Best SANS ISC Handlers Podcasts (2025)

1
SANS Stormcast Thursday, October 23rd, 2025: Blue Angle Software Exploit; Oracle CPU; Rust tar library vulnerability. 7:28

Play Pause

5h ago7:28

7:28

webctrl.cgi/Blue Angel Software Suite Exploit Attempts. Maybe CVE-2025-34033 Variant? Our honeypots detected attacks that appear to exploit CVE-2025-34033 or a similar vulnerability in the Blue Angle Software Suite. https://isc.sans.edu/diary/webctrlcgiBlue+Angel+Software+Suite+Exploit+Attempts+Maybe+CVE202534033+Variant/32410 Oracle Critical Patch…

1
SANS Stormcast Wednesday, October 22nd, 2025: NTP Pool; Xubuntu Compromise; Squid Vulnerability; Lanscope Vuln; 6:37

1d ago6:37

6:37

What time is it? Accuracy of pool.ntp.org. How accurate and reliable is pool.ntp.org? Turns out it is very good! https://isc.sans.edu/diary/What%20time%20is%20it%3F%20Accuracy%20of%20pool.ntp.org./32390 Xubuntu Compromise The Xubuntu website was compromised last weekend and served malware https://floss.social/@bluesabre/115401767635718361 Squid Pro…

1
SANS Stormcast Tuesday, October 21st, 2025: Syscall() Obfuscation; AWS down; Beijing Time Attack 9:17

2d ago9:17

9:17

Using Syscall() for Obfuscation/Fileless Activity Fileless malware written in Python can uses syscall() to create file descriptors in memory, evading signatures. https://isc.sans.edu/diary/Using%20Syscall%28%29%20for%20Obfuscation%20Fileless%20Activity/32384 AWS Outages AWS has had issues most of the day on Monday, affecting numerous services. http…

1
SANS Stormcast Monday, October 20th, 2025: Malicious Tiktok; More Google Ad Problems; Satellite Insecurity 6:14

3d ago6:14

6:14

TikTok Videos Promoting Malware InstallationTikTok Videos Promoting Malware Installation Tiktok videos advertising ways to obtain software like Photoshop for free will instead trick users into downloading https://isc.sans.edu/diary/TikTok%20Videos%20Promoting%20Malware%20Installation/32380 Google Ads Advertise Malware Targeting MacOS Developers Hun…

1
SANS Stormcast Friday, October 17th, 2025: New Slack Workspace; Cisco SNMP Exploited; BIOS Backdoor; @sans_edu reseach: Active Defense 21:28

6d ago21:28

21:28

New DShield Support Slack Workspace Due to an error on Salesforce s side, we had to create a new Slack Workspace for DShield support. https://isc.sans.edu/diary/New%20DShield%20Support%20Slack/32376 Attackers Exploiting Recently Patched Cisco SNMP Flaw (CVE-2025-20352) Trend Micro published details explaining how attackers took advantage of a recen…

1
SANS Stormcast Thursday, October 16th, 2025: Clipboard Image Stealer; F5 Compromise; Adobe Updates; SAP Patchday 8:40

7d ago8:40

8:40

Clipboard Image Stealer Xavier presents an infostealer in Python that steals images from the clipboard. https://isc.sans.edu/diary/Clipboard%20Pictures%20Exfiltration%20in%20Python%20Infostealer/32372 F5 Compromise F5 announced a wide-ranging compromise today. Source code and information about unpatched vulnerabilities were stolen. https://my.f5.co…

1
SANS Stormcast Wednesday, October 15th, 2025: Microsoft Patchday; Ivanti Advisory; Fortinet Patches 6:22

8d ago6:22

6:22

Microsoft Patch Tuesday Microsoft not only released new patches, but also the last patches for Windows 10, Office 2016, Office 2019, Exchange 2016 and Exchange 2019. https://isc.sans.edu/diary/Microsoft%20Patch%20Tuesday%20October%202025/32368 Ivanti Advisory Ivanti released an advisory with some mitigation steps users can take until the recently m…

1
SANS Stormcast Tuesday, October 14th, 2025: ESAFENET Scans; Payroll Priates; MSFT Edge IE Mode 6:02

9d ago6:02

6:02

Scans for ESAFENET CDG V5 We do see some increase in scans for the Chinese secure document management system, ESAFENET. https://isc.sans.edu/diary/Heads%20Up%3A%20Scans%20for%20ESAFENET%20CDG%20V5%20/32364 Investigating targeted payroll pirate attacks affecting US universities Microsoft wrote about how payroll pirates redirect employee paychecks vi…

