SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
Johannes B. Ullrich
A brief daily summary of what is important in information security. The podcast is published every weekday and designed to get you ready for the day with a brief, usually 5 minute long, summary of current network security related events. The content is late breaking, educational and based on listener input as well as on input received by the SANS Internet Stormcenter. You may submit questions and comments via our contact form at https://isc.sans.edu/contact.html .
Episodes
Mentioned books
4 snips
Feb 16, 2026 • 6min
SANS Stormcast Monday, February 16th, 2026: Graph Generator; nslookup and clickfix; Chrome 0-Day; TURN Threats
Discussion of an AI-powered knowledge graph tool that maps APT indicators and relationships. A DNS-based ClickFix variant that uses nslookup and custom CNAME responses for PowerShell retrieval. A Google Chrome zero-day fix and the importance of timely updates. Security risks from misconfigured TURN servers that can proxy and abuse traffic.
12 snips
Feb 13, 2026 • 6min
SANS Stormcast Friday, February 13th, 2026: SSH Bot; OpenSSH MacOS Change; Abused Employee Monitoring
Analysis of a fast self‑propagating SSH worm and its unusual IRC command-and-control technique. A discussion of OpenSSH changes on macOS and a new quantum-safe algorithm warning for older servers. Coverage of how employee monitoring and remote support tools are being misused to run attacker code. Practical reminders to lock down and monitor remote management systems.
8 snips
Feb 12, 2026 • 6min
SANS Stormcast Thursday, February 12th, 2026: WSL in Malware; Apple and Adobe Patches
Discussion of how Windows Subsystem for Linux is being adopted by malware and sample techniques that detect and misuse WSL. Coverage of a widespread Apple update fixing dozens of vulnerabilities, including one under active exploitation and support for older macOS versions. Review of synchronized Adobe patches and a Notepad markdown parsing flaw that can trigger external installers.
6 snips
Feb 11, 2026 • 8min
SANS Stormcast Wednesday, February 11th, 2026: Microsoft Patch Tuesday; Secure Boot Updates; Fake 7-Zip; FortiSlob
A rundown of February Patch Tuesday and the dozens of fixes Microsoft released. Discussion of warning-bypass bugs affecting Windows Shell, Word, and MSHTML. Explanation of Secure Boot root certificate updates for older PCs. Warning about trojanized 7-Zip downloads that turn home machines into proxies. Notes on recent Fortinet sandbox and LDAP authentication vulnerabilities.
8 snips
Feb 10, 2026 • 5min
SANS Stormcast Tuesday, February 10th, 2026: Extracting URLs; Singal Phishing; Ivanti PoC; BeyondTrust RCE; Forticlient SQL Inection
Quick techniques for extracting URLs hidden in RTF documents. Alerts about Signal-targeted phishing campaigns aimed at politicians, military, and journalists. Deep dives into pre-auth remote code execution flaws in Ivanti and BeyondTrust. Coverage of a critical FortiClient EMS SQL injection vulnerability and urgent patching advice.
6 snips
Feb 9, 2026 • 5min
SANS Stormcast Monday, February 9th, 2026: Azure Vulnerabilties; AI Vulnerability Discovery; GitLab AI Gateway Vuln
Coverage of four patched Azure vulnerabilities affecting services like Front Door and Functions. Discussion of AI tools finding zero-days and the debate over their usefulness. Review of Anthropic’s study claiming hundreds of LLM-discovered high-impact flaws. Report on a GitLab AI Gateway flaw that allowed authenticated code execution on on-prem installs.
8 snips
Feb 6, 2026 • 5min
SANS Stormcast Friday, February 6th, 2026: Broken Phishing; n8n vulnerability; Android Update; Watchguard Firebox LDAP Injection
A rundown of malformed phishing URLs that exploit browser tolerance to slip past defenses. A warning about an n8n command injection flaw and incomplete prior patching. An overview of February Android security changes and a shift to quarterly lower-severity fixes. A WatchGuard Firebox LDAP injection that can bypass authentication under certain conditions.
16 snips
Feb 5, 2026 • 6min
SANS Stormcast Thursday, February 5th, 2026: Malicious Scripts; Synectix Vuln; Google Chrome; Google Looker;
A malware-laden Chrome script that pulls a hidden second-stage payload and why attackers favor multi-stage installs. An unauthenticated web admin interface in a small LAN appliance and the dangers of exposing tiny serial-to-Ethernet devices. Remote code execution and path-traversal flaws in Looker affecting cloud and on-prem deployments. Recent Chrome and Django security patches and a PostGIS-related SQL injection alert.
10 snips
Feb 4, 2026 • 5min
SANS Stormcast Wednesday, February 4th, 2026: Detecting OpenClaw; Synology telnetd Patch; More GlassWorm
Coverage of detecting and monitoring OpenClaw malware with scripts and telemetry for command visibility. Recommendations for hardening and telemetry plugins to improve defenses. Patch alert for a Synology telnetd/inetd vulnerability and advice to disable Telnet. Report on malicious VS Code extensions distributed after a developer account compromise. Note about Azure dropping TLS 1.0 and 1.1 and compatibility worries.
14 snips
Feb 3, 2026 • 6min
SANS Stormcast Tuesday, February 3rd, 2026: Scanning for AI; Notepad++ Compromise; OpenClaw Vulnerabilities
Scans found attempts to discover exposed Anthropic models on the open Internet. A popular text editor’s update host was hijacked and linked to a state-level backdoor campaign. An AI assistant platform has insecure loopback websockets, a wave of malicious skills, and thousands of instances exposed publicly.
