A brief daily summary of what is important in information security. The podcast is published every weekday and designed to get you ready for the day with a brief, usually 5 minutes long summary of current network security related events. The content is late breaking, educational and based on listener input as well as on input received by the SANS Internet Storm Center. You may submit questions and comments via our contact form at https://isc.sans.edu/contact.html .
…
continue reading
Johannes B. Ullrich Podcasts
Daily cybersecurity news for practitioners. Vulnerabilities, defenses, threats, network security insight, research and more to make you sound smarter as you get to the office in the morning. New each weekday.
…
continue reading
1
SANS Stormcast Monday, November 17th, 2025: New(isch) Fortiweb Vulnerability; Finger and ClickFix
7:10
7:10
Play later
Play later
Lists
Like
Liked
7:10
Fortiweb Vulnerability Fortinet, with significant delay, acknowledged a recently patched vulnerability after exploit attempts were seen publicly. https://isc.sans.edu/diary/Honeypot+FortiWeb+CVE202564446+Exploits/32486 https://labs.watchtowr.com/when-the-impersonation-function-gets-used-to-impersonate-users-fortinet-fortiweb-auth-bypass/ https://fo…
…
continue reading
1
SANS Stormcast Monday, November 17th, 2025: New(isch) Fortiweb Vulnerability; Finger and ClickFix (#)
7:11
7:11
Play later
Play later
Lists
Like
Liked
7:11
SANS Stormcast Monday, November 17th, 2025: New(isch) Fortiweb Vulnerability; Finger and ClickFix Fortiweb Vulnerability Fortinet, with significant delay, acknowledged a recently patched vulnerability after exploit attempts were seen publicly. https://isc.sans.edu/diary/Honeypot+FortiWeb+CVE202564446+Exploits/32486 https://labs.watchtowr.com/when-t…
…
continue reading
1
SANS Stormcast Friday, November 14th, 2025: SmartApeSG and ClickFix; Formbook Obfuscation Tricks; Sudo-rs Vulnerabilities; SANS Holiday Hack Challenge
10:09
10:09
Play later
Play later
Lists
Like
Liked
10:09
SmartApeSG campaign uses ClickFix page to push NetSupport RAT A detailed analysis of a recent SamtApeSG campaign taking advantage of ClickFix https://isc.sans.edu/diary/32474 Formbook Delivered Through Multiple Scripts An analysis of a recent version of Formbook showing how it takes advantage of multiple obfuscation tricks https://isc.sans.edu/diar…
…
continue reading
1
SANS Stormcast Friday, November 14th, 2025: SmartApeSG and ClickFix; Formbook Obfuscation Tricks; Sudo-rs Vulnerabilities; SANS Holiday Hack Challenge (#)
10:10
10:10
Play later
Play later
Lists
Like
Liked
10:10
SANS Stormcast Friday, November 14th, 2025: SmartApeSG and ClickFix; Formbook Obfuscation Tricks; Sudo-rs Vulnerabilities; SANS Holiday Hack Challenge SmartApeSG campaign uses ClickFix page to push NetSupport RAT A detailed analysis of a recent SamtApeSG campaign taking advantage of ClickFix https://isc.sans.edu/diary/32474 Formbook Delivered Throu…
…
continue reading
1
SANS Stormcast Thursday, November 13th, 2025: OWASP Top 10 Update; Cisco/Citrix Exploits; Test post quantum readiness
6:33
6:33
Play later
Play later
Lists
Like
Liked
6:33
OWASP Top 10 2025 Release Candidate OWASP published a release candidate for the 2025 version of its Top 10 list https://owasp.org/Top10/2025/0x00_2025-Introduction/ Citrix/Cisco Exploitation Details Amazon detailed how Citrix and Cisco vulnerabilities were used by advanced actors to upload webshells https://aws.amazon.com/blogs/security/amazon-disc…
…
continue reading
1
SANS Stormcast Thursday, November 13th, 2025: OWASP Top 10 Update; Cisco/Citrix Exploits; Test post quantum readiness (#)
