SANS Stormcast Daily Podcast — April 16, 2026

Host: Johannes B. Ullrich
Main Theme:
Today’s episode delivers a fast-paced roundup of current cybersecurity issues, primarily spanning the targeting of AI service credentials, Microsoft’s latest update complications, new RDP client defenses, an underdisclosed GitHub Actions vulnerability, and a recently resolved issue involving open source security tool developer accounts.

1. Surge in Credential Scans for AI Tools

Timestamps: [00:04] – [01:13]

• Attackers’ New Focus:

  • Credential and configuration files for AI tools (notably Openclaw, Claude, OpenAI) are now actively targeted by attackers scanning web servers.
  • These files often contain API tokens and sensitive secrets, the compromise of which could result in expensive misuse (i.e. "large invoices from these AI vendors").

• Prevention Advice:

  • Protect secrets within configuration files rigorously.
  • Set up proper billing alerts and usage limits with your AI vendors for early visibility and to cap potential losses if secrets are exposed.
  • “Attackers will usually use the credentials contained in these files…which can lead to rather large invoices from these AI vendors.” (Johannes Ullrich, [00:36])

2. Microsoft Patch Tuesday: BitLocker and RDP Issues

Timestamps: [01:14] – [03:17]

BitLocker Recovery Key Problem

• New Patch Impact:

  • Some devices with a non-standard (“unrecommended”) BitLocker group policy may require users to enter a recovery key upon first restart after the latest update.
  • Many users do not have their BitLocker key easily accessible, potentially locking them out temporarily.

• Mitigation and Rollback Tools:

  • Microsoft has provided advice and scripts (“known issue rollback”) to help users revert troublesome settings before updating.

• Notable Quote:

  • “You may have to enter your BitLocker key, which of course a lot of people don’t necessarily have just sitting around… it can be a little bit difficult to get to.” (Johannes Ullrich, [01:35])

Improved RDP Client Security

• Vulnerability Remediation:

  • New warning mechanisms will now display when a user opens an RDP file.
  • The warning discloses if the file is digitally signed and which resources (like files or clipboard) the client might share with the remote server.
  • Each connection attempt will prompt the user, increasing transparency and reducing the risk of silent attacks via RDP.

• Memorable Insight:

  • “The RDP file may instruct the RDP client to share certain files or the clipboard with the server. Malicious users have abused this feature.” (Johannes Ullrich, [02:20])

3. GitHub Actions Vulnerability in AI Integrations

Timestamps: [03:18] – [04:26]

• Discovery:

  • Security researcher Awan Guan identified prompt injection flaws in several GitHub Actions provided by leading AI vendors: OpenAI, Anthropic, Google, and Microsoft.
  • These vulnerabilities could enable credential theft.

• Disclosure Issue:

  • Despite patching, none of these vendors assigned CVE numbers or issued prominent security advisories.
  • The understated communication is especially risky, as many developers “pin” their dependencies to avoid unexpected updates after recent supply chain scares — making them less likely to receive fixes unless they know there’s a vulnerability.

• Notable Quote:

  • “The vulnerability itself is not a big surprise... the issue here is more that vendors didn’t disclose the vulnerability.” (Johannes Ullrich, [04:09])

4. Microsoft Account Suspensions Affecting Open Source Security Tools

Timestamps: [04:27] – [05:10]

• Background:

  • Some open source developers (notably Wireguard) had their Microsoft developer accounts suspended, impacting security-related tool releases (e.g., kernel-level VPN drivers).
  • The suspensions resulted from miscommunication or issues with required account verifications—compounded by the absence of accessible Microsoft support.
  • After public pressure and clarifications, accounts were reinstated and tools were properly signed.

• Closure:

  • “Wireguard was one of the affected developers, did release a new version and has had it now properly signed by Microsoft, so all their drivers should be working going forward.” (Johannes Ullrich, [05:03])

Notable Quotes and Highlights

• “Attackers will usually use the credentials contained in these files…which can lead to rather large invoices from these AI vendors.” ([00:36])
• “You may have to enter your BitLocker key, which of course a lot of people don’t necessarily have just sitting around… it can be a little bit difficult to get to.” ([01:35])
• “The RDP file may instruct the RDP client to share certain files or the clipboard with the server. Malicious users have abused this feature.” ([02:20])
• “The vulnerability itself is not a big surprise... the issue here is more that vendors didn’t disclose the vulnerability.” ([04:09])
• “Wireguard… did release a new version and has had it now properly signed by Microsoft, so all their drivers should be working going forward.” ([05:03])

Episode Flow and Tone

• The episode maintains a concise, urgent, and matter-of-fact tone.
• Each segment is grounded in late-breaking, real-world security incidents.
• Practical advice is interwoven with latest news, aiding listeners’ day-to-day security posture.

For More:
To contribute insights or questions, visit the Internet Storm Center contact form.