Podcast
SANS Internet Storm Center's Daily Network Security News Podcast
Hosted by Johannes B. Ullrich · EN
A brief daily summary of what is important in information security. The podcast is published every weekday and designed to get you ready for the day with a brief, usually 5 minutes long summary of current network security related events. The content is late breaking, educational and based on listener input as well as on input received by the SANS Internet Storm Center. You may submit questions and comments via our contact form at https://isc.sans.edu/contact.html .
13episodes
Episodes
Newest firstAll episodes
SANS Stormcast Wednesday, March 4th, 2026: CrushFTP Brute Force; Android Patches 0-Day; 0Auth Phishing Abuse (#)
Mar 300:05:04Tap to summarizeSANS Stormcast Wednesday, March 4th, 2026: CrushFTP Brute Force; Android Patches 0-Day; 0Auth Phishing Abuse Bruteforce Scans for CrushFTP https://isc.sans.edu/diary/Bruteforce%20Scans%20for%20CrushFTP%20/32762 Android March 2026 Patches, including 0-Day (CVE-2026-21385) https://source.android.com/docs/security/bulletin/2026/2026-03-01 OAuth redirection abuse enables phishing and malware delivery https://www.microsoft.com/en-us/security/blog/2026/03/02/oauth-redirection-abuse-enables-phishing-malware-delivery/ keywords: crushftp; android; oauth; phishing; brute force
Transcribe →SANS Stormcast Tuesday, March 3rd, 2026: Finding URLs in ZIPs in RTFs; Merkle Tree Certificates; Taming Agentic Browsers (#)
Mar 300:08:11Tap to summarizeSANS Stormcast Tuesday, March 3rd, 2026: Finding URLs in ZIPs in RTFs; Merkle Tree Certificates; Taming Agentic Browsers Quick Howto: ZIP Files Inside RTF https://isc.sans.edu/diary/Quick+Howto+ZIP+Files+Inside+RTF/32696/#comments Keeping the Internet fast and secure: introducing Merkle Tree Certificates https://blog.cloudflare.com/bootstrap-mtc/ Taming Agentic Browsers: Vulnerability in Chrome Allowed Extensions to Hijack New Gemini Panel https://unit42.paloaltonetworks.com/gemini-live-in-chrome-hijacking/ keywords: agentic; gemini; browsers; chrome; certificate; webpki; zip; rtf;
Transcribe →SANS Stormcast Monday, March 2nd, 2026: Reversing Fake Fedex; Abusing .ARPA; MSFT Authenticator Update; Apex One Vuln; Special AirSnitch Webcast (#)
Mar 100:07:36Tap to summarizeSANS Stormcast Monday, March 2nd, 2026: Reversing Fake Fedex; Abusing .ARPA; MSFT Authenticator Update; Apex One Vuln; Special AirSnitch Webcast Fake Fedex Email Delivers Donuts! https://isc.sans.edu/diary/Fake%20Fedex%20Email%20Delivers%20Donuts!/32754 Abusing .ARPA: The TLD that isn't supposed to host anything https://www.infoblox.com/blog/threat-intelligence/abusing-arpa-the-tld-that-isnt-supposed-to-host-anything/ MC1179154 - Microsoft Authenticator app: Upcoming changes to jailbreak and root detection https://mc.merill.net/message/MC1179154 SECURITY BULLETIN: Apex One and Apex One (Mac) - February 2026 https://success.trendmicro.com/en-US/solution/KA-0022458 Special Webcast: AirSnitch – How Worried Should You Be? https://www.sans.org/webcasts/airsnitch-how-worried-should-you-be keywords: fedex; apex; one; airsnitch; webcast; authenticator; microsoft; arpa; tld; phishing