6:34
6:34
Play later
Play later
Lists
Like
Liked
6:34
SANS Stormcast Thursday, November 13th, 2025: OWASP Top 10 Update; Cisco/Citrix Exploits; Test post quantum readiness OWASP Top 10 2025 Release Candidate OWASP published a release candidate for the 2025 version of its Top 10 list https://owasp.org/Top10/2025/0x00_2025-Introduction/ Citrix/Cisco Exploitation Details Amazon detailed how Citrix and Ci…
…
continue reading
1
SANS Stormcast Wednesday, November 12th, 2025: Microsoft Patch Tuesday; Gladinet Triofox Vulnerability; SAP Patches
6:03
6:03
Play later
Play later
Lists
Like
Liked
6:03
Microsoft Patch Tuesday for November 2025 https://isc.sans.edu/diary/Microsoft+Patch+Tuesday+for+November+2025/32468/ Gladinet Triofox Vulnerability Triofox uses the host header in lieu of proper access control, allowing an attacker to access the page managing administrators by simply setting the host header to localhost. https://cloud.google.com/b…
…
continue reading
1
SANS Stormcast Wednesday, November 12th, 2025: Microsoft Patch Tuesday; Gladinet Triofox Vulnerability; SAP Patches (#)
6:03
6:03
Play later
Play later
Lists
Like
Liked
6:03
SANS Stormcast Wednesday, November 12th, 2025: Microsoft Patch Tuesday; Gladinet Triofox Vulnerability; SAP Patches Microsoft Patch Tuesday for November 2025 https://isc.sans.edu/diary/Microsoft+Patch+Tuesday+for+November+2025/32468/ Gladinet Triofox Vulnerability Triofox uses the "host" header in lieu of proper access control, allowing an attacker…
…
continue reading
1
SANS Stormcast Tuesday, November 11th, 2025: 3CX Related Scans; Watchguard Default Password;
7:25
7:25
Play later
Play later
Lists
Like
Liked
7:25
It isn t always defaults: Scans for 3CX Usernames Our honeypots detected scans for usernames that may be related to 3CX business phone systems https://isc.sans.edu/diary/It%20isn%27t%20always%20defaults%3A%20Scans%20for%203CX%20usernames/32464 Watchguard Default Password Controversy A CVE number was assigned to a default password commonly used in W…
…
continue reading
1
SANS Stormcast Tuesday, November 11th, 2025: 3CX Related Scans; Watchguard Default Password; (#)
7:26
7:26
Play later
Play later
Lists
Like
Liked
7:26
SANS Stormcast Tuesday, November 11th, 2025: 3CX Related Scans; Watchguard Default Password; It isn't always defaults: Scans for 3CX Usernames Our honeypots detected scans for usernames that may be related to 3CX business phone systems https://isc.sans.edu/diary/It%20isn%27t%20always%20defaults%3A%20Scans%20for%203CX%20usernames/32464 Watchguard De…
…
continue reading
1
SANS Stormcast Monday, November 10th, 2025: Code Repo Requests; Time Delayed ICS Attacks; Encrypted LLM Traffic Sidechannel Attacks
7:06
7:06
Play later
Play later
Lists
Like
Liked
7:06
Honeypot Requests for Code Repository Attackers continue to scan websites for source code repositories. Keep your repositories outside your document root and proactively scan your own sites. https://isc.sans.edu/diary/Honeypot%3A%20Requests%20for%20%28Code%29%20Repositories/32460 Malicious NuGet Packages Deliver Time-Delayed Destructive Payloads Ne…
…
continue reading
1
SANS Stormcast Monday, November 10th, 2025: Code Repo Requests; Time Delayed ICS Attacks; Encrypted LLM Traffic Sidechannel Attacks (#)
7:07
7:07
Play later
Play later
Lists
Like
Liked
7:07
SANS Stormcast Monday, November 10th, 2025: Code Repo Requests; Time Delayed ICS Attacks; Encrypted LLM Traffic Sidechannel Attacks Honeypot Requests for Code Repository Attackers continue to scan websites for source code repositories. Keep your repositories outside your document root and proactively scan your own sites. https://isc.sans.edu/diary/…
