SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast) cover art

SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

By: Johannes B. Ullrich
Listen for free

About this listen

 A brief daily summary of what is important in information security. The podcast is published every weekday and designed to get you ready for the day with a brief, usually 5 minute long, summary of current network security related events. The content is late breaking, educational and based on listener input as well as on input received by the SANS Internet Stormcenter. You may submit questions and comments via our contact form at https://isc.sans.edu/contact.html .(c) SANS Institute 2025 This work is licensed under a Creative Commons License - Attribution-NonCommercial-ShareAlike - https://creativecommons.org/licenses/by-nc-sa/4.0/
Episodes
  • SANS Stormcast Wednesday, August 27th, 2025: Analyzing IDNs; Netscaler 0-Day Vuln; Git Vuln Exploited;

    SANS Stormcast Wednesday, August 27th, 2025: Analyzing IDNs; Netscaler 0-Day Vuln; Git Vuln Exploited;
    Aug 27 2025

    Getting a Better Handle on International Domain Names and Punycode
    International Domain names can be used for phishing and other attacks. One way to identify suspect names is to look for mixed script use.
    https://isc.sans.edu/diary/Getting%20a%20Better%20Handle%20on%20International%20Domain%20Names%20and%20Punycode/32234
    Citrix Netscaler Vulnerabilities CVE-2025-7775, CVE-2025-7776 and CVE-2025-8424
    Citrix patched three vulnerabilities in Netscaler. One is already being exploited
    https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX694938&articleTitle=NetScaler_ADC_and_NetScaler_Gateway_Security_Bulletin_for_CVE_2025_7775_CVE_2025_7776_and_CVE_2025_8424
    git vulnerability exploited (CVE-2025-48384)
    A git vulnerability patched in early July is now being exploited
    https://github.com/git/git/security/advisories/GHSA-vwqx-4fm8-6qc9
    Show More Show Less
    6 mins
  • SANS Stormcast Tuesday, August 26th, 2025: Decoding Word Reading Location; Image Downscaling AI Vulnerability; IBM Jazz Team Server Vuln

    SANS Stormcast Tuesday, August 26th, 2025: Decoding Word Reading Location; Image Downscaling AI Vulnerability; IBM Jazz Team Server Vuln
    Aug 26 2025

    Reading Location Position Value in Microsoft Word Documents
    Jessy investigated how Word documents store the last visited document location in the registry.
    https://isc.sans.edu/diary/Reading%20Location%20Position%20Value%20in%20Microsoft%20Word%20Documents/32224
    Weaponizing image scaling against production AI systems
    AI systems often downscale images before processing them. An attacker can create a harmless looking image that would reveal text after downscaling leading to prompt injection
    https://blog.trailofbits.com/2025/08/21/weaponizing-image-scaling-against-production-ai-systems/
    IBM Jazz Team Server Vulnerability CVE-2025-36157
    IBM patched a critical vulnerability in its Jazz Team Server
    https://www.ibm.com/support/pages/node/7242925
    Show More Show Less
    5 mins
  • SANS Stormcast Monday, August 25th, 2025: IP Cleanup; Linux Desktop Attacks; Malicious Go SSH Brute Forcer; Onmicrosoft Domain Restrictions

    SANS Stormcast Monday, August 25th, 2025: IP Cleanup; Linux Desktop Attacks; Malicious Go SSH Brute Forcer; Onmicrosoft Domain Restrictions
    Aug 25 2025

    The end of an era: Properly formatted IP addresses in all of our data.
    When initiall designing DShield, addresses were zero padded , an unfortunate choice. As of this week, datafeeds should no longer be zero padded .
    https://isc.sans.edu/diary/The%20end%20of%20an%20era%3A%20Properly%20formated%20IP%20addresses%20in%20all%20of%20our%20data./32228
    .desktop files used in an attack against Linux Desktops
    Pakistani attackers are using .desktop files to target Indian Linux desktops.
    https://www.cyfirma.com/research/apt36-targets-indian-boss-linux-systems-with-weaponized-autostart-files/
    Malicious Go Module Disguised as SSH Brute Forcer Exfiltrates Credentials via Telegram
    A go module advertising its ability to quickly brute force passwords against random IP addresses, has been used to exfiltrate credentials from the person running the module.
    https://socket.dev/blog/malicious-go-module-disguised-as-ssh-brute-forcer-exfiltrates-credentials
    Limiting Onmicrosoft Domain Usage for Sending Emails
    Microsoft is limiting how many emails can be sent by Microsoft 365 users using the onmicrosoft.com domain.
    https://techcommunity.microsoft.com/blog/exchange/limiting-onmicrosoft-domain-usage-for-sending-emails/4446167
    Show More Show Less
    6 mins
No reviews yet
In the spirit of reconciliation, Audible acknowledges the Traditional Custodians of country throughout Australia and their connections to land, sea and community. We pay our respect to their elders past and present and extend that respect to all Aboriginal and Torres Strait Islander peoples today.