
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
A brief daily summary of what is important in information security. The podcast is published every weekday and designed to get you ready for the day with a brief, usually 5 minute long, summary of current network security related events. The content is late breaking, educational and based on listener input as well as on input received by the SANS Internet Stormcenter. You may submit questions and comments via our contact form at https://isc.sans.edu/contact.html .
Latest episodes

4 snips
Apr 25, 2025 • 7min
SANS Stormcast Friday, April 25th: SMS Gateway Scans; Comvault Exploit; Patch Window Shrinkage; More inetpub issues;
Attacks against Teltonika Networks SMS Gateways
Attackers are actively scanning for SMS Gateways. These attacks take advantage of default passwords and other commonly used passwords.
https://isc.sans.edu/diary/Attacks%20against%20Teltonika%20Networks%20SMS%20Gateways/31888
Commvault Vulnerability CVE-2205-34028
Commvault, about a week ago, published an advisory and a fix for a vulnerability in its backup software. watchTowr now released a detailed writeup and exploit for the vulnerability
https://labs.watchtowr.com/fire-in-the-hole-were-breaching-the-vault-commvault-remote-code-execution-cve-2025-34028/
Exploitation Trends Q1 2025
Vulncheck published a summary of exploitation trends, pointing out that about a quarter of vulnerabilities are exploited a day after a patch is made available.
https://vulncheck.com/blog/exploitation-trends-q1-2025
inetpub directory issues
The inetpub directory introduced by Microsoft in its April patch may lead to a denial of service against applying patches on Windows if an attacker can create a junction for that location pointing to an existing system binary like Notepad.
https://doublepulsar.com/microsofts-patch-for-cve-2025-21204-symlink-vulnerability-introduces-another-symlink-vulnerability-9ea085537741

Apr 24, 2025 • 6min
SANS Stormcast Thursday, April 24th: Honeypot iptables Maintenance; XRPL.js Compromise; Erlang/OTP SSH Vuln affecting Cisco
Discover the intricacies of maintaining a honeypot and the importance of dynamic configurations to keep your security measures sharp. Learn about a serious breach in the XRPL.js library, which allowed attackers to steal secret keys through malicious updates. The podcast also highlights a critical vulnerability in the Erlang/OTP SSH library affecting Cisco equipment, emphasizing the urgent need for patches and security vigilance in the tech community.

Apr 23, 2025 • 6min
SANS Stormcast Wednesday, April 23rd: More xorsearch Updates; DKIM Replay Attack; SSL.com Vulnerability Fixed
Discover the latest advancements in cybersecurity tools, including the innovative uses of ad hoc YARA rules for simplified threat detection. Dive into a chilling discussion on a DKIM replay attack that successfully spoofed Google by reusing signatures. The vulnerabilities in SSL.com’s email validation process raise concerns about webmail security and certificate issuance. This podcast delves into these critical topics that shape the future of online safety.

Apr 22, 2025 • 6min
SANS Stormcast Tuesday, April 22nd: Phishing via Google; ChatGPT Fingerprint; Asus AI Cloud Vuln; PyTorch RCE
It's 2025, so why are malicious advertising URLs still going strong?
Phishing attacks continue to take advantage of Google s advertising services. Sadly, this is still the case for obviously malicious links, even after various anti-phishing services flag the URL.
https://isc.sans.edu/diary/It%27s%202025...%20so%20why%20are%20obviously%20malicious%20advertising%20URLs%20still%20going%20strong%3F/31880
ChatGPT Fingerprinting Documents via Unicode
ChatGPT apparently started leaving fingerprints in texts, which it creates by adding invisible Unicode characters like non-breaking spaces.
https://www.rumidocs.com/newsroom/new-chatgpt-models-seem-to-leave-watermarks-on-text
Asus AI Cloud Security Advisory
Asus warns of a remote code execution vulnerability in its routers. The vulnerability is related to the AI Cloud feature. If your router is EoL, disabling the feature will mitigate the vulnerability
https://www.asus.com/content/asus-product-security-advisory/
PyTorch Vulnerability
PyTorch fixed a remote code execution vulnerability exploitable if a malicious model was loaded. This issue was exploitable even with the weight_only=True" setting selected
https://github.com/pytorch/pytorch/security/advisories/GHSA-53q9-r3pm-6pq6

