SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

SANS Stormcast Friday, June 12th, 2026: Bitlocker Trouble; Ivanti and Oracle Exploited; macOS Malicious Installers Jun 12, 2026 6:39 More Bitlocker Issues: GreatXML https://git.churchofmalware.org/Nightmare_Eclipse/GreatXML Security Advisory Ivanti Sentry (CVE-2026-10520, CVE-2026-10523) https://hub.ivanti.com/s/article/Security-Advisory-Ivanti-Sentry-CVE-2026-10520-CVE-2026-10523?language=en_US Oracle Security Alert Advisory - CVE-2026-35273 https://www.oracle.com/security-alerts/alert-cve-2026-35273.html https://www.bleeping

SANS Stormcast Thursday, June 11th, 2026: Framing Protections; npm improvements; Adobe Patches; New Defender 0-day Jun 11, 2026 5:53 How has use of framing protection security headers changed in the past 3 years? https://isc.sans.edu/diary/How%20has%20use%20of%20framing%20protection%20security%20headers%20changed%20in%20the%20past%203%20years%3F/33068 Preparing for npm v12: install scripts and non-registry sources become opt-in https://github.com/orgs/community/discussions/198547 Adobe Patches https://helpx.adobe.com/security.

SANS Stormcast Wednesday, June 10th, 2026: Microsoft Patch Tuesday; Miasma Source Published; Fortinet Patches Jun 10, 2026 7:09 Microsoft June 2026 Patch Tuesday https://isc.sans.edu/diary/Microsoft%20June%202026%20Patch%20Tuesday/33064 Miasma Software Supply Chain Attack Toolkit Source Published https://safedep.io/inside-the-miasma-supply-chain-attack-toolkit/ Fortinet FortiSandbox Vulnerability https://fortiguard.fortinet.com/psirt/FG-IR-26-141 My Upcoming Classes https://www.sans.org/profiles/dr-johannes-ullric

SANS Stormcast Tuesday, June 9th, 2026: Azure Repos Infected; Checkpoint VPN 0-Day; Verizon VoLTE missing IPSec integrity prot. Jun 9, 2026 5:27 Azure Functions Action and 72 Other Repositories Disabled After Supply Chain Attack https://www.stepsecurity.io/blog/miasma-worm-hits-microsoft-again-azure-functions-action-and-72-other-repositories-disabled-after-supply-chain-attack-targeting-ai-coding-agents Active Exploitation of Check Point VPN Authentication Bypass (CVE-2026-50751) https://blog.checkpoint.com/security/check-point-releases-im

SANS Stormcast Monday, June 8th, 2026: Wetransfer Phish; Spying Smart TV; Dashlane Brute Force Jun 8, 2026 7:21 The Evil MSI Background is Back! https://isc.sans.edu/diary/The%20Evil%20MSI%20Background%20is%20Back!/33054 The Smart TV in Your LivingRoom Is a Node in the AIScraping Economy https://blog.includesecurity.com/2026/06/the-smart-tv-in-your-livingroom-is-a-node-in-the-aiscraping-economy/ Brute force attack on Dashlane user accounts https://support.dashlane.com/hc/en-us/articles/36038764990866-Secur

SANS Stormcast Friday, June 5th, 2026: Coreutils for Windows; Cisco Unified Comm Manager Fix and Exploit; OAuth Orphans Jun 5, 2026 6:12 Microsoft's Coreutils for Windows https://isc.sans.edu/diary/Microsoft%27s%20Coreutils%20for%20Windows/33048 Cisco Unified Communications Manager Server-Side Request Forgery Vulnerability CVE-2026-20230 https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-ssrf-cXPnHcW Firmware Update for Acer Connect W6x Router https://community.acer.com/en/kb/articles/1967

SANS Stormcast Thursday, June 4th, 2026: swagger.json Scans; Android Fake Call Detection; Anthropic Dashboard Jun 4, 2026 6:54 Continuing Scans for swagger.json https://isc.sans.edu/diary/Continuing+Scans+for+swaggerjson/33044/#comments Fake call detection on Android https://blog.google/security/android-fake-call-detection/ Anthropic's coordinated vulnerability disclosure dashboard https://red.anthropic.com/2026/cvd/ My Upcoming Classes https://www.sans.org/profiles/dr-johannes-ullrich

SANS Stormcast Wednesday, June 3rd, 2026: SVG Phishing; Android Patches; Poly Voice Vuln; Ivanti Neurons Priv Escelation Jun 3, 2026 3:59 New Wave Of Phishing Emails with SVG Files https://isc.sans.edu/diary/New%20Wave%20Of%20Phishing%20Emails%20with%20SVG%20Files/33040 Android 2026-06-01 security patch level vulnerability details https://source.android.com/docs/security/bulletin/2026/2026-06-01 Poly Voice Possible Remote Control of Certain Poly Devices CVE-2026-0826 https://support.hp.com/us-en/document/ish_15052661-15052687-16/

SANS Stormcast Tuesday, June 2nd, 2026: Netlogon Exploit; Unidentified RAT; Windows Netlogon Exploited; RedHat npm Affected; Dashlane Bruteforce Attach Jun 2, 2026 5:28 Unidentified RAT pushes NetSupport RAT https://isc.sans.edu/diary/Unidentified%20RAT%20pushes%20NetSupport%20RAT/33034 CVE-2026-41089: Windows Netlogon Vulnerability Exploited https://ccb.belgium.be/advisories/warning-microsoft-patch-tuesday-may-2026-patches-118-vulnerabilities-16-critical-102 RedHat npm Packages Affected https://www.aikido.dev/blog/red-hat-npm-packages-compromised-credential-stea

SANS Stormcast Monday, June 1st, 2026: Bitskrieg; Gogs Unpatched Vuln; Oracle Critical Updates; PAN-OS Exploited; Jun 1, 2026 4:58 Announcing Bitskrieg https://deadeclipse666.blogspot.com/2026/05/announcing-bitskrieg.html Vulnerability in Gogs https://www.rapid7.com/blog/post/ve-authenticated-rce-via-argument-injection-gogs-unfixed/ Oracle Critical Security Patch Update Advisory - May 2026 https://www.oracle.com/security-alerts/cspumay2026.html GlobalProtect Authentication Bypass Vulnerabilities CVE-2026-0257 https://securit

