A brief daily summary of what is important in information security. The podcast is published every weekday and designed to get you ready for the day with a brief, usually 5 minutes long summary of current network security related events. The content is late breaking, educational and based on listener input as well as on input received by the SANS Internet Storm Center. You may submit questions and comments via our contact form at https://isc.sans.edu/contact.html .
…
continue reading
Johannes B Ullrich Podcasts
Daily cybersecurity news for practitioners. Vulnerabilities, defenses, threats, network security insight, research and more to make you sound smarter as you get to the office in the morning. New each weekday.
…
continue reading
1
SANS Stormcast Monday, November 24th, 2025: CSS Padding in Phishing; Oracle Identity Manager Scans Update;
4:59
4:59
Play later
Play later
Lists
Like
Liked
4:59
Use of CSS stuffing as an obfuscation technique? Phishing sites stuff their HTML with benign CSS code. This is likely supposed to throw of simple detection engines https://isc.sans.edu/diary/Use%20of%20CSS%20stuffing%20as%20an%20obfuscation%20technique%3F/32510 Critical Oracle Identity Manager Flaw Possibly Exploited as Zero-Day Early exploit attem…
…
continue reading
…
continue reading
1
SANS Stormcast Friday, November 21st, 2025: Oracle Idendity Manager Scans; SonicWall DoS Vuln; Adam Wilson (@sans_edu) reducing prompt injection.
14:09
14:09
Play later
Play later
Lists
Like
Liked
14:09
Oracle Identity Manager Exploit Observation from September (CVE-2025-61757) We observed some exploit attempts in September against an Oracle Identity Manager vulnerability that was patched in October, indicating that exploitation may have occurred prior to the patch being released. https://isc.sans.edu/diary/Oracle%20Identity%20Manager%20Exploit%20…
…
continue reading
1
SANS Stormcast Friday, November 21st, 2025: Oracle Idendity Manager Scans; SonicWall DoS Vuln; Adam Wilson (@sans_edu) reducing prompt injection. (#)
14:09
14:09
Play later
Play later
Lists
Like
Liked
14:09
SANS Stormcast Friday, November 21st, 2025: Oracle Idendity Manager Scans; SonicWall DoS Vuln; Adam Wilson (@sans_edu) reducing prompt injection. Oracle Identity Manager Exploit Observation from September (CVE-2025-61757) We observed some exploit attempts in September against an Oracle Identity Manager vulnerability that was patched in October, ind…
…
continue reading
1
SANS Stormcast Thursday, November 20th, 2025: Unicode Issues; FortiWeb More Vulns; DLink DIR-878 Vuln; Operation WrtHug and ASUS Routers
6:34
6:34
Play later
Play later
Lists
Like
Liked
6:34
Unicode: It is more than funny domain names. Unicode can cause a number of issues due to odd features like variance selectors and text direction issues. https://isc.sans.edu/diary/Unicode%3A%20It%20is%20more%20than%20funny%20domain%20names./32472 FortiWeb Multiple OS command injection in API and CLI A second silently patched vulnerability in FortiW…
…
continue reading
1
SANS Stormcast Thursday, November 20th, 2025: Unicode Issues; FortiWeb More Vulns; DLink DIR-878 Vuln; Operation WrtHug and ASUS Routers (#)
6:35
6:35
Play later
Play later
Lists
Like
Liked
6:35
SANS Stormcast Thursday, November 20th, 2025: Unicode Issues; FortiWeb More Vulns; DLink DIR-878 Vuln; Operation WrtHug and ASUS Routers Unicode: It is more than funny domain names. Unicode can cause a number of issues due to odd features like variance selectors and text direction issues. https://isc.sans.edu/diary/Unicode%3A%20It%20is%20more%20tha…