…
continue reading
51
SANS Stormcast Friday, November 7th, 2025: PowerShell Log Correlation; RondoBox Disected; Google Chrome and Cisco Patches
5:31
5:31
Play later
Play later
Lists
Like
Liked
5:31
Binary Breadcrumbs: Correlating Malware Samples with Honeypot Logs Using PowerShell [Guest Diary] Windows, with PowerShell, has a great scripting platform to match common Linux/Unix command line utilities. https://isc.sans.edu/diary/Binary%20Breadcrumbs%3A%20Correlating%20Malware%20Samples%20with%20Honeypot%20Logs%20Using%20PowerShell%20%5BGuest%20…
…
continue reading
1
SANS Stormcast Friday, November 7th, 2025: PowerShell Log Correlation; RondoBox Disected; Google Chrome and Cisco Patches (#)
5:31
5:31
Play later
Play later
Lists
Like
Liked
5:31
SANS Stormcast Friday, November 7th, 2025: PowerShell Log Correlation; RondoBox Disected; Google Chrome and Cisco Patches Binary Breadcrumbs: Correlating Malware Samples with Honeypot Logs Using PowerShell [Guest Diary] Windows, with PowerShell, has a great scripting platform to match common Linux/Unix command line utilities. https://isc.sans.edu/d…
…
continue reading
1
SANS Stormcast Thursday, November 6th, 2025: Domain API Update; Teams Spoofing; VShell Report
5:43
5:43
Play later
Play later
Lists
Like
Liked
5:43
Updates to Domainname API Some updates to our domainname API will make it more flexible and make it easier and faster to get the complete dataset. https://isc.sans.edu/diary/Updates%20to%20Domainname%20API/32452 Microsoft Teams Impersonation and Spoofing Vulnerabilities Checkpoint released details about recently patched spoofing and impersonation v…
…
continue reading
1
SANS Stormcast Thursday, November 6th, 2025: Domain API Update; Teams Spoofing; VShell Report (#)
5:43
5:43
Play later
Play later
Lists
Like
Liked
5:43
SANS Stormcast Thursday, November 6th, 2025: Domain API Update; Teams Spoofing; VShell Report Updates to Domainname API Some updates to our domainname API will make it more flexible and make it easier and faster to get the complete dataset. https://isc.sans.edu/diary/Updates%20to%20Domainname%20API/32452 Microsoft Teams Impersonation and Spoofing V…
…
continue reading
1
SANS Stormcast Wednesday, November 5th, 2025: Apple Patches; Exploits against Trucking and Logistic; Google Android Patches
6:29
6:29
Play later
Play later
Lists
Like
Liked
6:29
Apple Patches Everything, Again Apple released a minor OS upgrade across its lineup, fixing a number of security vulnerabilities. https://isc.sans.edu/diary/Apple%20Patches%20Everything%2C%20Again/32448 Remote Access Tools Used to Compromise Trucking and Logistics Attackers infect trucking and logistics companies with regular remote management tool…
…
continue reading
1
SANS Stormcast Wednesday, November 5th, 2025: Apple Patches; Exploits against Trucking and Logistic; Google Android Patches
6:30
6:30
Play later
Play later
Lists
Like
Liked
6:30
Apple Patches Everything, Again Apple released a minor OS upgrade across its lineup, fixing a number of security vulnerabilities. https://isc.sans.edu/diary/Apple%20Patches%20Everything%2C%20Again/32448 Remote Access Tools Used to Compromise Trucking and Logistics Attackers infect trucking and logistics companies with regular remote management tool…
…
continue reading
1
SANS Stormcast Tuesday, November 4th, 2025: XWiki SolrSearch Exploits and Rapper Feud; AMD Zen 5 RDSEED Bug; More Malicious Open VSX Extensions
6:56
6:56
Play later
Play later
Lists
Like
Liked
6:56
