SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
Johannes B. Ullrich
Daily update on current cyber security threats
- 5 minutes 34 secondsSANS Stormcast Monday, March 23rd, 2026: GSocket Backdoor in Bash; Oracle Security Alert; Rockwell Attacks
GSocket Backdoor Delivered Through Bash Script
https://isc.sans.edu/diary/GSocket+Backdoor+Delivered+Through+Bash+Script/32816/#comments
Oracle Security Alert CVE-2026-21992 Released
https://blogs.oracle.com/security/alert-cve-2026-21992
Rockwell Automation Reiterates Customer Guidance to Disconnect Devices from the Internet and Harden PLCs to Protect from Cyber Threats
https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1771.html23 March 2026, 2:00 am - 5 minutes 45 secondsSANS Stormcast Friday, March 20th, 2026: Cowrie Strings; MSFT Intune Hardening; Unifi Network Update;
Interesting Cowrie Strings
https://isc.sans.edu/diary/Interesting+Message+Stored+in+Cowrie+Logs/32810
Microsoft Intune Hardening Advice
https://techcommunity.microsoft.com/blog/intunecustomersuccess/best-practices-for-securing-microsoft-intune/4502117
https://www.cisa.gov/news-events/alerts/2026/03/18/cisa-urges-endpoint-management-system-hardening-after-cyberattack-against-us-organization
Unifi Network Update
https://community.ui.com/releases/Security-Advisory-Bulletin-062-062/c29719c0-405e-4d4a-8f26-e343e99f931b20 March 2026, 2:00 am - 5 minutes 55 secondsSANS Stormcast Thursday, March 19th, 2026: Adminer Scans; Apple WebKit Patch; another telnetd vuln; screenconnect vuln
Scans for "adminer"
https://isc.sans.edu/diary/Scans%20for%20%22adminer%22/32808
Background Security Improvement for WebKit
https://support.apple.com/en-us/126604
Remote Pre-Auth Buffer Overflow in GNU Inetutils telnetd (LINEMODE SLC)
https://lists.gnu.org/archive/html/bug-inetutils/2026-03/msg00031.html
ScreenConnect 26.1 Security Hardening
https://www.connectwise.com/company/trust/security-bulletins/2026-03-17-screenconnect-bulletin19 March 2026, 2:00 am - 6 minutesSANS Stormcast Wednesday, March 18th, 2026: IPv4 mapped IPv6; KVM Vulnerabilities; AWS Bedrock DNS Covert Channel
IPv4 Mapped IPv6 Addresses
https://isc.sans.edu/diary/IPv4%20Mapped%20IPv6%20Addresses/32804
More IP KVM Vulnerabilities
https://eclypsium.com/blog/your-kvm-is-the-weak-link-how-30-dollar-devices-can-own-your-entire-network/
AWS Bedrock AgentCore Code Interpreter DNS Leak
https://www.beyondtrust.com/blog/entry/pwning-aws-agentcore-code-interpreter18 March 2026, 11:05 am - 7 minutes 50 secondsSANS Stormcast Tuesday, March 17th, 2026: Proxy URLs; Local Network Address Restrictions; Advanced Phishing
/proxy/ URL scans with IP addresses
https://isc.sans.edu/forums/diary/proxy+URL+scans+with+IP+addresses/32800/
Local Network Address Restrictions
https://learn.microsoft.com/en-us/deployedge/ms-edge-local-network-access#how-to-mitigate-impact-for-cross-origin-iframes https://learn.microsoft.com/en-us/deployedge/microsoft-edge-relnote-stable-channel
European Security Vendor Targeted by Hackers Fronting as Cisco Domain
https://specopssoft.com/blog/phishing-campaign-cisco/17 March 2026, 2:00 am - 6 minutes 13 secondsSANS Stormcast Monday, March 16th, 2026: SmartApeSG and Remcos RAT; React Based Phishing; Google Chrome Patches; AdGaurd Vuln
SmartApeSG campaign uses ClickFix page to push Remcos RAT
https://isc.sans.edu/diary/SmartApeSG%20campaign%20uses%20ClickFix%20page%20to%20push%20Remcos%20RAT/32796
A React-based phishing page with credential exfiltration via EmailJS
https://isc.sans.edu/diary/32794
Google Chrome announced two zero-day fixes, then removed one.