SANS Stormcast Friday, May 29th, 2026: @sans_edu research; Honeypot Log; VPN “Toad”; Silent Ransom Group May 29, 2026 6:01 Research Review Journal https://assets.contentstack.io/v3/assets/blt83c410d686aa5f84/blt3cff46f63887f83e/research-review-journal https://www.sans.edu/cyber-research Analysis of a Year of Files Uploaded to DShield Sensors https://isc.sans.edu/diary/Analysis%20of%20a%20Year%20of%20Files%20Uploaded%20to%20DShield%20Sensors/33026 The Word 'Toad' Gave Any Website Full Control of Chrome's Most Popular

SANS Stormcast Thursday, May 28th, 2026: Akira Ransomware; Vaultjacking; Poisoned Chatbot and Search Results; May 28, 2026 6:04 Reconstructing an Akira Ransomware Kill Chain from Perimeter and Endpoint Logs https://isc.sans.edu/diary/Reconstructing%20an%20Akira%20Ransomware%20Kill%20Chain%20from%20Perimeter%20and%20Endpoint%20Logs/33024 Vaultjacking: One Captured PIN, the Entire Google Password Manager Vault https://phishu.net/blogs/blog-vaultjacking-phishing-the-google-password-manager-vault-in-the-phishu-framework.html

SANS Stormcast Wednesday, May 27th, 2026: Fake Claude Ads; SharePoint Vuln; Angular Vulnerabilities May 27, 2026 6:14 Possible ACR Stealer From Page Impersonating Claude https://isc.sans.edu/diary/Possible%20ACR%20Stealer%20From%20Page%20Impersonating%20Claude/33018 Microsoft SharePoint Remote Code Execution Vulnerability CVE-2026-45659 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45659 Multiple Vulnerabilities in Angular Language Service VS Code Extension https://github.com/angular/angular/sec

SANS Stormcast Tuesday, May 26th, 2026: VBA in MSFT Access; NPM Stealer; PHP Laravel Compromise; Google API Key Lag; May 26, 2026 6:50 Microsoft Access VBA https://isc.sans.edu/diary/Microsoft%20Access%20VBA/33012 An Example of Stack String in High Level Language https://isc.sans.edu/diary/An%20Example%20of%20Stack%20String%20in%20High%20Level%20Language/33008 Cross-Platform NPM Stealer https://isc.sans.edu/diary/Cross-Platform%20NPM%20Stealer/33006 Laravel Lang Compromised with RCE Backdoor Across https://socket.dev/blog/larave

SANS Stormcast Friday, May 22nd, 2026: Selective HTTP Proxying; More GitHub Repo Trouble; MSFT Defender Patches; May 22, 2026 6:35 Selective HTTP Proxying in Linux https://isc.sans.edu/diary/Selective%20HTTP%20Proxying%20in%20Linux/33002 Megalodon: Mass GitHub Repo Backdooring via CI Workflows https://safedep.io/megalodon-mass-github-repo-backdooring-ci-workflows/ MSFT Patches Recent Windows Defender Flaws CVE-2026-41091, CVE-2026-45498, CVE-2026-45584 https://x.com/fabian_bader/status/2057198207243804881 Cisco Secure Worklo

SANS Stormcast Thursday, May 21st, 2026: GitHub Breach; Agentic Threat Intel Feed; NGINX Vuln; YellowKey Fix; Incomplete SonicWall Patch May 21, 2026 5:39 GitHub Breach https://x.com/github/status/2056949168208552080 Agentic Threat Intelligence Feed - VS Code Extensions https://agentmesh.knostic.ai/extensions More NGINX Vulnerabilities https://x.com/nebusecurity/status/2057071579876753643 https://my.f5.com/manage/s/article/K000161307 Microsoft Publishes YellowKey Mitigation CVE-2026-45585 https://msrc.microsoft.com/update-guide/vulnerability/CVE-20

SANS Stormcast Wednesday, May 20th, 2026: Assume Supply Chain Compromise; GitHub Action Compromise; May 20, 2026 6:21 TeamPCP Supply Chain Campaign: Activity Through 2026-05-17 https://isc.sans.edu/diary/TeamPCP%20Supply%20Chain%20Campaign%3A%20Activity%20Through%202026-05-17/32994 https://slsa.dev/spec/v0.1/levels Github Action Compromise https://www.stepsecurity.io/blog/actions-cool-issues-helper-github-action-compromised-all-tags-point-to-imposter-commit-that-exfiltrates-ci-cd-credentials How Storm-2949 turne

SANS Stormcast Tuesday, May 19th, 2026: New libssh in Malware; Exchange 0-Day; MSFT Authenticator Update May 19, 2026 6:08 New Malware Libraries means New Signatures https://isc.sans.edu/diary/%5BGuest%20Diary%5D%20%20New%20Malware%20Libraries%20means%20New%20Signatures/32986 Addressing Exchange Server May 2026 vulnerability CVE-2026-42897 https://techcommunity.microsoft.com/blog/exchange/addressing-exchange-server-may-2026-vulnerability-cve-2026-42897/4518498 Microsoft Authenticator Update CVE-2026-41615 https://msr

SANS Stormcast Friday, May 15th, 2026: Website Fraud; Outlook Link Preview Bug; NGINX Vuln; Cisco 0-Day May 15, 2026 6:54 Tearing apart website fraud to see how it works. (@sans_edu) https://isc.sans.edu/diary/%5BGUEST%20DIARY%5D%20Tearing%20apart%20website%20fraud%20to%20see%20how%20it%20works./32958 Simple bypass of the link preview function in Outlook Junk folder https://isc.sans.edu/diary/Simple%20bypass%20of%20the%20link%20preview%20function%20in%20Outlook%20Junk%20folder/32990 NGINX Vulnerability https://depth

SANS Stormcast Thursday, May 14th, 2026: Flexbile Windows Proxy; News from Nightmare Eclipse; Adobe Patches May 14, 2026 5:26 Proxying the Unproxyable? Sending EXE traffic to a Proxy https://isc.sans.edu/diary/Proxying%20the%20Unproxyable%3F%20Sending%20EXE%20traffic%20to%20a%20Proxy/32982 New Nightmare Eclipse Vulnerabilities Disclosed https://github.com/Nightmare-Eclipse/YellowKey https://github.com/Nightmare-Eclipse/GreenPlasma Adobe Patches https://helpx.adobe.com/security.html

