
Hosted by Johannes B. Ullrich · EN

SANS Stormcast Thursday, July 2nd, 2026: MetaMask Phishing; Adobe Patches; Google Chrome Patches; Apple Hide-My-Email Vuln Why Ask Credentials If There Are Secret Codes? https://isc.sans.edu/diary/Why%20Ask%20Credentials%20If%20There%20Are%20Secret%20Codes%3F/33118 Adobe Patches and Updated Patch Release Policy https://helpx.adobe.com/security/Home.html https://blog.adobe.com/security/protecting-customers-faster-how-adobe-is-responding-to-ai-accelerated-vulnerability-discovery Google Chrome Update (link had issues loading while recording) https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop_0175352312.html Apple Hide My Email Vulnerability https://www.404media.co/apple-hide-my-email-vulnerability-reveals-peoples-real-email-addresses/ My Upcoming Classes https://www.sans.org/profiles/dr-johannes-ullrich keywords: Metamask; phishing; crypto; MFA; Adobe; Google; Chrome; Patches; Apple; hide-my-email

SANS Stormcast Wednesday, July 1st, 2026: Apple Patches; SimpleHelp Exploit; Git DNS Tricks; June 2026 Apple Updates https://isc.sans.edu/diary/June%202026%20Apple%20Updates/33114 SimpleHelp Exploit used to reply TaskWeaver https://blackpointcyber.com/blog/a-djinn-in-the-machine-taskweavers-node-js-intrusion-chain/ DNS Tricks to Load Malware into Cloned Repository https://0din.ai/blog/clone-this-repo-and-i-own-your-machine My Upcoming Classes https://www.sans.org/profiles/dr-johannes-ullrich keywords: Simplehelp; taskweaver; apple; ios; macos; safari;

SANS Stormcast Tuesday, June 30th, 2026: Favicon Recon Automation; Targeting Messaging; Gemini CLI vuln; IPv6 Frag Escape Adding some Automation to the favicon.ico method of Host Recon https://isc.sans.edu/diary/Adding%20some%20Automation%20to%20the%20favicon.ico%20method%20of%20Host%20Recon/33110 Russian Intelligence Services Continue to Target Commercial Messaging Applications https://www.ic3.gov/PSA/2026/PSA260626 Google Gemini CLI Vulnerability CVE-2026-12537 https://github.com/advisories/GHSA-jj69-4grx-fqj5 IPv6 Frag Escape https://github.com/sgkdev/ipv6_frag_escape My Upcoming Classes https://www.sans.org/profiles/dr-johannes-ullrich keywords: google; gemini; cli; messenger; ipv6; container; escape; favicon

SANS Stormcast Monday, June 29th, 2026: Automated Cybercrime; Linux Process Names; Amazon Q VS Code What do Ports Hear When Nobody's Listening? An Assessment of Automated Cybercrime https://isc.sans.edu/diary/What%20do%20Ports%20Hear%20When%20Nobody%27s%20Listening%3F%20An%20Assessment%20of%20Automated%20Cybercrime%20%5BGuest%20Diary%5D/33104 Linux Process Name Masquerading https://isc.sans.edu/diary/Linux+Process+Name+Masquerading/33102 Amazon Q VS Code Extension Vulnerability https://www.wiz.io/blog/amazon-q-vulnerability My Upcoming Classes https://www.sans.org/profiles/dr-johannes-ullrich keywords: amazon; q; linux; process; port; sans_edu; internship

SANS Stormcast Wednesday, June 24th, 2026: Patching vs. Configurations Updates; libssh2 and ffmpeg vuln; CVE-2024-40766: The Patch Fixed the Bug. Nobody Fixed the Configuration. https://isc.sans.edu/diary/CVE-2024-40766%3A%20The%20Patch%20Fixed%20the%20Bug.%20Nobody%20Fixed%20the%20Configuration./33094 libssh2 - Out-of-Bounds Write via Unchecked packet_length in transport.c https://www.vulncheck.com/advisories/libssh2-out-of-bounds-write-via-unchecked-packet-length-in-transport-c PixelSmash – Critical FFmpeg Vulnerability Turns Media Files into Weapons https://jfrog.com/blog/pixelsmash-critical-ffmpeg-vulnerability-turns-media-files-into-weapons/ My Upcoming Classes https://www.sans.org/profiles/dr-johannes-ullrich keywords: sonicwall; patching; configurations; libssh2; ssh; pixelsmash; ffmpeg