https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_12.html
AdGuard Vulnerability
https://github.com/AdguardTeam/AdGuardHome/releases/tag/v0.107.7316 March 2026, 2:00 am - 5 minutes 19 secondsSANS Stormcast Friday, March 13th, 2026: IOT Device Discovery; Apple Patches; Veeam Patches
When your IoT Device Logs in as Admin, It s too Late!
https://isc.sans.edu/diary/When%20your%20IoT%20Device%20Logs%20in%20as%20Admin%2C%20It%3Fs%20too%20Late!%20%5BGuest%20Diary%5D/32788
Apple Patches
https://support.apple.com/en-us/100100
Veeam Patches
https://www.veeam.com/kb483013 March 2026, 2:00 am - 7 minutes 27 secondsSANS Stormcast Thursday, March 12th, 2026: Zombie Zip;
Analyzing "Zombie Zip" Files (CVE-2026-0866)
https://isc.sans.edu/diary/Analyzing%20%22Zombie%20Zip%22%20Files%20%28CVE-2026-0866%29/32786
How "Strengthening Crypto" Broke Authentication: FreshRSS and bcrypt's 72-Byte Limit
https://pentesterlab.com/blog/freshrss-bcrypt-truncation-auth-bypass12 March 2026, 2:00 am - 6 minutes 10 secondsSANS Stormcast Wednesday, March 11th, 2026: Windows, Fortinet, Adobe, and Zoom PatchesMicrosoft Patch Tuesday, March 2026
https://isc.sans.edu/diary/Microsoft%20Patch%20Tuesday%20March%202026/32782
Fortinet Updates
https://fortiguard.fortinet.com/psirt
Adobe Updates
https://helpx.adobe.com/security.html
Zoom Update
https://support.zoom.com/hc/en/article?id=zm_kb&sysparm_article=KB006122211 March 2026, 2:00 am - 7 minutes 27 secondsSANS Stormcast Tuesday, March 10th, 2026: Encrypted Client Hello; ExitTool Vulnerability;
Encrypted Client Hello: Ready for Prime Time?
https://isc.sans.edu/diary/Encrypted%20Client%20Hello%3A%20Ready%20for%20Prime%20Time%3F/32778
The ExifTool vulnerability: how an image can infect macOS systems
https://www.kaspersky.com/blog/exiftool-macos-picture-vulnerability-mitigation-cve-2026-3102/55362/
Remote code execution in Nextcloud Flow via vulnerable Windmill version
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-g7vj-98x3-qvjf10 March 2026, 2:00 am - 5 minutes 8 secondsSANS Stormcast Monday, March 9th, 2026: YARA-X Update; IP Camera Targeting; Node.js Upgrades; nginx UI Vuln
YARA-X 1.14.0 Release https://isc.sans.edu/diary/YARA-X%201.14.0%20Release/32774
INTERPLAY BETWEEN IRANIAN TARGETING OF IP CAMERAS AND PHYSICAL WARFARE IN THE MIDDLE EAST
https://research.checkpoint.com/2026/interplay-between-iranian-targeting-of-ip-cameras-and-physical-warfare-in-the-middle-east/
Announcing the Node.js LTS Upgrade and Modernization Program
https://openjsf.org/blog/nodejs-lts-upgrade-program
nginx UI Vulnerability
https://github.com/0xJacky/nginx-ui/security/advisories/GHSA-g9w5-qffc-67629 March 2026, 2:00 am - More Episodes? Get the App