Podcasts about stormcast

Differentiating Between a Targeted Intrusion and an Automated Opportunistic Scanning [Guest Diary] https://isc.sans.edu/diary/Differentiating%20Between%20a%20Targeted%20Intrusion%20and%20an%20Automated%20Opportunistic%20Scanning%20%5BGuest%20Diary%5D/32768 CVE-2026-29000: Critical Authentication Bypass in pac4j-jwt - Using Only a Public Key (CVSS 10) https://www.codeant.ai/security-research/pac4j-jwt-authentication-bypass-public-key FreeScout Help Desk Vulnerability https://github.com/freescout-help-desk/freescout/security/advisories/GHSA-mw88-x7j3-74vc Microsoft Authenticator Not Supported on Graphene OS https://www.heise.de/en/news/GrapheneOS-Microsoft-Authenticator-does-not-support-secure-Android-OS-11200495.html

Want More XWorm? https://isc.sans.edu/diary/Want%20More%20XWorm%3F/32766 Cisco Secure Firewall Management Center Vulnerabilities https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-rce-NKhnULJh https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-onprem-fmc-authbypass-5JPp45V2 LastPass Phishing https://www.securityweek.com/lastpass-users-targeted-with-backup-themed-phishing-emails/

Bruteforce Scans for CrushFTP https://isc.sans.edu/diary/Bruteforce%20Scans%20for%20CrushFTP%20/32762 Android March 2026 Patches, including 0-Day (CVE-2026-21385) https://source.android.com/docs/security/bulletin/2026/2026-03-01 OAuth redirection abuse enables phishing and malware delivery https://www.microsoft.com/en-us/security/blog/2026/03/02/oauth-redirection-abuse-enables-phishing-malware-delivery/

Quick Howto: ZIP Files Inside RTF https://isc.sans.edu/diary/Quick+Howto+ZIP+Files+Inside+RTF/32696/#comments Keeping the Internet fast and secure: introducing Merkle Tree Certificates https://blog.cloudflare.com/bootstrap-mtc/ Taming Agentic Browsers: Vulnerability in Chrome Allowed Extensions to Hijack New Gemini Panel https://unit42.paloaltonetworks.com/gemini-live-in-chrome-hijacking/

Nick Badders sits down with Monica Ramirez, the Royals Education/ESL & Latin American Initiatives Manager. They talked Monica winning the Katy Feeney Leadership Award, her role with the Royals, teaching players English, the meaning behind the Carlos Fortuna Award and more.The Omaha Storm Chasers' first home game of the 2026 season is on March 31st against the Buffalo Bisons. The full 2026 schedule can be found here and single-game tickets are now available here.For tickets and more information, please visit omahastormchasers.com, call the Werner Park Ticket office at (402) 738-5100, and follow the team on social media. You can follow the team on X @omastormchasers, on Instagram @omahastormchasers, and “like” the team on Facebook at facebook.com/omahastormchasers.

Fake Fedex Email Delivers Donuts! https://isc.sans.edu/diary/Fake%20Fedex%20Email%20Delivers%20Donuts!/32754 Abusing .ARPA: The TLD that isn t supposed to host anything https://www.infoblox.com/blog/threat-intelligence/abusing-arpa-the-tld-that-isnt-supposed-to-host-anything/ MC1179154 - Microsoft Authenticator app: Upcoming changes to jailbreak and root detection https://mc.merill.net/message/MC1179154 SECURITY BULLETIN: Apex One and Apex One (Mac) - February 2026 https://success.trendmicro.com/en-US/solution/KA-0022458 Special Webcast: AirSnitch How Worried Should You Be? https://www.sans.org/webcasts/airsnitch-how-worried-should-you-be

Finding Signal in the Noise: Lessons Learned Running a Honeypot with AI Assistance [Guest Diary] https://isc.sans.edu/diary/Finding%20Signal%20in%20the%20Noise%3A%20Lessons%20Learned%20Running%20a%20Honeypot%20with%20AI%20Assistance%20%5BGuest%20Diary%5D/32744 Google API Keys Weren't Secrets. But then Gemini Changed the Rules. https://trufflesecurity.com/blog/google-api-keys-werent-secrets-but-then-gemini-changed-the-rules AirSnitch: Demystifying and Breaking Client Isolation in Wi-Fi Networks https://www.ndss-symposium.org/ndss-paper/airsnitch-demystifying-and-breaking-client-isolation-in-wi-fi-networks/

