compromised https://www.stepsecurity.io/blog/a-mini-shai-hulud-has-appeared

HTTP Requests with X-Vercel-Set-Bypass-Cookie Header https://isc.sans.edu/diary/HTTP%20Requests%20with%20X-Vercel-Set-Bypass-Cookie%20Header/32930 GitHub Vulnerability CVE-2026-3854 https://www.wiz.io/blog/github-rce-vulnerability-cve-2026-3854 Microsoft RDP Notification Bug https://support.microsoft.com/en-us/topic/april-14-2026-kb5083768-os-build-28000-1836-839e4a25-d979-4158-b70c-182333045883

TeamPCP Update https://isc.sans.edu/diary/TeamPCP%20Supply%20Chain%20Campaign%3A%20Update%20008%20-%2026-Day%20Pause%20Ends%20with%20Three%20Concurrent%20Compromises%20%28Checkmarx%20KICS%2C%20Bitwarden%20CLI%20Cascade%2C%20xinference%20PyPI%29%2C%20CanisterSprawl%20npm%20Worm%20Identified%2C%20and%20Tier%201%20Coverage%20Returns/32926 https://socket.dev/blog/73-open-vsx-sleeper-extensions-glassworm https://checkmarx.com/blog/checkmarx-security-update-april-26/ 89 vulnerabilities in XAPI / Citrix XenServer https://shittrix.moksha.dk/#rationale Phantom RPC https://securelist.com/phantomrpc-rpc-vulnerability/119428/ Pi-Hole Vulnerability CVE-2026-41489 https://github.com/pi-hole/pi-hole/security/advisories/GHSA-6w8x-p785-6pm4 Linux Kernel Problem CVE-2026-41651 https://nvd.nist.gov/vuln/detail/CVE-2026-41651

Apple Patches Exploited Notification Flaw https://isc.sans.edu/diary/Apple%20Patches%20Exploited%20Notification%20Flaw/32922 Bitwarden CLI Compromised https://socket.dev/blog/bitwarden-cli-compromised https://community.bitwarden.com/t/bitwarden-statement-on-checkmarx-supply-chain-incident/96127 Microsoft Security Advisory CVE-2026-40372 ASP.NET Core Elevation of Privilege https://github.com/dotnet/announcements/issues/395

Beyond Cryptojacking: Telegram tdata as a Credential Harvesting Vector, Lessons from a Honeypot Incident https://isc.sans.edu/diary/%5BGuest%20Diary%5D%20Beyond%20Cryptojacking%3A%20Telegram%20tdata%20as%20a%20Credential%20Harvesting%20Vector%2C%20Lessons%20from%20a%20Honeypot%20Incident/32888 Checkmarx Compromise https://socket.dev/blog/checkmarx-supply-chain-compromise Oracle Quarterly Critical Patch Update https://www.oracle.com/security-alerts/cpuapr2026.html Firefox 150 - Mythos AI https://blog.mozilla.org/en/privacy-security/ai-security-zero-day-vulnerabilities/

A .WAV With A Payload https://isc.sans.edu/diary/A%20.WAV%20With%20A%20Payload/32910 The Phishy GitHub Issue Case https://blog.atsika.ninja/posts/the-phishy-github-issue-case/ P4WNED: How Insecure Defaults in Perforce Expose Source Code Across the Internet https://morganrobertson.net/p4wned/

Handling the CVE Flood With EPSS https://isc.sans.edu/diary/Handling%20the%20CVE%20Flood%20With%20EPSS/32914 Windows Server 2025 Out of Band Patch https://learn.microsoft.com/en-us/windows/release-health/windows-message-center#4835 QEMU abused to evade detection and enable ransomware delivery https://www.sophos.com/en-us/blog/qemu-abused-to-evade-detection-and-enable-ransomware-delivery

Lumma Stealer infection with Sectop RAT (ArechClient2) https://isc.sans.edu/diary/Lumma%20Stealer%20infection%20with%20Sectop%20RAT%20%28ArechClient2%29/32904 Three Recent Windows Defender Vulnerabilities Exploited (one 0-day) https://x.com/HuntressLabs/status/2044882115574091960 FortiSandbox PoC Exploit CVE-2026-39808 https://github.com/samu-delucas/CVE-2026-39808?tab=readme-ov-file NIST Updates NVD Operations to Address Record CVE Growth https://www.nist.gov/news-events/news/2026/04/nist-updates-nvd-operations-address-record-cve-growth

Compromised DVRs and Finding Them in the Wild https://isc.sans.edu/diary/%5BGuest%20Diary%5D%20Compromised%20DVRs%20and%20Finding%20Them%20in%20the%20Wild/32886 Cisco ISE RCE Vulnerability and WebEx Auth Bypass CVE-2026-20184 CVE-2026-20180 CVE-2026-20186 https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-rce-4fverepv https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-cui-cert-8jSZYhWL Windows Defender 0-Day (RedSun) https://github.com/Nightmare-Eclipse/RedSun Sonatype Vulnerability CVE-2026-5189 https://support.sonatype.com/hc/en-us/articles/50817138825491-CVE-2026-5189-Nexus-Repository-3-Hardcoded-Credential-in-Internal-Database-Component-2026-04-15

