SANS Stormcast: Daily Cyber Security News

Johannes Ullrich

Technology EN 1000 episodes

Where to listen?

Listen in your browser Replaio Web Available today
Podcasts in the app Replaio Radio Coming soon

Podcasts are coming to the app soon - install now and be the first to see a whole new take on podcasts

Letöltés a Google Play-ről

Install now - 5M+ downloads, 4.8 rating

Episodes

SANS Stormcast Friday, July 10th, 2026: Belarus Graffiti Bot @sans_edu; Discontinuing Mac OS Ext. FS; Chrome Update; Rogue Planet Patch 10.07.2026

_HELP_ME_ESCAPE_FROM_BELARUS_PLEASE_ [Guest Diary]https://isc.sans.edu/diary/_HELP_ME_ESCAPE_FROM_BELARUS_PLEASE_%20%5BGuest%20Diary%5D/33130 Apple Discontinuing Support for Encrypted Mac OS Extended disks in macOS 28https://support.apple.com/en-us/125615 Google Chrome Updatehttps://chromereleases.googleblog.com/2026/07/stable-channel-update-for-desktop_01162222768.html Microsoft Patches Rogue Pla...

SANS Stormcast Thursday, July 9th, 2026: Stack Simulator; RootAsRole; Hoymiles; Git Hash Malleability 09.07.2026

My Stack Simulator https://isc.sans.edu/diary/My%20Stack%20Simulator/33138 RootAsRolehttps://github.com/LeChatP/RootAsRole Hoymiles Inverter Vulnerabilityhttps://www.ccc.de/system/uploads/382/original/hoymiles_dtu_vuln.pdf Git Hash Chain Malleabilityhttps://arxiv.org/abs/2607.02820 My Upcoming Classeshttps://www.sans.org/profiles/dr-johannes-ullrich

SANS Stormcast Wednesday, July 8th, 2026: Odd DNS; AnyDesk Phishing; Tenda Backdoor; GitLost 08.07.2026

More Odd DNS Records: NIMLOChttps://isc.sans.edu/diary/More%20Odd%20DNS%20Records%3A%20NIMLOC/33128 From Invoice to AnyDesk: Uncovering a Phishing Campaign Targeting Russian Aerospace Organizations https://www.seqrite.com/blog/from-invoice-to-anydesk-uncovering-a-phishing-campaign-targeting-russian-aerospace-organizations/ Tenda firmware (multiple versions) contains hidden authentication backdoorh...

SANS Stormcast Tuesday, July 7th, 2026: RCS and DNS; OpenSSH Update; Beyond Trust Advisory; PolinRider Update 07.07.2026

RCS and DNS: The NAPTR Recordhttps://isc.sans.edu/diary/RCS%20and%20DNS%3A%20The%20NAPTR%20Record/33124 OpenSSH 10.4 releasedhttps://seclists.org/oss-sec/2026/q3/62 Beyond Trust Advisory CVE-2026-40138 CVE-2026-40139https://www.beyondtrust.com/trust-center/security-advisories/bt26-03 PolinRider: North Korea-Linked Supply Chain Campaignhttps://socket.dev/blog/polinrider-north-korea-linked-supply-ch...

SANS Stormcast Monday, July 6th, 2026: Apple Patch Policy; FatFS Vulns; OpenWRT; Multi-Agent Offensive AI; 06.07.2026

Apple Updated Patch Policyhttps://www.reuters.com/business/apple-says-it-is-releasing-updates-early-response-ai-cybersecurity-concerns-2026-06-29/ T3MP3ST multi-agent offensive-security frameworkhttps://github.com/elder-plinius/T3MP3ST Seven FatFs bugs, one very large blast radiushttps://www.runzero.com/blog/fatfs-bugs/ OpenWRT Releases v25.12.5https://github.com/openwrt/openwrt/releases My Upcomi...

SANS Stormcast Thursday, July 2nd, 2026: MetaMask Phishing; Adobe Patches; Google Chrome Patches; Apple Hide-My-Email Vuln 02.07.2026

Why Ask Credentials If There Are Secret Codes?https://isc.sans.edu/diary/Why%20Ask%20Credentials%20If%20There%20Are%20Secret%20Codes%3F/33118 Adobe Patches and Updated Patch Release Policyhttps://helpx.adobe.com/security/Home.htmlhttps://blog.adobe.com/security/protecting-customers-faster-how-adobe-is-responding-to-ai-accelerated-vulnerability-discovery Google Chrome Update (link had issues loadin...