The CLAIR Model: A Synthesized Conceptual Framework for Mapping Critical Infrastructure Interdependencies [Guest Diary] https://isc.sans.edu/diary/The+CLAIR+Model+A+Synthesized+Conceptual+Framework+for+Mapping+Critical+Infrastructure+Interdependencies+Guest+Diary/32748 Cisco Catalyst SD-WAN Controller Authentication Bypass Vulnerability CVE-2026-20127 https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-rpa-EHchtZk https://blog.talosintelligence.com/uat-8616-sd-wan/ Abusing Cortex XDR Live https://labs.infoguard.ch/posts/abusing_cortex_xdr_live_response_as_c2/ OpenSSL Vulnerability CVE-2025-15467 https://seclists.org/oss-sec/2026/q1/220

Open Redirects: A Forgotten Vulnerability? https://isc.sans.edu/diary/Open%20Redirects%3A%20A%20Forgotten%20Vulnerability%3F/32742 Goodbye innerHTML, Hello setHTML: Stronger XSS Protection in Firefox 148 https://hacks.mozilla.org/2026/02/goodbye-innerhtml-hello-sethtml-stronger-xss-protection-in-firefox-148/ More telnetd issues https://seclists.org/oss-sec/2026/q1/199

Another day, another malicious JPEG https://isc.sans.edu/diary/Another%20day%2C%20another%20malicious%20JPEG/32738 Calibre Path Traversal Leading to Arbitrary File Write and Potentially Code Execution CVE-2026-26064 CVE-2026-26065 https://github.com/kovidgoyal/calibre/security/advisories/GHSA-72ch-3hqc-pgmp https://github.com/kovidgoyal/calibre/security/advisories/GHSA-vmfh-7mr7-pp2w CVE-2026-25755: PDF Object Injection in jsPDF (addJS Method) https://github.com/ZeroXJacks/CVEs/blob/main/2026/CVE-2026-25755.md Roundcube Webmail Exploited CVE-2025-49113 https://roundcube.net/news/2025/06/01/security-updates-1.6.11-and-1.5.10 https://www.openwall.com/lists/oss-security/2025/06/02/3

Japanese-Language Phishing Emails https://isc.sans.edu/diary/Japanese-Language%20Phishing%20Emails/32734 'God-Like' Attack Machines: AI Agents Ignore Security Policies https://www.darkreading.com/application-security/ai-agents-ignore-security-policies Starkiller: New Phishing Framework Proxies Real Login Pages to Bypass MFA https://abnormal.ai/blog/starkiller-phishing-kit

Under the Hood of DynoWiper https://isc.sans.edu/diary/Under%20the%20Hood%20of%20DynoWiper/32730 Vibe Password Generation: Predictable by Design https://www.irregular.com/publications/vibe-password-generation Vulnerabilities (CVE-2025-65715, CVE-2025-65716, CVE-2025-65717) in four popular IDE Extensions https://www.ox.security/blog/four-vulnerabilities-expose-a-massive-security-blind-spot-in-ide-extensions/ Grandstream GXP1600 VoIP Phones https://www.rapid7.com/blog/post/ve-cve-2026-2329-critical-unauthenticated-stack-buffer-overflow-in-grandstream-gxp1600-voip-phones-fixed/

Tracking Malware Campaigns With Reused Material https://isc.sans.edu/diary/Tracking%20Malware%20Campaigns%20With%20Reused%20Material/32726 From BRICKSTORM to GRIMBOLT: UNC6201 Exploiting a Dell RecoverPoint for Virtual Machines Zero-Day https://cloud.google.com/blog/topics/threat-intelligence/unc6201-exploiting-dell-recoverpoint-zero-day Windows Admin Center Elevation of Privilege Vulnerability CVE-2026-26119 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26119 DNS-PERSIST-01: A New Model for DNS-based Challenge Validation https://letsencrypt.org/2026/02/18/dns-persist-01.html Defending Web Apps https://www.sans.org/cyber-security-courses/application-security-securing-web-apps-api-microservices

