Johannes Ullrich
SANS Stormcast: Daily Cyber Security News
A brief daily summary of what is important in information security. The podcast is published every weekday and designed to get you ready for the day with a brief, usually 5 minutes long summary of current network security related events. The content is late breaking, educational and based on listener input as well as on input received by the SANS Internet Storm Center. You may submit questions and comments via our contact form at https://isc.sans.edu/contact.html .
Author
Johannes Ullrich
Category
Podcast website
Latest episode
10 de jul de 2026
Where to listen?
Podcasts in the app Replaio Radio Coming soonPodcasts are coming to the app soon. Install now and be the first to see a whole new take on podcasts
Episodes
SANS Stormcast Friday, July 10th, 2026: Belarus Graffiti Bot @sans_edu; Discontinuing Mac OS Ext. FS; Chrome Update; Rogue Planet Patch 10.07.2026 6:37
_HELP_ME_ESCAPE_FROM_BELARUS_PLEASE_ [Guest Diary] https://isc.sans.edu/diary/_HELP_ME_ESCAPE_FROM_BELARUS_PLEASE_%20%5BGuest%20Diary%5D/33130 Apple Discontinuing Support for Encrypted Mac OS Extended disks in macOS 28 https://support.apple.com/en-us/125615 Google Chrome Update https://chromereleases.googleblog.com/2026/07/stable-channel-update-for-desktop_01162222768.html Microsoft Patches Rogue...
SANS Stormcast Thursday, July 9th, 2026: Stack Simulator; RootAsRole; Hoymiles; Git Hash Malleability 09.07.2026 4:56
My Stack Simulator https://isc.sans.edu/diary/My%20Stack%20Simulator/33138 RootAsRole https://github.com/LeChatP/RootAsRole Hoymiles Inverter Vulnerability https://www.ccc.de/system/uploads/382/original/hoymiles_dtu_vuln.pdf Git Hash Chain Malleability https://arxiv.org/abs/2607.02820 My Upcoming Classes https://www.sans.org/profiles/dr-johannes-ullrich
SANS Stormcast Wednesday, July 8th, 2026: Odd DNS; AnyDesk Phishing; Tenda Backdoor; GitLost 08.07.2026 7:21
More Odd DNS Records: NIMLOC https://isc.sans.edu/diary/More%20Odd%20DNS%20Records%3A%20NIMLOC/33128 From Invoice to AnyDesk: Uncovering a Phishing Campaign Targeting Russian Aerospace Organizations https://www.seqrite.com/blog/from-invoice-to-anydesk-uncovering-a-phishing-campaign-targeting-russian-aerospace-organizations/ Tenda firmware (multiple versions) contains hidden authentication backdoor...
SANS Stormcast Tuesday, July 7th, 2026: RCS and DNS; OpenSSH Update; Beyond Trust Advisory; PolinRider Update 07.07.2026 6:38
RCS and DNS: The NAPTR Record https://isc.sans.edu/diary/RCS%20and%20DNS%3A%20The%20NAPTR%20Record/33124 OpenSSH 10.4 released https://seclists.org/oss-sec/2026/q3/62 Beyond Trust Advisory CVE-2026-40138 CVE-2026-40139 https://www.beyondtrust.com/trust-center/security-advisories/bt26-03 PolinRider: North Korea-Linked Supply Chain Campaign https://socket.dev/blog/polinrider-north-korea-linked-suppl...
SANS Stormcast Monday, July 6th, 2026: Apple Patch Policy; FatFS Vulns; OpenWRT; Multi-Agent Offensive AI; 06.07.2026 5:50
Apple Updated Patch Policy https://www.reuters.com/business/apple-says-it-is-releasing-updates-early-response-ai-cybersecurity-concerns-2026-06-29/ T3MP3ST multi-agent offensive-security framework https://github.com/elder-plinius/T3MP3ST Seven FatFs bugs, one very large blast radius https://www.runzero.com/blog/fatfs-bugs/ OpenWRT Releases v25.12.5 https://github.com/openwrt/openwrt/releases My Up...
