SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast) SANS Stormcast Tuesday, April 7th, 2026: Redirects in Phishing; Internet Bug Bounty Suspended; Bluehammer; Keycloak MFA Bypass
5 snips
Apr 7, 2026 Discussion of how open redirects show up in a sizable share of phishing campaigns. Coverage of HackerOne pausing an internet bug bounty after a surge of AI-generated reports. Breakdown of a new Windows privilege escalation called Bluehammer and its public disclosure. Alert about a Keycloak REST API flaw that can remove second-factor protections.
AI Snips
Chapters
Transcript
Episode notes
Open Redirects Power Many Phishing Campaigns
- Open redirects are commonly used in phishing as a benign first hop that helps messages bypass email filters.
- Jan found open redirects in roughly 20–30% of recent phishing emails, letting reputable sites forward users to phishing pages.
AI Flooded Bug Bounties Causing Suspension
- AI has sharply increased the volume of vulnerability reports to programs like HackerOne's Internet Bug Bounty.
- HackerOne suspended the program because vetting and coordinating fixes for many AI-generated reports overwhelmed projects and maintainers.
Curl Maintainer Saw Both Noise And Real Reports
- A curl maintainer reported mixed signal: some AI reports are noise but others are real functional issues.
- Johannes noted some reports reflect curl's unique behavior where 'invalid' requests are intentional for certain use cases.