SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast) SANS Stormcast Friday, February 20th, 2026: DynoWiper Analysis; Vibe Passwords; IDE Extension Vulns; Gransstream GXP 1600 Vuln and PoC
10 snips
Feb 20, 2026 Reverse engineering reveals a wiper that uses a simple, unobfuscated PRNG to overwrite files. LLM-generated passwords turn out to be predictable and widely reused. Popular IDE extensions expose local APIs and other attack surfaces to malicious web pages or crafted files. A critical unauthenticated stack buffer overflow in a VoIP phone line could let attackers gain root and pivot inside networks.
AI Snips
Chapters
Transcript
Episode notes
Simple Wiper Behind High-Profile Attack
- John Mütas walked through reverse-engineering the DynoWiper sample and found it surprisingly simple.
- The wiper used a pseudo-random generator to create overwrite noise rather than complex obfuscation.
LLMs Are Poor Sources Of Random Passwords
- Large language models produce deterministic outputs that are not cryptographically random.
- Using LLMs to generate passwords risks many users choosing the same, predictable passwords.
Harden IDEs Against Localhost APIs
- Treat IDE extensions that open local HTTP APIs as a risky attack surface and audit them.
- Restrict or remove extensions that expose localhost services without proper origin checks.