SANS Stormcast Thursday, July 2nd, 2026: MetaMask Phishing; Adobe Patches; Google Chrome Patches; Apple Hide-My-Email Vuln 02.07.2026 6:15
Why Ask Credentials If There Are Secret Codes? https://isc.sans.edu/diary/Why%20Ask%20Credentials%20If%20There%20Are%20Secret%20Codes%3F/33118 Adobe Patches and Updated Patch Release Policy https://helpx.adobe.com/security/Home.html https://blog.adobe.com/security/protecting-customers-faster-how-adobe-is-responding-to-ai-accelerated-vulnerability-discovery Google Chrome Update (link had issues loa...
SANS Stormcast Wednesday, July 1st, 2026: Apple Patches; SimpleHelp Exploit; Git DNS Tricks; 01.07.2026 4:53
June 2026 Apple Updates https://isc.sans.edu/diary/June%202026%20Apple%20Updates/33114 SimpleHelp Exploit used to reply TaskWeaver https://blackpointcyber.com/blog/a-djinn-in-the-machine-taskweavers-node-js-intrusion-chain/ DNS Tricks to Load Malware into Cloned Repository https://0din.ai/blog/clone-this-repo-and-i-own-your-machine My Upcoming Classes https://www.sans.org/profiles/dr-johannes-ullr...
SANS Stormcast Tuesday, June 30th, 2026: Favicon Recon Automation; Targeting Messaging; Gemini CLI vuln; IPv6 Frag Escape 30.06.2026 5:25
Adding some Automation to the favicon.ico method of Host Recon https://isc.sans.edu/diary/Adding%20some%20Automation%20to%20the%20favicon.ico%20method%20of%20Host%20Recon/33110 Russian Intelligence Services Continue to Target Commercial Messaging Applications https://www.ic3.gov/PSA/2026/PSA260626 Google Gemini CLI Vulnerability CVE-2026-12537 https://github.com/advisories/GHSA-jj69-4grx-fqj5 IPv6...
SANS Stormcast Monday, June 29th, 2026: Automated Cybercrime; Linux Process Names; Amazon Q VS Code 29.06.2026 5:53
What do Ports Hear When Nobody's Listening? An Assessment of Automated Cybercrime https://isc.sans.edu/diary/What%20do%20Ports%20Hear%20When%20Nobody%27s%20Listening%3F%20An%20Assessment%20of%20Automated%20Cybercrime%20%5BGuest%20Diary%5D/33104 Linux Process Name Masquerading https://isc.sans.edu/diary/Linux+Process+Name+Masquerading/33102 Amazon Q VS Code Extension Vulnerability https://www.wiz.i...
SANS Stormcast Wednesday, June 24th, 2026: Patching vs. Configurations Updates; libssh2 and ffmpeg vuln; 24.06.2026 6:48
CVE-2024-40766: The Patch Fixed the Bug. Nobody Fixed the Configuration. https://isc.sans.edu/diary/CVE-2024-40766%3A%20The%20Patch%20Fixed%20the%20Bug.%20Nobody%20Fixed%20the%20Configuration./33094 libssh2 - Out-of-Bounds Write via Unchecked packet_length in transport.c https://www.vulncheck.com/advisories/libssh2-out-of-bounds-write-via-unchecked-packet-length-in-transport-c PixelSmash Critical...
SANS Stormcast Tuesday, June 23rd, 2026: Webshells; GitHub Actions Update; Fortibleed Update; Private Access Control Tokens 23.06.2026 8:01
Webshells Remain Popular https://isc.sans.edu/diary/Webshells%20Remain%20Popular/33096 Safer pull_request_target defaults for GitHub Actions checkout https://github.blog/changelog/2026-06-18-safer-pull_request_target-defaults-for-github-actions-checkout/ Private Access Control Tokens https://cloudflare.net/news/news-details/2026/Cloudflare-Collaborates-With-Leading-Browsers-to-Develop-a-Privacy-Fi...
SANS Stormcast Monday, June 22nd, 2026: IPv4 Mapped Phish; nginx bug; squid bleeds; AMD encryption fix 22.06.2026 6:07
eBanking Phishing Delivered Through IPv4-Mapped IPv6 Address https://isc.sans.edu/diary/eBanking%20Phishing%20Delivered%20Through%20IPv4-Mapped%20IPv6%20Address/33090 NGINX ngx_http_v3_module vulnerability CVE-2026-42530 https://my.f5.com/manage/s/article/K000161616 Squidbleed (CVE-2026-47729) https://blog.calif.io/p/squidbleed-cve-2026-47729 AMD will reinstate memory encryption on Ryzen 9000 CPUs...