Fake Incident Report Used in Phishing Campaign https://isc.sans.edu/diary/Fake%20Incident%20Report%20Used%20in%20Phishing%20Campaign/32722 Divide and conquer: how the new Keenadu backdoor exposed links between major Android botnets https://securelist.com/keenadu-android-backdoor/118913/ CVE-2026-25903: Apache NiFi: Missing Authorization of Restricted Permissions for Component Updates https://seclists.org/oss-sec/2026/q1/166 The Next Frontier of Runtime Assembly Attacks: Leveraging LLMs to Generate Phishing JavaScript in Real Time https://unit42.paloaltonetworks.com/real-time-malicious-javascript-through-llms/ Encrypted RCS in iOS/iPadOS https://developer.apple.com/documentation/ios-ipados-release-notes/ios-ipados-26_4-release-notes

2026 64-Bits Malware Trend https://isc.sans.edu/diary/2026%2064-Bits%20Malware%20Trend/32718 A Comparative Security Analysis of Three Cloud-based Password Managers https://zkae.io Infostealer Infection Targeting OpenClaw Configurations https://www.infostealers.com/article/hudson-rock-identifies-real-world-infostealer-infection-targeting-openclaw-configurations/

Nick Badders sits down with 2025 Storm Chasers pitcher, John Gant, on the StormCast. John talks about meeting Bobby Cox, some of his favorite youth baseball memories, becoming a better packer since he became a dad and more.The Omaha Storm Chasers' first home game of the 2026 season is on March 31st against the Buffalo Bisons. The full 2026 schedule can be found here and single-game tickets are now available here.For tickets and more information, please visit omahastormchasers.com, call the Werner Park Ticket office at (402) 738-5100, and follow the team on social media. You can follow the team on X @omastormchasers, on Instagram @omahastormchasers, and “like” the team on Facebook at facebook.com/omahastormchasers.

AI-Powered Knowledge Graph Generator & APTs https://isc.sans.edu/diary/AI-Powered%20Knowledge%20Graph%20Generator%20%26%20APTs/32712 nslookup and ClickFix https://x.com/MsftSecIntel/status/2022456612120629742 Google Chrome 0-Day Patch https://chromereleases.googleblog.com/2026/02/stable-channel-update-for-desktop_13.html TURN Security Threats https://www.enablesecurity.com/blog/turn-server-security-threats/

Four Seconds to Botnet - Analyzing a Self-Propagating SSH Worm with Cryptographically Signed C2 [Guest Diary] https://isc.sans.edu/diary/Four%20Seconds%20to%20Botnet%20-%20Analyzing%20a%20Self%20Propagating%20SSH%20Worm%20with%20Cryptographically%20Signed%20C2%20%5BGuest%20Diary%5D/32708 OpenSSH Update on MacOS https://www.openssh.org/releasenotes.html Employee Monitoring and SimpleHelp Software Abused in Ransomware Operations https://www.huntress.com/blog/employee-monitoring-simplehelp-abused-in-ransomware-operations

WSL in the Malware Ecosystem https://isc.sans.edu/diary/32704 Apple Patches Everything: February 2026 https://isc.sans.edu/diary/Apple%20Patches%20Everything%3A%20February%202026/32706 Adobe Updates https://helpx.adobe.com/security/security-bulletin.html

Microsoft Patch Tuesday - February 2026 https://isc.sans.edu/diary/Microsoft%20Patch%20Tuesday%20-%20February%202026/32700 Refreshing the root of trust https://blogs.windows.com/windowsexperience/2026/02/10/refreshing-the-root-of-trust-industry-collaboration-on-secure-boot-certificate-updates/ Fake 7-Zip downloads are turning home PCs into proxy nodes https://www.malwarebytes.com/blog/threat-intel/2026/02/fake-7-zip-downloads-are-turning-home-pcs-into-proxy-nodes FortiNet Vulnerabilities https://fortiguard.fortinet.com/psirt/FG-IR-25-093 https://fortiguard.fortinet.com/psirt/FG-IR-25-1052