1
SANS Stormcast Monday, October 13th, 2025: More Oracle Patches; Sonicwall Compromisses; Unpatched Gladinet; 7-Zip Patches 5:56

10d ago5:56

5:56

New Oracle E-Business Suite Patches Oracle released one more patch for the e-business suite. Oracle does not state if it is already exploited, but the timing of the patch suggests that it should be expedited. https://www.oracle.com/security-alerts/alert-cve-2025-61884.html Widespread Sonicwall SSLVPN Compromise Huntress Labs observed the widespread…

1
SANS Stormcast Friday, October 10th, 2025: RedTail Defenses; SonicWall Breach; Crowdstrike “Issues”; Ivanti 0-days; Mapping Agentic Attack Surface (@sans_edu paper) 15:12

13d ago15:12

15:12

Building Better Defenses: RedTail Observations Defending against attacks like RedTail is more then blocking IoCs, but instead one must focus on the techniques and tactics attackers use. https://isc.sans.edu/diary/Guest+Diary+Building+Better+Defenses+RedTail+Observations+from+a+Honeypot/32312 Sonicwall: It wasn t the user s fault Sonicwall admits to…

1
SANS Stormcast Thursday, October 9th, 2025: Polymorphic Python; ssh ProxyCommand Vuln; 6:12

14d ago6:12

6:12

Polymorphic Python Malware Xavier discovered self-modifying Python code on Virustotal. The remote access tool takes advantage of the inspect module to modify code on the fly. https://isc.sans.edu/diary/Polymorphic%20Python%20Malware/32354 SSH ProxyCommand Vulnerability A user cloning a git repository may be tricked into executing arbitrary code via…

1
SANS Stormcast Wednesday, October 8th, 2025: FreePBX Exploits; Disrupting Teams Threats; Kibana and QT SVG Patches 5:57

15d ago5:57

5:57

By Dr. Johannes B. Ullrich

1
SANS Stormcast Tuesday, October 7th, 2025: More About Oracle; Redis Vulnerability; GoAnywhere Exploited 5:33

16d ago5:33

5:33

By Dr. Johannes B. Ullrich

1
SANS Stormcast Monday, October 6th, 2025: Oracle 0-Day 6:28

17d ago6:28

6:28

Oracle E-Business Suite 0-Day CVE-2025-61882 Last week, the Cl0p ransomware gang sent messages to many businesses stating that an Oracle E-Business Suite vulnerability was used to exfiltrate data. Initially, Oracle believed the root cause to be a vulnerability patched in June, but now Oracle released a patch for a new vulnerability. https://www.ora…

1
SANS Stormcast Friday, October 3rd, 2025: More .well-known Scans; RedHat Openshift Patch; TOTOLINK Vuln; 6:35

20d ago6:35

6:35

More .well-known scans Attackers are using API documentation automatically published in the .well-known directory for reconnaissance. https://isc.sans.edu/diary/More%20.well-known%20Scans/32340 RedHat Patches Openshift AI Services A flaw was found in Red Hat Openshift AI Service. A low-privileged attacker with access to an authenticated account, fo…

1
SANS Stormcast Thursday, October 2nd, 2025: Honeypot Passwords; OneLogin Vuln; Breaking Intel SGX; OpenSSL Patch 8:11

21d ago8:11

8:11

Comparing Honeypot Passwords with HIBP Most passwords used against our honeypots are also found in the Have I been pwn3d list. However, the few percent that are not found tend to be variations of known passwords, extending them to find likely mutations. https://isc.sans.edu/diary/%5BGuest%20Diary%5D%20Comparing%20Honeypot%20Passwords%20with%20HIBP/…

1
SANS Stormcast Wednesday, October 1st, 2025: Cookie Auth Issues; Western Digtial Command Injection; sudo exploited; 5:10

22d ago5:10

5:10

Sometimes you don t even need to log in Applications using simple, predictable cookies to verify a user s identity are still exploited, and relatively recent vulnerabilities are still due to this very basic mistake. https://isc.sans.edu/diary/%22user%3Dadmin%22.%20Sometimes%20you%20don%27t%20even%20need%20to%20log%20in./32334 Western Digital My Clo…

