SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
4.9(677)

SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

by Johannes B. Ullrich

2463 episodesLatest 3 days agoEN-US
A brief daily summary of what is important in information security. The podcast is published every weekday and designed to get you ready for the day with a brief, usually 5 minute long, summary of current network security related events. The content is late breaking, educational and based on listener input as well as on input received by the SANS Internet Stormcenter. You may submit questions and comments via our contact form at https://isc.sans.edu/contact.html .

Hosts

  • Johannes B. Ullrich, Ph.D.

(c) SANS Institute 2026 This work is licensed under a Creative Commons License - Attribution-NonCommercial-ShareAlike - https://creativecommons.org/licenses/by-nc-sa/4.0/

Recent reviews on Apple Podcasts (5)
  • In IT? Do you have 5 minutes?

    Concise, Effective, Timely The perfect podcast, Johannes is amazing. This must take him hours every day to research. The effort is much appreciated!

    Gump4487245 ·

  • Best in Show!

    Johannes delivers just the right amount of daily relevant information to stay aware of threats and risks, as well as the occasional research/whitepaper topic. Bravo!

    1Flatlander ·

  • High quality info in a short amount of time. Listen very closely to what he puts out

    Johannes continues to point out trends and indicators I might otherwise have missed. I’ve seen a lot of crazy scenarios play out based on data he’s gathered and provided. Listen to a few episodes to hear what I mean. His podcast also serves as a convenient reminder for Patch Tuesday and iOS updates. Yet another great podcast the sociable Dave Bittner has led me to.

    TFWas ·

  • Required Professional Daily Use

    This is a requirement for my team as they start their day. The information is a great way to start the brain thinking into what is going on and what new things should we be looking for. We discuss it and volunteer topics for research and further discovery. 11/10 -highly recommended

    PowerBob ·

  • Your Daily Cyber Drive-Thru

    I’ll take a #1: top threats, quick context, and practical next steps—make it efficient. Storm Center is consistently satisfying and never wastes your time.

    JayJonahJameson ·

View all reviews on Apple Podcasts

Episodes (2463)

  1. SANS Stormcast Wednesday, June 24th, 2026: Patching vs. Configurations Updates; libssh2 and ffmpeg vuln;

    Jun 24, 20266m#9984

    CVE-2024-40766: The Patch Fixed the Bug. Nobody Fixed the Configuration. https://isc.sans.edu/diary/CVE-2024-40766%3A%20The%20Patch%20Fixed%20the%20Bug.%20Nobody%20Fixed%20the%20Configuration./33094 libssh2 - Out-of-Boun

  2. SANS Stormcast Tuesday, June 23rd, 2026: Webshells; GitHub Actions Update; Fortibleed Update; Private Access Control Tokens

    Jun 23, 20268m#9982

    Webshells Remain Popular https://isc.sans.edu/diary/Webshells%20Remain%20Popular/33096 Safer pull_request_target defaults for GitHub Actions checkout https://github.blog/changelog/2026-06-18-safer-pull_request_target-def

  3. SANS Stormcast Monday, June 22nd, 2026: IPv4 Mapped Phish; nginx bug; squid bleeds; AMD encryption fix

    Jun 22, 20266m#9980

    eBanking Phishing Delivered Through IPv4-Mapped IPv6 Address https://isc.sans.edu/diary/eBanking%20Phishing%20Delivered%20Through%20IPv4-Mapped%20IPv6%20Address/33090 NGINX ngx_http_v3_module vulnerability CVE-2026-42530

  4. SANS Stormcast Thursday, June 18th, 2026: QUIC Challenge; Android 17; Oracle CSPU; JetBrains Plugins;

    Jun 18, 20266m#9978

    The browser blind spot: Why your security tool may not be blocking what you think it is [Guest Diary] https://isc.sans.edu/diary/The%20browser%20blind%20spot%3A%20Why%20your%20security%20tool%20may%20not%20be%20blocking%

  5. SANS Stormcast Wednesday, June 17th, 2026: VHDX to Remocs RAT; Fake Job Offer; OpenBSD Vuln; Copilot M365 Leakage

    Jun 17, 20268m#9976

    From a VHDX File to a Remcos RAT https://isc.sans.edu/diary/From%20a%20VHDX%20File%20to%20a%20Remcos%20RAT/33080 A backdoor in a LinkedIn job offer https://roman.pt/posts/linkedin-backdoor/ A 27-Year-Old Authentication B

  6. SANS Stormcast Tuesday, June 16th, 2026: BASE64 Statistics; Cisco SD-WAN Exploited; AMD TSME Disabled; Poisoning Deep Research Agents

    Jun 16, 20266m#9974

    Evil MSI Background: BASE64 Statistical Analysis https://isc.sans.edu/diary/Evil%20MSI%20Background%3A%20BASE64%20Statistical%20Analysis/33072 Cisco Catalyst SD-WAN Manager Arbitrary File Write Vulnerability https://sec.

