Episodes

  • SANS Stormcast Monday, June 22nd, 2026: IPv4 Mapped Phish; nginx bug; squid bleeds; AMD encryption fix

    SANS Stormcast Monday, June 22nd, 2026: IPv4 Mapped Phish; nginx bug; squid bleeds; AMD encryption fix
    Jun 22 2026

    eBanking Phishing Delivered Through IPv4-Mapped IPv6 Address
    https://isc.sans.edu/diary/eBanking%20Phishing%20Delivered%20Through%20IPv4-Mapped%20IPv6%20Address/33090
    NGINX ngx_http_v3_module vulnerability CVE-2026-42530
    https://my.f5.com/manage/s/article/K000161616
    Squidbleed (CVE-2026-47729)
    https://blog.calif.io/p/squidbleed-cve-2026-47729
    AMD will reinstate memory encryption on Ryzen 9000 CPUs through a BIOS update in July
    https://www.tomshardware.com/pc-components/cpus/amd-will-reinstate-memory-encryption-on-ryzen-9000-cpus-through-a-bios-update-in-july-tsme-is-coming-back-after-valuable-community-feedback
    My Upcoming Classes
    https://www.sans.org/profiles/dr-johannes-ullrich
    Show More Show Less
    6 mins
  • SANS Stormcast Thursday, June 18th, 2026: QUIC Challenge; Android 17; Oracle CSPU; JetBrains Plugins;

    SANS Stormcast Thursday, June 18th, 2026: QUIC Challenge; Android 17; Oracle CSPU; JetBrains Plugins;
    Jun 18 2026

    The browser blind spot: Why your security tool may not be blocking what you think it is [Guest Diary]
    https://isc.sans.edu/diary/The%20browser%20blind%20spot%3A%20Why%20your%20security%20tool%20may%20not%20be%20blocking%20what%20you%20think%20it%20is%20%5BGuest%20Diary%5D/33084
    Android 17 Security Patches
    https://source.android.com/docs/security/bulletin/android-17
    Oracle Critical Security Patch Update Advisory - June 2026
    https://www.oracle.com/security-alerts/cspujun2026.html
    Multiple JetBrains IDE plugins caught stealing AI keys
    https://www.aikido.dev/blog/multiple-jetbrains-ide-plugins-caught-stealing-ai-keys
    My Upcoming Classes
    https://www.sans.org/profiles/dr-johannes-ullrich
    Show More Show Less
    6 mins
  • SANS Stormcast Wednesday, June 17th, 2026: VHDX to Remocs RAT; Fake Job Offer; OpenBSD Vuln; Copilot M365 Leakage

    SANS Stormcast Wednesday, June 17th, 2026: VHDX to Remocs RAT; Fake Job Offer; OpenBSD Vuln; Copilot M365 Leakage
    Jun 17 2026

    From a VHDX File to a Remcos RAT
    https://isc.sans.edu/diary/From%20a%20VHDX%20File%20to%20a%20Remcos%20RAT/33080
    A backdoor in a LinkedIn job offer
    https://roman.pt/posts/linkedin-backdoor/
    A 27-Year-Old Authentication Bypass in OpenBSD's PPP Stack
    https://blog.argus-systems.ai/blog/openbsd-pap-27-year-auth-bypass.html
    Copilot M365 Data Leakage
    https://www.varonis.com/blog/searchleak
    My Upcoming Classes
    https://www.sans.org/profiles/dr-johannes-ullrich
    Show More Show Less
    8 mins
  • SANS Stormcast Tuesday, June 16th, 2026: BASE64 Statistics; Cisco SD-WAN Exploited; AMD TSME Disabled; Poisoning Deep Research Agents

    SANS Stormcast Tuesday, June 16th, 2026: BASE64 Statistics; Cisco SD-WAN Exploited; AMD TSME Disabled; Poisoning Deep Research Agents
    Jun 16 2026

    Evil MSI Background: BASE64 Statistical Analysis
    https://isc.sans.edu/diary/Evil%20MSI%20Background%3A%20BASE64%20Statistical%20Analysis/33072
    Cisco Catalyst SD-WAN Manager Arbitrary File Write Vulnerability
    https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-arbfw-c2rZvQ
    TSME/SME not activating on Ryzen 7 9700X
    https://github.com/AMDESE/AMDSEV/issues/292
    Deep-Research Agents Can Be Poisoned via User-Generated Content
    https://arxiv.org/pdf/2605.24245
    My Upcoming Classes
    https://www.sans.org/profiles/dr-johannes-ullrich
    Show More Show Less
    6 mins
  • SANS Stormcast Monday, June 15th, 2026: Arch Linux Malicious User Packages; Splunk Vuln and Exploit; Exploiting AI Coding Agents

