SANS Internet Storm Center's Daily Network Security News Podcast

SANS Stormcast Friday, January 23rd, 2026: Scanning AI Code; FortiGate Update; ISC BIND DoS; Trivial SmaterMail Vulnerability Is AI-Generated Code Secure? Xavier used the free static code analysis tool Bandit to review code he wrote with heavy AI support. https://isc.sans.edu/diary/Is%20AI-Generated%20Code%20Secure%3F/32648 Malicious Configuration Changes On Fortinet FortiGate Devices via SSO Accounts Arctic Wolf summarized some of the attacks it is seeing against FortiGate devices via the insufficiently patched SSL vulnerability....

SANS Internet Storm Center's Daily Network Security News Podcast

SANS Stormcast Thursday, January 22nd, 2026: Visual Studio Code Scripts; Cisco Unified Comm and Zoom Vuln; Insufficient Fortinet Patch; SANS SOC Survey Automatic Script Execution In Visual Studio Code Visual Studio Code will read configuration files within the source code that may lead to code execution. https://isc.sans.edu/diary/Automatic%20Script%20Execution%20In%20Visual%20Studio%20Code/32644 Cisco Unified Communications Products Remote Code Execution Vulnerability
A vulnerability in Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager Session...

SANS Internet Storm Center's Daily Network Security News Podcast

SANS Stormcast Wednesday, January 21st, 2026: Punycode Hunting; telnetd vuln; 6 day Certs and IP Certs; Oracle Patches Add Punycode to your Threat Hunting Routine Punycode patterns in DNS queries make excellent hunting opportunities. https://isc.sans.edu/diary/Add%20Punycode%20to%20your%20Threat%20Hunting%20Routine/32640 GNU InetUtils Security Advisory: remote authentication by-pass intelnetd telnetd shipping with InetUtils suffers from a critical authentication by-pass vulnerability. https://www.openwall.com/lists/oss-security/2026/01/20/2 6-day and IP Address Certificates are Generally...

SANS Internet Storm Center's Daily Network Security News Podcast

SANS Stormcast Tuesday, January 20th, 2026: Scans Against LLMs; NTLM Rainbow Table; OOB MSFT Patch "How many states are there in the United States?" Attackers are actively scanning for LLMs, fingerprinting them using the query “How many states are there in the United States?”. https://isc.sans.edu/diary/%22How%20many%20states%20are%20there%20in%20the%20United%20States%3F%22/32618 Closing the Door on Net-NTLMv1: Releasing Rainbow Tables to Accelerate Protocol Deprecation Mandiant is publicly releasing a comprehensive dataset of Net-NTLMv1 rainbow tables to underscore the urgency of...

SANS Internet Storm Center's Daily Network Security News Podcast

SANS Stormcast Friday, January 16th, 2026: Cryptojacking Hidden Gifts; Bluetooth Vulnerability; Reprompt in MSFT Copilot Battling Cryptojacking, Botnets, and IABs Cryptojacking often comes with less obvious addons, like SSH backdoors https://isc.sans.edu/diary/Battling%20Cryptojacking%2C%20Botnets%2C%20and%20IABs%20%5BGuest%20Diary%5D/32632 Microsoft Copilot Reprompt Attacks Adding a query parameter to the URL may prefill a Copilot prompt, altering the meaning of the prompts that follow. https://www.varonis.com/blog/reprompt Hijacking Bluetooth Accessories Using Google Fast Pair Google’s...

SANS Internet Storm Center's Daily Network Security News Podcast

SANS Stormcast Thursday, January 15th, 2026: Luma Streal Repeat Infection; ServiceNow Broken Auth; Starlink/GPS Jamming Infection repeatedly adds scheduled tasks and increases traffic to the same C2 domain https://isc.sans.edu/diary/Infection%20repeatedly%20adds%20scheduled%20tasks%20and%20increases%20traffic%20to%20the%20same%20C2%20domain/32628 BodySnatcher (CVE-2025-12420): A Broken Authentication and Agentic Hijacking Vulnerability in ServiceNow https://appomni.com/ao-labs/bodysnatcher-agentic-ai-security-vulnerability-in-servicenow/ Starlink Terminal GPS Spoofing/Jamming Detection in Iran...

SANS Internet Storm Center's Daily Network Security News Podcast

SANS Stormcast Wednesday, January 14th, 2026: Microsoft, Adobe and Fortinet Patches; ConsentFix Microsoft Patch Tuesday January 2026 Microsoft released patches for 113 vulnerabilities. This includes one already exploited vulnerability, one that was made public before today and eight critical vulnerabilities. https://isc.sans.edu/diary/January%202026%20Microsoft%20Patch%20Tuesday%20Summary/32624 Adobe Patches Adobe released patches for five products. The code execution vulnerabilities in ColdFusion and Acrobat Reader deserve special attention. https://helpx.adobe.com/security.html Fortinet...

SANS Internet Storm Center's Daily Network Security News Podcast

SANS Stormcast Tuesday, January 13th, 2026: n8n got npm’ed; Gogs exploit; telegram proxy links n8n supply chain attack Malicious npm pagackages were used to attempt to obtain user OAUTH credentials for NPM. https://www.endorlabs.com/learn/n8mare-on-auth-street-supply-chain-attack-targets-n8n-ecosystem Gogs 0-Day Exploited in the Wild An at the time unpachted flaw in Gogs was exploited to compromise git repos. https://www.wiz.io/blog/wiz-research-gogs-cve-2025-8110-rce-exploit Telegram Proxy Link Abuse Telegram proxy links have been abused to deanonymize users...

SANS Internet Storm Center's Daily Network Security News Podcast

SANS Stormcast Monday, January 12th, 2026: PEB Manipulation; YARA Update; VideoLAND and Apache NimBLE Patches Malicious Process Environment Block Manipulation The process environment block contains metadata about particular processes, but can be manipulated. https://isc.sans.edu/diary/Malicious+Process+Environment+Block+Manipulation/32614/ YARA-X 1.11.0 Release: Hash Function Warnings The latest version of YARA will warn users if a hash rule attempts to match an invalid hash. https://isc.sans.edu/diary/YARA-X%201.11.0%20Release%3A%20Hash%20Function%20Warnings/32616 VideoLAN Security Bulletin...

SANS Internet Storm Center's Daily Network Security News Podcast

SANS Stormcast Friday, January 9th, 2026: Gephi Analysis; zlib vuln; GnuPG Vulns; Cisco/Cloudflare DNS Issue Analysis using Gephi with DShield Sensor Data Gephi is a neat tool to create interactive data visualizations. It can be applied to honeypot data to find data clusters. https://isc.sans.edu/diary/Analysis%20using%20Gephi%20with%20DShield%20Sensor%20Data/32608 zlib v1.3.1.2 Global Buffer Overflow in TGZfname() of zlib untgz Utility The untgz utility that is part of zlib suffers from a straightforward buffer overflow in the filename parameter https://seclists.org/fulldisclosure/2026/Jan/3...