Summary4 min read

SANS Stormcast – March 5, 2026

Host: Johannes B. Ullrich
Episode Summary:
This episode focuses on the latest trends in malware and attack techniques, high-severity vulnerabilities in Cisco’s Secure Firewall Management Center, and ongoing phishing campaigns targeting LastPass users. Johannes B. Ullrich dives into XWorm’s evolving infection chain, the impact of AI-driven search engine poisoning, critical Cisco security patches, and best practices for phishing-resistant authentication.

Main Theme

The episode delivers a concise overview of current and emerging cybersecurity threats, highlighting technical malware analysis, real-world exploitation of search engine algorithms, urgent patch news, and actionable advice on authentication security for end users.

Key Discussion Points & Insights

1. XWorm Malware Analysis and Infection Chain

[00:23]

Johannes Ulrich introduces Xavier’s analysis of the latest XWorm malware sample and its infection chain.
The chain starts with a phishing email containing a .7z (7-zip) file, which extracts a JavaScript payload.
JavaScript is executed in a sandbox and escalates to PowerShell.
Ultimately, PowerShell injects itself into the .NET compiler, leading to a DLL load and then loading the actual XWorm payload.
Insight: The infection path is "somewhat convoluted", but shows attackers’ persistence and the resilience of certain initial attack vectors.

Quote:
“Not sure why filters or so don't really catch on to this yet.”
— Johannes Ulrich [00:42]

Filters are still not effectively catching compressed JavaScript delivery, which has been a known vector for years.

2. Malicious SEO & AI Search Engine Poisoning

[01:26]

Attackers employ malicious SEO tactics, either buying search ads or crafting content to redirect users searching for popular terms to malicious sites.
Now, AI search engines (Bing, Google, Yahoo) compound the risk by automatically promoting these links through AI-driven summaries or featured results.
Specific case: In early February, Bing AI search redirected users searching for a Windows “OpenClaw installer” to a malicious GitHub page containing an installer with GhostSocks and information stealing malware.
Blog coverage by Huntress documented the exploit.

Quote:
“These AI tools pretty much do the same thing that... your traditional search engines did. They spidered the web. They tried to figure out based on...links and other sort of relevancy scoring whether or not a particular link or snippet or content is relevant... And well, attackers are able to poison that just like they were able to poison traditional search results.”
— Johannes Ulrich [02:33]

Insight: AI-powered search isn't inherently safer, and currently lacks the same robust threat filtering as traditional web searches.

3. Critical Cisco Secure Firewall Management Center Vulnerabilities

[04:04]

Cisco released numerous patches, but two vulnerabilities in Secure Firewall Management Center are particularly severe, both with CVSS scores of 10.
First: An authentication bypass allows unauthenticated users to run scripts as root, enabling full compromise.
Second: A remote code execution vulnerability for running Java code (and more broadly, other languages via the first vulnerability).
Neither vulnerability is reported as being exploited yet, but the risk is high and exploitation will likely become trivial post-patch release.

Quote:
“Probably not all that terrible. Difficult to actually exploit these vulnerabilities once the patch has been reversed.”
— Johannes Ulrich [05:03]

Action: Patch immediately to avoid critical compromise.

4. LastPass Phishing and Phishing-Resistant Authentication

[05:23]

Recap of aggressive phishing campaigns against LastPass in January and ongoing proliferation of phishing sites despite takedown efforts.
Focus on the importance of “phishing-resistant authentication”, especially for high-value applications like password managers.
Warns against reliance on credentials that users memorize (even OTPs), which can be phished.

Quote:
“If something critical like your password manager can be taken over by stealing credentials from you, like a username, like a password, like a one time password that you may enter in a website, well then you have a problem and you're probably using the wrong product.”
— Johannes Ulrich [05:49]

Better alternatives include password managers anchored by hardware authenticators or those using random strings users never see.

Memorable Moments & Quotes

On legacy malware delivery techniques: “Not sure why filters or so don't really catch on to this yet.” [00:42]
On AI search poisoning: “These AI tools pretty much do the same thing that…attackers are able to poison that just like they were able to poison traditional search results.” [02:33]
On Cisco vulnerabilities: “Probably not all that terrible. Difficult to actually exploit these vulnerabilities once the patch has been reversed.” [05:03]
On password manager security: “If something critical like your password manager can be taken over by stealing credentials from you… you have a problem and you're probably using the wrong product.” [05:49]

Timestamps for Key Segments

XWorm Malware Chain Analysis: [00:23] – [01:22]
AI Search Engine Poisoning & Malicious SEO: [01:26] – [03:54]
Cisco Secure Firewall Management Center Vulnerabilities: [04:04] – [05:22]
LastPass Phishing & Authentication Guidance: [05:23] – [06:31]

Conclusion & Takeaways

Phishing remains a persistent and evolving threat, both through direct means (malware) and indirect (search engine poisoning).
Patching critical vulnerabilities promptly is essential, especially for Internet-facing systems like Cisco’s Security Management Center.
Trust in AI search is still risky—organizations and users need caution and awareness as attackers adapt old tactics to new platforms.
Rely on phishing-resistant authentication wherever possible, especially for sensitive accounts like password managers.