Quick Howto: Extract URLs from RTF files https://isc.sans.edu/diary/Quick%20Howto%3A%20Extract%20URLs%20from%20RTF%20files/32692 German Agencies Warn of Signal Phishing Targeting Politicians, Military, Journalists German: https://thehackernews.com/2026/02/german-agencies-warn-of-signal-phishing.html English: https://www.verfassungsschutz.de/SharedDocs/publikationen/DE/praevention_wirtschafts-und_wissenschaftsschutz/2026-02-06-gemeinsame-warnmitteilung-phishing.pdf?__blob=publicationFile&v=3 Someone Knows Bash Far Too Well, And We Love It - Pre-Auth RCEs https://labs.watchtowr.com/someone-knows-bash-far-too-well-and-we-love-it-ivanti-epmm-pre-auth-rces-cve-2026-1281-cve-2026-1340/ Pre-Auth RCE in BeyondTrust Remote Support & PRA CVE-2026-1731 https://www.hacktron.ai/blog/cve-2026-1731-beyondtrust-remote-support-rce https://www.beyondtrust.com/trust-center/security-advisories/bt26-02 Fortinet FortiClientEMS SQLi in the administrative interface https://fortiguard.fortinet.com/psirt/FG-IR-25-1142

Microsoft Patches Four Azure Vulnerabilities (three critical) https://msrc.microsoft.com/update-guide/vulnerability Evaluating and mitigating the growing risk of LLM-discovered 0-days https://red.anthropic.com/2026/zero-days/ Gitlab AI Gateway Vulnerability CVE-2026-1868 https://about.gitlab.com/releases/2026/02/06/patch-release-gitlab-ai-gateway-18-8-1-released/

Broken Phishing URLs https://isc.sans.edu/diary/Broken+Phishing+URLs/32686/ n8n command injection vulnerability https://github.com/n8n-io/n8n/security/advisories/GHSA-6cqr-8cfr-67f8 Android February Update https://source.android.com/docs/security/bulletin/pixel/2026/2026-02-01?hl=en Watchguard Firebox LDAP Injection https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2026-00001

Malicious Script Delivering More Maliciousness https://isc.sans.edu/diary/Malicious+Script+Delivering+More+Maliciousness/32682 Synectix LAN 232 TRIO Unauthenticated Web Admin CVE-2026-1633 https://www.cisa.gov/news-events/ics-advisories/icsa-26-034-04 Google Chrome Patches https://chromereleases.googleblog.com/2026/02/stable-channel-update-for-desktop.html LookOut: Discovering RCE and Internal Access on Looker (Google Cloud & On-Prem) https://www.tenable.com/blog/google-looker-vulnerabilities-rce-internal-access-lookout

Detecting and Monitoring OpenClaw (clawdbot, moltbot) https://isc.sans.edu/diary.html/Detecting+and+Monitoring+OpenClaw+%28clawdbot%2C+moltbot%29/32678/#comment Synology telnetd Patch https://www.synology.com/en-us/releaseNote/DSM GlassWorm Loader Hits Open VSX via Developer Account Compromise https://socket.dev/blog/glassworm-loader-hits-open-vsx-via-suspected-developer-account-compromise

Scanning for exposed Anthropic Models https://isc.sans.edu/diary/Scanning%20for%20exposed%20Anthropic%20Models/32674 Notepad++ Hijacked by State-Sponsored Hackers https://www.rapid7.com/blog/post/tr-chrysalis-backdoor-dive-into-lotus-blossoms-toolkit/ https://notepad-plus-plus.org/news/hijacked-incident-info-update/ Insecure Websockets in OpenClaw https://zeropath.com/blog/openclaw-clawdbot-credential-theft-vulnerability Malicious OpenClaw Skills https://www.koi.ai/blog/clawhavoc-341-malicious-clawedbot-skills-found-by-the-bot-they-were-targeting Exposed OpenClaw Instances https://censys.com/blog/openclaw-in-the-wild-mapping-the-public-exposure-of-a-viral-ai-assistant

Nick Badders sits down with our Manager of Promotions and Game Operations Katie Scott. They talk about the 2026 promotional schedule, the planning process, giveaways, jersey auctions, big theme nights and more.For more information, please visit omahastormchasers.com, call the Werner Park Ticket office at (402) 738-5100, and follow the team on social media. You can follow the team on Twitter @omastormchasers, on Instagram @omahastormchasers, and “like” the team on Facebook at facebook.com/omahastormchasers.