  7. SANS Stormcast Monday, June 15th, 2026: Arch Linux Malicious User Packages; Splunk Vuln and Exploit; Exploiting AI Coding Agents

    Jun 15, 20266m#9972

    Atomic Arch: Attackers Hijack Trusted AUR Packages to Deliver Rootkit-Like Malware https://www.sonatype.com/blog/atomic-arch-npm-campaign-adds-malicious-dependency Why Use App-Level Auth When Every Database Has Auth? (Sp

  8. SANS Stormcast Friday, June 12th, 2026: Bitlocker Trouble; Ivanti and Oracle Exploited; macOS Malicious Installers

    Jun 12, 20266m#9970

    More Bitlocker Issues: GreatXML https://git.churchofmalware.org/Nightmare_Eclipse/GreatXML Security Advisory Ivanti Sentry (CVE-2026-10520, CVE-2026-10523) https://hub.ivanti.com/s/article/Security-Advisory-Ivanti-Sentry

  9. SANS Stormcast Thursday, June 11th, 2026: Framing Protections; npm improvements; Adobe Patches; New Defender 0-day

    Jun 11, 20265m#9968

    How has use of framing protection security headers changed in the past 3 years? https://isc.sans.edu/diary/How%20has%20use%20of%20framing%20protection%20security%20headers%20changed%20in%20the%20past%203%20years%3F/33068

  10. SANS Stormcast Wednesday, June 10th, 2026: Microsoft Patch Tuesday; Miasma Source Published; Fortinet Patches

    Jun 10, 20267m#9966

    Microsoft June 2026 Patch Tuesday https://isc.sans.edu/diary/Microsoft%20June%202026%20Patch%20Tuesday/33064 Miasma Software Supply Chain Attack Toolkit Source Published https://safedep.io/inside-the-miasma-supply-chain-

  11. SANS Stormcast Tuesday, June 9th, 2026: Azure Repos Infected; Checkpoint VPN 0-Day; Verizon VoLTE missing IPSec integrity prot.

    Jun 9, 20265m#9964

    Azure Functions Action and 72 Other Repositories Disabled After Supply Chain Attack https://www.stepsecurity.io/blog/miasma-worm-hits-microsoft-again-azure-functions-action-and-72-other-repositories-disabled-after-supply

  12. SANS Stormcast Monday, June 8th, 2026: Wetransfer Phish; Spying Smart TV; Dashlane Brute Force

    Jun 8, 20267m#9962

    The Evil MSI Background is Back! https://isc.sans.edu/diary/The%20Evil%20MSI%20Background%20is%20Back!/33054 The Smart TV in Your LivingRoom Is a Node in the AIScraping Economy https://blog.includesecurity.com/2026/06/th

  13. SANS Stormcast Friday, June 5th, 2026: Coreutils for Windows; Cisco Unified Comm Manager Fix and Exploit; OAuth Orphans

    Jun 5, 20266m#9960

    Microsoft's Coreutils for Windows https://isc.sans.edu/diary/Microsoft%27s%20Coreutils%20for%20Windows/33048 Cisco Unified Communications Manager Server-Side Request Forgery Vulnerability CVE-2026-20230 https://sec.cloud

  14. SANS Stormcast Thursday, June 4th, 2026: swagger.json Scans; Android Fake Call Detection; Anthropic Dashboard

    Jun 4, 20266m#9958

    Continuing Scans for swagger.json https://isc.sans.edu/diary/Continuing+Scans+for+swaggerjson/33044/#comments Fake call detection on Android https://blog.google/security/android-fake-call-detection/ Anthropic's coordinat

  15. SANS Stormcast Wednesday, June 3rd, 2026: SVG Phishing; Android Patches; Poly Voice Vuln; Ivanti Neurons Priv Escelation

    Jun 3, 20263m#9956

    New Wave Of Phishing Emails with SVG Files https://isc.sans.edu/diary/New%20Wave%20Of%20Phishing%20Emails%20with%20SVG%20Files/33040 Android 2026-06-01 security patch level vulnerability details https://source.android.co

  16. SANS Stormcast Tuesday, June 2nd, 2026: Netlogon Exploit; Unidentified RAT; Windows Netlogon Exploited; RedHat npm Affected; Dashlane Bruteforce Attach

