SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
Johannes B. Ullrich
A brief daily summary of what is important in information security. The podcast is published every weekday and designed to get you ready for the day with a brief, usually 5 minute long, summary of current network security related events. The content is late breaking, educational and based on listener input as well as on input received by the SANS Internet Stormcenter. You may submit questions and comments via our contact form at https://isc.sans.edu/contact.html .
Episodes
Mentioned books
8 snips
Feb 12, 2026 • 6min
SANS Stormcast Thursday, February 12th, 2026: WSL in Malware; Apple and Adobe Patches
Discussion of how Windows Subsystem for Linux is being adopted by malware and sample techniques that detect and misuse WSL. Coverage of a widespread Apple update fixing dozens of vulnerabilities, including one under active exploitation and support for older macOS versions. Review of synchronized Adobe patches and a Notepad markdown parsing flaw that can trigger external installers.
7 snips
Feb 11, 2026 • 8min
SANS Stormcast Wednesday, February 11th, 2026: Microsoft Patch Tuesday; Secure Boot Updates; Fake 7-Zip; FortiSlob
A rundown of February Patch Tuesday and the dozens of fixes Microsoft released. Discussion of warning-bypass bugs affecting Windows Shell, Word, and MSHTML. Explanation of Secure Boot root certificate updates for older PCs. Warning about trojanized 7-Zip downloads that turn home machines into proxies. Notes on recent Fortinet sandbox and LDAP authentication vulnerabilities.
8 snips
Feb 10, 2026 • 5min
SANS Stormcast Tuesday, February 10th, 2026: Extracting URLs; Singal Phishing; Ivanti PoC; BeyondTrust RCE; Forticlient SQL Inection
Quick techniques for extracting URLs hidden in RTF documents. Alerts about Signal-targeted phishing campaigns aimed at politicians, military, and journalists. Deep dives into pre-auth remote code execution flaws in Ivanti and BeyondTrust. Coverage of a critical FortiClient EMS SQL injection vulnerability and urgent patching advice.
6 snips
Feb 9, 2026 • 5min
SANS Stormcast Monday, February 9th, 2026: Azure Vulnerabilties; AI Vulnerability Discovery; GitLab AI Gateway Vuln
Coverage of four patched Azure vulnerabilities affecting services like Front Door and Functions. Discussion of AI tools finding zero-days and the debate over their usefulness. Review of Anthropic’s study claiming hundreds of LLM-discovered high-impact flaws. Report on a GitLab AI Gateway flaw that allowed authenticated code execution on on-prem installs.
8 snips
Feb 6, 2026 • 5min
SANS Stormcast Friday, February 6th, 2026: Broken Phishing; n8n vulnerability; Android Update; Watchguard Firebox LDAP Injection
A rundown of malformed phishing URLs that exploit browser tolerance to slip past defenses. A warning about an n8n command injection flaw and incomplete prior patching. An overview of February Android security changes and a shift to quarterly lower-severity fixes. A WatchGuard Firebox LDAP injection that can bypass authentication under certain conditions.
16 snips
Feb 5, 2026 • 6min
SANS Stormcast Thursday, February 5th, 2026: Malicious Scripts; Synectix Vuln; Google Chrome; Google Looker;
A malware-laden Chrome script that pulls a hidden second-stage payload and why attackers favor multi-stage installs. An unauthenticated web admin interface in a small LAN appliance and the dangers of exposing tiny serial-to-Ethernet devices. Remote code execution and path-traversal flaws in Looker affecting cloud and on-prem deployments. Recent Chrome and Django security patches and a PostGIS-related SQL injection alert.
10 snips
Feb 4, 2026 • 5min
SANS Stormcast Wednesday, February 4th, 2026: Detecting OpenClaw; Synology telnetd Patch; More GlassWorm
Coverage of detecting and monitoring OpenClaw malware with scripts and telemetry for command visibility. Recommendations for hardening and telemetry plugins to improve defenses. Patch alert for a Synology telnetd/inetd vulnerability and advice to disable Telnet. Report on malicious VS Code extensions distributed after a developer account compromise. Note about Azure dropping TLS 1.0 and 1.1 and compatibility worries.
14 snips
Feb 3, 2026 • 6min
SANS Stormcast Tuesday, February 3rd, 2026: Scanning for AI; Notepad++ Compromise; OpenClaw Vulnerabilities
Scans found attempts to discover exposed Anthropic models on the open Internet. A popular text editor’s update host was hijacked and linked to a state-level backdoor campaign. An AI assistant platform has insecure loopback websockets, a wave of malicious skills, and thousands of instances exposed publicly.
8 snips
Feb 2, 2026 • 7min
SANS Stormcast Monday, February 2nd, 2026: Google Presentation Abuse; Ivanti Vuln Exploited; Microsoft NTLM Strategy
A rundown of a phishing trick that hides Google Slides footers to trick users into clicking live links. Discussion of a recently exploited Ivanti Endpoint Manager Mobile vulnerability and important patch deployment caveats. A look at Microsoft’s NTLM plan, timelines for stricter defaults, and how admins will need to adjust configurations.
12 snips
Jan 30, 2026 • 6min
SANS Stormcast Friday, January 30th, 2026: Residential Proxy Networks; Clowdbot/Moltbot Themed Malware; eScan Malicious Updates
Coverage of a major takedown of a global residential proxy network and why such proxies are hard to block. Alerts about malicious VS Code extensions leveraging CloudBot/Moltbot news to deliver remote access tools. A supply-chain compromise at an antivirus vendor that pushed malicious updates and what was affected.
