))
A brief daily summary of what is important in information security. The podcast is published every weekday and designed to get you ready for the day with a brief, usually 5 minutes long summary of current network security related events. The content is late breaking, educational and based on listener input as well as on input received by the SANS Internet Storm Center. You may submit questions and comments via our contact form at https://isc.sans.edu/contact.html .
…
continue reading
Daily cybersecurity news for practitioners. Vulnerabilities, defenses, threats, network security insight, research and more to make you sound smarter as you get to the office in the morning. New each weekday.
…
continue reading
1
SANS Stormcast Wednesday, November 12th, 2025: Microsoft Patch Tuesday; Gladinet Triofox Vulnerability; SAP Patches
6:03
6:03
Play later
Play later
Lists
Like
Liked
6:03
Microsoft Patch Tuesday for November 2025 https://isc.sans.edu/diary/Microsoft+Patch+Tuesday+for+November+2025/32468/ Gladinet Triofox Vulnerability Triofox uses the host header in lieu of proper access control, allowing an attacker to access the page managing administrators by simply setting the host header to localhost. https://cloud.google.com/b…
…
continue reading
1
SANS Stormcast Wednesday, November 12th, 2025: Microsoft Patch Tuesday; Gladinet Triofox Vulnerability; SAP Patches (#)
6:03
6:03
Play later
Play later
Lists
Like
Liked
6:03
SANS Stormcast Wednesday, November 12th, 2025: Microsoft Patch Tuesday; Gladinet Triofox Vulnerability; SAP Patches Microsoft Patch Tuesday for November 2025 https://isc.sans.edu/diary/Microsoft+Patch+Tuesday+for+November+2025/32468/ Gladinet Triofox Vulnerability Triofox uses the "host" header in lieu of proper access control, allowing an attacker…
…
continue reading
1
SANS Stormcast Tuesday, November 11th, 2025: 3CX Related Scans; Watchguard Default Password;
7:25
7:25
Play later
Play later
Lists
Like
Liked
7:25
It isn t always defaults: Scans for 3CX Usernames Our honeypots detected scans for usernames that may be related to 3CX business phone systems https://isc.sans.edu/diary/It%20isn%27t%20always%20defaults%3A%20Scans%20for%203CX%20usernames/32464 Watchguard Default Password Controversy A CVE number was assigned to a default password commonly used in W…
…
continue reading
1
SANS Stormcast Tuesday, November 11th, 2025: 3CX Related Scans; Watchguard Default Password; (#)
7:26
7:26
Play later
Play later
Lists
Like
Liked
7:26
SANS Stormcast Tuesday, November 11th, 2025: 3CX Related Scans; Watchguard Default Password; It isn't always defaults: Scans for 3CX Usernames Our honeypots detected scans for usernames that may be related to 3CX business phone systems https://isc.sans.edu/diary/It%20isn%27t%20always%20defaults%3A%20Scans%20for%203CX%20usernames/32464 Watchguard De…
…
continue reading
1
SANS Stormcast Monday, November 10th, 2025: Code Repo Requests; Time Delayed ICS Attacks; Encrypted LLM Traffic Sidechannel Attacks
7:06
7:06
Play later
Play later
Lists
Like
Liked
7:06
Honeypot Requests for Code Repository Attackers continue to scan websites for source code repositories. Keep your repositories outside your document root and proactively scan your own sites. https://isc.sans.edu/diary/Honeypot%3A%20Requests%20for%20%28Code%29%20Repositories/32460 Malicious NuGet Packages Deliver Time-Delayed Destructive Payloads Ne…
…
continue reading
1
SANS Stormcast Monday, November 10th, 2025: Code Repo Requests; Time Delayed ICS Attacks; Encrypted LLM Traffic Sidechannel Attacks (#)
7:07
7:07
Play later
Play later