SANS Stormcast Wednesday, May 13th, 2026: Microsoft Patch Tuesday; Large npm/pypi Compromise; Rubygems Attack May 13, 2026 7:53 Microsoft Patch Tuesday https://isc.sans.edu/diary/32980 Tanstack npm and others compromised https://socket.dev/blog/tanstack-npm-packages-compromised-mini-shai-hulud-supply-chain-attack Ruby Gems Attack https://x.com/maciejmensfeld/status/2054164602577940619

SANS Stormcast Tuesday, May 12th, 2026: Apple Patches; Encrypted RCS; CAPTCHAs; Checkmarx vs TeamPCP; May 12, 2026 5:56 Apple Patches Everything https://isc.sans.edu/diary/Apple%20Patches%20Everything/32976 End-to-End Encrypted RCS Messages https://www.apple.com/newsroom/2026/05/end-to-end-encrypted-rcs-messaging-begins-rolling-out-today-in-beta/ Why we use CAPTCHAs https://isc.sans.edu/diary/Why%20we%20use%20CAPTCHAs/32974 Checkmarx Jenkins AST plugin compromise https://checkmarx.com/blog/ongoing-security-updates

SANS Stormcast Monday, May 11th, 2026: New Linux Priv Escalation; PAM Backdoors; CPanel Updates; Let’s Encrypt May 11, 2026 6:58 Another Universal Linux Local Privilege Escalation (LPE) Vulnerability: Dirty Frag https://isc.sans.edu/diary/Another%20Universal%20Linux%20Local%20Privilege%20Escalation%20%28LPE%29%20Vulnerability%3A%20Dirty%20Frag/32968 PAM Backdoors Steel Passwords https://flare.io/learn/resources/blog/pamdoora-new-linux-pam-based-backdoor-sale-dark-web CPanel Updates https://support.cpanel.net/hc/en-us/secti

SANS Stormcast Friday, May 8th, 2026: AI Generated Dashboard; Ivanti Patches; Redis Vuln; @sans_edu Marcio Enriquez May 8, 2026 14:54 An Adaptive Cyber Analytics UI for Web Honeypot Logs https://isc.sans.edu/diary/An%20Adaptive%20Cyber%20Analytics%20UI%20for%20Web%20Honeypot%20Logs%20%5BGuest%20Diary%5D/32962 Ivanti May Patchday https://hub.ivanti.com/s/article/May-2026-Security-Advisory-Ivanti-Endpoint-Manager-Mobile-EPMM-Multiple-CVEs Redis Security advisory: [CVE 2026 23479] [CVE 2026 25243] [CVE-2026-25588] [CVE 2026 25589]

SANS Stormcast Thursday, May 7th, 2026: .DE DNSEC Fail; PAN OS 0-Day Patched; May 7, 2026 6:04 Technical issue with .de domains https://blog.denic.de/en/technical-issue-with-de-domains-resolved/ CVE-2026-0300 PAN-OS: Unauthenticated user initiated Buffer Overflow Vulnerability in User-ID Authentication Portal https://security.paloaltonetworks.com/CVE-2026-0300 Android Security Bulletin May 2026 CVE-2026-0073 https://source.android.com/docs/security/bulletin/2026/2026-05-01

SANS Stormcast Wednesday, May 6th, 2026: Cleartext Passwords in Edge; SSL.com Root Rotation; DAEMONTOOLS Backdoor; May 6, 2026 8:13 Cleartext Passwords in MS Edge? In 2026? https://isc.sans.edu/diary/Cleartext%20Passwords%20in%20MS%20Edge%3F%20In%202026%3F/32954 SSL.com rotates its root certificate today https://isc.sans.edu/diary/SSL.com%20rotates%20their%20root%20certificate%20today/32956 DEAMONTOOLS Compromise https://securelist.com/tr/daemon-tools-backdoor/119654/

SANS Stormcast Tuesday, May 5th, 2026: Honeypot Update; MOVEit Patches; Apache http2 Vuln; May 5, 2026 5:05 DShield Honeypot Update https://isc.sans.edu/diary/DShield%20Honeypot%20Update/32948 MOVEit Automation Critical Security Alert Bulletin April 2026 (CVE-2026-4670, CVE-2026-5174) https://community.progress.com/s/article/MOVEit-Automation-Critical-Security-Alert-Bulletin-April-2026-CVE-2026-4670-CVE-2026-5174 Apache httpd http2 vulnerability https://seclists.org/oss-sec/2026/q2/387

SANS Stormcast Monday, May 4th, 2026: Malicious Homebrew Ads; Wireshark Update; Digicert False Positive; cPanel Exploited May 4, 2026 7:46 Malicious Ad for Homebrew Leads to MacSync Stealer https://isc.sans.edu/diary/Malicious%20Ad%20for%20Homebrew%20Leads%20to%20MacSync%20Stealer/32942 Wireshark Update https://www.wireshark.org/docs/relnotes/wireshark-4.6.5.html Digicert Microsoft Defender False Positive https://www.reddit.com/r/cybersecurity/comments/1t2hfsh/mde_flagging_digi_cert_certificate_as_malicious/ https://bugzilla.mozilla

SANS Stormcast Friday, May 1st, 2026: Libredtail; FreeBSD dhclient vuln; Linux Copy-Fail; @sans_edu Detecting AI Pickling May 1, 2026 14:42 Danger of Libredtail https://isc.sans.edu/diary/Danger%20of%20Libredtail%20%5BGuest%20Diary%5D/32936 FreeBSD dhclient vulnerability https://www.freebsd.org/security/advisories/FreeBSD-SA-26:12.dhclient.asc Linux Copy-Fail Vulnerability CVE-2026-31431 https://copy.fail Bryan Nice Research Paper https://www.linkedin.com/in/bryannice/ https://www.sans.edu/cyber-research/detecting-ai-pickling

SANS Stormcast Thursday, April 30th, 2026: Odd Requests; MSFT LNK Bug Exploited; Secure Boot Fix; TLS Updates; SAP npm malware Apr 30, 2026 6:03 Today's Odd Web Requests https://isc.sans.edu/diary/Today%27s%20Odd%20Web%20Requests/32934 Incomplete Patch of APT28's Zero-Day Leads to CVE-2026-32202 https://www.akamai.com/blog/security-research/2026/apr/incomplete-patch-apt28s-zero-day-cve-2026-32202 Assess Secure Boot status with Microsoft Defender https://techcommunity.microsoft.com/blog/MicrosoftDefenderATPBlog/assess-secure-boot-status-wi

