SANS Internet Storm Center's Daily Network Security News Podcast

SANS Stormcast Friday, January 16th, 2026: Cryptojacking Hidden Gifts; Bluetooth Vulnerability; Reprompt in MSFT Copilot Battling Cryptojacking, Botnets, and IABs Cryptojacking often comes with less obvious addons, like SSH backdoors https://isc.sans.edu/diary/Battling%20Cryptojacking%2C%20Botnets%2C%20and%20IABs%20%5BGuest%20Diary%5D/32632 Microsoft Copilot Reprompt Attacks Adding a query parameter to the URL may prefill a Copilot prompt, altering the meaning of the prompts that follow. https://www.varonis.com/blog/reprompt Hijacking Bluetooth Accessories Using Google Fast Pair Google’s...

SANS Internet Storm Center's Daily Network Security News Podcast

SANS Stormcast Thursday, January 15th, 2026: Luma Streal Repeat Infection; ServiceNow Broken Auth; Starlink/GPS Jamming Infection repeatedly adds scheduled tasks and increases traffic to the same C2 domain https://isc.sans.edu/diary/Infection%20repeatedly%20adds%20scheduled%20tasks%20and%20increases%20traffic%20to%20the%20same%20C2%20domain/32628 BodySnatcher (CVE-2025-12420): A Broken Authentication and Agentic Hijacking Vulnerability in ServiceNow https://appomni.com/ao-labs/bodysnatcher-agentic-ai-security-vulnerability-in-servicenow/ Starlink Terminal GPS Spoofing/Jamming Detection in Iran...

SANS Internet Storm Center's Daily Network Security News Podcast

SANS Stormcast Wednesday, January 14th, 2026: Microsoft, Adobe and Fortinet Patches; ConsentFix Microsoft Patch Tuesday January 2026 Microsoft released patches for 113 vulnerabilities. This includes one already exploited vulnerability, one that was made public before today and eight critical vulnerabilities. https://isc.sans.edu/diary/January%202026%20Microsoft%20Patch%20Tuesday%20Summary/32624 Adobe Patches Adobe released patches for five products. The code execution vulnerabilities in ColdFusion and Acrobat Reader deserve special attention. https://helpx.adobe.com/security.html Fortinet...

SANS Internet Storm Center's Daily Network Security News Podcast

SANS Stormcast Tuesday, January 13th, 2026: n8n got npm’ed; Gogs exploit; telegram proxy links n8n supply chain attack Malicious npm pagackages were used to attempt to obtain user OAUTH credentials for NPM. https://www.endorlabs.com/learn/n8mare-on-auth-street-supply-chain-attack-targets-n8n-ecosystem Gogs 0-Day Exploited in the Wild An at the time unpachted flaw in Gogs was exploited to compromise git repos. https://www.wiz.io/blog/wiz-research-gogs-cve-2025-8110-rce-exploit Telegram Proxy Link Abuse Telegram proxy links have been abused to deanonymize users...

SANS Internet Storm Center's Daily Network Security News Podcast

SANS Stormcast Monday, January 12th, 2026: PEB Manipulation; YARA Update; VideoLAND and Apache NimBLE Patches Malicious Process Environment Block Manipulation The process environment block contains metadata about particular processes, but can be manipulated. https://isc.sans.edu/diary/Malicious+Process+Environment+Block+Manipulation/32614/ YARA-X 1.11.0 Release: Hash Function Warnings The latest version of YARA will warn users if a hash rule attempts to match an invalid hash. https://isc.sans.edu/diary/YARA-X%201.11.0%20Release%3A%20Hash%20Function%20Warnings/32616 VideoLAN Security Bulletin...

SANS Internet Storm Center's Daily Network Security News Podcast

SANS Stormcast Friday, January 9th, 2026: Gephi Analysis; zlib vuln; GnuPG Vulns; Cisco/Cloudflare DNS Issue Analysis using Gephi with DShield Sensor Data Gephi is a neat tool to create interactive data visualizations. It can be applied to honeypot data to find data clusters. https://isc.sans.edu/diary/Analysis%20using%20Gephi%20with%20DShield%20Sensor%20Data/32608 zlib v1.3.1.2 Global Buffer Overflow in TGZfname() of zlib untgz Utility The untgz utility that is part of zlib suffers from a straightforward buffer overflow in the filename parameter https://seclists.org/fulldisclosure/2026/Jan/3...

SANS Internet Storm Center's Daily Network Security News Podcast

SANS Stormcast Thursday, January 8th, 2026: HTML QR Code Phishing; n8n vulnerability; Powerbank Feature Creep A phishing campaign with QR codes rendered using an HTML table Phishing emails are bypassing filters by encoding QR codes as HTML tables. https://isc.sans.edu/diary/A%20phishing%20campaign%20with%20QR%20codes%20rendered%20using%20an%20HTML%20table/32606 n8n vulnerabilities In recent days, several new n8n vulnerabilities were disclosed. Ensure that you update any on-premises installations and carefully consider what to use n8n for....

SANS Internet Storm Center's Daily Network Security News Podcast

SANS Stormcast Wednesday, January 7th, 2026: Tailsnitch Review; D-Link DSL EoL Vuln; TOTOLINK Unpatched Vuln Tool Review: Tailsnitch Tailsnitch is a tool to audit your Tailscale configuration. It does a comprehensive analysis of your configuration and suggests (or even applies) fixes. https://isc.sans.edu/diary/Tool%20Review%3A%20Tailsnitch/32602 D-Link DSL Command Injection via DNS Configuration Endpoint A new vulnerability in very old D-Link DSL modems is currently being exploited. https://www.vulncheck.com/advisories/dlink-dsl-command-injection-via-dns-configuration-endpoint TOTOLINK EX200...

SANS Internet Storm Center's Daily Network Security News Podcast

SANS Stormcast Tuesday, January 6th, 2026: IPKVM Risks; Tailsnitch; Net-SNMP Vuln; Risks of OOB Access via IP KVM Devices Recently, cheap IP KVMs have become popular. But their deployment needs to be secured. https://isc.sans.edu/diary/Risks%20of%20OOB%20Access%20via%20IP%20KVM%20Devices/32598 Tailsnitch Tailsnitch is a tool to review your Tailscale configuration for vulnerabilities https://github.com/Adversis/tailsnitch Net-SNMP snmptrapd vulnerability A new vulnerability in snmptrapd may lead to remote code execution...

SANS Internet Storm Center's Daily Network Security News Podcast

SANS Stormcast Monday, January 5th, 2026: MongoBleed/React2Shell Recap; Crypto Scams; DNS Stats; Old Fortinet Vulns Cryptocurrency Scam Emails and Web Pages As We Enter 2026 Scam emails are directing victims to confidence scams attempting to steal cryptocurrencies. https://isc.sans.edu/diary/Cryptocurrency%20Scam%20Emails%20and%20Web%20Pages%20As%20We%20Enter%202026/32594 Debugging DNS response times with tshark tshark is a powerful tool to debug DNS timing issues. https://isc.sans.edu/diary/Debugging+DNS+response+times+with+tshark/32592/ Old Fortinet Devices Have not been updated Over 10,000...