SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast) SANS Stormcast Friday, February 6th, 2026: Broken Phishing; n8n vulnerability; Android Update; Watchguard Firebox LDAP Injection
8 snips
Feb 6, 2026 A rundown of malformed phishing URLs that exploit browser tolerance to slip past defenses. A warning about an n8n command injection flaw and incomplete prior patching. An overview of February Android security changes and a shift to quarterly lower-severity fixes. A WatchGuard Firebox LDAP injection that can bypass authentication under certain conditions.
AI Snips
Chapters
Transcript
Episode notes
Test Security Tools Against Malformed URLs
- Test your email and document security tools against malformed or nonstandard URLs to see if they detect malicious links.
- Update rules or add parsing logic if tools ignore URLs that browsers will still follow.
Browsers' Forgiveness Enables Broken Phishing Links
- Phishing actors exploit browsers' leniency for technically invalid URLs to bypass security tools that strictly validate URLs.
- This gap lets malicious links work in browsers while being ignored by document-scanning defenses.
Urgently Patch n8n For Command Injection
- Keep n8n deployments updated immediately because command-injection flaws allow workflow creators to run arbitrary system commands.
- Monitor n8n security advisories frequently since previous patches were incomplete and variations reappear.