Google Presentation Abuse https://isc.sans.edu/diary/Google+Presentations+Abused+for+Phishing/32668/ Security Advisory Ivanti Endpoint Manager Mobile (EPMM) (CVE-2026-1281 & CVE-2026-1340) https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Endpoint-Manager-Mobile-EPMM-CVE-2026-1281-CVE-2026-1340?language=en_US Microsoft NTLM Strategy https://techcommunity.microsoft.com/blog/windows-itpro-blog/advancing-windows-security-disabling-ntlm-by-default/4489526

No Place Like Home Network: Disrupting the World's Largest Residential Proxy Network Google dismantled the IPIDEA network that used residential proxies to route malicious traffic. https://cloud.google.com/blog/topics/threat-intelligence/disrupting-largest-residential-proxy-network Fake Clawdbot VS Code Extension Installs ScreenConnect RAT The news about Clawdbot (now Moltbot) is used to distribute malware, in particular malicious VS Code extensions. https://www.aikido.dev/blog/fake-clawdbot-vscode-extension-malware Threat Bulletin: Critical eScan Supply Chain Compromise Anti-virus vendor eScan was compromised, and its update servers were used to install malware on some customer systems. https://www.morphisec.com/blog/critical-escan-threat-bulletin/

Odd WebLogic Request. Possible CVE-2026-21962 Exploit Attempt or AI Slop? We are seeing attempts to attack CVE-2026-21962, a recent weblog vulnerability, using a non-working AI slop exploit https://isc.sans.edu/diary/Odd%20WebLogic%20Request.%20Possible%20CVE-2026-21962%20Exploit%20Attempt%20or%20AI%20Slop%3F/32662 Fortinet Patches are Rolling Out Fortinet is starting to roll out patches for the recent SSO vulnerability https://fortiguard.fortinet.com/psirt/FG-IR-26-060 SolarWinds Web Helpdesk Vulnerability Another set of vulnerabilities in SolarWinds Web Helpdesk may result in unauthenticated system access https://horizon3.ai/attack-research/cve-2025-40551-another-solarwinds-web-help-desk-deserialization-issue/

Initial Stages of Romance Scams [Guest Diary] Romance scams often start with random text messages that appear to be misrouted . This guest diary by Faris Azhari is following some of the initial stages of such a scam. https://isc.sans.edu/diary/Initial%20Stages%20of%20Romance%20Scams%20%5BGuest%20Diary%5D/32650 Denial of Service Vulnerabilities in React Server Components Another folowup fix for the severe React vulnerability from last year, but now only fixing a DoS condition. https://github.com/facebook/react/security/advisories/GHSA-83fc-fqcc-2hmg OpenSSL Updates OpenSSL released its monthly updates, fixing a potential RCE. https://openssl-library.org/news/vulnerabilities/ Kubernetes Remote Code Execution Via Nodes/Proxy GET Permission Many Kubernetes Helm Charts are vulnerable to possible remote code executions due to unclear defined access controls. https://grahamhelton.com/blog/nodes-proxy-rce

Scanning Webserver with pwd as a Starting Path Attackers are adding the output of the pwd command to their web scans. https://isc.sans.edu/diary/x/32654 Microsoft Office Security Feature Bypass Vulnerability CVE-2026-21509 Microsoft released an out-of-band patch for Office fixing a currently exploited vulnerability. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21509 Exposed Clawdbot Instances Many users of the AI tool clawdbot expose instances without access control. https://x.com/theonejvo/status/2015485025266098536

Analysis of Single Sign-On Abuse on FortiOS Fortinet released an advisory. FortiOS devices are vulnerable if configured with any SAML integration, not just FortiCloud https://www.fortinet.com/blog/psirt-blogs/analysis-of-sso-abuse-on-fortios Outlook OOB Update Microsoft released a non-security OOB Update for Outlook, fixing an issue introduced with this months security patches. https://support.microsoft.com/en-us/topic/january-24-2026-kb5078127-os-builds-26200-7628-and-26100-7628-out-of-band-cf5777f6-bb4e-4adb-b9cd-2b64df577491 VMware vCenter Server Vulnerabilities Exploited (CVE-2024-37079, CVE-2024-37080, CVE-2024-37081) A VMWare vCenter vulnerability patched last June is now actively exploited. https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24453

