SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast) SANS Stormcast Monday, February 2nd, 2026: Google Presentation Abuse; Ivanti Vuln Exploited; Microsoft NTLM Strategy
8 snips
Feb 2, 2026 A rundown of a phishing trick that hides Google Slides footers to trick users into clicking live links. Discussion of a recently exploited Ivanti Endpoint Manager Mobile vulnerability and important patch deployment caveats. A look at Microsoft’s NTLM plan, timelines for stricter defaults, and how admins will need to adjust configurations.
AI Snips
Chapters
Transcript
Episode notes
Phishers Abuse Published Google Slides
- Johannes Ulrich described a phishing campaign that used Google Slides published presentations to hide Google's usual footer and reporting link.
- The attacker used links inside a published slide deck to present a phishing page that appeared to be a normal Google-hosted page.
Treat Published Slides As Risky Links
- Check Google-hosted pages for missing footers and treat published presentation links with suspicion before clicking.
- Report and block suspicious published slide links and educate users about this specific Google Slides publishing trick.
Patch Ivanti EPMM Cores Immediately
- Apply Ivanti's RPM patch for Endpoint Manager Mobile immediately, since the vulnerability is already being exploited.
- When using failover/HA, patch every core because the patch does not auto-replicate to other instances.