SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
Johannes B. Ullrich
Daily update on current cyber security threats
- 7 minutes 4 secondsSANS Stormcast Tuesday, February 24th, 2026: Malicious JPEG Analysis; Calibre Vuln; jsPDF object injection; Roundcube Exploited
Another day, another malicious JPEG
https://isc.sans.edu/diary/Another%20day%2C%20another%20malicious%20JPEG/32738
Calibre Path Traversal Leading to Arbitrary File Write and Potentially Code Execution CVE-2026-26064 CVE-2026-26065
https://github.com/kovidgoyal/calibre/security/advisories/GHSA-72ch-3hqc-pgmp
https://github.com/kovidgoyal/calibre/security/advisories/GHSA-vmfh-7mr7-pp2w
CVE-2026-25755: PDF Object Injection in jsPDF (addJS Method)
https://github.com/ZeroXJacks/CVEs/blob/main/2026/CVE-2026-25755.md
Roundcube Webmail Exploited CVE-2025-49113 https://roundcube.net/news/2025/06/01/security-updates-1.6.11-and-1.5.10
https://www.openwall.com/lists/oss-security/2025/06/02/324 February 2026, 2:00 am - 6 minutes 33 secondsSANS Stormcast Monday, February 23rd, 2026: Japanese Phishing; AI Agents Ignoring Instructions; Starkiller MFA Phishing
Japanese-Language Phishing Emails
https://isc.sans.edu/diary/Japanese-Language%20Phishing%20Emails/32734
'God-Like' Attack Machines: AI Agents Ignore Security Policies
https://www.darkreading.com/application-security/ai-agents-ignore-security-policies
Starkiller: New Phishing Framework Proxies Real Login Pages to Bypass MFA
https://abnormal.ai/blog/starkiller-phishing-kit23 February 2026, 2:45 am - 6 minutes 19 secondsSANS Stormcast Friday, February 20th, 2026: DynoWiper Analysis; Vibe Passwords; IDE Extension Vulns; Gransstream GXP 1600 Vuln and PoC
Under the Hood of DynoWiper
https://isc.sans.edu/diary/Under%20the%20Hood%20of%20DynoWiper/32730
Vibe Password Generation: Predictable by Design
https://www.irregular.com/publications/vibe-password-generation
Vulnerabilities (CVE-2025-65715, CVE-2025-65716, CVE-2025-65717) in four popular IDE Extensions
https://www.ox.security/blog/four-vulnerabilities-expose-a-massive-security-blind-spot-in-ide-extensions/
Grandstream GXP1600 VoIP Phones
https://www.rapid7.com/blog/post/ve-cve-2026-2329-critical-unauthenticated-stack-buffer-overflow-in-grandstream-gxp1600-voip-phones-fixed/20 February 2026, 2:00 am - 7 minutes 4 secondsSANS Stormcast Thursday, February 19th, 2026: Malware Image Resuse; Dell RecoveryPoint; Admin Center Vuln; DNS-PERSIST-01
Tracking Malware Campaigns With Reused Material
https://isc.sans.edu/diary/Tracking%20Malware%20Campaigns%20With%20Reused%20Material/32726
From BRICKSTORM to GRIMBOLT: UNC6201 Exploiting a Dell RecoverPoint for Virtual Machines Zero-Day
https://cloud.google.com/blog/topics/threat-intelligence/unc6201-exploiting-dell-recoverpoint-zero-day
Windows Admin Center Elevation of Privilege Vulnerability CVE-2026-26119
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26119
DNS-PERSIST-01: A New Model for DNS-based Challenge Validation
https://letsencrypt.org/2026/02/18/dns-persist-01.html
Defending Web Apps
https://www.sans.org/cyber-security-courses/application-security-securing-web-apps-api-microservices19 February 2026, 2:00 am - 7 minutes 30 secondsSANS Stormcast Wednesday, February 18th, 2026: IR Phishing; Neenadu Android Backdoor; NiFi Bugs; LLMs Phishing; Encrypted RCS
Fake Incident Report Used in Phishing Campaign
https://isc.sans.edu/diary/Fake%20Incident%20Report%20Used%20in%20Phishing%20Campaign/32722
Divide and conquer: how the new Keenadu backdoor exposed links between major Android botnets https://securelist.com/keenadu-android-backdoor/118913/
CVE-2026-25903: Apache NiFi: Missing Authorization of Restricted Permissions for Component Updates https://seclists.org/oss-sec/2026/q1/166
The Next Frontier of Runtime Assembly Attacks: Leveraging LLMs to Generate Phishing JavaScript in Real Time
https://unit42.paloaltonetworks.com/real-time-malicious-javascript-through-llms/
Encrypted RCS in iOS/iPadOS
https://developer.apple.com/documentation/ios-ipados-release-notes/ios-ipados-26_4-release-notes18 February 2026, 2:15 am - 5 minutes 12 secondsSANS Stormcast Tuesday, February 17th, 2026: 64Bit Malware; Password Manager Weaknesses; OpenClaw Config Theft;