    SANS Stormcast Monday, June 15th, 2026: Arch Linux Malicious User Packages; Splunk Vuln and Exploit; Exploiting AI Coding Agents
    Jun 15 2026

    Atomic Arch: Attackers Hijack Trusted AUR Packages to Deliver Rootkit-Like Malware
    https://www.sonatype.com/blog/atomic-arch-npm-campaign-adds-malicious-dependency
    Why Use App-Level Auth When Every Database Has Auth? (Splunk Enterprise CVE-2026-20253 Pre-Auth RCE) https://labs.watchtowr.com/why-use-app-level-auth-when-every-database-has-auth-splunk-enterprise-cve-2026-20253-pre-auth-rce/
    A Fake Bug Report Hijacks Your AI Coding Agent and Nothing Catches It.
    https://tenetsecurity.ai/blog/agentjacking-coding-agents-with-fake-sentry-errors/
    My Upcoming Classes
    https://www.sans.org/profiles/dr-johannes-ullrich
    Show More Show Less
    7 mins
  • SANS Stormcast Friday, June 12th, 2026: Bitlocker Trouble; Ivanti and Oracle Exploited; macOS Malicious Installers

    SANS Stormcast Friday, June 12th, 2026: Bitlocker Trouble; Ivanti and Oracle Exploited; macOS Malicious Installers
    Jun 12 2026

    More Bitlocker Issues: GreatXML
    https://git.churchofmalware.org/Nightmare_Eclipse/GreatXML
    Security Advisory Ivanti Sentry (CVE-2026-10520, CVE-2026-10523)
    https://hub.ivanti.com/s/article/Security-Advisory-Ivanti-Sentry-CVE-2026-10520-CVE-2026-10523?language=en_US
    Oracle Security Alert Advisory - CVE-2026-35273
    https://www.oracle.com/security-alerts/alert-cve-2026-35273.html
    https://www.bleepingcomputer.com/news/security/oracle-mitigates-peoplesoft-zero-day-exploited-in-data-theft-attacks/
    How Deceptive Installers Are Targeting macOS Users
    https://www.huntress.com/blog/deceptive-installers-macos-infostealers
    My Upcoming Classes
    https://www.sans.org/profiles/dr-johannes-ullrich
    Show More Show Less
    7 mins
  • SANS Stormcast Thursday, June 11th, 2026: Framing Protections; npm improvements; Adobe Patches; New Defender 0-day

    SANS Stormcast Thursday, June 11th, 2026: Framing Protections; npm improvements; Adobe Patches; New Defender 0-day
    Jun 11 2026

    How has use of framing protection security headers changed in the past 3 years?
    https://isc.sans.edu/diary/How%20has%20use%20of%20framing%20protection%20security%20headers%20changed%20in%20the%20past%203%20years%3F/33068
    Preparing for npm v12: install scripts and non-registry sources become opt-in
    https://github.com/orgs/community/discussions/198547
    Adobe Patches
    https://helpx.adobe.com/security.html
    Rogue Planet new Microsoft Defender Vulnerability
    https://github.com/MSNightmare/RoguePlanet
    My Upcoming Classes
    https://www.sans.org/profiles/dr-johannes-ullrich
    Show More Show Less
    6 mins
  • SANS Stormcast Wednesday, June 10th, 2026: Microsoft Patch Tuesday; Miasma Source Published; Fortinet Patches

    SANS Stormcast Wednesday, June 10th, 2026: Microsoft Patch Tuesday; Miasma Source Published; Fortinet Patches
    Jun 10 2026

    Microsoft June 2026 Patch Tuesday
    https://isc.sans.edu/diary/Microsoft%20June%202026%20Patch%20Tuesday/33064
    Miasma Software Supply Chain Attack Toolkit Source Published
    https://safedep.io/inside-the-miasma-supply-chain-attack-toolkit/
    Fortinet FortiSandbox Vulnerability
    https://fortiguard.fortinet.com/psirt/FG-IR-26-141
    My Upcoming Classes
    https://www.sans.org/profiles/dr-johannes-ullrich
    Show More Show Less
    7 mins