

SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
Johannes B. Ullrich
A brief daily summary of what is important in information security. The podcast is published every weekday and designed to get you ready for the day with a brief, usually 5 minute long, summary of current network security related events. The content is late breaking, educational and based on listener input as well as on input received by the SANS Internet Stormcenter. You may submit questions and comments via our contact form at https://isc.sans.edu/contact.html .
Episodes
Mentioned books

Jul 30, 2025 • 7min
SANS Stormcast Wednesday July 30th, 2025: Apple Updates; Python Triage; Papercut Vuln Exploited
Apple has rolled out a massive update fixing 89 vulnerabilities across its operating systems, highlighting serious risks tied to WebKit. Meanwhile, a savvy Python script has been introduced to aid in efficiently searching for compromise indicators in files, even compressed ones. The podcast also sheds light on a papercut vulnerability that has been officially added to the list of known exploited vulnerabilities, emphasizing the critical need for regular software updates to avoid significant security risks.

Jul 29, 2025 • 6min
SANS Stormcast Tuesday, July 29th, 2025:Parasitic Exploits; Cisco ISE Exploit; MyASUS Vuln
Explore the alarming rise in parasitic exploits targeting SharePoint, where attackers are utilizing backdoors to infiltrate systems. Discover a recently patched vulnerability in Cisco ISE that’s now being actively exploited, allowing unauthenticated users to execute potentially harmful code. Additionally, learn about the MyASUS tool's security flaw, which mishandles access tokens and could expose sensitive functions to cyber threats. Timely patching is emphasized as essential to protect against these growing risks.

Jul 28, 2025 • 6min
SANS Stormcast Monday, July 28th, 2025: Linux Namespaces; UI Automation Abuse; Autoswagger
Discover how Linux namespaces can mask networking features on a per-process basis, enhancing malware analysis. Delve into the alarming emergence of malware that exploits Microsoft’s UI Automation Framework to steal user credentials. Plus, learn about Autoswagger, a handy tool for automating REST API testing that adheres to OpenAPI standards. This episode highlights crucial security insights and the evolving tactics of cyber threats.

4 snips
Jul 25, 2025 • 5min
SANS Stormcast Friday, July 25th, 2025: ficheck.py; Mital and SonicWall Patches
A new file integrity tool, ficheck.py, has been launched, replacing an outdated Perl option for modern Linux systems. Mitel issued a patch for a severe authentication vulnerability in their MX-ONE product, risking unauthorized access. SonicWall addressed an alarming file upload issue in its SMA 100 series firewalls, though exploiting it requires valid credentials. The discussion emphasizes the crucial need for continuous system updates and vigilance in cybersecurity.

4 snips
Jul 24, 2025 • 7min
SANS Stormcast Thursday, July 24th, 2025: Reversing SharePoint Exploit; NPM “is” Compromise;
Dive into the world of cyber security with a look at recent SharePoint exploits, showcasing how to decode their malicious payloads. Discover the dangers of the compromised npm package 'is', swiftly neutralized after it spread malware. Plus, learn about Microsoft's new recovery feature for Windows 11, designed to rescue machines stuck in reboot loops. The blend of technical insights and innovative solutions makes for an engaging and informative listen.

5 snips
Jul 23, 2025 • 6min
SANS Stormcast Wednesday, July 23rd, 2025: Sharepoint 2016 Patch; MotW Privacy and WinZip; Interlock Ransomware; Sophos Patches
Microsoft has rolled out crucial security updates for SharePoint 2016, addressing serious vulnerabilities. Meanwhile, WinZip's latest version improves privacy by concealing download URLs in zipped files. The podcast also delves into the Menace of Interlock ransomware, providing detailed insights from a recent government collaboration. Lastly, Sophos has patched multiple vulnerabilities in its firewalls, two of which are critical but affect a limited user base. Stay informed to keep your systems secure!

5 snips
Jul 22, 2025 • 6min
SANS Stormcast Tuesday, July 22nd, 2025: SharePoint Emergency Patches; How Long Does Patching Take; HPE Wifi Vuln; Zoho WorkDrive Abused
Microsoft patched a critical SharePoint vulnerability, introducing an authentication bypass CVE. A review of patching speeds shows they could be improved. Meanwhile, HPE addressed vulnerabilities in its access points that allowed for risky exploits. Concerns were raised about a bug in AppLocker policies that could lead to bypassing security rules. Additionally, the Ghost Crypt malware is using Zoho WorkDrive to trick users into downloading malicious files.

Jul 21, 2025 • 8min
SANS Stormcast Monday July 21st, 2025: Sharepoint Exploited; Veeam Fake Voicemail Phish; Passkey Phishing Attack
A new remote code execution exploit targeting SharePoint has emerged, creating significant security concerns. Recent phishing attempts impersonate Veeam, featuring voicemail themes to trick unsuspecting users. Additionally, there's a clever phishing attack leveraging QR codes to bypass security in Passkey logins. The discussion wraps up with essential security recommendations and insights from a recent cybersecurity event, highlighting the ever-evolving landscape of online threats.

Jul 18, 2025 • 5min
SANS Stormcast Friday, July 18th, 2025: Extended File Attributes; Critical Cisco ISE Patch; VMWare Patches; Quarterly Oracle Patches
Discover the sneaky world of Linux extended file attributes, where payloads can be cleverly concealed. Learn about critical vulnerabilities found in Cisco's Identity Services Engine that could allow unauthenticated users to execute code remotely. Oracle has rolled out a massive patch for over 300 flaws, highlighting the urgency for updates. Plus, Broadcom addresses vulnerabilities in VMware products, ensuring a safer digital environment. It's a whirlwind of cybersecurity insights and essential updates you won't want to miss!

Jul 17, 2025 • 5min
SANS Stormcast Thursday, July 17th, 2025: catbox.moe abuse; Sonicwall Attacks; Rendering Issues
The discussion highlights the alarming misuse of the file-sharing service catbox.moe as a malware host. Experts dive into an ongoing campaign targeting SonicWall devices, revealing the extensive exploitation via the OVERSTEP backdoor. Additionally, a new zero-click attack strategy, known as RenderShock, showcases a dangerous method of weaponizing trust in file rendering processes, allowing attackers to launch sophisticated payloads without user interaction. Cybersecurity vulnerabilities are explored alongside vital mitigation strategies.