SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
A brief daily summary of what is important in information security. The podcast is published every weekday and designed to get you ready for the day with a brief, usually 5 minute long, summary of current network security related events. The content is late breaking, educational and based on listener input as well as on input received by the SANS Internet Stormcenter. You may submit questions and comments via our contact form at https://isc.sans.edu/contact.html .
Episodes
Possible exploit variant for CVE-2024-9042 (Kubernetes OS Command Injection)
We observed HTTP requests with our honeypot that may be indicative of a new version of an exploit against an older vulnerability. Help us figure out what is going on.
https://isc.sans.edu/diary/Possible%20exploit%20variant%20for%20CVE-2024-9042%20%28Kubernetes%20OS%20Command%20Injection%29/32554
React2Shell: Technical Deep-Dive & In-th...
Mark as Played
SANS Stormcast Wednesday, December 10th, 2025: Microsoft, Adobe, Ivanti, Fortinet, and Ruby patches.
December 9, 2025 • 8 mins
Microsoft Patch Tuesday
Microsoft released its regular monthly patch on Tuesday, addressing 57 flaws.
https://isc.sans.edu/diary/Microsoft%20Patch%20Tuesday%20December%202025/32550
Adobe Patches
Adobe patched five products. The remote code execution in ColdFusion, as well as the code execution issue in Acrobat, will very likely see exploits soon.
https://helpx.adobe.com/security.html
Ivanti Endpo...
Mark as Played
December 8, 2025 • 6 mins
nanoKVM Vulnerabilities
The nanoKVM device updates firmware insecurely; however, the microphone that the authors of the advisory referred to as undocumented may actually be documented in the underlying hardware description.
https://www.tomshardware.com/tech-industry/cyber-security/researcher-finds-undocumented-microphone-and-major-security-flaws-in-sipeed-nanokvm
Ghostframe Phishing Kit
The Ghostframe ph...
Mark as Played
December 7, 2025 • 5 mins
AutoIT3 Compiled Scripts Dropping Shellcodes
Malicious AutoIT3 scripts are usign the FileInstall function to include additional scripts at compile time that are dropped as temporary files during execution.
https://isc.sans.edu/diary/AutoIT3%20Compiled%20Scripts%20Dropping%20Shellcodes/32542
React2Shell Update
The race is on to patch vulnerable systems. Various groups are aggressively scanning the interne...
Mark as Played
Nation-State Attack or Compromised Government? [Guest Diary]
An IP address associated with the Indonesian Government attacked one of our interns' honeypots.
https://isc.sans.edu/diary/Nation-State%20Attack%20or%20Compromised%20Government%3F%20%5BGuest%20Diary%5D/32536
React Update
Working exploits for the React vulnerability patched yesterday are not widely available
Array Networks Array AG Vulnerabl...
Mark as Played
December 3, 2025 • 6 mins
Attempts to Bypass CDNs
Our honeypots recently started receiving scans that included CDN specific headers.
https://isc.sans.edu/diary/Attempts%20to%20Bypass%20CDNs/32532
React Vulnerability CVE-2025-55182
React patched a critical vulnerability in React server components. Exploitation is likely imminent.
https://react.dev/blog/2025/12/03/critical-security-vulnerability-in-react-server-components
U...
Mark as Played
SmartTube Android App Compromise
The key a developer used to sign the Android YouTube player SmartTube was compromised and used to publish a malicious version.
https://github.com/yuliskov/SmartTube/issues/5131#issue-3670629826
https://github.com/yuliskov/SmartTube/releases/tag/notification
Two Years, 17K Downloads: The NPM Malware That Tried to Gaslight Security Scanners
Over the course of two years, ...
Mark as Played
Hunting for SharePoint In-Memory ToolShell Payloads
A walk-through showing how to analyze ToolShell payloads, starting with acquiring packets all the way to decoding embedded PowerShell commands.
https://isc.sans.edu/diary/%5BGuest%20Diary%5D%20Hunting%20for%20SharePoint%20In-Memory%20ToolShell%20Payloads/32524
Android Security Bulletin December 2025
Google fixed numerous vulnerabilities with its December ...
Mark as Played
November 30, 2025 • 5 mins
Fake adult websites pop realistic Windows Update screen to deliver stealers via ClickFix
The latest variant of ClickFix tricks users into copy/pasting commands by displaying a fake blue screen of death.
https://www.acronis.com/en/tru/posts/fake-adult-websites-pop-realistic-windows-update-screen-to-deliver-stealers-via-clickfix/
B2B Guest Access Creates an Unprotected Attack Vector
Users may be tricked into...
Mark as Played
Spyware Allows Cyber Threat Actors to Target Users of Messaging Applications
Spyware attacks messaging applications in part by triggering vulnerabilities in messaging applications but also by deploying tools like keystroke loggers and screenshot applications.
https://www.cisa.gov/news-events/alerts/2025/11/24/spyware-allows-cyber-threat-actors-target-users-messaging-applications
Stop Putting Your Passwords Into...
Mark as Played
November 24, 2025 • 6 mins
Conflicts between URL mapping and URL based access control.