Transcribe →SANS Stormcast Friday, February 27th, 2026: Finding Singal (@sans_edu intern); Google API Keys and Gemini; AirSnitch Breaking Client Isolation (#)
Feb 2700:09:22Tap to summarizeSANS Stormcast Friday, February 27th, 2026: Finding Singal (@sans_edu intern); Google API Keys and Gemini; AirSnitch Breaking Client Isolation Finding Signal in the Noise: Lessons Learned Running a Honeypot with AI Assistance [Guest Diary] https://isc.sans.edu/diary/Finding%20Signal%20in%20the%20Noise%3A%20Lessons%20Learned%20Running%20a%20Honeypot%20with%20AI%20Assistance%20%5BGuest%20Diary%5D/32744 Google API Keys Weren't Secrets. But then Gemini Changed the Rules. https://trufflesecurity.com/blog/google-api-keys-werent-secrets-but-then-gemini-changed-the-rules AirSnitch: Demystifying and Breaking Client Isolation in Wi-Fi Networks https://www.ndss-symposium.org/ndss-paper/airsnitch-demystifying-and-breaking-client-isolation-in-wi-fi-networks/ keywords: airsnitch; wifi; api; google; maps; gemini; noise; honeypot; sans.edu
Transcribe →SANS Stormcast Thursday, February 26th, 2026: CLAIR Model; Cisco SD-WAN 0-Day; Cortex XDR Abuse; OpenSSL Vuln; (#)
Feb 2600:06:48Tap to summarizeSANS Stormcast Thursday, February 26th, 2026: CLAIR Model; Cisco SD-WAN 0-Day; Cortex XDR Abuse; OpenSSL Vuln; The CLAIR Model: A Synthesized Conceptual Framework for Mapping Critical Infrastructure Interdependencies [Guest Diary] https://isc.sans.edu/diary/The+CLAIR+Model+A+Synthesized+Conceptual+Framework+for+Mapping+Critical+Infrastructure+Interdependencies+Guest+Diary/32748 Cisco Catalyst SD-WAN Controller Authentication Bypass Vulnerability CVE-2026-20127 https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-rpa-EHchtZk https://blog.talosintelligence.com/uat-8616-sd-wan/ Abusing Cortex XDR Live https://labs.infoguard.ch/posts/abusing_cortex_xdr_live_response_as_c2/ OpenSSL Vulnerability CVE-2025-15467 https://seclists.org/oss-sec/2026/q1/220 keywords: openssl; cortex; xdr; cisco; catalyst; sd-wan; clair; ics
Transcribe →SANS Stormcast Wednesday, February 25th, 2026: Open Redirects; setHTML in Firefox; telnetd issues (#)
Feb 2500:07:29Tap to summarizeSANS Stormcast Wednesday, February 25th, 2026: Open Redirects; setHTML in Firefox; telnetd issues Open Redirects: A Forgotten Vulnerability? https://isc.sans.edu/diary/Open%20Redirects%3A%20A%20Forgotten%20Vulnerability%3F/32742 Goodbye innerHTML, Hello setHTML: Stronger XSS Protection in Firefox 148 https://hacks.mozilla.org/2026/02/goodbye-innerhtml-hello-sethtml-stronger-xss-protection-in-firefox-148/ More telnetd issues https://seclists.org/oss-sec/2026/q1/199 keywords: redirects; innerhtml; telnet; sethtml; xss;
Transcribe →SANS Stormcast Tuesday, February 24th, 2026: Malicious JPEG Analysis; Calibre Vuln; jsPDF object injection; Roundcube Exploited (#)
Feb 2300:07:05Tap to summarizeSANS Stormcast Tuesday, February 24th, 2026: Malicious JPEG Analysis; Calibre Vuln; jsPDF object injection; Roundcube Exploited Another day, another malicious JPEG https://isc.sans.edu/diary/Another%20day%2C%20another%20malicious%20JPEG/32738 Calibre Path Traversal Leading to Arbitrary File Write and Potentially Code Execution CVE-2026-26064 CVE-2026-26065 https://github.com/kovidgoyal/calibre/security/advisories/GHSA-72ch-3hqc-pgmp https://github.com/kovidgoyal/calibre/security/advisories/GHSA-vmfh-7mr7-pp2w CVE-2026-25755: PDF Object Injection in jsPDF (addJS Method) https://github.com/ZeroXJacks/CVEs/blob/main/2026/CVE-2026-25755.md Roundcube Webmail Exploited CVE-2025-49113 https://roundcube.net/news/2025/06/01/security-updates-1.6.11-and-1.5.10 https://www.openwall.com/lists/oss-security/2025/06/02/3 keywords: roundcube; webmail; jspdf; calibre; jpeg