…
continue reading
1
SANS Stormcast Wednesday, November 19th, 2025: Kong Tuke; Cloudflare Outage
4:38
4:38
Play later
Play later
Lists
Like
Liked
4:38
KongTuke Activity This diary investigates how a recent Kong Tuke infections evolved all the way from starting with a ClickFix attack. https://isc.sans.edu/diary/KongTuke%20activity/32498 Cloudflare Outage Cloudflare suffered a large outage today after an oversized configuration file was loaded into its bot protection service https://x.com/dok2001 G…
…
continue reading
1
SANS Stormcast Wednesday, November 19th, 2025: Kong Tuke; Cloudflare Outage (#)
4:39
4:39
Play later
Play later
Lists
Like
Liked
4:39
SANS Stormcast Wednesday, November 19th, 2025: Kong Tuke; Cloudflare Outage KongTuke Activity This diary investigates how a recent Kong Tuke infections evolved all the way from starting with a ClickFix attack. https://isc.sans.edu/diary/KongTuke%20activity/32498 Cloudflare Outage Cloudflare suffered a large outage today after an oversized configura…
…
continue reading
1
SANS Stormcast Tuesday, November 18th, 2025: Binary Expression Decoding. Tea NPM Pollution; IBM AIX NIMSH Vulnerability
4:58
4:58
Play later
Play later
Lists
Like
Liked
4:58
Decoding Binary Numeric Expressions Didier updated his number to hex script to support simple arithmetic operations in the text. https://isc.sans.edu/diary/Decoding%20Binary%20Numeric%20Expressions/32490 Tea Token NPM Pollution The NPM repository was hit with around 150,000 submissions that did not contain any useful contributions, but instead atte…
…
continue reading
1
SANS Stormcast Tuesday, November 18th, 2025: Binary Expression Decoding. Tea NPM Pollution; IBM AIX NIMSH Vulnerability (#)
4:59
4:59
Play later
Play later
Lists
Like
Liked
4:59
SANS Stormcast Tuesday, November 18th, 2025: Binary Expression Decoding. Tea NPM Pollution; IBM AIX NIMSH Vulnerability Decoding Binary Numeric Expressions Didier updated his number to hex script to support simple arithmetic operations in the text. https://isc.sans.edu/diary/Decoding%20Binary%20Numeric%20Expressions/32490 Tea Token NPM Pollution Th…
…
continue reading
1
SANS Stormcast Monday, November 17th, 2025: New(isch) Fortiweb Vulnerability; Finger and ClickFix
7:10
7:10
Play later
Play later
Lists
Like
Liked
7:10
Fortiweb Vulnerability Fortinet, with significant delay, acknowledged a recently patched vulnerability after exploit attempts were seen publicly. https://isc.sans.edu/diary/Honeypot+FortiWeb+CVE202564446+Exploits/32486 https://labs.watchtowr.com/when-the-impersonation-function-gets-used-to-impersonate-users-fortinet-fortiweb-auth-bypass/ https://fo…
…
continue reading
1
SANS Stormcast Monday, November 17th, 2025: New(isch) Fortiweb Vulnerability; Finger and ClickFix (#)
7:11
7:11
Play later
Play later
Lists
Like
Liked
7:11
SANS Stormcast Monday, November 17th, 2025: New(isch) Fortiweb Vulnerability; Finger and ClickFix Fortiweb Vulnerability Fortinet, with significant delay, acknowledged a recently patched vulnerability after exploit attempts were seen publicly. https://isc.sans.edu/diary/Honeypot+FortiWeb+CVE202564446+Exploits/32486 https://labs.watchtowr.com/when-t…
…
continue reading
1
SANS Stormcast Friday, November 14th, 2025: SmartApeSG and ClickFix; Formbook Obfuscation Tricks; Sudo-rs Vulnerabilities; SANS Holiday Hack Challenge
10:09
10:09
Play later
Play later
Lists