2026 64-Bits Malware Trend
https://isc.sans.edu/diary/2026%2064-Bits%20Malware%20Trend/32718
A Comparative Security Analysis of Three Cloud-based Password Managers
https://zkae.io
Infostealer Infection Targeting OpenClaw Configurations
https://www.infostealers.com/article/hudson-rock-identifies-real-world-infostealer-infection-targeting-openclaw-configurations/17 February 2026, 2:00 am - 6 minutesSANS Stormcast Monday, February 16th, 2026: Graph Generator; nslookup and clickfix; Chrome 0-Day; TURN Threats
AI-Powered Knowledge Graph Generator & APTs
https://isc.sans.edu/diary/AI-Powered%20Knowledge%20Graph%20Generator%20%26%20APTs/32712
nslookup and ClickFix
https://x.com/MsftSecIntel/status/2022456612120629742
Google Chrome 0-Day Patch
https://chromereleases.googleblog.com/2026/02/stable-channel-update-for-desktop_13.html
TURN Security Threats
https://www.enablesecurity.com/blog/turn-server-security-threats/16 February 2026, 2:00 am - 5 minutes 43 secondsSANS Stormcast Friday, February 13th, 2026: SSH Bot; OpenSSH MacOS Change; Abused Employee Monitoring
Four Seconds to Botnet - Analyzing a Self-Propagating SSH Worm with Cryptographically Signed C2 [Guest Diary]
https://isc.sans.edu/diary/Four%20Seconds%20to%20Botnet%20-%20Analyzing%20a%20Self%20Propagating%20SSH%20Worm%20with%20Cryptographically%20Signed%20C2%20%5BGuest%20Diary%5D/32708
OpenSSH Update on MacOS
https://www.openssh.org/releasenotes.html
Employee Monitoring and SimpleHelp Software Abused in Ransomware Operations
https://www.huntress.com/blog/employee-monitoring-simplehelp-abused-in-ransomware-operations13 February 2026, 2:00 am - 6 minutes 9 secondsSANS Stormcast Thursday, February 12th, 2026: WSL in Malware; Apple and Adobe Patches
WSL in the Malware Ecosystem https://isc.sans.edu/diary/32704
Apple Patches Everything: February 2026
https://isc.sans.edu/diary/Apple%20Patches%20Everything%3A%20February%202026/32706
Adobe Updates
https://helpx.adobe.com/security/security-bulletin.html12 February 2026, 2:00 am - 7 minutes 54 secondsSANS Stormcast Wednesday, February 11th, 2026: Microsoft Patch Tuesday; Secure Boot Updates; Fake 7-Zip; FortiSlob
Microsoft Patch Tuesday - February 2026
https://isc.sans.edu/diary/Microsoft%20Patch%20Tuesday%20-%20February%202026/32700
Refreshing the root of trust
https://blogs.windows.com/windowsexperience/2026/02/10/refreshing-the-root-of-trust-industry-collaboration-on-secure-boot-certificate-updates/
Fake 7-Zip downloads are turning home PCs into proxy nodes
https://www.malwarebytes.com/blog/threat-intel/2026/02/fake-7-zip-downloads-are-turning-home-pcs-into-proxy-nodes
FortiNet Vulnerabilities
https://fortiguard.fortinet.com/psirt/FG-IR-25-093 https://fortiguard.fortinet.com/psirt/FG-IR-25-105211 February 2026, 2:05 am - 4 minutes 30 secondsSANS Stormcast Tuesday, February 10th, 2026: Extracting URLs; Singal Phishing; Ivanti PoC; BeyondTrust RCE; Forticlient SQL Inection
Quick Howto: Extract URLs from RTF files
https://isc.sans.edu/diary/Quick%20Howto%3A%20Extract%20URLs%20from%20RTF%20files/32692
German Agencies Warn of Signal Phishing Targeting Politicians, Military, Journalists
German: https://thehackernews.com/2026/02/german-agencies-warn-of-signal-phishing.html English: https://www.verfassungsschutz.de/SharedDocs/publikationen/DE/praevention_wirtschafts-und_wissenschaftsschutz/2026-02-06-gemeinsame-warnmitteilung-phishing.pdf?__blob=publicationFile&v=3
Someone Knows Bash Far Too Well, And We Love It - Pre-Auth RCEs
https://labs.watchtowr.com/someone-knows-bash-far-too-well-and-we-love-it-ivanti-epmm-pre-auth-rces-cve-2026-1281-cve-2026-1340/
Pre-Auth RCE in BeyondTrust Remote Support & PRA CVE-2026-1731
https://www.hacktron.ai/blog/cve-2026-1731-beyondtrust-remote-support-rce
https://www.beyondtrust.com/trust-center/security-advisories/bt26-02
Fortinet FortiClientEMS SQLi in the administrative interface
https://fortiguard.fortinet.com/psirt/FG-IR-25-114210 February 2026, 2:00 am - More Episodes? Get the App