Episodes

  • SANS Stormcast Monday, June 22nd, 2026: IPv4 Mapped Phish; nginx bug; squid bleeds; AMD encryption fix (#)

    SANS Stormcast Monday, June 22nd, 2026: IPv4 Mapped Phish; nginx bug; squid bleeds; AMD encryption fix (#)
    Jun 22 2026
    SANS Stormcast Monday, June 22nd, 2026: IPv4 Mapped Phish; nginx bug; squid bleeds; AMD encryption fix eBanking Phishing Delivered Through IPv4-Mapped IPv6 Address https://isc.sans.edu/diary/eBanking%20Phishing%20Delivered%20Through%20IPv4-Mapped%20IPv6%20Address/33090 NGINX ngx_http_v3_module vulnerability CVE-2026-42530 https://my.f5.com/manage/s/article/K000161616 Squidbleed (CVE-2026-47729) https://blog.calif.io/p/squidbleed-cve-2026-47729 AMD will reinstate memory encryption on Ryzen 9000 CPUs through a BIOS update in July https://www.tomshardware.com/pc-components/cpus/amd-will-reinstate-memory-encryption-on-ryzen-9000-cpus-through-a-bios-update-in-july-tsme-is-coming-back-after-valuable-community-feedback My Upcoming Classes https://www.sans.org/profiles/dr-johannes-ullrich keywords: quid; amd; encryption; nginx; ebanking; phishing; ipv6
    Show More Show Less
    6 mins
  • SANS Stormcast Thursday, June 18th, 2026: QUIC Challenge; Android 17; Oracle CSPU; JetBrains Plugins; (#)

    SANS Stormcast Thursday, June 18th, 2026: QUIC Challenge; Android 17; Oracle CSPU; JetBrains Plugins; (#)
    Jun 18 2026
    SANS Stormcast Thursday, June 18th, 2026: QUIC Challenge; Android 17; Oracle CSPU; JetBrains Plugins; The browser blind spot: Why your security tool may not be blocking what you think it is [Guest Diary] https://isc.sans.edu/diary/The%20browser%20blind%20spot%3A%20Why%20your%20security%20tool%20may%20not%20be%20blocking%20what%20you%20think%20it%20is%20%5BGuest%20Diary%5D/33084 Android 17 Security Patches https://source.android.com/docs/security/bulletin/android-17 Oracle Critical Security Patch Update Advisory - June 2026 https://www.oracle.com/security-alerts/cspujun2026.html Multiple JetBrains IDE plugins caught stealing AI keys https://www.aikido.dev/blog/multiple-jetbrains-ide-plugins-caught-stealing-ai-keys My Upcoming Classes https://www.sans.org/profiles/dr-johannes-ullrich keywords: jetbrains; ide; oracle; patches; android; quic; http3; http;
    Show More Show Less
    6 mins
  • SANS Stormcast Wednesday, June 17th, 2026: VHDX to Remocs RAT; Fake Job Offer; OpenBSD Vuln; Copilot M365 Leakage (#)

    SANS Stormcast Wednesday, June 17th, 2026: VHDX to Remocs RAT; Fake Job Offer; OpenBSD Vuln; Copilot M365 Leakage (#)
    Jun 17 2026
    SANS Stormcast Wednesday, June 17th, 2026: VHDX to Remocs RAT; Fake Job Offer; OpenBSD Vuln; Copilot M365 Leakage From a VHDX File to a Remcos RAT https://isc.sans.edu/diary/From%20a%20VHDX%20File%20to%20a%20Remcos%20RAT/33080 A backdoor in a LinkedIn job offer https://roman.pt/posts/linkedin-backdoor/ A 27-Year-Old Authentication Bypass in OpenBSD's PPP Stack https://blog.argus-systems.ai/blog/openbsd-pap-27-year-auth-bypass.html Copilot M365 Data Leakage https://www.varonis.com/blog/searchleak My Upcoming Classes https://www.sans.org/profiles/dr-johannes-ullrich keywords: vhdx; remcos; rat; backdoor; linkedin; job offer; openbsd; ppp; copilot; m365;
    Show More Show Less
    8 mins
  • SANS Stormcast Tuesday, June 16th, 2026: BASE64 Statistics; Cisco SD-WAN Exploited; AMD TSME Disabled; Poisoning Deep Research Agents (#)

    SANS Stormcast Tuesday, June 16th, 2026: BASE64 Statistics; Cisco SD-WAN Exploited; AMD TSME Disabled; Poisoning Deep Research Agents (#)
    Jun 15 2026
    SANS Stormcast Tuesday, June 16th, 2026: BASE64 Statistics; Cisco SD-WAN Exploited; AMD TSME Disabled; Poisoning Deep Research Agents Evil MSI Background: BASE64 Statistical Analysis https://isc.sans.edu/diary/Evil%20MSI%20Background%3A%20BASE64%20Statistical%20Analysis/33072 Cisco Catalyst SD-WAN Manager Arbitrary File Write Vulnerability https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-arbfw-c2rZvQ TSME/SME not activating on Ryzen 7 9700X https://github.com/AMDESE/AMDSEV/issues/292 Deep-Research Agents Can Be Poisoned via User-Generated Content https://arxiv.org/pdf/2605.24245 My Upcoming Classes https://www.sans.org/profiles/dr-johannes-ullrich keywords: base64; msi; wallpaper; cisco; sd-wan; 0-day; amd; ryzen; deep-research; llm; seo;
    Show More Show Less
    6 mins
  • SANS Stormcast Monday, June 15th, 2026: Arch Linux Malicious User Packages; Splunk Vuln and Exploit; Exploiting AI Coding Agents (#)

