SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast) SANS Stormcast Thursday, February 12th, 2026: WSL in Malware; Apple and Adobe Patches
8 snips
Feb 12, 2026 Discussion of how Windows Subsystem for Linux is being adopted by malware and sample techniques that detect and misuse WSL. Coverage of a widespread Apple update fixing dozens of vulnerabilities, including one under active exploitation and support for older macOS versions. Review of synchronized Adobe patches and a Notepad markdown parsing flaw that can trigger external installers.
AI Snips
Chapters
Transcript
Episode notes
WSL Is A Growing Malware Vector
- Malware increasingly leverages the Windows Subsystem for Linux (WSL) as a convenient execution and hiding environment on modern Windows hosts.
- WSL's accessible filesystem and Linux tooling make it attractive for malware to evade typical Windows-focused detection.
JavaScript Example Uses WSL
- Xavier's example shows JavaScript checking for WSL and then using it when available on the host.
- That real-world example demonstrates how simple scripts can pivot into the WSL environment for payloads.
Patch Apple Systems Promptly
- Apply Apple's February 2026 updates promptly because they fix 71 vulnerabilities including one already exploited in the wild.
- Install the updates on supported older macOS versions if you cannot move to the latest release immediately.