Like
Liked
10:09
SmartApeSG campaign uses ClickFix page to push NetSupport RAT A detailed analysis of a recent SamtApeSG campaign taking advantage of ClickFix https://isc.sans.edu/diary/32474 Formbook Delivered Through Multiple Scripts An analysis of a recent version of Formbook showing how it takes advantage of multiple obfuscation tricks https://isc.sans.edu/diar…
…
continue reading
1
SANS Stormcast Friday, November 14th, 2025: SmartApeSG and ClickFix; Formbook Obfuscation Tricks; Sudo-rs Vulnerabilities; SANS Holiday Hack Challenge (#)
10:10
10:10
Play later
Play later
Lists
Like
Liked
10:10
SANS Stormcast Friday, November 14th, 2025: SmartApeSG and ClickFix; Formbook Obfuscation Tricks; Sudo-rs Vulnerabilities; SANS Holiday Hack Challenge SmartApeSG campaign uses ClickFix page to push NetSupport RAT A detailed analysis of a recent SamtApeSG campaign taking advantage of ClickFix https://isc.sans.edu/diary/32474 Formbook Delivered Throu…
…
continue reading
1
SANS Stormcast Thursday, November 13th, 2025: OWASP Top 10 Update; Cisco/Citrix Exploits; Test post quantum readiness
6:33
6:33
Play later
Play later
Lists
Like
Liked
6:33
OWASP Top 10 2025 Release Candidate OWASP published a release candidate for the 2025 version of its Top 10 list https://owasp.org/Top10/2025/0x00_2025-Introduction/ Citrix/Cisco Exploitation Details Amazon detailed how Citrix and Cisco vulnerabilities were used by advanced actors to upload webshells https://aws.amazon.com/blogs/security/amazon-disc…
…
continue reading
1
SANS Stormcast Thursday, November 13th, 2025: OWASP Top 10 Update; Cisco/Citrix Exploits; Test post quantum readiness (#)
6:34
6:34
Play later
Play later
Lists
Like
Liked
6:34
SANS Stormcast Thursday, November 13th, 2025: OWASP Top 10 Update; Cisco/Citrix Exploits; Test post quantum readiness OWASP Top 10 2025 Release Candidate OWASP published a release candidate for the 2025 version of its Top 10 list https://owasp.org/Top10/2025/0x00_2025-Introduction/ Citrix/Cisco Exploitation Details Amazon detailed how Citrix and Ci…
…
continue reading
1
SANS Stormcast Wednesday, November 12th, 2025: Microsoft Patch Tuesday; Gladinet Triofox Vulnerability; SAP Patches
6:03
6:03
Play later
Play later
Lists
Like
Liked
6:03
Microsoft Patch Tuesday for November 2025 https://isc.sans.edu/diary/Microsoft+Patch+Tuesday+for+November+2025/32468/ Gladinet Triofox Vulnerability Triofox uses the host header in lieu of proper access control, allowing an attacker to access the page managing administrators by simply setting the host header to localhost. https://cloud.google.com/b…
…
continue reading
1
SANS Stormcast Wednesday, November 12th, 2025: Microsoft Patch Tuesday; Gladinet Triofox Vulnerability; SAP Patches (#)
6:03
6:03
Play later
Play later
Lists
Like
Liked
6:03
SANS Stormcast Wednesday, November 12th, 2025: Microsoft Patch Tuesday; Gladinet Triofox Vulnerability; SAP Patches Microsoft Patch Tuesday for November 2025 https://isc.sans.edu/diary/Microsoft+Patch+Tuesday+for+November+2025/32468/ Gladinet Triofox Vulnerability Triofox uses the "host" header in lieu of proper access control, allowing an attacker…
…
continue reading
1
SANS Stormcast Tuesday, November 11th, 2025: 3CX Related Scans; Watchguard Default Password;
7:25
7:25
Play later
Play later
Lists
Like
Liked
7:25
