Podcast
SANS Stormcast: Daily Cyber Security News
Hosted by Johannes Ullrich · EN
A brief daily summary of what is important in information security. The podcast is published every weekday and designed to get you ready for the day with a brief, usually 5 minutes long summary of current network security related events. The content is late breaking, educational and based on listener input as well as on input received by the SANS Internet Storm Center. You may submit questions and comments via our contact form at https://isc.sans.edu/contact.html .
69episodes
Episodes
Newest firstAll episodes
SANS Stormcast Wednesday, June 3rd, 2026: SVG Phishing; Android Patches; Poly Voice Vuln; Ivanti Neurons Priv Escelation
5d ago00:03:59Tap to summarizeNew Wave Of Phishing Emails with SVG Fileshttps://isc.sans.edu/diary/New%20Wave%20Of%20Phishing%20Emails%20with%20SVG%20Files/33040 Android 2026-06-01 security patch level vulnerability detailshttps://source.android.com/docs/security/bulletin/2026/2026-06-01 Poly Voice Possible Remote Control of Certain Poly Devices CVE-2026-0826https://support.hp.com/us-en/document/ish_15052661-15052687-16/hpsbpy04083https://www.rapid7.com/blog/post/ve-cve-2026-0826-critical-unauthenticated-stack-buffer-overflow-hp-poly-vvx-trio-voip-phones-fixed/ Security Advisory Ivanti Neurons for ITSM (CVE-2026-9614)https://hub.ivanti.com/s/article/Security-Advisory-Ivanti-Neurons-for-ITSM-CVE-2026-9614?language=en_US My Upcoming Classeshttps://www.sans.org/profiles/dr-johannes-ullrich
Transcribe →SANS Stormcast Tuesday, June 2nd, 2026: Netlogon Exploit; Unidentified RAT; Windows Netlogon Exploited; RedHat npm Affected; Dashlane Brutef
6d ago00:05:29Tap to summarizeUnidentified RAT pushes NetSupport RAThttps://isc.sans.edu/diary/Unidentified%20RAT%20pushes%20NetSupport%20RAT/33034 CVE-2026-41089: Windows Netlogon Vulnerability Exploitedhttps://ccb.belgium.be/advisories/warning-microsoft-patch-tuesday-may-2026-patches-118-vulnerabilities-16-critical-102 RedHat npm Packages Affectedhttps://www.aikido.dev/blog/red-hat-npm-packages-compromised-credential-stealing-worm Dashlane Locking Accounts after Brute Forcehttps://status.dashlane.com/pages/5aabcb89fccc4b04d3774443 My Upcoming Classeshttps://www.sans.org/profiles/dr-johannes-ullrich
Transcribe →SANS Stormcast Monday, June 1st, 2026: Bitskrieg; Gogs Unpatched Vuln; Oracle Critical Updates; PAN-OS Exploited;
1w ago00:04:58Tap to summarizeAnnouncing Bitskrieghttps://deadeclipse666.blogspot.com/2026/05/announcing-bitskrieg.html Vulnerability in Gogshttps://www.rapid7.com/blog/post/ve-authenticated-rce-via-argument-injection-gogs-unfixed/ Oracle Critical Security Patch Update Advisory - May 2026https://www.oracle.com/security-alerts/cspumay2026.html GlobalProtect Authentication Bypass Vulnerabilities CVE-2026-0257https://security.paloaltonetworks.com/CVE-2026-0257
Transcribe →SANS Stormcast Friday, May 29th, 2026: @sans_edu research; Honeypot Log; VPN “Toad”; Silent Ransom Group
1w ago00:06:01Tap to summarizeResearch Review Journalhttps://assets.contentstack.io/v3/assets/blt83c410d686aa5f84/blt3cff46f63887f83e/research-review-journalhttps://www.sans.edu/cyber-research Analysis of a Year of Files Uploaded to DShield Sensorshttps://isc.sans.edu/diary/Analysis%20of%20a%20Year%20of%20Files%20Uploaded%20to%20DShield%20Sensors/33026 The Word 'Toad' Gave Any Website Full Control of Chrome's Most Popular VPNhttps://amibeingpwned.com/blog/urban-vpn-postmessage-command-injection Silent Ransom Group Impersonating IT Personnel through Social Engineeringhttps://www.ic3.gov/CSA/2026/260526.pdf
Transcribe →SANS Stormcast Thursday, May 28th, 2026: Akira Ransomware; Vaultjacking; Poisoned Chatbot and Search Results;