SANS Stormcast Wednesday, July 1st, 2026: Apple Patches; SimpleHelp Exploit; Git DNS Tricks; 01.07.2026

June 2026 Apple Updateshttps://isc.sans.edu/diary/June%202026%20Apple%20Updates/33114 SimpleHelp Exploit used to reply TaskWeaverhttps://blackpointcyber.com/blog/a-djinn-in-the-machine-taskweavers-node-js-intrusion-chain/ DNS Tricks to Load Malware into Cloned Repositoryhttps://0din.ai/blog/clone-this-repo-and-i-own-your-machine My Upcoming Classeshttps://www.sans.org/profiles/dr-johannes-ullrich

SANS Stormcast Tuesday, June 30th, 2026: Favicon Recon Automation; Targeting Messaging; Gemini CLI vuln; IPv6 Frag Escape 30.06.2026

Adding some Automation to the favicon.ico method of Host Reconhttps://isc.sans.edu/diary/Adding%20some%20Automation%20to%20the%20favicon.ico%20method%20of%20Host%20Recon/33110 Russian Intelligence Services Continue to Target Commercial Messaging Applicationshttps://www.ic3.gov/PSA/2026/PSA260626 Google Gemini CLI Vulnerability CVE-2026-12537https://github.com/advisories/GHSA-jj69-4grx-fqj5 IPv6 Fr...

SANS Stormcast Monday, June 29th, 2026: Automated Cybercrime; Linux Process Names; Amazon Q VS Code 29.06.2026

What do Ports Hear When Nobody's Listening? An Assessment of Automated Cybercrimehttps://isc.sans.edu/diary/What%20do%20Ports%20Hear%20When%20Nobody%27s%20Listening%3F%20An%20Assessment%20of%20Automated%20Cybercrime%20%5BGuest%20Diary%5D/33104 Linux Process Name Masqueradinghttps://isc.sans.edu/diary/Linux+Process+Name+Masquerading/33102 Amazon Q VS Code Extension Vulnerabilityhttps://www.wiz.io/b...

SANS Stormcast Wednesday, June 24th, 2026: Patching vs. Configurations Updates; libssh2 and ffmpeg vuln; 24.06.2026

CVE-2024-40766: The Patch Fixed the Bug. Nobody Fixed the Configuration.https://isc.sans.edu/diary/CVE-2024-40766%3A%20The%20Patch%20Fixed%20the%20Bug.%20Nobody%20Fixed%20the%20Configuration./33094 libssh2 - Out-of-Bounds Write via Unchecked packet_length in transport.chttps://www.vulncheck.com/advisories/libssh2-out-of-bounds-write-via-unchecked-packet-length-in-transport-c PixelSmash Critical FF...

SANS Stormcast Tuesday, June 23rd, 2026: Webshells; GitHub Actions Update; Fortibleed Update; Private Access Control Tokens 23.06.2026

Webshells Remain Popularhttps://isc.sans.edu/diary/Webshells%20Remain%20Popular/33096 Safer pull_request_target defaults for GitHub Actions checkouthttps://github.blog/changelog/2026-06-18-safer-pull_request_target-defaults-for-github-actions-checkout/ Private Access Control Tokenshttps://cloudflare.net/news/news-details/2026/Cloudflare-Collaborates-With-Leading-Browsers-to-Develop-a-Privacy-First...

SANS Stormcast Monday, June 22nd, 2026: IPv4 Mapped Phish; nginx bug; squid bleeds; AMD encryption fix 22.06.2026

eBanking Phishing Delivered Through IPv4-Mapped IPv6 Addresshttps://isc.sans.edu/diary/eBanking%20Phishing%20Delivered%20Through%20IPv4-Mapped%20IPv6%20Address/33090 NGINX ngx_http_v3_module vulnerability CVE-2026-42530https://my.f5.com/manage/s/article/K000161616 Squidbleed (CVE-2026-47729)https://blog.calif.io/p/squidbleed-cve-2026-47729 AMD will reinstate memory encryption on Ryzen 9000 CPUs th...

SANS Stormcast Thursday, June 18th, 2026: QUIC Challenge; Android 17; Oracle CSPU; JetBrains Plugins; 18.06.2026

The browser blind spot: Why your security tool may not be blocking what you think it is [Guest Diary]https://isc.sans.edu/diary/The%20browser%20blind%20spot%3A%20Why%20your%20security%20tool%20may%20not%20be%20blocking%20what%20you%20think%20it%20is%20%5BGuest%20Diary%5D/33084 Android 17 Security Patcheshttps://source.android.com/docs/security/bulletin/android-17 Oracle Critical Security Patch Upd...