Is AI-Generated Code Secure? Xavier used the free static code analysis tool Bandit to review code he wrote with heavy AI support. https://isc.sans.edu/diary/Is%20AI-Generated%20Code%20Secure%3F/32648 Malicious Configuration Changes On Fortinet FortiGate Devices via SSO Accounts Arctic Wolf summarized some of the attacks it is seeing against FortiGate devices via the insufficiently patched SSL vulnerability. https://arcticwolf.com/resources/blog/arctic-wolf-observes-malicious-configuration-changes-fortinet-fortigate-devices-via-sso-accounts/ ISC BIND DoS vulnerability in Drone ID Records HHIT and BRID records, which are used as part of Drone ID, can be used to crash named if their length is 3 bytes. https://marlink.com/resources/knowledge-hub/isc-bind-vulnerability-discovered-and-disclosed-by-marlink-cyber/ SmarterTools SmarterMail Password Reset Vulnerability SmarterTools recently patched a trivial vulnerability in SmarterMail that would allow anybody without authentication to reset administrator passwords. https://labs.watchtowr.com/attackers-with-decompilers-strike-again-smartertools-smartermail-wt-2026-0001-auth-bypass/

Automatic Script Execution In Visual Studio Code Visual Studio Code will read configuration files within the source code that may lead to code execution. https://isc.sans.edu/diary/Automatic%20Script%20Execution%20In%20Visual%20Studio%20Code/32644 Cisco Unified Communications Products Remote Code Execution Vulnerability A vulnerability in Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P), Cisco Unity Connection, and Cisco Webex Calling Dedicated Instance could allow an unauthenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected device. https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-voice-rce-mORhqY4b Zoom Vulnerability A Command Injection vulnerability in Zoom Node Multimedia Routers (MMRs) before version 5.2.1716.0 may allow a meeting participant to execute remote code on the MMR via network access. https://www.zoom.com/en/trust/security-bulletin/zsb-26001/ Possible new SSO Exploit (CVE-2025-59718) on 7.4.9 https://www.reddit.com/r/fortinet/comments/1qibdcb/possible_new_sso_exploit_cve202559718_on_749/ SANS SOC Survey The 2026 SOC Survey is open, and we need your input to create a meaningful report. Please share your experience so we can advocate for what actually works in the trenches. https://survey.sans.org/jfe/form/SV_3ViqWZgWnfQAzkO?is=socsurveystormcenter

Add Punycode to your Threat Hunting Routine Punycode patterns in DNS queries make excellent hunting opportunities. https://isc.sans.edu/diary/Add%20Punycode%20to%20your%20Threat%20Hunting%20Routine/32640 GNU InetUtils Security Advisory: remote authentication by-pass intelnetd telnetd shipping with InetUtils suffers from a critical authentication by-pass vulnerability. https://www.openwall.com/lists/oss-security/2026/01/20/2 6-day and IP Address Certificates are Generally Available Let s Encrypt will now offer 6-day certificates as an option. These short-lived certificates can be used for IP addresses. https://letsencrypt.org/2026/01/15/6day-and-ip-general-availability Oracle Quarterly Critical Patch Update Oracle released its first quarterly patches for 2026, fixing 337 vulnerabilities https://www.oracle.com/security-alerts/cpujan2026.html#AppendixFMW

"How many states are there in the United States?" Attackers are actively scanning for LLMs, fingerprinting them using the query How many states are there in the United States? . https://isc.sans.edu/diary/%22How%20many%20states%20are%20there%20in%20the%20United%20States%3F%22/32618 Closing the Door on Net-NTLMv1: Releasing Rainbow Tables to Accelerate Protocol Deprecation Mandiant is publicly releasing a comprehensive dataset of Net-NTLMv1 rainbow tables to underscore the urgency of migrating away from this outdated protocol. https://cloud.google.com/blog/topics/threat-intelligence/net-ntlmv1-deprecation-rainbow-tables Out-of-band update to address issues observed with the January 2026 Windows security update Microsoft has identified issues upon installing the January 2026 Windows security update. To address these issues, an out-of-band (OOB) update was released today, January 17, 2026 https://learn.microsoft.com/en-us/windows/release-health/windows-message-center

Battling Cryptojacking, Botnets, and IABs Cryptojacking often comes with less obvious addons, like SSH backdoors https://isc.sans.edu/diary/Battling%20Cryptojacking%2C%20Botnets%2C%20and%20IABs%20%5BGuest%20Diary%5D/32632 Microsoft Copilot Reprompt Attacks Adding a query parameter to the URL may prefill a Copilot prompt, altering the meaning of the prompts that follow. https://www.varonis.com/blog/reprompt Hijacking Bluetooth Accessories Using Google Fast Pair Google s fast pair protocol is often not implemented correctly, allowing the Hijacking of Bluetooth accessories https://whisperpair.eu/#about

Nick Badders sits down with our new manager Patrick Osborn on the StormCast. Patrick talks about how it feels to be named the Chasers new manager, what he learned from Mike Jirschele, his baseball journey and more.For more information, please visit omahastormchasers.com, call the Werner Park Ticket office at (402) 738-5100, and follow the team on social media. You can follow the team on Twitter @omastormchasers, on Instagram @omahastormchasers, and “like” the team on Facebook at facebook.com/omahastormchasers.