SANS Stormcast Wednesday, April 29th, 2026: Odd Vercel Header Usage; GitHub Vuln Patches; MSFT RDP Notification Bug Apr 29, 2026 5:26 HTTP Requests with X-Vercel-Set-Bypass-Cookie Header https://isc.sans.edu/diary/HTTP%20Requests%20with%20X-Vercel-Set-Bypass-Cookie%20Header/32930 GitHub Vulnerability CVE-2026-3854 https://www.wiz.io/blog/github-rce-vulnerability-cve-2026-3854 Microsoft RDP Notification Bug https://support.microsoft.com/en-us/topic/april-14-2026-kb5083768-os-build-28000-1836-839e4a25-d979-4158-b70c-182333045883

SANS Stormcast Tuesday, April 28th, 2026: More TeamPCP; Citrix XenServer Unpatched Vulns; Phantom RPC; Apr 28, 2026 6:21 TeamPCP Update https://isc.sans.edu/diary/TeamPCP%20Supply%20Chain%20Campaign%3A%20Update%20008%20-%2026-Day%20Pause%20Ends%20with%20Three%20Concurrent%20Compromises%20%28Checkmarx%20KICS%2C%20Bitwarden%20CLI%20Cascade%2C%20xinference%20PyPI%29%2C%20CanisterSprawl%20npm%20Worm%20Identified%2C%20and%20Tier%201%20Coverage%20Returns/32926 https://socket.dev/blog/73-open-vsx-sleeper-extensions-glassw

SANS Stormcast Friday April 24rd, 2026: Apple Update; Bitwarden Compromise; ASP.NET Core Patch Apr 24, 2026 6:37 Apple Patches Exploited Notification Flaw https://isc.sans.edu/diary/Apple%20Patches%20Exploited%20Notification%20Flaw/32922 Bitwarden CLI Compromised https://socket.dev/blog/bitwarden-cli-compromised https://community.bitwarden.com/t/bitwarden-statement-on-checkmarx-supply-chain-incident/96127 Microsoft Security Advisory CVE-2026-40372 ASP.NET Core Elevation of Privilege https://github.com/dot

SANS Stormcast Thursday, April 23rd, 2026: Stealing Telegram Sessions; Oracle CPU; Firefox Patches Apr 23, 2026 8:00 Beyond Cryptojacking: Telegram tdata as a Credential Harvesting Vector, Lessons from a Honeypot Incident https://isc.sans.edu/diary/%5BGuest%20Diary%5D%20Beyond%20Cryptojacking%3A%20Telegram%20tdata%20as%20a%20Credential%20Harvesting%20Vector%2C%20Lessons%20from%20a%20Honeypot%20Incident/32888 Checkmarx Compromise https://socket.dev/blog/checkmarx-supply-chain-compromise Oracle Quarterly Critical

SANS Stormcast Wednesday, April 22nd, 2026: WAV Malware; GitHub OAUTH Phishing; Perforce Settings Apr 22, 2026 7:13 A .WAV With A Payload https://isc.sans.edu/diary/A%20.WAV%20With%20A%20Payload/32910 The Phishy GitHub Issue Case https://blog.atsika.ninja/posts/the-phishy-github-issue-case/ P4WNED: How Insecure Defaults in Perforce Expose Source Code Across the Internet https://morganrobertson.net/p4wned/

SANS Stormcast Tuesday, April 21st, 2026: CVE and EPSS; Windows Server 2025 OOB; QEMU Abuse; Apr 21, 2026 5:33 Handling the CVE Flood With EPSS https://isc.sans.edu/diary/Handling%20the%20CVE%20Flood%20With%20EPSS/32914 Windows Server 2025 Out of Band Patch https://learn.microsoft.com/en-us/windows/release-health/windows-message-center#4835 QEMU abused to evade detection and enable ransomware delivery https://www.sophos.com/en-us/blog/qemu-abused-to-evade-detection-and-enable-ransomware-delivery

SANS Stormcast Monday, April 20th, 2026: Lumma Stealer and Sectop RAT; Windows 0-Day Exploited; NIST NVD Update; FortiSandbox PoC Apr 20, 2026 6:30 Lumma Stealer infection with Sectop RAT (ArechClient2) https://isc.sans.edu/diary/Lumma%20Stealer%20infection%20with%20Sectop%20RAT%20%28ArechClient2%29/32904 Three Recent Windows Defender Vulnerabilities Exploited (one 0-day) https://x.com/HuntressLabs/status/2044882115574091960 FortiSandbox PoC Exploit CVE-2026-39808 https://github.com/samu-delucas/CVE-2026-39808?tab=readme-ov-file NIST Updates

SANS Stormcast Friday, April 17th, 2026: DVRs Again; Cisco Again; Windows Defender Again; Sonatype Apr 17, 2026 5:56 Compromised DVRs and Finding Them in the Wild https://isc.sans.edu/diary/%5BGuest%20Diary%5D%20Compromised%20DVRs%20and%20Finding%20Them%20in%20the%20Wild/32886 Cisco ISE RCE Vulnerability and WebEx Auth Bypass CVE-2026-20184 CVE-2026-20180 CVE-2026-20186 https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-rce-4fverepv https://sec.cloudapps.cisco.com/securit

SANS Stormcast Thursday, April 16th, 2026: AI Credential Scans; Microsoft Update Issues; RDP Warnings; GitHub Action Vulns; Apr 16, 2026 6:53 Scanning for AI Models https://isc.sans.edu/diary/Scanning%20for%20AI%20Models/32896 Microsoft Update Problems https://support.microsoft.com/en-us/topic/april-14-2026-kb5082063-os-build-26100-32690-c57e289d-27c9-47cd-a183-72fabc62c5d7#:~:text=Known%20issues%20in%20this%20update Microsoft RDP File Warnings https://learn.microsoft.com/en-us/windows-server/remote/remote-desktop-services/remotepc/und

SANS Stormcast Wednesday, April 15th, 2026: Microsoft, Adobe, Fortinet and others Patches Apr 15, 2026 8:32 Microsoft Patch Tuesday April 2026 https://isc.sans.edu/forums/diary/Microsoft%20Patch%20Tuesday%20April%202026./32898/ Adobe Patches https://helpx.adobe.com/security/Home.html Fortinet Patches https://fortiguard.fortinet.com/psirt

