
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
A brief daily summary of what is important in information security. The podcast is published every weekday and designed to get you ready for the day with a brief, usually 5 minute long, summary of current network security related events. The content is late breaking, educational and based on listener input as well as on input received by the SANS Internet Stormcenter. You may submit questions and comments via our contact form at https://isc.sans.edu/contact.html .
Latest episodes

6 snips
Jun 20, 2025 • 6min
SANS Stormcast Friday, June 20th, 2025: New Employee Phishing; Malicious Tech Support Links; Social Engineering App Sepecific Passwords
New hires beware! It only took two weeks for phishing attempts to target a fresh employee after they joined. Scammers are cunningly hijacking big-name websites to insert fake tech support numbers, leading users astray. Plus, there's a new wave of phishing focusing on academics, creatively convincing them to generate app-specific passwords for Google services. Stay alert!

8 snips
Jun 17, 2025 • 6min
SANS Stormcast Monday, June 16th, 2025: Extracting Data from JPEG; Windows Recall Export; Anubis Wiper; Mitel Vuln and PoC
Discover how to expertly extract data from JPEG files with a nifty tool, jpegdump.py. Microsoft's new Windows 11 feature allows European users to export data while managing encryption keys. Meanwhile, the Anubis ransomware takes a dark turn by wiping data even after ransom payments. Plus, critical vulnerabilities in Mitel software are discussed, highlighting the urgency for immediate security measures. Stay informed about these emerging threats and cutting-edge tech developments!

4 snips
Jun 16, 2025 • 7min
SANS Stormcast Monday, June 16th, 2025: Katz Stealer in JPG; JavaScript Attacks; Reviving expired Discord Invites for Evil
Uncover the sinister world of cyber threats as the hosts discuss malware cleverly disguised within JPEG images. They highlight an alarming trend where JavaScript obfuscation is employed on a staggering 200,000 websites to spread malware. Additionally, the revival of expired Discord invite links as traps for unsuspecting users illustrates the creative tactics cybercriminals are using to target victims. Stay alert, as the cybersecurity landscape is constantly evolving!

Jun 13, 2025 • 6min
SANS Stormcast Friday, June 13th, 2025: Honeypot Scripts; EchoLeak MSFT Copilot Vuln; Thunderbolt mailbox URL Vuln;
Dive into the world of cybersecurity with an intriguing discussion on honeypot scripts and automated tools for DShield investigations. Discover the alarming EchoLeak vulnerability in Microsoft 365 Copilot that allowed zero-click data leaks. The podcast also unpacks a Thunderbolt vulnerability where unsuspecting users could be tricked into downloading malicious files via deceptive email links. This episode highlights the urgency of user awareness and the importance of keeping software updated to fend off these threats.

5 snips
Jun 12, 2025 • 6min
SANS Stormcast Thursday, June 12th, 2025: Quasar RAT; Windows 11 24H2 Delay; SMB Client Vuln PoC; Connectwise Signing Keys; KDE Telnet code exec
Discover the sneaky Quasar RAT that can be installed via bat files, hidden within PNG images. Microsoft is delaying the Windows 11 24H2 rollout due to unexpected issues from the latest updates. An exploration of a newly patched SMB client vulnerability reveals its exploitation potential. Connectwise is taking security seriously by rotating signing certificates after a compromise. Lastly, the KDE terminal presents a concerning vulnerability that may allow arbitrary code execution through telnet URLs. Stay informed and secure!

6 snips
Jun 11, 2025 • 7min
SANS Stormcast Wednesday, June 11th, 2025: Microsoft Patch Tuesday; Acrobat Patches
A deep dive reveals Microsoft patched a staggering 67 vulnerabilities, with 10 critically urgent. One issue is already under attack, highlighting the need for swift updates. Turning to Adobe, the team discusses patches for 7 applications, including crucial updates for Adobe Commerce and Acrobat Reader. The latter's flaws could allow code execution through deceptive PDFs. Cybersecurity is more crucial than ever as these discussions underscore the importance of timely software updates.

8 snips
Jun 10, 2025 • 6min
SANS Stormcast June, Tuesday, June 10th, 2025: Octosql; Mirai vs. Wazuh DNS4EU; Wordpress Fair Package Manager
Discover the power of OctoSQL, a tool that lets you query vulnerability data in various formats using SQL. Learn how the Mirai botnet is back in action, exploiting weaknesses in the Wazuh tool. The EU is making strides with its new public recursive resolver, enhancing privacy compliance. Plus, find out about the challenges WordPress faces with plugin management and the Linux Foundation's FAIR Package Manager, aimed at simplifying plugin updates and addressing security concerns.

10 snips
Jun 9, 2025 • 6min
SANS Stormcast June, June 9th, 2025: Extracting PNG Data; GlueStack Packages Backdoor; MacOS targeted by Clickfix; INETPUB restore script
Learn how a powerful script, pngdump.py, is now able to extract hidden data from PNG files. Delve into the alarming discovery of 16 backdoored npm packages that could threaten thousands of users. MacOS faces a new challenge as fake captcha schemes lure users into malware traps. Plus, find out about Microsoft's handy PowerShell script to recover mistakenly deleted inetpub folders. Stay informed about these evolving threats and the creative strategies being developed to counter them!

Jun 6, 2025 • 5min
SANS Stormcast Friday, June 6th, 2025: Fake Zoom Clients; Python tarfile vulnerability; HPE Insight Remote Support Patch
Beware of fake Zoom client downloads! Scammers are sending deceptive invites that lead to malicious updates. The Python tarfile module has a vulnerability that needs attention, as its new filter isn't functioning as intended. Additionally, HP has addressed a critical remote code execution flaw in their Insight Remote Support software. Stay informed and cautious in the digital landscape!

Jun 5, 2025 • 5min
SANS Stormcast Thursday, June 5th, 2025: Phishing Comment Trick; AWS default logging mode change; Cisco Backdoor Fixed; Infoblox Vulnerability Details Released
A cunning phishing tactic is discussed, where malicious links are cleverly hidden from Outlook users using HTML comments. Amazon's shift to non-blocking logging raises concerns about potential log loss while enhancing application stability. Critical security updates from Cisco, including the removal of a backdoor vulnerability, are highlighted. Infoblox vulnerabilities are also detailed, prompting a reminder of the importance of keeping software up to date. This conversation is essential for anyone interested in cybersecurity.