SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast) SANS Stormcast Thursday, March 26th, 2026: Apple Patches; SmatApeSG Update; Trivy/LiteLLM/TeamPCP Update; Google Accelerates Quantum Save Crypto Rollout
5 snips
Mar 26, 2026 Broad Apple security fixes across iOS, macOS, and watchOS get a quick recap. A malware campaign distributing multiple remote access trojans and credential stealers is profiled. Discussions cover flaws in popular scanners and libraries and the need for better secrets management. Google’s move to speed up quantum-safe cryptography and realistic migration timelines is outlined.
AI Snips
Chapters
Transcript
Episode notes
Update Apple Devices For March 2026 Patch Batch
- Do update Apple devices promptly because March 2026 fixes cover 85 vulnerabilities across iOS, macOS, and other OSes.
- Johannes Ulrich notes patches span iOS 18, macOS 26/15/14 and none are labeled as actively exploited.
SHA Pinning Isn't A Silver Bullet For Supply Chain Security
- Webcasts and blog posts clarify supply-chain risks like pinning to a git SHA is brittle and can fail if done incorrectly.
- Johannes Ulrich references a SANS webcast and Michael Rosenfeld's post showing SHA pinning pitfalls.
Rotate Credentials After LiteLLM Supply Chain Concerns
- Rotate credentials immediately if you ran Lite LLM or similar affected products, even on suspicion of exposure.
- Johannes Ulrich warns credential rotation is hard and should be automated and routine, tied to secrets management.