SANS Stormcast Tuesday, June 23rd, 2026: Webshells; GitHub Actions Update; Fortibleed Update; Private Access Control Tokens Webshells Remain Popular https://isc.sans.edu/diary/Webshells%20Remain%20Popular/33096 Safer pull_request_target defaults for GitHub Actions checkout https://github.blog/changelog/2026-06-18-safer-pull_request_target-defaults-for-github-actions-checkout/ Private Access Control Tokens https://cloudflare.net/news/news-details/2026/Cloudflare-Collaborates-With-Leading-Browsers-to-Develop-a-Privacy-First-Protocol-For-the-Global-Internet/default.aspx https://blog.cloudflare.com/eliminating-captchas-on-iphones-and-macs-using-new-standard/ Fortibleed Update https://socradar.io/resources/whitepapers/dismantling-fortibleed-inside-a-russian-fortinet-compromise-operation/ My Upcoming Classes https://www.sans.org/profiles/dr-johannes-ullrich keywords: fortinet; fortibleed; pact; cloudflare; gihtub; actions; pull_request_target

SANS Stormcast Monday, June 22nd, 2026: IPv4 Mapped Phish; nginx bug; squid bleeds; AMD encryption fix eBanking Phishing Delivered Through IPv4-Mapped IPv6 Address https://isc.sans.edu/diary/eBanking%20Phishing%20Delivered%20Through%20IPv4-Mapped%20IPv6%20Address/33090 NGINX ngx_http_v3_module vulnerability CVE-2026-42530 https://my.f5.com/manage/s/article/K000161616 Squidbleed (CVE-2026-47729) https://blog.calif.io/p/squidbleed-cve-2026-47729 AMD will reinstate memory encryption on Ryzen 9000 CPUs through a BIOS update in July https://www.tomshardware.com/pc-components/cpus/amd-will-reinstate-memory-encryption-on-ryzen-9000-cpus-through-a-bios-update-in-july-tsme-is-coming-back-after-valuable-community-feedback My Upcoming Classes https://www.sans.org/profiles/dr-johannes-ullrich keywords: quid; amd; encryption; nginx; ebanking; phishing; ipv6

SANS Stormcast Thursday, June 18th, 2026: QUIC Challenge; Android 17; Oracle CSPU; JetBrains Plugins; The browser blind spot: Why your security tool may not be blocking what you think it is [Guest Diary] https://isc.sans.edu/diary/The%20browser%20blind%20spot%3A%20Why%20your%20security%20tool%20may%20not%20be%20blocking%20what%20you%20think%20it%20is%20%5BGuest%20Diary%5D/33084 Android 17 Security Patches https://source.android.com/docs/security/bulletin/android-17 Oracle Critical Security Patch Update Advisory - June 2026 https://www.oracle.com/security-alerts/cspujun2026.html Multiple JetBrains IDE plugins caught stealing AI keys https://www.aikido.dev/blog/multiple-jetbrains-ide-plugins-caught-stealing-ai-keys My Upcoming Classes https://www.sans.org/profiles/dr-johannes-ullrich keywords: jetbrains; ide; oracle; patches; android; quic; http3; http;

SANS Stormcast Wednesday, June 17th, 2026: VHDX to Remocs RAT; Fake Job Offer; OpenBSD Vuln; Copilot M365 Leakage From a VHDX File to a Remcos RAT https://isc.sans.edu/diary/From%20a%20VHDX%20File%20to%20a%20Remcos%20RAT/33080 A backdoor in a LinkedIn job offer https://roman.pt/posts/linkedin-backdoor/ A 27-Year-Old Authentication Bypass in OpenBSD's PPP Stack https://blog.argus-systems.ai/blog/openbsd-pap-27-year-auth-bypass.html Copilot M365 Data Leakage https://www.varonis.com/blog/searchleak My Upcoming Classes https://www.sans.org/profiles/dr-johannes-ullrich keywords: vhdx; remcos; rat; backdoor; linkedin; job offer; openbsd; ppp; copilot; m365;

SANS Stormcast Tuesday, June 16th, 2026: BASE64 Statistics; Cisco SD-WAN Exploited; AMD TSME Disabled; Poisoning Deep Research Agents Evil MSI Background: BASE64 Statistical Analysis https://isc.sans.edu/diary/Evil%20MSI%20Background%3A%20BASE64%20Statistical%20Analysis/33072 Cisco Catalyst SD-WAN Manager Arbitrary File Write Vulnerability https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-arbfw-c2rZvQ TSME/SME not activating on Ryzen 7 9700X https://github.com/AMDESE/AMDSEV/issues/292 Deep-Research Agents Can Be Poisoned via User-Generated Content https://arxiv.org/pdf/2605.24245 My Upcoming Classes https://www.sans.org/profiles/dr-johannes-ullrich keywords: base64; msi; wallpaper; cisco; sd-wan; 0-day; amd; ryzen; deep-research; llm; seo;