SANS Stormcast Wednesday, June 17th, 2026: VHDX to Remocs RAT; Fake Job Offer; OpenBSD Vuln; Copilot M365 Leakage 17.06.2026

From a VHDX File to a Remcos RAThttps://isc.sans.edu/diary/From%20a%20VHDX%20File%20to%20a%20Remcos%20RAT/33080 A backdoor in a LinkedIn job offerhttps://roman.pt/posts/linkedin-backdoor/ A 27-Year-Old Authentication Bypass in OpenBSD's PPP Stackhttps://blog.argus-systems.ai/blog/openbsd-pap-27-year-auth-bypass.html Copilot M365 Data Leakagehttps://www.varonis.com/blog/searchleak My Upcoming Class...

SANS Stormcast Tuesday, June 16th, 2026: BASE64 Statistics; Cisco SD-WAN Exploited; AMD TSME Disabled; Poisoning Deep Research Agents 16.06.2026

Evil MSI Background: BASE64 Statistical Analysishttps://isc.sans.edu/diary/Evil%20MSI%20Background%3A%20BASE64%20Statistical%20Analysis/33072 Cisco Catalyst SD-WAN Manager Arbitrary File Write Vulnerabilityhttps://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-arbfw-c2rZvQ TSME/SME not activating on Ryzen 7 9700Xhttps://github.com/AMDESE/AMDSEV/issues/292 Deep...

SANS Stormcast Monday, June 15th, 2026: Arch Linux Malicious User Packages; Splunk Vuln and Exploit; Exploiting AI Coding Agents 15.06.2026

Atomic Arch: Attackers Hijack Trusted AUR Packages to Deliver Rootkit-Like Malwarehttps://www.sonatype.com/blog/atomic-arch-npm-campaign-adds-malicious-dependency Why Use App-Level Auth When Every Database Has Auth? (Splunk Enterprise CVE-2026-20253 Pre-Auth RCE) https://labs.watchtowr.com/why-use-app-level-auth-when-every-database-has-auth-splunk-enterprise-cve-2026-20253-pre-auth-rce/ A Fake Bug...

SANS Stormcast Friday, June 12th, 2026: Bitlocker Trouble; Ivanti and Oracle Exploited; macOS Malicious Installers 12.06.2026

More Bitlocker Issues: GreatXMLhttps://git.churchofmalware.org/Nightmare_Eclipse/GreatXML Security Advisory Ivanti Sentry (CVE-2026-10520, CVE-2026-10523)https://hub.ivanti.com/s/article/Security-Advisory-Ivanti-Sentry-CVE-2026-10520-CVE-2026-10523?language=en_US Oracle Security Alert Advisory - CVE-2026-35273https://www.oracle.com/security-alerts/alert-cve-2026-35273.htmlhttps://www.bleepingcompu...

SANS Stormcast Thursday, June 11th, 2026: Framing Protections; npm improvements; Adobe Patches; New Defender 0-day 11.06.2026

How has use of framing protection security headers changed in the past 3 years?https://isc.sans.edu/diary/How%20has%20use%20of%20framing%20protection%20security%20headers%20changed%20in%20the%20past%203%20years%3F/33068 Preparing for npm v12: install scripts and non-registry sources become opt-inhttps://github.com/orgs/community/discussions/198547 Adobe Patcheshttps://helpx.adobe.com/security.html...

SANS Stormcast Wednesday, June 10th, 2026: Microsoft Patch Tuesday; Miasma Source Published; Fortinet Patches 10.06.2026

Microsoft June 2026 Patch Tuesdayhttps://isc.sans.edu/diary/Microsoft%20June%202026%20Patch%20Tuesday/33064 Miasma Software Supply Chain Attack Toolkit Source Publishedhttps://safedep.io/inside-the-miasma-supply-chain-attack-toolkit/ Fortinet FortiSandbox Vulnerabilityhttps://fortiguard.fortinet.com/psirt/FG-IR-26-141 My Upcoming Classeshttps://www.sans.org/profiles/dr-johannes-ullrich

SANS Stormcast Tuesday, June 9th, 2026: Azure Repos Infected; Checkpoint VPN 0-Day; Verizon VoLTE missing IPSec integrity prot. 09.06.2026

Azure Functions Action and 72 Other Repositories Disabled After Supply Chain Attackhttps://www.stepsecurity.io/blog/miasma-worm-hits-microsoft-again-azure-functions-action-and-72-other-repositories-disabled-after-supply-chain-attack-targeting-ai-coding-agents Active Exploitation of Check Point VPN Authentication Bypass (CVE-2026-50751)https://blog.checkpoint.com/security/check-point-releases-impor...