2w ago00:06:04Tap to summarizeReconstructing an Akira Ransomware Kill Chain from Perimeter and Endpoint Logshttps://isc.sans.edu/diary/Reconstructing%20an%20Akira%20Ransomware%20Kill%20Chain%20from%20Perimeter%20and%20Endpoint%20Logs/33024 Vaultjacking: One Captured PIN, the Entire Google Password Manager Vaulthttps://phishu.net/blogs/blog-vaultjacking-phishing-the-google-password-manager-vault-in-the-phishu-framework.html From poisoned search results to GPU mining: A cryptojacking campaign abusing ScreenConnect and Microsoft .NET utilitieshttps://www.microsoft.com/en-us/security/blog/2026/05/26/poisoned-search-results-gpu-mining-cryptojacking-campaign-abusing-screenconnect-microsoft-net-utilities/
Transcribe →SANS Stormcast Wednesday, May 27th, 2026: Fake Claude Ads; SharePoint Vuln; Angular Vulnerabilities
2w ago00:06:14Tap to summarizePossible ACR Stealer From Page Impersonating Claudehttps://isc.sans.edu/diary/Possible%20ACR%20Stealer%20From%20Page%20Impersonating%20Claude/33018 Microsoft SharePoint Remote Code Execution Vulnerability CVE-2026-45659https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45659 Multiple Vulnerabilities in Angular Language Service VS Code Extensionhttps://github.com/angular/angular/security/advisories/GHSA-ccq4-xmxr-8hcq
Transcribe →SANS Stormcast Tuesday, May 26th, 2026: VBA in MSFT Access; NPM Stealer; PHP Laravel Compromise; Google API Key Lag;
2w ago00:06:51Tap to summarizeMicrosoft Access VBAhttps://isc.sans.edu/diary/Microsoft%20Access%20VBA/33012 An Example of Stack String in High Level Languagehttps://isc.sans.edu/diary/An%20Example%20of%20Stack%20String%20in%20High%20Level%20Language/33008 Cross-Platform NPM Stealerhttps://isc.sans.edu/diary/Cross-Platform%20NPM%20Stealer/33006 Laravel Lang Compromised with RCE Backdoor Acrosshttps://socket.dev/blog/laravel-lang-compromise Google API keys keep working after you delete themhttps://www.aikido.dev/blog/google-api-keys-deletion
Transcribe →SANS Stormcast Friday, May 22nd, 2026: Selective HTTP Proxying; More GitHub Repo Trouble; MSFT Defender Patches;
2w ago00:06:35Tap to summarizeSelective HTTP Proxying in Linuxhttps://isc.sans.edu/diary/Selective%20HTTP%20Proxying%20in%20Linux/33002 Megalodon: Mass GitHub Repo Backdooring via CI Workflowshttps://safedep.io/megalodon-mass-github-repo-backdooring-ci-workflows/ MSFT Patches Recent Windows Defender Flaws CVE-2026-41091, CVE-2026-45498, CVE-2026-45584https://x.com/fabian_bader/status/2057198207243804881 Cisco Secure Workload Unauthorized API Access Vulnerability CVE-2026-20223https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-csw-pnbsa-g8WEnuy
Transcribe →SANS Stormcast Thursday, May 21st, 2026: GitHub Breach; Agentic Threat Intel Feed; NGINX Vuln; YellowKey Fix; Incomplete SonicWall Patch
3w ago00:05:39Tap to summarizeGitHub Breachhttps://x.com/github/status/2056949168208552080 Agentic Threat Intelligence Feed - VS Code Extensionshttps://agentmesh.knostic.ai/extensions More NGINX Vulnerabilitieshttps://x.com/nebusecurity/status/2057071579876753643https://my.f5.com/manage/s/article/K000161307 Microsoft Publishes YellowKey Mitigation CVE-2026-45585https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45585 Incomplete Sonicwall Patch CVE-2024-12802https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0001
Transcribe →SANS Stormcast Wednesday, May 20th, 2026: Assume Supply Chain Compromise; GitHub Action Compromise;
3w ago00:06:21Tap to summarizeTeamPCP Supply Chain Campaign: Activity Through 2026-05-17https://isc.sans.edu/diary/TeamPCP%20Supply%20Chain%20Campaign%3A%20Activity%20Through%202026-05-17/32994https://slsa.dev/spec/v0.1/levels Github Action Compromisehttps://www.stepsecurity.io/blog/actions-cool-issues-helper-github-action-compromised-all-tags-point-to-imposter-commit-that-exfiltrates-ci-cd-credentials How Storm-2949 turned a compromised identity into a cloud-wide breachhttps://www.microsoft.com/en-us/security/blog/2026/05/18/storm-2949-turned-compromised-identity-into-cloud-wide-breach/
Transcribe →