SANS Stormcast Tuesday, April 14th, 2026: EncystPHP Webshell; CPUID Compromise; OpenAI Mac Cert Issue; Axios Vulnerability Apr 14, 2026 6:53 Scans for EncystPHP Webshell https://isc.sans.edu/diary/Scans%20for%20EncystPHP%20Webshell/32892 CPUID Compromise https://securelist.com/tr/cpu-z/119365/ https://x.com/d0cTB/status/2042520961824559150 OpenAI Mac Application Update due to Axios Compromise https://openai.com/index/axios-developer-tool-compromise/ Axios Vulnerability CVE-2026-40175 https://github.com/axios/axios/security/advisories/

SANS Stormcast Monday, April 13th, 2026: Obfuscated JavaScript; Numbers in Passwords; Adobe Patches 0-Day; ClickFix Fix Bypass Apr 13, 2026 6:29 Obfuscated JavaScript or Nothing https://isc.sans.edu/diary/Obfuscated%20JavaScript%20or%20Nothing/32884 Numbers in Passwords https://isc.sans.edu/diary/Number%20Usage%20in%20Passwords%3A%20Take%20Two/32866 Adobe 0-Day Patch CVE-2026-34621 https://helpx.adobe.com/security/products/acrobat/apsb26-43.html ClickFix Bypass via ScriptEditor https://www.jamf.com/blog/clickfix-macos-script-editor-atomic

SANS Stormcast Thursday, April 9th, 2026: Honeypot Fingerprinting; Microsoft Locks Developer Accounts; ActiveMQ Vuln; Apr 9, 2026 7:40 Honeypot Fingerprinting https://isc.sans.edu/diary/More%20Honeypot%20Fingerprinting%20Scans/32878 Microsoft Locks Accounts for Privacy/Encryption Related Developers https://sourceforge.net/p/veracrypt/discussion/general/thread/9620d7a4b3/ https://news.ycombinator.com/item?id=47687884 https://x.com/windscribecom/status/2041929519628443943 https://windowsforum.com/threads/april-2026-windows-update-

SANS Stormcast Wednesday, April 8th, 2026: Pivoting for Webshells; WatchGuard Firebox Patch; Project Glasswing; Kubernetes Misconfigurations Apr 8, 2026 6:13 A Little Bit Pivoting: What Web Shells are Attackers Looking for Today? https://isc.sans.edu/diary/A%20Little%20Bit%20Pivoting%3A%20What%20Web%20Shells%20are%20Attackers%20Looking%20for%3F/32874 WatchGuard Firebox Arbitrary File Write via Path Traversal in Fireware Web UI https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2026-00009 Project Glasswing https://www.anthropic.com/glasswing Current T

SANS Stormcast Tuesday, April 7th, 2026: Redirects in Phishing; Internet Bug Bounty Suspended; Bluehammer; Keycloak MFA Bypass Apr 7, 2026 6:55 How often are redirects used in phishing in 2026? https://isc.sans.edu/diary/How%20often%20are%20redirects%20used%20in%20phishing%20in%202026%3F/32870 Hackerone Suspends Internet Bug Bounty https://hackerone.com/ibb?type=team https://www.linkedin.com/posts/danielstenberg_hackerone-share-7446667043380076545-RX9b/ Bluehammer Windows 0-day Privilege Escalation https://github.com/Nightmare-Eclipse/Bl

SANS Stormcast Monday, April 6th, 2026: TeamPCP Update and Axio Post Mortem; Fortinet 0-Day Apr 6, 2026 6:09 Team PCP Update and Axios Post Mortem https://isc.sans.edu/diary/32864 https://github.com/axios/axios/issues/10636 Strapi NPM Packages Compromised https://safedep.io/malicious-npm-strapi-plugin-events-c2-agent/ Fortinet CVE-2026-35616 exctively exploited https://fortiguard.fortinet.com/psirt/FG-IR-26-099

SANS Stormcast Friday, April 3rd, 2026: Vite Exploits; OpenSSH 10.3; Claude Code Vuln Apr 3, 2026 5:15 Attempts to Exploit Exposed "Vite" Installs (CVE-2025-30208) https://isc.sans.edu/diary/Attempts%20to%20Exploit%20Exposed%20%22Vite%22%20Installs%20%28CVE-2025-30208%29/32860 OpenSSH 10.3 Release https://seclists.org/oss-sec/2026/q2/7 Claude Code Vulnerability https://adversa.ai/claude-code-security-bypass-deny-rules-disabled/

SANS Stormcast Thursday, April 2nd, 2026: Script Removing ADS/MotW; Google Chrome 0-Day; iOS/iPadOS 18 Update; Apr 2, 2026 4:01 Malicious Script That Gets Rid of ADS https://isc.sans.edu/diary/Malicious%20Script%20That%20Gets%20Rid%20of%20ADS/32854 Google Chrome Update fixes 21 Vulnerabilities and 0-Day https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_31.html Apple Addresses Darksword Vulnerabilities for older devices https://support.apple.com/en-us/126793

SANS Stormcast Wednesday, April 1st, 2026: Application Control Bypass; Axios NPM Module Compromise; TeamPCP vs Cloud Apr 1, 2026 6:48 Application Control Bypass for Data Exfiltration https://isc.sans.edu/diary/Application%20Control%20Bypass%20for%20Data%20Exfiltration/32850 Axios NPM Module Supply Chain Compromise https://www.stepsecurity.io/blog/axios-compromised-on-npm-malicious-versions-drop-remote-access-trojan https://www.linkedin.com/events/7444763050819092480/ TeamPCP vs. Cloud Resources https://www.wiz.io/blog/tracking-

SANS Stormcast Tuesday, March 31st, 2026: Honeypot Session Lifetime; Let’s Encrypt Tests Mass Revocation; F5 RCE Exploited Mar 31, 2026 5:13 Honeypot Session Lifetime https://isc.sans.edu/diary/DShield%20%28Cowrie%29%20Honeypot%20Stats%20and%20When%20Sessions%20Disconnect/32840 Let s Encrypt Tests Mass Revocation https://community.letsencrypt.org/t/lets-encrypt-2026-mass-revocation-simulation/245960 https://www.certkit.io/blog/ari-solves-mass-certificate-revocation https://www.certkit.io/blog/lets-encrypt-mass-revocation-simulation F5