It isn t always defaults: Scans for 3CX Usernames Our honeypots detected scans for usernames that may be related to 3CX business phone systems https://isc.sans.edu/diary/It%20isn%27t%20always%20defaults%3A%20Scans%20for%203CX%20usernames/32464 Watchguard Default Password Controversy A CVE number was assigned to a default password commonly used in W…
…
continue reading
1
SANS Stormcast Tuesday, November 11th, 2025: 3CX Related Scans; Watchguard Default Password; (#)
7:26
7:26
Play later
Play later
Lists
Like
Liked
7:26
SANS Stormcast Tuesday, November 11th, 2025: 3CX Related Scans; Watchguard Default Password; It isn't always defaults: Scans for 3CX Usernames Our honeypots detected scans for usernames that may be related to 3CX business phone systems https://isc.sans.edu/diary/It%20isn%27t%20always%20defaults%3A%20Scans%20for%203CX%20usernames/32464 Watchguard De…
…
continue reading
1
SANS Stormcast Monday, November 10th, 2025: Code Repo Requests; Time Delayed ICS Attacks; Encrypted LLM Traffic Sidechannel Attacks
7:06
7:06
Play later
Play later
Lists
Like
Liked
7:06
Honeypot Requests for Code Repository Attackers continue to scan websites for source code repositories. Keep your repositories outside your document root and proactively scan your own sites. https://isc.sans.edu/diary/Honeypot%3A%20Requests%20for%20%28Code%29%20Repositories/32460 Malicious NuGet Packages Deliver Time-Delayed Destructive Payloads Ne…
…
continue reading
1
SANS Stormcast Monday, November 10th, 2025: Code Repo Requests; Time Delayed ICS Attacks; Encrypted LLM Traffic Sidechannel Attacks (#)
7:07
7:07
Play later
Play later
Lists
Like
Liked
7:07
SANS Stormcast Monday, November 10th, 2025: Code Repo Requests; Time Delayed ICS Attacks; Encrypted LLM Traffic Sidechannel Attacks Honeypot Requests for Code Repository Attackers continue to scan websites for source code repositories. Keep your repositories outside your document root and proactively scan your own sites. https://isc.sans.edu/diary/…
…
continue reading
1
SANS Stormcast Friday, November 7th, 2025: PowerShell Log Correlation; RondoBox Disected; Google Chrome and Cisco Patches
5:31
5:31
Play later
Play later
Lists
Like
Liked
5:31
Binary Breadcrumbs: Correlating Malware Samples with Honeypot Logs Using PowerShell [Guest Diary] Windows, with PowerShell, has a great scripting platform to match common Linux/Unix command line utilities. https://isc.sans.edu/diary/Binary%20Breadcrumbs%3A%20Correlating%20Malware%20Samples%20with%20Honeypot%20Logs%20Using%20PowerShell%20%5BGuest%20…
…
continue reading
1
SANS Stormcast Friday, November 7th, 2025: PowerShell Log Correlation; RondoBox Disected; Google Chrome and Cisco Patches (#)
5:31
5:31
Play later
Play later
Lists
Like
Liked
5:31
SANS Stormcast Friday, November 7th, 2025: PowerShell Log Correlation; RondoBox Disected; Google Chrome and Cisco Patches Binary Breadcrumbs: Correlating Malware Samples with Honeypot Logs Using PowerShell [Guest Diary] Windows, with PowerShell, has a great scripting platform to match common Linux/Unix command line utilities. https://isc.sans.edu/d…
…
continue reading
1
SANS Stormcast Thursday, November 6th, 2025: Domain API Update; Teams Spoofing; VShell Report
5:43
5:43
Play later
Play later
Lists
Like
Liked
5:43
Updates to Domainname API Some updates to our domainname API will make it more flexible and make it easier and faster to get the complete dataset. https://isc.sans.edu/diary/Updates%20to%20Domainname%20API/32452 Microsoft Teams Impersonation and Spoofing Vulnerabilities Checkpoint released details about recently patched spoofing and impersonation v…
…
continue reading