    Jun 2, 20265m#9954

    Unidentified RAT pushes NetSupport RAT https://isc.sans.edu/diary/Unidentified%20RAT%20pushes%20NetSupport%20RAT/33034 CVE-2026-41089: Windows Netlogon Vulnerability Exploited https://ccb.belgium.be/advisories/warning-mi

  17. SANS Stormcast Monday, June 1st, 2026: Bitskrieg; Gogs Unpatched Vuln; Oracle Critical Updates; PAN-OS Exploited;

    Jun 1, 20264m#9952

    Announcing Bitskrieg https://deadeclipse666.blogspot.com/2026/05/announcing-bitskrieg.html Vulnerability in Gogs https://www.rapid7.com/blog/post/ve-authenticated-rce-via-argument-injection-gogs-unfixed/ Oracle Critical

  18. SANS Stormcast Friday, May 29th, 2026: @sans_edu research; Honeypot Log; VPN “Toad”; Silent Ransom Group

    May 29, 20266m#9950

    Research Review Journal https://assets.contentstack.io/v3/assets/blt83c410d686aa5f84/blt3cff46f63887f83e/research-review-journal https://www.sans.edu/cyber-research Analysis of a Year of Files Uploaded to DShield Sensors

  19. SANS Stormcast Thursday, May 28th, 2026: Akira Ransomware; Vaultjacking; Poisoned Chatbot and Search Results;

    May 28, 20266m#9948

    Reconstructing an Akira Ransomware Kill Chain from Perimeter and Endpoint Logs https://isc.sans.edu/diary/Reconstructing%20an%20Akira%20Ransomware%20Kill%20Chain%20from%20Perimeter%20and%20Endpoint%20Logs/33024 Vaultjack

  20. SANS Stormcast Wednesday, May 27th, 2026: Fake Claude Ads; SharePoint Vuln; Angular Vulnerabilities

    May 27, 20266m#9946

    Possible ACR Stealer From Page Impersonating Claude https://isc.sans.edu/diary/Possible%20ACR%20Stealer%20From%20Page%20Impersonating%20Claude/33018 Microsoft SharePoint Remote Code Execution Vulnerability CVE-2026-45659

  21. SANS Stormcast Tuesday, May 26th, 2026: VBA in MSFT Access; NPM Stealer; PHP Laravel Compromise; Google API Key Lag;

    May 26, 20266m#9944

    Microsoft Access VBA https://isc.sans.edu/diary/Microsoft%20Access%20VBA/33012 An Example of Stack String in High Level Language https://isc.sans.edu/diary/An%20Example%20of%20Stack%20String%20in%20High%20Level%20Languag

  22. SANS Stormcast Friday, May 22nd, 2026: Selective HTTP Proxying; More GitHub Repo Trouble; MSFT Defender Patches;

    May 22, 20266m#9942

    Selective HTTP Proxying in Linux https://isc.sans.edu/diary/Selective%20HTTP%20Proxying%20in%20Linux/33002 Megalodon: Mass GitHub Repo Backdooring via CI Workflows https://safedep.io/megalodon-mass-github-repo-backdoorin

  23. SANS Stormcast Thursday, May 21st, 2026: GitHub Breach; Agentic Threat Intel Feed; NGINX Vuln; YellowKey Fix; Incomplete SonicWall Patch

    May 21, 20265m#9940

    GitHub Breach https://x.com/github/status/2056949168208552080 Agentic Threat Intelligence Feed - VS Code Extensions https://agentmesh.knostic.ai/extensions More NGINX Vulnerabilities https://x.com/nebusecurity/status/205

  24. SANS Stormcast Wednesday, May 20th, 2026: Assume Supply Chain Compromise; GitHub Action Compromise;

    May 20, 20266m#9938

    TeamPCP Supply Chain Campaign: Activity Through 2026-05-17 https://isc.sans.edu/diary/TeamPCP%20Supply%20Chain%20Campaign%3A%20Activity%20Through%202026-05-17/32994 https://slsa.dev/spec/v0.1/levels Github Action Comprom

  25. SANS Stormcast Tuesday, May 19th, 2026: New libssh in Malware; Exchange 0-Day; MSFT Authenticator Update

    May 19, 20266m#9936

    New Malware Libraries means New Signatures https://isc.sans.edu/diary/%5BGuest%20Diary%5D%20%20New%20Malware%20Libraries%20means%20New%20Signatures/32986 Addressing Exchange Server May 2026 vulnerability CVE-2026-42897 h