SANS Stormcast Thursday, June 18th, 2026: QUIC Challenge; Android 17; Oracle CSPU; JetBrains Plugins; 18.06.2026 6:24
The browser blind spot: Why your security tool may not be blocking what you think it is [Guest Diary] https://isc.sans.edu/diary/The%20browser%20blind%20spot%3A%20Why%20your%20security%20tool%20may%20not%20be%20blocking%20what%20you%20think%20it%20is%20%5BGuest%20Diary%5D/33084 Android 17 Security Patches https://source.android.com/docs/security/bulletin/android-17 Oracle Critical Security Patch U...
SANS Stormcast Wednesday, June 17th, 2026: VHDX to Remocs RAT; Fake Job Offer; OpenBSD Vuln; Copilot M365 Leakage 17.06.2026 8:08
From a VHDX File to a Remcos RAT https://isc.sans.edu/diary/From%20a%20VHDX%20File%20to%20a%20Remcos%20RAT/33080 A backdoor in a LinkedIn job offer https://roman.pt/posts/linkedin-backdoor/ A 27-Year-Old Authentication Bypass in OpenBSD's PPP Stack https://blog.argus-systems.ai/blog/openbsd-pap-27-year-auth-bypass.html Copilot M365 Data Leakage https://www.varonis.com/blog/searchleak My Upcoming C...
SANS Stormcast Tuesday, June 16th, 2026: BASE64 Statistics; Cisco SD-WAN Exploited; AMD TSME Disabled; Poisoning Deep Research Agents 16.06.2026 6:14
Evil MSI Background: BASE64 Statistical Analysis https://isc.sans.edu/diary/Evil%20MSI%20Background%3A%20BASE64%20Statistical%20Analysis/33072 Cisco Catalyst SD-WAN Manager Arbitrary File Write Vulnerability https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-arbfw-c2rZvQ TSME/SME not activating on Ryzen 7 9700X https://github.com/AMDESE/AMDSEV/issues/292 D...
SANS Stormcast Monday, June 15th, 2026: Arch Linux Malicious User Packages; Splunk Vuln and Exploit; Exploiting AI Coding Agents 15.06.2026 6:50
Atomic Arch: Attackers Hijack Trusted AUR Packages to Deliver Rootkit-Like Malware https://www.sonatype.com/blog/atomic-arch-npm-campaign-adds-malicious-dependency Why Use App-Level Auth When Every Database Has Auth? (Splunk Enterprise CVE-2026-20253 Pre-Auth RCE) https://labs.watchtowr.com/why-use-app-level-auth-when-every-database-has-auth-splunk-enterprise-cve-2026-20253-pre-auth-rce/ A Fake Bu...
SANS Stormcast Friday, June 12th, 2026: Bitlocker Trouble; Ivanti and Oracle Exploited; macOS Malicious Installers 12.06.2026 6:39
More Bitlocker Issues: GreatXML https://git.churchofmalware.org/Nightmare_Eclipse/GreatXML Security Advisory Ivanti Sentry (CVE-2026-10520, CVE-2026-10523) https://hub.ivanti.com/s/article/Security-Advisory-Ivanti-Sentry-CVE-2026-10520-CVE-2026-10523?language=en_US Oracle Security Alert Advisory - CVE-2026-35273 https://www.oracle.com/security-alerts/alert-cve-2026-35273.html https://www.bleepingc...
SANS Stormcast Thursday, June 11th, 2026: Framing Protections; npm improvements; Adobe Patches; New Defender 0-day 11.06.2026 5:54
How has use of framing protection security headers changed in the past 3 years? https://isc.sans.edu/diary/How%20has%20use%20of%20framing%20protection%20security%20headers%20changed%20in%20the%20past%203%20years%3F/33068 Preparing for npm v12: install scripts and non-registry sources become opt-in https://github.com/orgs/community/discussions/198547 Adobe Patches https://helpx.adobe.com/security.h...