XWiki SolrSearch Exploit Attempts CVE-2025-24893 We have detected a number of exploit attempts against XWiki taking advantage of a vulnerability that was added to the KEV list on Friday. https://isc.sans.edu/diary/XWiki%20SolrSearch%20Exploit%20Attempts%20%28CVE-2025-24893%29%20with%20link%20to%20Chicago%20Gangs%20Rappers/32444 AMD Zen 5 Random Num…
…
continue reading
1
SANS Stormcast Tuesday, November 4th, 2025: XWiki SolrSearch Exploits and Rapper Feud; AMD Zen 5 RDSEED Bug; More Malicious Open VSX Extensions (#)
6:56
6:56
Play later
Play later
Lists
Like
Liked
6:56
SANS Stormcast Tuesday, November 4th, 2025: XWiki SolrSearch Exploits and Rapper Feud; AMD Zen 5 RDSEED Bug; More Malicious Open VSX Extensions XWiki SolrSearch Exploit Attempts CVE-2025-24893 We have detected a number of exploit attempts against XWiki taking advantage of a vulnerability that was added to the KEV list on Friday. https://isc.sans.ed…
…
continue reading
51
SANS Stormcast Monday, November 3rd, 2025: Port 8530/8531 Scans; BADCANDY Webshells; Open VSX Security Improvements
6:26
6:26
Play later
Play later
Lists
Like
Liked
6:26
Scans for WSUS: Port 8530/8531 TCP, CVE-2025-59287 We did observe an increase in scans for TCP ports 8530 and 8531. These ports are associated with WSUS and the scans are likely looking for servers vulnerable to CVE-2025-59287 https://isc.sans.edu/diary/Scans%20for%20Port%208530%208531%20%28TCP%29.%20Likely%20related%20to%20WSUS%20Vulnerability%20C…
…
continue reading
1
SANS Stormcast Monday, November 3rd, 2025: Port 8530/8531 Scans; BADCANDY Webshells; Open VSX Security Improvements (#)
6:27
6:27
Play later
Play later
Lists
Like
Liked
6:27
SANS Stormcast Monday, November 3rd, 2025: Port 8530/8531 Scans; BADCANDY Webshells; Open VSX Security Improvements Scans for WSUS: Port 8530/8531 TCP, CVE-2025-59287 We did observe an increase in scans for TCP ports 8530 and 8531. These ports are associated with WSUS and the scans are likely looking for servers vulnerable to CVE-2025-59287 https:/…
…
continue reading
1
SANS Stormcast Friday, October 31st, 2025: Bug Bounty Headers; Exchange hardening; MOVEIt vulnerability
6:19
6:19
Play later
Play later
Lists
Like
Liked
6:19
X-Request-Purpose: Identifying "research" and bug bounty related scans? Our honeypots captured a few requests with bug bounty specific headers. These headers are meant to make it easier to identify requests related to bug bounty, and they are supposed to identify the researcher conducting the scans https://isc.sans.edu/diary/X-Request-Purpose%3A%20…
…
continue reading
1
SANS Stormcast Friday, October 31st, 2025: Bug Bounty Headers; Exchange hardening; MOVEIt vulnerability (#)
6:20
6:20
Play later
Play later
Lists
Like
Liked
6:20
SANS Stormcast Friday, October 31st, 2025: Bug Bounty Headers; Exchange hardening; MOVEIt vulnerability X-Request-Purpose: Identifying "research" and bug bounty related scans? Our honeypots captured a few requests with bug bounty specific headers. These headers are meant to make it easier to identify requests related to bug bounty, and they are sup…
…
continue reading
1
SANS Stormcast Thursday, October 30th, 2025: Memory Only Filesystems Forensics; Azure Outage; docker-compose patch
6:07
6:07
Play later
Play later
Lists
Like
Liked
6:07
How to Collect Memory-Only Filesystems on Linux Systems Getting forensically sound copies of memory-only file systems on Linux can be tricky, as tools like dd do not work. https://isc.sans.edu/diary/How%20to%20collect%20memory-only%20filesystems%20on%20Linux%20systems/32432 Microsoft Azure Front Door Outage Today, Microsoft s Azure Front Door servi…
…
continue reading