SANS Stormcast Monday, March 30th, 2026: More TeamPCP: telnyx; Netscaler Exploit; macOS ClickFix Fix; Windows Smart Install Mar 30, 2026 8:26 TeamPCP Update #2: Telnyx PyPi Compromise https://isc.sans.edu/diary/TeamPCP%20Supply%20Chain%20Campaign%3A%20Update%20002%20-%20Telnyx%20PyPI%20Compromise%2C%20Vect%20Ransomware%20Mass%20Affiliate%20Program%2C%20and%20First%20Named%20Victim%20Claim/32838 Citrix Netscaler Vulnerability Details https://labs.watchtowr.com/the-sequels-are-never-as-good-but-were-still-in-pain-citrix-netscaler-cve-202

SANS Stormcast Friday, March 27th, 2026: TeamPCP Update; DarkSword vs Patches; LangFlow Exploited Mar 27, 2026 6:13 TeamPCP Supply Chain Campaign: Update 001 - Checkmarx Scope Wider Than Reported, CISA KEV Entry, and Detection Tools Available https://isc.sans.edu/diary/TeamPCP%20Supply%20Chain%20Campaign%3A%20Update%20001%20-%20Checkmarx%20Scope%20Wider%20Than%20Reported%2C%20CISA%20KEV%20Entry%2C%20and%20Detection%20Tools%20Available/32834 DarkSword and This Weeks iOS Updates https://cloud.google.com/blog/top

SANS Stormcast Thursday, March 26th, 2026: Apple Patches; SmatApeSG Update; Trivy/LiteLLM/TeamPCP Update; Google Accelerates Quantum Save Crypto Rollout Mar 26, 2026 6:56 Apple Patches (almost) everything again. March 2026 edition. https://isc.sans.edu/diary/Apple%20Patches%20%28almost%29%20everything%20again.%20March%202026%20edition./32830 SmartApeSG campaign pushes Remcos RAT, NetSupport RAT, StealC, and Sectop RAT (ArechClient2) https://isc.sans.edu/diary/SmartApeSG%20campaign%20pushes%20Remcos%20RAT%2C%20NetSupport%20RAT%2C%20StealC%2C%20and%20Sectop%20RAT%20

SANS Stormcast Wednesday, March 25th, 2026: IP KVM Usage; TeampPCP, Trivy, liteLLM and More Mar 25, 2026 11:54 --- Special Webcast about Trivy Supply Chain Attacks https://www.sans.org/webcasts/when-security-scanner-became-weapon --- Detecting IP KVM Usage https://isc.sans.edu/diary/Detecting%20IP%20KVMs/32824 TeamPCP, Trivy, liteLLM, Iran and more https://www.aikido.dev/blog/teampcp-stage-payload-canisterworm-iran https://www.aquasec.com/blog/trivy-supply-chain-attack-what-you-need-to-know/ https://bl

SANS Stormcast Tuesday, March 24th, 2026: Tax Scam to EDR Kill; Netscaler Patches; gRPC-Go Authz Bypass; Mar 24, 2026 5:41 From W-2 to BYOVD: How a Tax Search Leads to Kernel-Mode AV/EDR Kill https://www.huntress.com/blog/w2-malvertising-to-kernel-mode-edr-kill NetScaler ADC and NetScaler Gateway Security Bulletin for CVE-2026-3055 and CVE-2026-4368 https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX696300 gRPC-Go Authorization bypass via missing leading slash in :path CVE-2026-33186 https://gi

SANS Stormcast Monday, March 23rd, 2026: GSocket Backdoor in Bash; Oracle Security Alert; Rockwell Attacks Mar 23, 2026 5:34 GSocket Backdoor Delivered Through Bash Script https://isc.sans.edu/diary/GSocket+Backdoor+Delivered+Through+Bash+Script/32816/#comments Oracle Security Alert CVE-2026-21992 Released https://blogs.oracle.com/security/alert-cve-2026-21992 Rockwell Automation Reiterates Customer Guidance to Disconnect Devices from the Internet and Harden PLCs to Protect from Cyber Threats https://www.rockwellautoma

SANS Stormcast Friday, March 20th, 2026: Cowrie Strings; MSFT Intune Hardening; Unifi Network Update; Mar 20, 2026 5:45 Interesting Cowrie Strings https://isc.sans.edu/diary/Interesting+Message+Stored+in+Cowrie+Logs/32810 Microsoft Intune Hardening Advice https://techcommunity.microsoft.com/blog/intunecustomersuccess/best-practices-for-securing-microsoft-intune/4502117 https://www.cisa.gov/news-events/alerts/2026/03/18/cisa-urges-endpoint-management-system-hardening-after-cyberattack-against-us-organization Unifi

SANS Stormcast Thursday, March 19th, 2026: Adminer Scans; Apple WebKit Patch; another telnetd vuln; screenconnect vuln Mar 19, 2026 5:55 Scans for "adminer" https://isc.sans.edu/diary/Scans%20for%20%22adminer%22/32808 Background Security Improvement for WebKit https://support.apple.com/en-us/126604 Remote Pre-Auth Buffer Overflow in GNU Inetutils telnetd (LINEMODE SLC) https://lists.gnu.org/archive/html/bug-inetutils/2026-03/msg00031.html ScreenConnect 26.1 Security Hardening https://www.connectwise.com/company/trust/security-bul

SANS Stormcast Wednesday, March 18th, 2026: IPv4 mapped IPv6; KVM Vulnerabilities; AWS Bedrock DNS Covert Channel Mar 18, 2026 6:00 IPv4 Mapped IPv6 Addresses https://isc.sans.edu/diary/IPv4%20Mapped%20IPv6%20Addresses/32804 More IP KVM Vulnerabilities https://eclypsium.com/blog/your-kvm-is-the-weak-link-how-30-dollar-devices-can-own-your-entire-network/ AWS Bedrock AgentCore Code Interpreter DNS Leak https://www.beyondtrust.com/blog/entry/pwning-aws-agentcore-code-interpreter

SANS Stormcast Tuesday, March 17th, 2026: Proxy URLs; Local Network Address Restrictions; Advanced Phishing Mar 17, 2026 7:50 /proxy/ URL scans with IP addresses https://isc.sans.edu/forums/diary/proxy+URL+scans+with+IP+addresses/32800/ Local Network Address Restrictions https://learn.microsoft.com/en-us/deployedge/ms-edge-local-network-access#how-to-mitigate-impact-for-cross-origin-iframes https://learn.microsoft.com/en-us/deployedge/microsoft-edge-relnote-stable-channel European Security Vendor Targeted by Hackers Fr

