SANS Internet Storm Center's Daily Network Security News Podcast

A brief daily summary of what is important in information security. The podcast is published every weekday and designed to get you ready for the day with a brief, usually 5 minutes long summary of current network security related events. The content is late breaking, educational and based on listener input as well as on input received by the SANS Internet Storm Center. You may submit questions and comments via our contact form at https://isc.sans.edu/contact.html .

SANS Stormcast Wednesday, August 13th, 2025: Microsoft Patch Tuesday; libarchive vulnerability upgrade; Adobe Patches (#) 08/12/2025

SANS Stormcast Tuesday, August 12th, 2025: Erlang OTP SSH Exploits (Palo Alto Networks); Winrar Exploits; Netscaler Exploits; OpenSSH Pushing PQ Crypto; (#) 08/11/2025

SANS Stormcast Monday, August 11th, 2025: Fake Tesla Preorders; Bad USB Cameras; Win-DoS Epidemic (#) 08/10/2025

SANS Stormcast Friday, August 8th, 2025:: ASN43350 Mass Scans; HTTP1.1 Must Die; Hyprid Exchange Vuln; Sonicwall Update; SANS.edu Research: OSS Security and Shifting Left (#) 08/07/2025

SANS Stormcast Thursday, August 7th, 2025: Sextortion Update; Adobe and Trend Micro release emergency patches (#) 08/06/2025

SANS Stormcast Wednesday, August 6th, 2025: Machinekeys and VIEWSTATEs; Perplexity Unethical Learning; SonicWall Updates (#) 08/05/2025

SANS Stormcast Tuesday, August 05, 2025: Daily Trends Report; NVidia Triton RCE; Cursor AI Misconfiguration (#) 08/04/2025

SANS Stormcast Sunday, August 03, 2025: Legacy Protocols; Sonicwall SSL VPN Possible 0-Day; (#) 08/03/2025

SANS Stormcast Friday, August 1st, 2025: Scattered Spider Domains; Excel Blocking Dangerous Links; CISA Releasing Thorium Platform (#) 07/31/2025

SANS Stormcast Thursday July 31st, 2025: Firebase Security; WebKit Vuln Exploited; Scattered Spider Update (#) 07/30/2025

SANS Stormcast Wednesday July 30th, 2025: Apple Updates; Python Triage; Papercut Vuln Exploited (#) 07/29/2025

SANS Stormcast Tuesday, July 29th, 2025:Parasitic Exploits; Cisco ISE Exploit; MyASUS Vuln (#) 07/28/2025

SANS Stormcast Monday, July 28th, 2025: Linux Namespaces; UI Automation Abuse; Autoswagger (#) 07/27/2025

SANS Stormcast Friday, July 25th, 2025: ficheck.py; Mital and SonicWall Patches (#) 07/24/2025

SANS Stormcast Thursday, July 24th, 2025: Reversing SharePoint Exploit; NPM “is” Compromise; (#) 07/24/2025

SANS Stormcast Wednesday, July 23rd, 2025: Sharepoint 2016 Patch; MotW Privacy and WinZip; Interlock Ransomware; Sophos Patches (#) 07/22/2025

SANS Stormcast Tuesday, July 22nd, 2025: SharePoint Emergency Patches; How Long Does Patching Take; HPE Wifi Vuln; Zoho WorkDrive Abused (#) 07/21/2025

SANS Stormcast Tuesday, July 22nd, 2025: SharePoint Emergency Patches; How Long Does Patching Take; HPE Wifi Vuln; Zoho WorkDrive Abused (#) SANS Stormcast Tuesday, July 22nd, 2025: SharePoint Emergency Patches; How Long Does Patching Take; HPE Wifi Vuln; Zoho WorkDrive Abused Microsoft Released Patches for SharePoint Vulnerability CVE-2025-53770 CVE-2025-53771 Microsoft released a patch for the currently exploited SharePoint vulnerability. It also added a second CVE number identifying the authentication bypass vulnerability. https://msrc.microsoft.com/blog/2025/07/customer-guidance-for-sharepoint-vulnerability-cve-2025-53770/ How Quickly Are Systems Patched? Jan took Shodan data to check how quickly recent vulnerabilities were patched. The quick answer: Not fast enough. https://isc.sans.edu/diary/How%20quickly%20do%20we%20patch%3F%20A%20quick%20look%20from%20the%20global%20viewpoint/32126 HP Enterprise Instant On Access Points Vulnerability HPE patched two vulnerabilities in its Instant On access points (aka Aruba). One allows for authentication bypass, while the second one enables arbitrary code execution as admin. https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04894en_us Revealing the AppLocker Bypass Risks in The Suggested Block-list Policy AppLocker sample policies suffer from a simple bug that may enable some rule bypass, but only if signatures are not enforced. While reviewing Microsoft’s suggested configuration, Varonis Threat Labs noticed a subtle but important issue: the MaximumFileVersion field was set to 65355 instead of the expected 65535. https://www.varonis.com/blog/applocker-bypass-risks Ghost Crypt Malware Leverages Zoho WorkDrive The Ghost malware tricks users into downloading by sending links to Zoho WorkDrive locations. https://www.esentire.com/blog/ghost-crypt-powers-purerat-with-hypnosis keywords: SharePoint; patches; zoho; workdrive; applocker; hpe; aruba; /episode/index/show/securitypodcast/id/37497410