Lists
Like
Liked
7:07
SANS Stormcast Monday, November 10th, 2025: Code Repo Requests; Time Delayed ICS Attacks; Encrypted LLM Traffic Sidechannel Attacks Honeypot Requests for Code Repository Attackers continue to scan websites for source code repositories. Keep your repositories outside your document root and proactively scan your own sites. https://isc.sans.edu/diary/…
…
continue reading
1
SANS Stormcast Friday, November 7th, 2025: PowerShell Log Correlation; RondoBox Disected; Google Chrome and Cisco Patches
5:31
5:31
Play later
Play later
Lists
Like
Liked
5:31
Binary Breadcrumbs: Correlating Malware Samples with Honeypot Logs Using PowerShell [Guest Diary] Windows, with PowerShell, has a great scripting platform to match common Linux/Unix command line utilities. https://isc.sans.edu/diary/Binary%20Breadcrumbs%3A%20Correlating%20Malware%20Samples%20with%20Honeypot%20Logs%20Using%20PowerShell%20%5BGuest%20…
…
continue reading
1
SANS Stormcast Friday, November 7th, 2025: PowerShell Log Correlation; RondoBox Disected; Google Chrome and Cisco Patches (#)
5:31
5:31
Play later
Play later
Lists
Like
Liked
5:31
SANS Stormcast Friday, November 7th, 2025: PowerShell Log Correlation; RondoBox Disected; Google Chrome and Cisco Patches Binary Breadcrumbs: Correlating Malware Samples with Honeypot Logs Using PowerShell [Guest Diary] Windows, with PowerShell, has a great scripting platform to match common Linux/Unix command line utilities. https://isc.sans.edu/d…
…
continue reading
1
SANS Stormcast Thursday, November 6th, 2025: Domain API Update; Teams Spoofing; VShell Report
5:43
5:43
Play later
Play later
Lists
Like
Liked
5:43
Updates to Domainname API Some updates to our domainname API will make it more flexible and make it easier and faster to get the complete dataset. https://isc.sans.edu/diary/Updates%20to%20Domainname%20API/32452 Microsoft Teams Impersonation and Spoofing Vulnerabilities Checkpoint released details about recently patched spoofing and impersonation v…
…
continue reading
1
SANS Stormcast Thursday, November 6th, 2025: Domain API Update; Teams Spoofing; VShell Report (#)
5:43
5:43
Play later
Play later
Lists
Like
Liked
5:43
SANS Stormcast Thursday, November 6th, 2025: Domain API Update; Teams Spoofing; VShell Report Updates to Domainname API Some updates to our domainname API will make it more flexible and make it easier and faster to get the complete dataset. https://isc.sans.edu/diary/Updates%20to%20Domainname%20API/32452 Microsoft Teams Impersonation and Spoofing V…
…
continue reading
1
SANS Stormcast Wednesday, November 5th, 2025: Apple Patches; Exploits against Trucking and Logistic; Google Android Patches
6:29
6:29
Play later
Play later
Lists
Like
Liked
6:29
Apple Patches Everything, Again Apple released a minor OS upgrade across its lineup, fixing a number of security vulnerabilities. https://isc.sans.edu/diary/Apple%20Patches%20Everything%2C%20Again/32448 Remote Access Tools Used to Compromise Trucking and Logistics Attackers infect trucking and logistics companies with regular remote management tool…
…
continue reading
1
SANS Stormcast Wednesday, November 5th, 2025: Apple Patches; Exploits against Trucking and Logistic; Google Android Patches
6:30
6:30
Play later
Play later
Lists
Like
Liked
6:30
Apple Patches Everything, Again Apple released a minor OS upgrade across its lineup, fixing a number of security vulnerabilities. https://isc.sans.edu/diary/Apple%20Patches%20Everything%2C%20Again/32448 Remote Access Tools Used to Compromise Trucking and Logistics Attackers infect trucking and logistics companies with regular remote management tool…