SANS Stormcast Monday, March 16th, 2026: SmartApeSG and Remcos RAT; React Based Phishing; Google Chrome Patches; AdGaurd Vuln Mar 16, 2026 6:13 SmartApeSG campaign uses ClickFix page to push Remcos RAT https://isc.sans.edu/diary/SmartApeSG%20campaign%20uses%20ClickFix%20page%20to%20push%20Remcos%20RAT/32796 A React-based phishing page with credential exfiltration via EmailJS https://isc.sans.edu/diary/32794 Google Chrome announced two zero-day fixes, then removed one. https://chromereleases.googleblog.com/2026/03/stable-channel-update-fo

SANS Stormcast Friday, March 13th, 2026: IOT Device Discovery; Apple Patches; Veeam Patches Mar 13, 2026 5:19 When your IoT Device Logs in as Admin, It s too Late! https://isc.sans.edu/diary/When%20your%20IoT%20Device%20Logs%20in%20as%20Admin%2C%20It%3Fs%20too%20Late!%20%5BGuest%20Diary%5D/32788 Apple Patches https://support.apple.com/en-us/100100 Veeam Patches https://www.veeam.com/kb4830

SANS Stormcast Thursday, March 12th, 2026: Zombie Zip; Mar 12, 2026 7:27 Analyzing "Zombie Zip" Files (CVE-2026-0866) https://isc.sans.edu/diary/Analyzing%20%22Zombie%20Zip%22%20Files%20%28CVE-2026-0866%29/32786 How "Strengthening Crypto" Broke Authentication: FreshRSS and bcrypt's 72-Byte Limit https://pentesterlab.com/blog/freshrss-bcrypt-truncation-auth-bypass

SANS Stormcast Wednesday, March 11th, 2026: Windows, Fortinet, Adobe, and Zoom Patches Mar 11, 2026 6:10 Microsoft Patch Tuesday, March 2026 https://isc.sans.edu/diary/Microsoft%20Patch%20Tuesday%20March%202026/32782 Fortinet Updates https://fortiguard.fortinet.com/psirt Adobe Updates https://helpx.adobe.com/security.html Zoom Update https://support.zoom.com/hc/en/article?id=zm_kb&sysparm_article=KB0061222

SANS Stormcast Tuesday, March 10th, 2026: Encrypted Client Hello; ExitTool Vulnerability; Mar 10, 2026 7:27 Encrypted Client Hello: Ready for Prime Time? https://isc.sans.edu/diary/Encrypted%20Client%20Hello%3A%20Ready%20for%20Prime%20Time%3F/32778 The ExifTool vulnerability: how an image can infect macOS systems https://www.kaspersky.com/blog/exiftool-macos-picture-vulnerability-mitigation-cve-2026-3102/55362/ Remote code execution in Nextcloud Flow via vulnerable Windmill version https://github.com/n

SANS Stormcast Monday, March 9th, 2026: YARA-X Update; IP Camera Targeting; Node.js Upgrades; nginx UI Vuln Mar 9, 2026 5:08 YARA-X 1.14.0 Release https://isc.sans.edu/diary/YARA-X%201.14.0%20Release/32774 INTERPLAY BETWEEN IRANIAN TARGETING OF IP CAMERAS AND PHYSICAL WARFARE IN THE MIDDLE EAST https://research.checkpoint.com/2026/interplay-between-iranian-targeting-of-ip-cameras-and-physical-warfare-in-the-middle-east/ Announcing the Node.js LTS Upgrade and Modernization Program https://openjsf.org/blog/nodejs-lts-upg

SANS Stormcast Friday, March 6th, 2026: Targeted or Not? pac4j-jwt auth bypass; freescout dangerous uploads; MSFT Authenticator vs Graphene OS Mar 6, 2026 6:55 Differentiating Between a Targeted Intrusion and an Automated Opportunistic Scanning [Guest Diary] https://isc.sans.edu/diary/Differentiating%20Between%20a%20Targeted%20Intrusion%20and%20an%20Automated%20Opportunistic%20Scanning%20%5BGuest%20Diary%5D/32768 CVE-2026-29000: Critical Authentication Bypass in pac4j-jwt - Using Only a Public Key (CVSS 10) https://www.codeant.ai/security-research/pac4j

SANS Stormcast Thursday, March 5th, 2026: XWorm Analysis; Cisco “Secure” Firewall Managmeent Center; LastPass Phishing Mar 5, 2026 7:38 Want More XWorm? https://isc.sans.edu/diary/Want%20More%20XWorm%3F/32766 Cisco Secure Firewall Management Center Vulnerabilities https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-rce-NKhnULJh https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-onprem-fmc-authbypass-5JPp45V2 LastPass Phishing https://www.securityweek.com

SANS Stormcast Wednesday, March 4th, 2026: CrushFTP Brute Force; Android Patches 0-Day; 0Auth Phishing Abuse Mar 4, 2026 5:03 Bruteforce Scans for CrushFTP https://isc.sans.edu/diary/Bruteforce%20Scans%20for%20CrushFTP%20/32762 Android March 2026 Patches, including 0-Day (CVE-2026-21385) https://source.android.com/docs/security/bulletin/2026/2026-03-01 OAuth redirection abuse enables phishing and malware delivery https://www.microsoft.com/en-us/security/blog/2026/03/02/oauth-redirection-abuse-enables-phishing-malware-de

SANS Stormcast Tuesday, March 3rd, 2026: Finding URLs in ZIPs in RTFs; Merkle Tree Certificates; Taming Agentic Browsers Mar 3, 2026 8:10 Quick Howto: ZIP Files Inside RTF https://isc.sans.edu/diary/Quick+Howto+ZIP+Files+Inside+RTF/32696/#comments Keeping the Internet fast and secure: introducing Merkle Tree Certificates https://blog.cloudflare.com/bootstrap-mtc/ Taming Agentic Browsers: Vulnerability in Chrome Allowed Extensions to Hijack New Gemini Panel https://unit42.paloaltonetworks.com/gemini-live-in-chrome-hijacking/