SANS Stormcast Monday, June 8th, 2026: Wetransfer Phish; Spying Smart TV; Dashlane Brute Force 08.06.2026

The Evil MSI Background is Back!https://isc.sans.edu/diary/The%20Evil%20MSI%20Background%20is%20Back!/33054 The Smart TV in Your LivingRoom Is a Node in the AIScraping Economyhttps://blog.includesecurity.com/2026/06/the-smart-tv-in-your-livingroom-is-a-node-in-the-aiscraping-economy/ Brute force attack on Dashlane user accountshttps://support.dashlane.com/hc/en-us/articles/36038764990866-Security-...

SANS Stormcast Friday, June 5th, 2026: Coreutils for Windows; Cisco Unified Comm Manager Fix and Exploit; OAuth Orphans 05.06.2026

Microsoft's Coreutils for Windowshttps://isc.sans.edu/diary/Microsoft%27s%20Coreutils%20for%20Windows/33048 Cisco Unified Communications Manager Server-Side Request Forgery Vulnerability CVE-2026-20230https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-ssrf-cXPnHcW Firmware Update for Acer Connect W6x Router https://community.acer.com/en/kb/articles/19672 OA...

SANS Stormcast Thursday, June 4th, 2026: swagger.json Scans; Android Fake Call Detection; Anthropic Dashboard 04.06.2026

Continuing Scans for swagger.jsonhttps://isc.sans.edu/diary/Continuing+Scans+for+swaggerjson/33044/#comments Fake call detection on Androidhttps://blog.google/security/android-fake-call-detection/ Anthropic's coordinated vulnerability disclosure dashboardhttps://red.anthropic.com/2026/cvd/ My Upcoming Classeshttps://www.sans.org/profiles/dr-johannes-ullrich

SANS Stormcast Wednesday, June 3rd, 2026: SVG Phishing; Android Patches; Poly Voice Vuln; Ivanti Neurons Priv Escelation 03.06.2026

New Wave Of Phishing Emails with SVG Fileshttps://isc.sans.edu/diary/New%20Wave%20Of%20Phishing%20Emails%20with%20SVG%20Files/33040 Android 2026-06-01 security patch level vulnerability detailshttps://source.android.com/docs/security/bulletin/2026/2026-06-01 Poly Voice Possible Remote Control of Certain Poly Devices CVE-2026-0826https://support.hp.com/us-en/document/ish_15052661-15052687-16/hpsbpy...

SANS Stormcast Tuesday, June 2nd, 2026: Netlogon Exploit; Unidentified RAT; Windows Netlogon Exploited; RedHat npm Affected; Dashlane Brutef 02.06.2026

Unidentified RAT pushes NetSupport RAThttps://isc.sans.edu/diary/Unidentified%20RAT%20pushes%20NetSupport%20RAT/33034 CVE-2026-41089: Windows Netlogon Vulnerability Exploitedhttps://ccb.belgium.be/advisories/warning-microsoft-patch-tuesday-may-2026-patches-118-vulnerabilities-16-critical-102 RedHat npm Packages Affectedhttps://www.aikido.dev/blog/red-hat-npm-packages-compromised-credential-stealin...

About the podcast

A brief daily summary of what is important in information security. The podcast is published every weekday and designed to get you ready for the day with a brief, usually 5 minutes long summary of current network security related events. The content is late breaking, educational and based on listener input as well as on input received by the SANS Internet Storm Center. You may submit questions and comments via our contact form at https://isc.sans.edu/contact.html .

Author

Johannes Ullrich

Category

Technology

Podcast website

isc.sans.edu

Language

EN

Episodes

1000

Latest episode

2026. júl. 10.

Listen to the SANS Stormcast: Daily Cyber Security News podcast in Replaio

Radio and podcasts in one app - free, with no sign-up

Letöltés a Google Play-ről

Replaio is not a podcast publisher; show names, artwork and audio belong to their authors and are distributed through public RSS feeds.