Infection repeatedly adds scheduled tasks and increases traffic to the same C2 domain https://isc.sans.edu/diary/Infection%20repeatedly%20adds%20scheduled%20tasks%20and%20increases%20traffic%20to%20the%20same%20C2%20domain/32628 BodySnatcher (CVE-2025-12420): A Broken Authentication and Agentic Hijacking Vulnerability in ServiceNow https://appomni.com/ao-labs/bodysnatcher-agentic-ai-security-vulnerability-in-servicenow/ Starlink Terminal GPS Spoofing/Jamming Detection in Iran https://github.com/narimangharib/starlink-iran-gps-spoofing/blob/main/starlink-iran.md

Microsoft Patch Tuesday January 2026 Microsoft released patches for 113 vulnerabilities. This includes one already exploited vulnerability, one that was made public before today and eight critical vulnerabilities. https://isc.sans.edu/diary/January%202026%20Microsoft%20Patch%20Tuesday%20Summary/32624 Adobe Patches Adobe released patches for five products. The code execution vulnerabilities in ColdFusion and Acrobat Reader deserve special attention. https://helpx.adobe.com/security.html Fortinet Patches Fortnet patched two products today, one suffering from an SSRF vulnerability. https://fortiguard.fortinet.com/psirt/FG-IR-25-783 https://fortiguard.fortinet.com/psirt/FG-IR-25-084 ConsentFix: Analysing a browser-native ClickFix-style attack that hijacks OAuth consent grants Attackers are tricking victims to copy/paste OAUTH URLs, including credentials, to a fake CAPTCHA https://pushsecurity.com/blog/consentfix

n8n supply chain attack Malicious npm pagackages were used to attempt to obtain user OAUTH credentials for NPM. https://www.endorlabs.com/learn/n8mare-on-auth-street-supply-chain-attack-targets-n8n-ecosystem Gogs 0-Day Exploited in the Wild An at the time unpachted flaw in Gogs was exploited to compromise git repos. https://www.wiz.io/blog/wiz-research-gogs-cve-2025-8110-rce-exploit Telegram Proxy Link Abuse Telegram proxy links have been abused to deanonymize users https://x.com/GangExposed_RU/status/2009961417781457129

Malicious Process Environment Block Manipulation The process environment block contains metadata about particular processes, but can be manipulated. https://isc.sans.edu/diary/Malicious+Process+Environment+Block+Manipulation/32614/ YARA-X 1.11.0 Release: Hash Function Warnings The latest version of YARA will warn users if a hash rule attempts to match an invalid hash. https://isc.sans.edu/diary/YARA-X%201.11.0%20Release%3A%20Hash%20Function%20Warnings/32616 VideoLAN Security Bulletin VLC 3.0.22 CVE-2025-51602 VideoLAN fixed several vulnerabilities in its VLC software. https://www.videolan.org/security/sb-vlc3022.html Apache NimBLE Bluetooth vulnerabilities NimBLE is a Bluetooth stack popular in IoT devices. An update fixes some eavesdropping and pairing vulnerabilities. https://mynewt.apache.org/cve/

Analysis using Gephi with DShield Sensor Data Gephi is a neat tool to create interactive data visualizations. It can be applied to honeypot data to find data clusters. https://isc.sans.edu/diary/Analysis%20using%20Gephi%20with%20DShield%20Sensor%20Data/32608 zlib v1.3.1.2 Global Buffer Overflow in TGZfname() of zlib untgz Utility The untgz utility that is part of zlib suffers from a straightforward buffer overflow in the filename parameter https://seclists.org/fulldisclosure/2026/Jan/3 GnuPG Vulnerabilities Several vulnerabilities in GnuPG were disclosed during a recent talk at the CCC congress. https://gpg.fail Cisco DNS Bug Reboot Last night, several Cisco users reported that their switches rebooted. The issue appears to be related to a change Cloudflare made in the order of CNAME records. Only users using 1.1.1.1 as a recursive resolver appear to be affected. https://community.cisco.com/t5/switches-small-business/got-fatal-error-cbs350-24t-4g/td-p/5359883?utm_source=chatgpt.com