Apr 21, 2025 • 8min
ANS Stormcast Monday, April 21st: MSFT Entra Lockouts; Erlang/OTP SSH Exploit; Sonicwall Exploit; bubble.io bug
Discussions take a deep dive into a recent wave of account lockouts caused by Microsoft Entra's new security feature, sparking chaos among users. An exploit targeting Erlang/OTP SSH vulnerabilities raises alarms with easy remote code execution. Sonicwall devices are under threat from an older command injection exploit after brute-force access. Finally, an unpatched vulnerability in bubble.io exposes projects to potential breaches, underscoring the need for vigilance in cybersecurity.

Apr 18, 2025 • 6min
SANS Stormcast Friday, April 18th: Remnux Cloud Environment; Erlang/OTP SSH Vuln; Brickstorm Backdoor Analysis; GPT 4.1 Safety Controversy
Discover how to set up a malware analysis environment in the cloud with Remnux. Dive into a critical vulnerability in the Erlang/OTP SSH library that opens doors to remote code execution. Uncover the resurgence of the Brickstorm backdoor affecting both Linux and Windows systems. Lastly, explore the controversy surrounding OpenAI's GPT 4.1 release, which stirred concerns due to the absence of safety measures against potential malware creation.

Apr 17, 2025 • 6min
SANS Stormcast Thursday April 17th: Apple Updates; Oracle Updates; Google Chrome Updates; CVE News;
Exciting tech updates abound as Apple rolls out security fixes for iOS and other platforms, addressing exploited vulnerabilities. Meanwhile, Oracle's critical patch update tackles a staggering 378 vulnerabilities, many linked to open-source software. Google Chrome also joins the mix, fixing critical vulnerabilities in its latest release. Finally, there’s buzz about the CVE numbering scheme, with MITRE receiving extended funding and other organizations considering alternative vulnerability registers.

Apr 16, 2025 • 6min
SANS Stormcast Wednesday Apr 16th: File Upload Service Abuse; OpenSSH 10.0 Released; Apache Roller Vuln; Possible CVE Changes
Data exfiltration is on the rise as attackers exploit free online services like gofile.io and pastebin. Meanwhile, OpenSSH 10.0 has been released, introducing quantum-safe ciphers and improved security by separating authentication services. Apache Roller has a newly addressed vulnerability with a notable CVSS score, while ongoing discussions about CVE funding may lead to temporary disruptions, though diverse support might see it through.

9 snips
Apr 15, 2025 • 6min
SANS Stormcast Tuesday April 15th: xorsearch Update; Short Lived Certificates; New USB Malware
Explore the exciting update to a powerful searching tool, now enabling complex queries with regular expressions and Yara signatures. Discover significant changes in TLS certificate lifetimes that enhance security over the next few years. Dive into the alarming new malware that attacks USB drives, replacing files with malicious versions to harvest sensitive data. This intriguing mix of technical advancements and emerging threats highlights the evolving landscape of cybersecurity.

Apr 14, 2025 • 7min
SANS Stormcast Monday April 14th: Langlow AI Attacks; Fortinet Attack Cleanup; MSFT Inetpub;
There's a surge of exploit attempts targeting a recent vulnerability in LangFlow, particularly from Tor endpoints. Fortinet uncovered threats exploiting system weaknesses, leading to new updates for improved security. Microsoft clarified that its latest patches intentionally created the inetpub directory, urging users not to delete it. The discussion also touches on the implications of patch management and highlights the importance of security measures in the evolving cyber landscape.
Remember Everything You Learn from Podcasts
Save insights instantly, chat with episodes, and build lasting knowledge - all powered by AI.