…
continue reading
1
SANS Stormcast Tuesday, November 4th, 2025: XWiki SolrSearch Exploits and Rapper Feud; AMD Zen 5 RDSEED Bug; More Malicious Open VSX Extensions
6:56
6:56
Play later
Play later
Lists
Like
Liked
6:56
XWiki SolrSearch Exploit Attempts CVE-2025-24893 We have detected a number of exploit attempts against XWiki taking advantage of a vulnerability that was added to the KEV list on Friday. https://isc.sans.edu/diary/XWiki%20SolrSearch%20Exploit%20Attempts%20%28CVE-2025-24893%29%20with%20link%20to%20Chicago%20Gangs%20Rappers/32444 AMD Zen 5 Random Num…
…
continue reading
1
SANS Stormcast Tuesday, November 4th, 2025: XWiki SolrSearch Exploits and Rapper Feud; AMD Zen 5 RDSEED Bug; More Malicious Open VSX Extensions (#)
6:56
6:56
Play later
Play later
Lists
Like
Liked
6:56
SANS Stormcast Tuesday, November 4th, 2025: XWiki SolrSearch Exploits and Rapper Feud; AMD Zen 5 RDSEED Bug; More Malicious Open VSX Extensions XWiki SolrSearch Exploit Attempts CVE-2025-24893 We have detected a number of exploit attempts against XWiki taking advantage of a vulnerability that was added to the KEV list on Friday. https://isc.sans.ed…
…
continue reading
1
SANS Stormcast Monday, November 3rd, 2025: Port 8530/8531 Scans; BADCANDY Webshells; Open VSX Security Improvements
6:26
6:26
Play later
Play later
Lists
Like
Liked
6:26
Scans for WSUS: Port 8530/8531 TCP, CVE-2025-59287 We did observe an increase in scans for TCP ports 8530 and 8531. These ports are associated with WSUS and the scans are likely looking for servers vulnerable to CVE-2025-59287 https://isc.sans.edu/diary/Scans%20for%20Port%208530%208531%20%28TCP%29.%20Likely%20related%20to%20WSUS%20Vulnerability%20C…
…
continue reading
1
SANS Stormcast Monday, November 3rd, 2025: Port 8530/8531 Scans; BADCANDY Webshells; Open VSX Security Improvements (#)
6:27
6:27
Play later
Play later
Lists
Like
Liked
6:27
SANS Stormcast Monday, November 3rd, 2025: Port 8530/8531 Scans; BADCANDY Webshells; Open VSX Security Improvements Scans for WSUS: Port 8530/8531 TCP, CVE-2025-59287 We did observe an increase in scans for TCP ports 8530 and 8531. These ports are associated with WSUS and the scans are likely looking for servers vulnerable to CVE-2025-59287 https:/…
…
continue reading
1
SANS Stormcast Friday, October 31st, 2025: Bug Bounty Headers; Exchange hardening; MOVEIt vulnerability
6:19
6:19
Play later
Play later
Lists
Like
Liked
6:19
X-Request-Purpose: Identifying "research" and bug bounty related scans? Our honeypots captured a few requests with bug bounty specific headers. These headers are meant to make it easier to identify requests related to bug bounty, and they are supposed to identify the researcher conducting the scans https://isc.sans.edu/diary/X-Request-Purpose%3A%20…
…
continue reading
1
SANS Stormcast Friday, October 31st, 2025: Bug Bounty Headers; Exchange hardening; MOVEIt vulnerability (#)
6:20
6:20
Play later
Play later
Lists
Like
Liked
6:20
SANS Stormcast Friday, October 31st, 2025: Bug Bounty Headers; Exchange hardening; MOVEIt vulnerability X-Request-Purpose: Identifying "research" and bug bounty related scans? Our honeypots captured a few requests with bug bounty specific headers. These headers are meant to make it easier to identify requests related to bug bounty, and they are sup…
…
continue reading
1
SANS Stormcast Thursday, October 30th, 2025: Memory Only Filesystems Forensics; Azure Outage; docker-compose patch
6:07
6:07
Play later
Play later
Lists
Like
Liked
6:07