A phishing campaign with QR codes rendered using an HTML table Phishing emails are bypassing filters by encoding QR codes as HTML tables. https://isc.sans.edu/diary/A%20phishing%20campaign%20with%20QR%20codes%20rendered%20using%20an%20HTML%20table/32606 n8n vulnerabilities In recent days, several new n8n vulnerabilities were disclosed. Ensure that you update any on-premises installations and carefully consider what to use n8n for. https://www.cyera.com/research-labs/ni8mare-unauthenticated-remote-code-execution-in-n8n-cve-2026-21858 https://github.com/n8n-io/n8n/security/advisories/GHSA-v4pr-fm98-w9pg Power bank feature creep is out of control Simple power banks are increasingly equipped with advanced features, including networking, which may expose them to security risks. https://www.theverge.com/tech/856225/power-banks-are-the-latest-victims-of-feature-creep

Tool Review: Tailsnitch Tailsnitch is a tool to audit your Tailscale configuration. It does a comprehensive analysis of your configuration and suggests (or even applies) fixes. https://isc.sans.edu/diary/Tool%20Review%3A%20Tailsnitch/32602 D-Link DSL Command Injection via DNS Configuration Endpoint A new vulnerability in very old D-Link DSL modems is currently being exploited. https://www.vulncheck.com/advisories/dlink-dsl-command-injection-via-dns-configuration-endpoint TOTOLINK EX200 firmware-upload error handling can activate an unauthenticated root telnet service TOTOLINK extenders may start a telnet server and allow unauthenticated access if a firmware update fails. https://kb.cert.org/vuls/id/295169

Risks of OOB Access via IP KVM Devices Recently, cheap IP KVMs have become popular. But their deployment needs to be secured. https://isc.sans.edu/diary/Risks%20of%20OOB%20Access%20via%20IP%20KVM%20Devices/32598 Tailsnitch Tailsnitch is a tool to review your Tailscale configuration for vulnerabilities https://github.com/Adversis/tailsnitch Net-SNMP snmptrapd vulnerability A new vulnerability in snmptrapd may lead to remote code execution https://github.com/net-snmp/net-snmp/security/advisories/GHSA-4389-rwqf-q9gq

Nick Badders sits down with 2025/2025 Storm Chasers pitcher Noah Cameron on the StormCast. Noah talks about his big league call up, his success on the mound in 2025, being at Kauffman Stadium for Zack Greinke's MLB debut, the support he gets from his family and more.For more information, please visit omahastormchasers.com, call the Werner Park Ticket office at (402) 738-5100, and follow the team on social media. You can follow the team on Twitter @omastormchasers, on Instagram @omahastormchasers, and “like” the team on Facebook at facebook.com/omahastormchasers.

Cryptocurrency Scam Emails and Web Pages As We Enter 2026 Scam emails are directing victims to confidence scams attempting to steal cryptocurrencies. https://isc.sans.edu/diary/Cryptocurrency%20Scam%20Emails%20and%20Web%20Pages%20As%20We%20Enter%202026/32594 Debugging DNS response times with tshark tshark is a powerful tool to debug DNS timing issues. https://isc.sans.edu/diary/Debugging+DNS+response+times+with+tshark/32592/ Old Fortinet Devices Have not been updated Over 10,000 Fortinet devices are still vulnerable to a five year old vulnerability https://www.bleepingcomputer.com/news/security/over-10-000-fortinet-firewalls-exposed-to-ongoing-2fa-bypass-attacks/

MongoDB Unauthenticated Attacker Sensitive Memory Leak CVE-2025-14847 Over the Christmas holiday, MongoDB patched a sensitive memory leak vulnerability that is now actively being exploited https://www.mongodb.com/community/forums/t/important-mongodb-patch-available/332977 https://github.com/mongodb/mongo/commit/505b660a14698bd2b5233bd94da3917b585c5728 https://www.ox.security/blog/attackers-could-exploit-zlib-to-exfiltrate-data-cve-2025-14847/ https://github.com/joe-desimone/mongobleed/