AddGitHub
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)·Apr 28, 2026·6m·Episode #9908

SANS Stormcast Tuesday, April 28th, 2026: More TeamPCP; Citrix XenServer Unpatched Vulns; Phantom RPC;

Download audioShow notesApple PodcastsSpotify

Show notes


TeamPCP Update
https://isc.sans.edu/diary/TeamPCP%20Supply%20Chain%20Campaign%3A%20Update%20008%20-%2026-Day%20Pause%20Ends%20with%20Three%20Concurrent%20Compromises%20%28Checkmarx%20KICS%2C%20Bitwarden%20CLI%20Cascade%2C%20xinference%20PyPI%29%2C%20CanisterSprawl%20npm%20Worm%20Identified%2C%20and%20Tier%201%20Coverage%20Returns/32926
https://socket.dev/blog/73-open-vsx-sleeper-extensions-glassworm
https://checkmarx.com/blog/checkmarx-security-update-april-26/
89 vulnerabilities in XAPI / Citrix XenServer
https://shittrix.moksha.dk/#rationale
Phantom RPC
https://securelist.com/phantomrpc-rpc-vulnerability/119428/
Pi-Hole Vulnerability CVE-2026-41489
https://github.com/pi-hole/pi-hole/security/advisories/GHSA-6w8x-p785-6pm4
Linux Kernel Problem CVE-2026-41651
https://nvd.nist.gov/vuln/detail/CVE-2026-41651

← Previous

SANS Stormcast Friday April 24rd, 2026: Apple Update; Bitwarden Compromise; ASP.NET Core Patch

Next →

SANS Stormcast Wednesday, April 29th, 2026: Odd Vercel Header Usage; GitHub Vuln Patches; MSFT RDP Notification Bug