SANS Stormcast Monday, March 2nd, 2026: Reversing Fake Fedex; Abusing .ARPA; MSFT Authenticator Update; Apex One Vuln; Special AirSnitch Webcast Mar 2, 2026 7:35 Fake Fedex Email Delivers Donuts! https://isc.sans.edu/diary/Fake%20Fedex%20Email%20Delivers%20Donuts!/32754 Abusing .ARPA: The TLD that isn t supposed to host anything https://www.infoblox.com/blog/threat-intelligence/abusing-arpa-the-tld-that-isnt-supposed-to-host-anything/ MC1179154 - Microsoft Authenticator app: Upcoming changes to jailbreak and root detection https://mc.merill.net/message/MC

SANS Stormcast Friday, February 27th, 2026: Finding Singal (@sans_edu intern); Google API Keys and Gemini; AirSnitch Breaking Client Isolation Feb 27, 2026 9:22 Finding Signal in the Noise: Lessons Learned Running a Honeypot with AI Assistance [Guest Diary] https://isc.sans.edu/diary/Finding%20Signal%20in%20the%20Noise%3A%20Lessons%20Learned%20Running%20a%20Honeypot%20with%20AI%20Assistance%20%5BGuest%20Diary%5D/32744 Google API Keys Weren't Secrets. But then Gemini Changed the Rules. https://trufflesecurity.com/blog/google-api-keys-werent-secrets-but-th

SANS Stormcast Thursday, February 26th, 2026: CLAIR Model; Cisco SD-WAN 0-Day; Cortex XDR Abuse; OpenSSL Vuln; Feb 26, 2026 6:48 The CLAIR Model: A Synthesized Conceptual Framework for Mapping Critical Infrastructure Interdependencies [Guest Diary] https://isc.sans.edu/diary/The+CLAIR+Model+A+Synthesized+Conceptual+Framework+for+Mapping+Critical+Infrastructure+Interdependencies+Guest+Diary/32748 Cisco Catalyst SD-WAN Controller Authentication Bypass Vulnerability CVE-2026-20127 https://sec.cloudapps.cisco.com/security/cent

SANS Stormcast Wednesday, February 25th, 2026: Open Redirects; setHTML in Firefox; telnetd issues Feb 25, 2026 7:29 Open Redirects: A Forgotten Vulnerability? https://isc.sans.edu/diary/Open%20Redirects%3A%20A%20Forgotten%20Vulnerability%3F/32742 Goodbye innerHTML, Hello setHTML: Stronger XSS Protection in Firefox 148 https://hacks.mozilla.org/2026/02/goodbye-innerhtml-hello-sethtml-stronger-xss-protection-in-firefox-148/ More telnetd issues https://seclists.org/oss-sec/2026/q1/199

SANS Stormcast Tuesday, February 24th, 2026: Malicious JPEG Analysis; Calibre Vuln; jsPDF object injection; Roundcube Exploited Feb 24, 2026 7:04 Another day, another malicious JPEG https://isc.sans.edu/diary/Another%20day%2C%20another%20malicious%20JPEG/32738 Calibre Path Traversal Leading to Arbitrary File Write and Potentially Code Execution CVE-2026-26064 CVE-2026-26065 https://github.com/kovidgoyal/calibre/security/advisories/GHSA-72ch-3hqc-pgmp https://github.com/kovidgoyal/calibre/security/advisories/GHSA-vmfh-7mr7-pp2w CVE-2026-25

SANS Stormcast Monday, February 23rd, 2026: Japanese Phishing; AI Agents Ignoring Instructions; Starkiller MFA Phishing Feb 23, 2026 6:33 Japanese-Language Phishing Emails https://isc.sans.edu/diary/Japanese-Language%20Phishing%20Emails/32734 'God-Like' Attack Machines: AI Agents Ignore Security Policies https://www.darkreading.com/application-security/ai-agents-ignore-security-policies Starkiller: New Phishing Framework Proxies Real Login Pages to Bypass MFA https://abnormal.ai/blog/starkiller-phishing-kit

SANS Stormcast Friday, February 20th, 2026: DynoWiper Analysis; Vibe Passwords; IDE Extension Vulns; Gransstream GXP 1600 Vuln and PoC Feb 20, 2026 6:19 Under the Hood of DynoWiper https://isc.sans.edu/diary/Under%20the%20Hood%20of%20DynoWiper/32730 Vibe Password Generation: Predictable by Design https://www.irregular.com/publications/vibe-password-generation Vulnerabilities (CVE-2025-65715, CVE-2025-65716, CVE-2025-65717) in four popular IDE Extensions https://www.ox.security/blog/four-vulnerabilities-expose-a-massive-security-blind-spot-in-ide-

SANS Stormcast Thursday, February 19th, 2026: Malware Image Resuse; Dell RecoveryPoint; Admin Center Vuln; DNS-PERSIST-01 Feb 19, 2026 7:04 Tracking Malware Campaigns With Reused Material https://isc.sans.edu/diary/Tracking%20Malware%20Campaigns%20With%20Reused%20Material/32726 From BRICKSTORM to GRIMBOLT: UNC6201 Exploiting a Dell RecoverPoint for Virtual Machines Zero-Day https://cloud.google.com/blog/topics/threat-intelligence/unc6201-exploiting-dell-recoverpoint-zero-day Windows Admin Center Elevation of Privilege Vulnerability C

SANS Stormcast Wednesday, February 18th, 2026: IR Phishing; Neenadu Android Backdoor; NiFi Bugs; LLMs Phishing; Encrypted RCS Feb 18, 2026 7:30 Fake Incident Report Used in Phishing Campaign https://isc.sans.edu/diary/Fake%20Incident%20Report%20Used%20in%20Phishing%20Campaign/32722 Divide and conquer: how the new Keenadu backdoor exposed links between major Android botnets https://securelist.com/keenadu-android-backdoor/118913/ CVE-2026-25903: Apache NiFi: Missing Authorization of Restricted Permissions for Component Updates https://secl

SANS Stormcast Tuesday, February 17th, 2026: 64Bit Malware; Password Manager Weaknesses; OpenClaw Config Theft; Feb 17, 2026 5:12 2026 64-Bits Malware Trend https://isc.sans.edu/diary/2026%2064-Bits%20Malware%20Trend/32718 A Comparative Security Analysis of Three Cloud-based Password Managers https://zkae.io Infostealer Infection Targeting OpenClaw Configurations https://www.infostealers.com/article/hudson-rock-identifies-real-world-infostealer-infection-targeting-openclaw-configurations/

SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

Episodes

Recommended

—