Scanning for AI Models https://isc.sans.edu/diary/Scanning%20for%20AI%20Models/32896 Microsoft Update Problems https://support.microsoft.com/en-us/topic/april-14-2026-kb5082063-os-build-26100-32690-c57e289d-27c9-47cd-a183-72fabc62c5d7#:~:text=Known%20issues%20in%20this%20update Microsoft RDP File Warnings https://learn.microsoft.com/en-us/windows-server/remote/remote-desktop-services/remotepc/understanding-security-warnings AI GitHub Action Vulnerabilities https://oddguan.com/blog/comment-and-control-prompt-injection-credential-theft-claude-code-gemini-cli-github-copilot/ https://www.theregister.com/2026/04/15/claude_gemini_copilot_agents_hijacked/ Wireguard Update https://lists.zx2c4.com/pipermail/wireguard/2026-April/009561.html

Microsoft Patch Tuesday April 2026 https://isc.sans.edu/forums/diary/Microsoft%20Patch%20Tuesday%20April%202026./32898/ Adobe Patches https://helpx.adobe.com/security/Home.html Fortinet Patches https://fortiguard.fortinet.com/psirt

Scans for EncystPHP Webshell https://isc.sans.edu/diary/Scans%20for%20EncystPHP%20Webshell/32892 CPUID Compromise https://securelist.com/tr/cpu-z/119365/ https://x.com/d0cTB/status/2042520961824559150 OpenAI Mac Application Update due to Axios Compromise https://openai.com/index/axios-developer-tool-compromise/ Axios Vulnerability CVE-2026-40175 https://github.com/axios/axios/security/advisories/GHSA-fvcv-3m26-pcqx

Obfuscated JavaScript or Nothing https://isc.sans.edu/diary/Obfuscated%20JavaScript%20or%20Nothing/32884 Numbers in Passwords https://isc.sans.edu/diary/Number%20Usage%20in%20Passwords%3A%20Take%20Two/32866 Adobe 0-Day Patch CVE-2026-34621 https://helpx.adobe.com/security/products/acrobat/apsb26-43.html ClickFix Bypass via ScriptEditor https://www.jamf.com/blog/clickfix-macos-script-editor-atomic-stealer/

Honeypot Fingerprinting https://isc.sans.edu/diary/More%20Honeypot%20Fingerprinting%20Scans/32878 Microsoft Locks Accounts for Privacy/Encryption Related Developers https://sourceforge.net/p/veracrypt/discussion/general/thread/9620d7a4b3/ https://news.ycombinator.com/item?id=47687884 https://x.com/windscribecom/status/2041929519628443943 https://windowsforum.com/threads/april-2026-windows-update-ends-cross-signed-kernel-driver-trust.410487/ Remote Code Execution in Apache ActiveMQ (CVE-2026-34197) https://horizon3.ai/attack-research/disclosures/cve-2026-34197-activemq-rce-jolokia/

A Little Bit Pivoting: What Web Shells are Attackers Looking for Today? https://isc.sans.edu/diary/A%20Little%20Bit%20Pivoting%3A%20What%20Web%20Shells%20are%20Attackers%20Looking%20for%3F/32874 WatchGuard Firebox Arbitrary File Write via Path Traversal in Fireware Web UI https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2026-00009 Project Glasswing https://www.anthropic.com/glasswing Current Threats Against Kubernetes https://unit42.paloaltonetworks.com/modern-kubernetes-threats/

How often are redirects used in phishing in 2026? https://isc.sans.edu/diary/How%20often%20are%20redirects%20used%20in%20phishing%20in%202026%3F/32870 Hackerone Suspends Internet Bug Bounty https://hackerone.com/ibb?type=team https://www.linkedin.com/posts/danielstenberg_hackerone-share-7446667043380076545-RX9b/ Bluehammer Windows 0-day Privilege Escalation https://github.com/Nightmare-Eclipse/BlueHammer https://deadeclipse666.blogspot.com/2026/04/public-disclosure.html https://deepwiki.com/Nightmare-Eclipse/BlueHammer Keycloak MFA Bypass CVE-2026-3429 https://access.redhat.com/security/cve/cve-2026-3429

Team PCP Update and Axios Post Mortem https://isc.sans.edu/diary/32864 https://github.com/axios/axios/issues/10636 Strapi NPM Packages Compromised https://safedep.io/malicious-npm-strapi-plugin-events-c2-agent/ Fortinet CVE-2026-35616 exctively exploited https://fortiguard.fortinet.com/psirt/FG-IR-26-099

Attempts to Exploit Exposed "Vite" Installs (CVE-2025-30208) https://isc.sans.edu/diary/Attempts%20to%20Exploit%20Exposed%20%22Vite%22%20Installs%20%28CVE-2025-30208%29/32860 OpenSSH 10.3 Release https://seclists.org/oss-sec/2026/q2/7 Claude Code Vulnerability https://adversa.ai/claude-code-security-bypass-deny-rules-disabled/

Malicious Script That Gets Rid of ADS https://isc.sans.edu/diary/Malicious%20Script%20That%20Gets%20Rid%20of%20ADS/32854 Google Chrome Update fixes 21 Vulnerabilities and 0-Day https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_31.html Apple Addresses Darksword Vulnerabilities for older devices https://support.apple.com/en-us/126793