SANS Stormcast Wednesday, June 10th, 2026: Microsoft Patch Tuesday; Miasma Source Published; Fortinet Patches 10.06.2026 7:09
Microsoft June 2026 Patch Tuesday https://isc.sans.edu/diary/Microsoft%20June%202026%20Patch%20Tuesday/33064 Miasma Software Supply Chain Attack Toolkit Source Published https://safedep.io/inside-the-miasma-supply-chain-attack-toolkit/ Fortinet FortiSandbox Vulnerability https://fortiguard.fortinet.com/psirt/FG-IR-26-141 My Upcoming Classes https://www.sans.org/profiles/dr-johannes-ullrich
SANS Stormcast Tuesday, June 9th, 2026: Azure Repos Infected; Checkpoint VPN 0-Day; Verizon VoLTE missing IPSec integrity prot. 09.06.2026 5:27
Azure Functions Action and 72 Other Repositories Disabled After Supply Chain Attack https://www.stepsecurity.io/blog/miasma-worm-hits-microsoft-again-azure-functions-action-and-72-other-repositories-disabled-after-supply-chain-attack-targeting-ai-coding-agents Active Exploitation of Check Point VPN Authentication Bypass (CVE-2026-50751) https://blog.checkpoint.com/security/check-point-releases-imp...
SANS Stormcast Monday, June 8th, 2026: Wetransfer Phish; Spying Smart TV; Dashlane Brute Force 08.06.2026 7:21
The Evil MSI Background is Back! https://isc.sans.edu/diary/The%20Evil%20MSI%20Background%20is%20Back!/33054 The Smart TV in Your LivingRoom Is a Node in the AIScraping Economy https://blog.includesecurity.com/2026/06/the-smart-tv-in-your-livingroom-is-a-node-in-the-aiscraping-economy/ Brute force attack on Dashlane user accounts https://support.dashlane.com/hc/en-us/articles/36038764990866-Securi...
SANS Stormcast Friday, June 5th, 2026: Coreutils for Windows; Cisco Unified Comm Manager Fix and Exploit; OAuth Orphans 05.06.2026 6:12
Microsoft's Coreutils for Windows https://isc.sans.edu/diary/Microsoft%27s%20Coreutils%20for%20Windows/33048 Cisco Unified Communications Manager Server-Side Request Forgery Vulnerability CVE-2026-20230 https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-ssrf-cXPnHcW Firmware Update for Acer Connect W6x Router https://community.acer.com/en/kb/articles/19672...
SANS Stormcast Thursday, June 4th, 2026: swagger.json Scans; Android Fake Call Detection; Anthropic Dashboard 04.06.2026 6:54
Continuing Scans for swagger.json https://isc.sans.edu/diary/Continuing+Scans+for+swaggerjson/33044/#comments Fake call detection on Android https://blog.google/security/android-fake-call-detection/ Anthropic's coordinated vulnerability disclosure dashboard https://red.anthropic.com/2026/cvd/ My Upcoming Classes https://www.sans.org/profiles/dr-johannes-ullrich
SANS Stormcast Wednesday, June 3rd, 2026: SVG Phishing; Android Patches; Poly Voice Vuln; Ivanti Neurons Priv Escelation 03.06.2026 3:59
New Wave Of Phishing Emails with SVG Files https://isc.sans.edu/diary/New%20Wave%20Of%20Phishing%20Emails%20with%20SVG%20Files/33040 Android 2026-06-01 security patch level vulnerability details https://source.android.com/docs/security/bulletin/2026/2026-06-01 Poly Voice Possible Remote Control of Certain Poly Devices CVE-2026-0826 https://support.hp.com/us-en/document/ish_15052661-15052687-16/hps...
SANS Stormcast Tuesday, June 2nd, 2026: Netlogon Exploit; Unidentified RAT; Windows Netlogon Exploited; RedHat npm Affected; Dashlane Brutef 02.06.2026 5:29
Unidentified RAT pushes NetSupport RAT https://isc.sans.edu/diary/Unidentified%20RAT%20pushes%20NetSupport%20RAT/33034 CVE-2026-41089: Windows Netlogon Vulnerability Exploited https://ccb.belgium.be/advisories/warning-microsoft-patch-tuesday-may-2026-patches-118-vulnerabilities-16-critical-102 RedHat npm Packages Affected https://www.aikido.dev/blog/red-hat-npm-packages-compromised-credential-stea...
Similar podcasts
Replaio is not a podcast publisher; show names, artwork and audio belong to their authors and are distributed through public RSS feeds.