Johannes concludes with a reminder for listeners to report any errors for a chance to win a SANS sticker, maintaining his direct and educational tone.

Loading summary

Transcript1 lines

[00:05]
A
Hello and welcome to the Thursday, March 5, 2026 edition of the SANS Internet Storm Center's Stormcast. My name is Johannes Ulrich, recording today from Jacksonville, Florida, and this episode is brought to you by the SANS Edu Graduate Certificate Program in Purple Team Operations. Xavier today is asking, do you want more exwarm? Because that's the sample that Xavier is looking at today, including the infection chain that actually gets you to the actual exwarm sample. Exwarm remains one of the favorite payloads deployed by the miscreants out there. Starts in this case with a simple phishing email that has, well, yet again a 7 sip attachment that unzips then to JavaScript. And we have seen this now for so many years, this sort of compressed JavaScript thing. Not sure why filters or so don't really catch on to this yet. Then it becomes PowerShell and then it actually injects itself into the. NET compiler. That's sort of where it then loads the DLL until it loads the actual Xform P payload. So somewhat convoluted the infection chain here Xavier walks you through the reverse analysis of this particular sample, how to get from the JavaScript, which actually Xavier just executes in the sandbox, all the way to the XFORM payload. And another problem that has been haunting us for years now is malicious search engine optimization, where attackers are either outright buying ads in search engines or they are placing content around around the Internet that then all points to malicious content if a particular user is searching for a popular term. Well, this is now happening also with some of the AI search engines. Many search engines, Google, Bing, Yahoo, they all now have these AI search engines and you probably have all seen them where you search for something and at the top of the page you'll get sort of that little AI blurb trying to summarize or point you to particular features results about the search that you entered. Well, it turns out that Bing did redirect users to a malicious OpenClaw installer. This happened early February. So if a couple of weeks ago you searched for Windows openclaw installer I think was the exact search term here, but probably other search terms worked as well. You were directed to a GitHub page that then made you download and install this malicious installer that included Ghost Socks. So one of these systems that allows an attacker to use your system as a proxy and information stealers were included. According to a blog post posted by Huntress, this is not really all that surprising because essentially, you know, AI tools are now sort of replacing some of the more traditional search engines. But these AI tools pretty much do the same thing that you know, your traditional search engines did. They spidered the web. They tried to figure out based on number of links and other sort of relevancy scoring whether or not a particular link or snippet or content is relevant to the question that you asked. And well, attackers are able to poison that just like they were able to poison traditional search results. Plus of course, many of the search engines have not yet quite put the same sort of filters and such in place for their AI results as they have already in place for some of the traditional search results. And Cisco today released numerous patches for many of its products. Now, there's one product in two vulnerabilities that really stands out here, and that's the Secure Firewall Management center, which suffers from two vulnerabilities that both scored a perfect 10 on the CVSS scale. The first vulnerability is an authentication bypass vulnerability. It does allow an unauthenticated user to run scripts as root, so completely compromise the Secure Firewall Management Center. The second vulnerability that's also affecting here, the Secure Firewall Management center is a remote code execution vulnerability. Sounds in sort of total impact very similar to the first one, but this one is restricted to actually executing Java. So if you don't like Java, well, Cisco is forthcoming enough here to allow the Secure Firewall Management center to also be exploited with other scripting languages using the first vulnerability. Neither of these vulnerabilities is yet exploit it, so still get it patched. Probably not all that terrible. Difficult to actually exploit these vulnerabilities once the patch has been reversed. Well, back in January, LastPass was the subject of some fairly aggressive and better phishing campaigns. They have done some takedown then and well imagine that they took down some phishing websites, others have sprung up. I don't want to really go too much into phishing part here, but I think what's really important here, and I think I mentioned this also yesterday, is the concept of phishing resistant authentication. If something critical like your password manager can be taken over by stealing credentials from you, like a username, like a password, like a one time password that you may enter in a website, well then you have a problem and you're probably using the wrong product. So don't rely on any password managers that don't themselves use phishing resistant authentication. It's tricky to do this right with password managers, but whenever the user is in charge of entering credentials into a particular website, you probably have a problem. In particular if these are credentials that the user knows. Some password managers, for example, use these long random strings that you don't really ever have to use unless you sort of set up a new client for that password manager so you can lock them away, which sort of protects them better. That's probably sort of one way to protect your password managers a bit better. Or things like hardware authenticators or such that can be used that cannot be easily copied like a one time password that you're getting from an app. Well, and that's it for today. Sorry for missing the outro here yesterday. Somehow forgot to, I think splice it on to the audio file. But anyway, thanks for listening. Thanks for actually also telling me about any errors or such. I still sort of know. We'll send you a sticker if you find anything wrong with any of the podcasts and then again, talk to you again tomorrow. Bye.