How to Collect Memory-Only Filesystems on Linux Systems Getting forensically sound copies of memory-only file systems on Linux can be tricky, as tools like dd do not work. https://isc.sans.edu/diary/How%20to%20collect%20memory-only%20filesystems%20on%20Linux%20systems/32432 Microsoft Azure Front Door Outage Today, Microsoft s Azure Front Door servi…
…
continue reading
1
SANS Stormcast Thursday, October 30th, 2025: Memory Only Filesystems Forensics; Azure Outage; docker-compose patch (#)
6:07
6:07
Play later
Play later
Lists
Like
Liked
6:07
SANS Stormcast Thursday, October 30th, 2025: Memory Only Filesystems Forensics; Azure Outage; docker-compose patch How to Collect Memory-Only Filesystems on Linux Systems Getting forensically sound copies of memory-only file systems on Linux can be tricky, as tools like "dd" do not work. https://isc.sans.edu/diary/How%20to%20collect%20memory-only%2…
…
continue reading
101
SANS Stormcast Wednesday, October 29th, 2025: Invisible Subject Character Phishing; Tomcat PUT Vuln; BIND9 Spoofing Vuln PoC
8:04
8:04
Play later
Play later
Lists
Like
Liked
8:04
Phishing with Invisible Characters in the Subject Line Phishing emails use invisible UTF-8 encoded characters to break up keywords used to detect phishing (or spam). This is aided by mail clients not rendering some characters that should be rendered. https://isc.sans.edu/diary/A%20phishing%20with%20invisible%20characters%20in%20the%20subject%20line…
…
continue reading
1
SANS Stormcast Wednesday, October 29th, 2025: Invisible Subject Character Phishing; Tomcat PUT Vuln; BIND9 Spoofing Vuln PoC (#)
8:05
8:05
Play later
Play later
Lists
Like
Liked
8:05
SANS Stormcast Wednesday, October 29th, 2025: Invisible Subject Character Phishing; Tomcat PUT Vuln; BIND9 Spoofing Vuln PoC Phishing with Invisible Characters in the Subject Line Phishing emails use invisible UTF-8 encoded characters to break up keywords used to detect phishing (or spam). This is aided by mail clients not rendering some characters…
…
continue reading
1
SANS Stormcast Tuesday, October 28th, 2025: Bytes over DNS; Unifi Access Vuln; OpenAI Atlas Prompt Injection
6:17
6:17
Play later
Play later
Lists
Like
Liked
6:17
Bytes over DNS Didiear investigated which bytes may be transmitted as part of a hostname in DNS packets, depending on the client resolver and recursive resolver constraints https://isc.sans.edu/diary/Bytes%20over%20DNS/32420 Unifi Access Vulnerability Unifi fixed a critical vulnerability in it s Access product https://community.ui.com/releases/Secu…
…
continue reading
1
SANS Stormcast Tuesday, October 28th, 2025: Bytes over DNS; Unifi Access Vuln; OpenAI Atlas Prompt Injection (#)
6:17
6:17
Play later
Play later
Lists
Like
Liked
6:17
SANS Stormcast Tuesday, October 28th, 2025: Bytes over DNS; Unifi Access Vuln; OpenAI Atlas Prompt Injection Bytes over DNS Didiear investigated which bytes may be transmitted as part of a hostname in DNS packets, depending on the client resolver and recursive resolver constraints https://isc.sans.edu/diary/Bytes%20over%20DNS/32420 Unifi Access Vul…
…
continue reading
101
SANS Stormcast Monday, October 27th, 2025: Bilingual Phishing; Kaitai Struct WebIDE
6:20
6:20
Play later
Play later
Lists
Like
Liked
6:20
Bilingual Phishing for Cloud Credentials Guy observed identical phishing messages in French and English attempting to phish cloud credentials https://isc.sans.edu/diary/Phishing%20Cloud%20Account%20for%20Information/32416 Kaitai Struct WebIDE The binary file analysis tool Kaitai Struct is now available in a web only version https://isc.sans.edu/dia…
…
continue reading
