
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
A brief daily summary of what is important in information security. The podcast is published every weekday and designed to get you ready for the day with a brief, usually 5 minute long, summary of current network security related events. The content is late breaking, educational and based on listener input as well as on input received by the SANS Internet Stormcenter. You may submit questions and comments via our contact form at https://isc.sans.edu/contact.html .
Latest episodes

Apr 10, 2025 • 7min
SANS Stormcast ThursdayApril 10th: Getting Past PyArmor; CenterStack RCE; Android 0-Day Patch; VMware Tanzu Patches; Odd Win11 Directory; WhatsApp File Confusion; SANS AI Guide;
Dive into the complexities of obfuscated Python code with insights on the PyArmor tool. Discover a critical vulnerability in CenterStack that allows remote code execution. Google patches two zero-day vulnerabilities in Android, one exploited by law enforcement. Stay updated with Broadcom's fixes for VMware Tanzu and learn about a mysterious new directory in Windows 11. Finally, get the scoop on WhatsApp's file confusion and explore essential AI security guidelines to navigate today's digital landscape.

6 snips
Apr 9, 2025 • 7min
SANS Stormcast Wednesday, April 10th: Microsoft Patch Tuesday; Adobe Patches; OpenSSL 3.5 with PQC; Fortinet
This installment dives into critical vulnerabilities revealed in Microsoft's latest patch updates, stressing the urgency to address them. Adobe's patches for various products, particularly Coldfusion's remote code execution weaknesses, are also highlighted. The release of OpenSSL 3.5 grabs attention with its support for post-quantum ciphers, marking a significant advance in security. Additionally, an update from Fortinet addresses a concerning vulnerability that could allow password resets without verification, emphasizing the need for vigilance in cybersecurity.

Apr 8, 2025 • 6min
SANS Stormcast Tuesday, April 8th:
Discover the innovative workaround in XORsearch for searching with regular expressions. Unpack a critical vulnerability in the Model Context Protocol, revealing how major platforms could be exploited. Plus, learn about Google's efforts to enhance privacy by changing how visited links are recognized in Chrome, making your browsing experience more secure. Tune in for insights on AI tool vulnerabilities and web privacy updates!

Apr 7, 2025 • 6min
SANS Stormcast Monday April 7th 2025: New Username Report; Quickshell Vulnerability; Apache Traffic Director Request Smuggeling
New insights reveal emerging trends in SSH and telnet username usage, helping to combat cyber threats. Vulnerabilities in Google's Quick Share are alarming, exposing risks of unpatched file overwrite issues and potential code execution. Additionally, the Apache Traffic Director faces request smuggling vulnerabilities, emphasizing the critical need for enhanced security measures. These discussions underline the fast-evolving landscape of cyber threats and the ongoing quest for robust defenses.

5 snips
Apr 4, 2025 • 6min
SANS Stormcast Friday, Apr 4th: URL Frequency Analysis; Ivanti Flaw Exploited; WinRAR MotW Vuln; Tax filing scams; Oracle Breach Update
Discover how frequency analysis can predict malicious URLs and enhance cybersecurity. Learn about a recently exploited Ivanti vulnerability that was initially thought unexploitable. Dive into the WinRAR flaw that mismanages symlinks, potentially endangering users. Stay alert about Microsoft’s warning on rising tax-related scams as filing deadlines approach. Lastly, catch up on an Oracle breach impacting customer information, emphasizing the importance of secure online practices.

6 snips
Apr 3, 2025 • 9min
SANS Stormcast Thursday Apr 3rd: Juniper Password Scans; Hacking Call Records; End to End Encrypted GMail
A surge in scans targeting the Juniper username 't128' raises concerns about potential vulnerabilities. Verizon's API flaw allowed unauthorized access to users' call logs, exposing serious privacy issues. Additionally, Google introduces end-to-end encryption for Gmail's business users, but with a caveat: non-Gmail recipients must jump through hoops to read encrypted messages, prompting debates about user security and phishing risks.

Apr 2, 2025 • 7min
SANS Stormcast Wednesday Apr 2nd: Apple Updates Everything;
Apple rolled out essential security updates across all its platforms, patching 145 vulnerabilities, including fixes for previously exploited issues. Meanwhile, VMWare's automatic update checks are currently malfunctioning due to recent transitions. The podcast also discusses SQL injection vulnerabilities in NIM's Postgres library, which mishandles prepared statements, emphasizing the importance of secure coding practices. A must-listen for anyone concerned about cybersecurity!

6 snips
Apr 1, 2025 • 8min
SANS Stormcast Tuesday Apr 1st: Apache Camel Exploits; New Cert Authorities Requirements; Possible Oracle Breach
Explore a newly patched vulnerability in Apache Camel that sparks various internal scans. Discover how upcoming security requirements will change the way certificate authorities verify domain ownership. Delve into the murky waters of a possible data breach at Oracle, raising questions about accountability and customer trust. This discussion highlights the importance of vigilance in cybersecurity, especially following recent incidents, urging users to reevaluate their security protocols.

Mar 31, 2025 • 7min
SANS Stormcast Monday, March 31st: Comparing Phishing Sites; DOH and MX Abuse Phishing; opkssh
Explore the fascinating world of phishing with a deep dive into two seemingly similar sites that use different backend technologies. Discover how a new phishing variant leverages DNS MX records and DoH for more targeted attacks. Plus, learn about an innovative tool that incorporates OpenID Connect with SSH, streamlining secure login processes. This discussion highlights the evolving methods of cyber threats and the importance of robust security measures.

8 snips
Mar 28, 2025 • 6min
SANS Stormcast Friday, March 28th: Sitecore Exploited; Blasting Past Webp; Splunk and Firefox Vulnerabilities
A recent deserialization attack targeted Sitecore, exploiting a thumbnail access token header. Google’s Project Zero detailed a zero-click NSO BlastPass exploit in iOS using a WebP vulnerability. Splunk patched several vulnerabilities, including one that allowed code execution for authenticated users. Meanwhile, Mozilla patched an active sandbox escape vulnerability in Firefox. The podcast highlights these critical security issues while urging listeners to stay informed on evolving cyber threats.