1
SANS Stormcast Tuesday, September 30th, 2025: Apple Patch; PAN Global Protect Scans; SSL.com signed malware 5:06

23d ago5:06

5:06

Apple Patches Apple released patches for iOS, macOS, and visionOS, fixing a single font parsing vulnerability https://isc.sans.edu/diary/Apple%20Patches%20Single%20Vulnerability%20CVE-2025-43400/32330 Increase in Scans for Palo Alto Global Protect Vulnerability (CVE-2024-3400). Our honeypots detected an increase in scans for a Palo Alto Global Prot…

1
SANS Stormcast Monday, September 29th, 2025: Convert Timestamps; Cisco Compromises; GitHub Notification Phishing 8:36

24d ago8:36

8:36

Converting Timestamps in .bash_history Unix shells offer the ability to add timestamps to commands in the .bash_history file. This is often done in the form of Unix timestamps. This new tool converts these timestamps into a more readable format. https://isc.sans.edu/diary/New%20tool%3A%20convert-ts-bash-history.py/32324 Cisco ASA/FRD Compromises Ex…

1
SANS Stormcast Friday, September 26th, 2025: Webshells in .well-known; Critical Cisco Vulns Exploited; XCSSET Update; GoAnywhere MFT Exploit Details 6:52

27d ago6:52

6:52

Webshells Hiding in .well-known Places Our honeypots registered an increase in scans for URLs in the .well-known directory, which appears to be looking for webshells. https://isc.sans.edu/diary/Webshells%20Hiding%20in%20.well-known%20Places/32320 Cisco Patches Critical Exploited Vulnerabilities Cisco released updates addressing already-exploited vu…

1
SANS Stormcast Thursday, September 25th, 2025: Hikvision Exploits; Cisco Patches; Sonicawall Anit-Rootkit Patch; Windows 10 Support 5:33

28d ago5:33

5:33

Exploit Attempts Against Older Hikvision Camera Vulnerability Out honeypots observed an increase in attacks against some older Hikvision issues. A big part of the problem is weak passwords, and the ability to send credentials as part of the URL. https://isc.sans.edu/diary/Exploit%20Attempts%20Against%20Older%20Hikvision%20Camera%20Vulnerability/323…

1
SANS Stormcast Wednesday, September 24th, 2025: DoS against the Analyst; GitHub Improvements; Solarwinds and Supermicro BMC vulnerabilities 7:22

29d ago7:22

7:22

Distracting the Analyst for Fun and Profit Our undergraduate intern, Tyler House analyzed what may have been a small DoS attack that was likely more meant to distract than to actually cause a denial of service https://isc.sans.edu/diary/%5BGuest%20Diary%5D%20Distracting%20the%20Analyst%20for%20Fun%20and%20Profit/32308 GitHub s plan for a more secur…

1
SANS Stormcast Tuesday, September 23rd, 2025: Ivanti EPMM Exploit; GitHub Impersonation 4:49

1M ago4:49

4:49

CISA Reports Ivanti EPMM Exploit Sightings Two different organizations submitted backdoors to CISA, which are believed to have been installed using Ivanti vulnerabilities patched in May. https://www.cisa.gov/news-events/analysis-reports/ar25-261a Lastpass Observes Impersonation on GitHub Lastpass noted a number of companies being impersonated via f…

1
SANS Stormcast Monday, September 22nd, 2025: Odd HTTP Reuqest; GoAnywhere MFT Bug; EDR Freeze 9:02

1M ago9:02

9:02

Help Wanted: What are these odd requests about? An odd request is hitting a number of our honeypots with a somewhat unusual HTTP request header. Please let me know if you no what the request is about. https://isc.sans.edu/forums/diary/Help+Wanted+What+are+these+odd+reuqests+about/32302/ Forta GoAnywhere MFT Vulnerability Forta s GoAnywhere MFT prod…

1
SANS Stormcast Friday, September 19th, 2025: Honeypot File Analysis (@sans_edu); SonicWall Breach; DeepSeek Bias; Chrome 0-day 7:14

1M ago7:14

7:14

Exploring Uploads in a Dshield Honeypot Environment This guest diary by one of our SANS.edu undergraduate interns shows how to analyze files uploaded to Cowrie https://isc.sans.edu/diary/Exploring%20Uploads%20in%20a%20Dshield%20Honeypot%20Environment%20%5BGuest%20Diary%5D/32296 Sonicwall Breach SonicWall MySonicWall accounts were breached via crede…