Transcribe →SANS Stormcast Monday, February 23rd, 2026: Japanese Phishing; AI Agents Ignoring Instructions; Starkiller MFA Phishing (#)
Feb 2300:06:34Tap to summarizeSANS Stormcast Monday, February 23rd, 2026: Japanese Phishing; AI Agents Ignoring Instructions; Starkiller MFA Phishing Japanese-Language Phishing Emails https://isc.sans.edu/diary/Japanese-Language%20Phishing%20Emails/32734 'God-Like' Attack Machines: AI Agents Ignore Security Policies https://www.darkreading.com/application-security/ai-agents-ignore-security-policies Starkiller: New Phishing Framework Proxies Real Login Pages to Bypass MFA https://abnormal.ai/blog/starkiller-phishing-kit keywords: starkiller; phishing; mfa; mitm; japanese; ai; agents; security
Transcribe →SANS Stormcast Friday, February 20th, 2026: DynoWiper Analysis; Vibe Passwords; IDE Extension Vulns; Gransstream GXP 1600 Vuln and PoC (#)
Feb 1900:06:20Tap to summarizeSANS Stormcast Friday, February 20th, 2026: DynoWiper Analysis; Vibe Passwords; IDE Extension Vulns; Gransstream GXP 1600 Vuln and PoC Under the Hood of DynoWiper https://isc.sans.edu/diary/Under%20the%20Hood%20of%20DynoWiper/32730 Vibe Password Generation: Predictable by Design https://www.irregular.com/publications/vibe-password-generation Vulnerabilities (CVE-2025-65715, CVE-2025-65716, CVE-2025-65717) in four popular IDE Extensions https://www.ox.security/blog/four-vulnerabilities-expose-a-massive-security-blind-spot-in-ide-extensions/ Grandstream GXP1600 VoIP Phones https://www.rapid7.com/blog/post/ve-cve-2026-2329-critical-unauthenticated-stack-buffer-overflow-in-grandstream-gxp1600-voip-phones-fixed/ keywords: grandstream; gxp1600; vibe; password; vs code; extensions; dynowiper;
Transcribe →SANS Stormcast Thursday, February 19th, 2026: Malware Image Resuse; Dell RecoveryPoint; Admin Center Vuln; DNS-PERSIST-01 (#)
Feb 1800:07:05Tap to summarizeSANS Stormcast Thursday, February 19th, 2026: Malware Image Resuse; Dell RecoveryPoint; Admin Center Vuln; DNS-PERSIST-01 Tracking Malware Campaigns With Reused Material https://isc.sans.edu/diary/Tracking%20Malware%20Campaigns%20With%20Reused%20Material/32726 From BRICKSTORM to GRIMBOLT: UNC6201 Exploiting a Dell RecoverPoint for Virtual Machines Zero-Day https://cloud.google.com/blog/topics/threat-intelligence/unc6201-exploiting-dell-recoverpoint-zero-day Windows Admin Center Elevation of Privilege Vulnerability CVE-2026-26119 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26119 DNS-PERSIST-01: A New Model for DNS-based Challenge Validation https://letsencrypt.org/2026/02/18/dns-persist-01.html Defending Web Apps https://www.sans.org/cyber-security-courses/application-security-securing-web-apps-api-microservices keywords: windows; admin center; dns-persist-01, brickstorm; grimpbolt; dell; recoverypoint; malware;
Transcribe →