
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
A brief daily summary of what is important in information security. The podcast is published every weekday and designed to get you ready for the day with a brief, usually 5 minute long, summary of current network security related events. The content is late breaking, educational and based on listener input as well as on input received by the SANS Internet Stormcenter. You may submit questions and comments via our contact form at https://isc.sans.edu/contact.html .
Latest episodes

Jul 9, 2025 • 8min
SANS Stormcast Wednesday, July 9th, 2025: Microsoft Patches; Opposum Attack;
A major patch day for Microsoft sees 139 vulnerabilities addressed, with 14 rated as critical. The discussion also highlights a new TLS vulnerability known as the 'opossum attack,' which lets attackers inject requests in specific configurations. Additionally, Ivanti has rolled out updates to tackle significant issues in their products, including a concerning password decryption flaw. Tune in for insights on these emerging threats and essential fixes in the cybersecurity landscape!

4 snips
Jul 8, 2025 • 5min
SANS Stormcast Tuesday, July 8th, 2025: Detecting Filename (Windows); Atomic Stealer now with Backdoor; SEO Scams
Discover how malware can cleverly detect its environment through filename tricks, making analysis difficult. A new version of the Atomic macOS info-stealer, equipped with a backdoor, enables attackers to maintain persistent access to compromised systems. The podcast also dives into alarming SEO scams promoting trojaned versions of popular tools, showcasing the dangers of malvertising. Learn about vulnerabilities exploited by attackers that could lead to remote code execution on cloud services.

Jul 7, 2025 • 6min
SANS Stormcast Monday, July 7th, 2025: interesting usernames; More sudo issues; CitrixBleed2 PoC; Short Lived Certs
Dive into intriguing usernames found in honeypots that could reveal security risks. Discover how the sudo command can be exploited to gain unauthorized access. Learn about the newly documented CitrixBleed2 vulnerability and its proof of concept. Plus, find out why Instagram has opted for six-day TLS certificates to boost security. Each topic highlights essential insights into current cybersecurity challenges.

Jul 3, 2025 • 5min
SANS Stormcast Thursday July 3rd, 2025: sudo problems; polymorphic zip files; cisco vulnerablity
Local users can exploit a vulnerability in the Linux sudo command to gain root access, raising significant security concerns. The podcast also delves into polymorphic zip files, which can yield different data during extraction, depending on the tool used. Additionally, there's a critical flaw in Cisco's Unified Communications Manager that allows attackers to access devices using unchangeable default credentials. These discussions emphasize the importance of patching and understanding security vulnerabilities in modern software.

5 snips
Jun 30, 2025 • 7min
SANS Stormcast Monday June 30th, 2025: Scattered Spider; AMI BIOS Exploited; Secure Boot Certs Expiring; Microsoft Resliliency Initiative
The podcast dives into the latest from the hacking group Scattered Spider, focusing on their dangerous social engineering tactics targeting airlines. A serious vulnerability in AMI BIOS is also highlighted, as it's currently being exploited. Listeners are reminded of the impending expiration of Secure Boot certificates, which is crucial for operating system security. Finally, Microsoft unveils its Resiliency Initiative, emphasizing enhanced security while introducing changes that could affect security tool functionality.

Jun 27, 2025 • 7min
SANS Stormcast Friday, June 27th, 2025: Open-VSX Flaw; Airoha Bluetooth Vulnerablity; Critical Cisco Identity Service Engine Vuln;
Developers beware: a flaw in the Open-VSX extension marketplace could jeopardize every extension available. Bluetooth vulnerabilities in the Airoha chipset may allow eavesdropping on personal devices, raising alarms about privacy. Additionally, critical weaknesses in Cisco's Identity Services Engine could enable remote attackers to gain root access. Learn about the growing threat landscape and upcoming events aimed at boosting cybersecurity awareness!

Jun 26, 2025 • 6min
SANS Stormcast Thursday, June 26th, 2025: Another Netscaler Vuln; CentOS Web Panel Vuln; IP Based Certs
A recent security bulletin revealed a critical memory overflow vulnerability in Citrix's NetScaler, posing denial of service risks if unpatched. Meanwhile, CentOS Web Panel faces a serious remote code execution flaw that allows file uploads from users. The ongoing battle against vulnerabilities continues with Gogs' insufficient patch for file deletion exploits. On a progressive note, Let's Encrypt is preparing to issue IP address-based certificates, a game-changer for TLS certification that helps devices without hostnames.

7 snips
Jun 25, 2025 • 4min
SANS Stormcast Tuesday, June 24th, 2025: Telnet/SSH Scan Evolution; Fake Sonicwall Software; File-Fix vs Click-Fix
Discover the intriguing evolution of password brute forcing over the past decade, revealing attackers' changing strategies. Learn about the alarming rise in attempts per scan, despite the consistency in password length. Delve into a new attack method called 'FileFix,' which tricks users into executing dangerous commands. Additionally, explore the trend of threat actors creating counterfeit software, like a fake Sonicwall Netextender, aimed at stealing user credentials. Stay informed on these pressing cybersecurity challenges!

Jun 24, 2025 • 5min
SANS Stormcast Tuesday, June 24th, 2025: Ichano ATHome IP Camera Scans; Netscaler Vulnerability; WinRar Vulnerability
The podcast dives into alarming scans targeting Ichano AtHome IP Cameras using easily guessable credentials like 'super_yg' and '123'. A critical vulnerability, CVE-2025-5777, is discussed regarding the Citrix Netscaler Gateway, which could put a lot of users at risk if not addressed. Additionally, the hosts reveal a concerning issue with WinRAR that could lead to remote code execution due to compromised file extraction paths. Listeners are urged to take immediate action to secure their systems.

7 snips
Jun 23, 2025 • 6min
SANS Stormcast Monday, June 23rd, 2025: ADS and Python; More Secure Cloud PCs; Zend.to Path Traversal; Parser Differentials
Explore the fascinating world of alternate data streams in NTFS with innovative tools like cut-bytes.py and filescanner. Discover how Microsoft is tightening security on Windows 365 Cloud PCs with enhanced defaults. Unpack the recent directory traversal vulnerability in zend.to and its implications for file sharing. Lastly, dive into the unexpected quirks of Go's JSON and XML parsers, revealing how they can lead to security surprises. This blend of topics provides a rich landscape of current cybersecurity challenges.