Mapping different URLs to the same script, and relying on URL based authentication at the same time, may lead to dangerous authentication and access control gaps.
https://isc.sans.edu/diary/Conflicts%20between%20URL%20mapping%20and%20URL%20based%20access%20control./32518
Sha1-Hulud, The Second Coming
A new, destructive variant of the Shai-Hulud wo...
Mark as Played
November 23, 2025 • 4 mins
Use of CSS stuffing as an obfuscation technique?
Phishing sites stuff their HTML with benign CSS code. This is likely supposed to throw of simple detection engines
https://isc.sans.edu/diary/Use%20of%20CSS%20stuffing%20as%20an%20obfuscation%20technique%3F/32510
Critical Oracle Identity Manager Flaw Possibly Exploited as Zero-Day
Early exploit attempts for the vulnerability were part of Searchlight Cyber s ...
Mark as Played
Oracle Identity Manager Exploit Observation from September (CVE-2025-61757)
We observed some exploit attempts in September against an Oracle Identity Manager vulnerability that was patched in October, indicating that exploitation may have occurred prior to the patch being released.
https://isc.sans.edu/diary/Oracle%20Identity%20Manager%20Exploit%20Observation%20from%20September%20%28CVE-2025-61757%29/32506
http...
Mark as Played
Unicode: It is more than funny domain names.
Unicode can cause a number of issues due to odd features like variance selectors and text direction issues.
https://isc.sans.edu/diary/Unicode%3A%20It%20is%20more%20than%20funny%20domain%20names./32472
FortiWeb Multiple OS command injection in API and CLI
A second silently patched vulnerability in FortiWeb is already being exploited in the wild.
https://for...
Mark as Played
November 18, 2025 • 4 mins
KongTuke Activity
This diary investigates how a recent Kong Tuke infections evolved all the way from starting with a ClickFix attack.
https://isc.sans.edu/diary/KongTuke%20activity/32498
Cloudflare Outage
Cloudflare suffered a large outage today after an oversized configuration file was loaded into its bot protection service
https://x.com/dok2001
Google Patches Chrome 0-Day
Google patched tw...
Mark as Played
Decoding Binary Numeric Expressions
Didier updated his number to hex script to support simple arithmetic operations in the text.
https://isc.sans.edu/diary/Decoding%20Binary%20Numeric%20Expressions/32490
Tea Token NPM Pollution
The NPM repository was hit with around 150,000 submissions that did not contain any useful contributions, but instead attempted to fake contributions to earn a new tea coin.
...
Mark as Played
November 16, 2025 • 7 mins
Fortiweb Vulnerability
Fortinet, with significant delay, acknowledged a recently patched vulnerability after exploit attempts were seen publicly.
https://isc.sans.edu/diary/Honeypot+FortiWeb+CVE202564446+Exploits/32486
https://labs.watchtowr.com/when-the-impersonation-function-gets-used-to-impersonate-users-fortinet-fortiweb-auth-bypass/
https://fortiguard.fortinet.com/psirt/FG-IR-25-910?ref=labs.watchtowr...
Mark as Played
SmartApeSG campaign uses ClickFix page to push NetSupport RAT
A detailed analysis of a recent SamtApeSG campaign taking advantage of ClickFix
https://isc.sans.edu/diary/32474
Formbook Delivered Through Multiple Scripts
An analysis of a recent version of Formbook showing how it takes advantage of multiple obfuscation tricks
https://isc.sans.edu/diary/32480
sudo-rs vulnerabilities
Two vulnerab...
Mark as Played
OWASP Top 10 2025 Release Candidate
OWASP published a release candidate for the 2025 version of its Top 10 list
https://owasp.org/Top10/2025/0x00_2025-Introduction/
Citrix/Cisco Exploitation Details
Amazon detailed how Citrix and Cisco vulnerabilities were used by advanced actors to upload webshells
https://aws.amazon.com/blogs/security/amazon-discovers-apt-exploiting-cisco-and-citrix-zero-days/
...
Mark as Played
November 11, 2025 • 6 mins
Microsoft Patch Tuesday for November 2025
https://isc.sans.edu/diary/Microsoft+Patch+Tuesday+for+November+2025/32468/
Gladinet Triofox Vulnerability
Triofox uses the host header in lieu of proper access control, allowing an attacker to access the page managing administrators by simply setting the host header to localhost.
https://cloud.google.com/blog/topics/threat-intelligence/triofox-vulnerability-cve-...
Mark as Played
Popular Podcasts
Ding dong! Join your culture consultants, Matt Rogers and Bowen Yang, on an unforgettable journey into the beating heart of CULTURE. Alongside sizzling special guests, they GET INTO the hottest pop-culture moments of the day and the formative cultural experiences that turned them into Culturistas. Produced by the Big Money Players Network and iHeartRadio.
The official podcast of comedian Joe Rogan.
If you've ever wanted to know about champagne, satanism, the Stonewall Uprising, chaos theory, LSD, El Nino, true crime and Rosa Parks, then look no further. Josh and Chuck have you covered.
The World's Most Dangerous Morning Show, The Breakfast Club, With DJ Envy, Jess Hilarious, And Charlamagne Tha God!
Current and classic episodes, featuring compelling true-crime mysteries, powerful documentaries and in-depth investigations. Follow now to get the latest episodes of Dateline NBC completely free, or subscribe to Dateline Premium for ad-free listening and exclusive bonus content: DatelinePremium.com