    SANS Stormcast Monday, June 15th, 2026: Arch Linux Malicious User Packages; Splunk Vuln and Exploit; Exploiting AI Coding Agents (#)
    Jun 14 2026
    SANS Stormcast Monday, June 15th, 2026: Arch Linux Malicious User Packages; Splunk Vuln and Exploit; Exploiting AI Coding Agents Atomic Arch: Attackers Hijack Trusted AUR Packages to Deliver Rootkit-Like Malware https://www.sonatype.com/blog/atomic-arch-npm-campaign-adds-malicious-dependency Why Use App-Level Auth When Every Database Has Auth? (Splunk Enterprise CVE-2026-20253 Pre-Auth RCE)
https://labs.watchtowr.com/why-use-app-level-auth-when-every-database-has-auth-splunk-enterprise-cve-2026-20253-pre-auth-rce/ A Fake Bug Report Hijacks Your AI Coding Agent – and Nothing Catches It. https://tenetsecurity.ai/blog/agentjacking-coding-agents-with-fake-sentry-errors/ My Upcoming Classes https://www.sans.org/profiles/dr-johannes-ullrich keywords: splunk; postgresql; arch linux; atomic arch; arch; ai; agent;
    Show More Show Less
    7 mins
  • SANS Stormcast Friday, June 12th, 2026: Bitlocker Trouble; Ivanti and Oracle Exploited; macOS Malicious Installers (#)

    SANS Stormcast Friday, June 12th, 2026: Bitlocker Trouble; Ivanti and Oracle Exploited; macOS Malicious Installers (#)
    Jun 12 2026
    SANS Stormcast Friday, June 12th, 2026: Bitlocker Trouble; Ivanti and Oracle Exploited; macOS Malicious Installers More Bitlocker Issues: GreatXML https://git.churchofmalware.org/Nightmare_Eclipse/GreatXML Security Advisory Ivanti Sentry (CVE-2026-10520, CVE-2026-10523) https://hub.ivanti.com/s/article/Security-Advisory-Ivanti-Sentry-CVE-2026-10520-CVE-2026-10523?language=en_US Oracle Security Alert Advisory - CVE-2026-35273 https://www.oracle.com/security-alerts/alert-cve-2026-35273.html https://www.bleepingcomputer.com/news/security/oracle-mitigates-peoplesoft-zero-day-exploited-in-data-theft-attacks/ How Deceptive Installers Are Targeting macOS Users https://www.huntress.com/blog/deceptive-installers-macos-infostealers My Upcoming Classes https://www.sans.org/profiles/dr-johannes-ullrich keywords: oracle; ivanti; bitlocker; greatxml; peoplesoft; mac malware;
    Show More Show Less
    7 mins
  • SANS Stormcast Thursday, June 11th, 2026: Framing Protections; npm improvements; Adobe Patches; New Defender 0-day (#)

    SANS Stormcast Thursday, June 11th, 2026: Framing Protections; npm improvements; Adobe Patches; New Defender 0-day (#)
    Jun 11 2026
    SANS Stormcast Thursday, June 11th, 2026: Framing Protections; npm improvements; Adobe Patches; New Defender 0-day How has use of framing protection security headers changed in the past 3 years? https://isc.sans.edu/diary/How%20has%20use%20of%20framing%20protection%20security%20headers%20changed%20in%20the%20past%203%20years%3F/33068 Preparing for npm v12: install scripts and non-registry sources become opt-in https://github.com/orgs/community/discussions/198547 Adobe Patches https://helpx.adobe.com/security.html Rogue Planet new Microsoft Defender Vulnerability https://github.com/MSNightmare/RoguePlanet My Upcoming Classes https://www.sans.org/profiles/dr-johannes-ullrich keywords: rogue planet; defender; vulnerability; 0-day; adobe; npm; headers; iframe;
    Show More Show Less
    6 mins
  • SANS Stormcast Wednesday, June 10th, 2026: Microsoft Patch Tuesday; Miasma Source Published; Fortinet Patches (#)

    SANS Stormcast Wednesday, June 10th, 2026: Microsoft Patch Tuesday; Miasma Source Published; Fortinet Patches (#)
    Jun 9 2026
    SANS Stormcast Wednesday, June 10th, 2026: Microsoft Patch Tuesday; Miasma Source Published; Fortinet Patches Microsoft June 2026 Patch Tuesday https://isc.sans.edu/diary/Microsoft%20June%202026%20Patch%20Tuesday/33064 Miasma Software Supply Chain Attack Toolkit Source Published https://safedep.io/inside-the-miasma-supply-chain-attack-toolkit/ Fortinet FortiSandbox Vulnerability https://fortiguard.fortinet.com/psirt/FG-IR-26-141 My Upcoming Classes https://www.sans.org/profiles/dr-johannes-ullrich keywords: fortinet; fortisandbox; miasma; supply chain; microsoft; patches
    Show More Show Less
    7 mins