When a Scammer Meets the Force.
The episode reviews the latest social engineering threats, highlighting CrowdStrike's 2025 Global Threat Report which notes faster breach times, a rise in vishing and account abuse, and a shift toward malware‑free intrusions. It then examines the industrialization of "pig‑butchering" romance scams, detailing how fraud gangs use scripted psychological tactics to lure victims into fake investments. Guest Rishika Desai discusses the emerging tactic of renting social‑media ad accounts to facilitate scams, and the hosts share a humorous Reddit story about using a Jedi‑style "Force" to repel a scammer. Overall, the conversation underscores the growing sophistication and diversification of cyber‑fraud techniques.
SANS Stormcast Wednesday, January 14th, 2026: Microsoft, Adobe and Fortinet Patches; ConsentFix
The episode reviews Microsoft’s January Patch Tuesday (113 fixes, including one actively exploited and eight critical bugs), Adobe’s updates for ColdFusion and Acrobat Reader, and two Fortinet advisories covering an unauthenticated heap overflow and an SSRF issue. It also highlights...
MFA Prompt Bombing (Noun) [Word Notes]
In this brief episode, host Rick Howard defines "MFA prompt bombing" as a technique where attackers flood a user with authentication prompts until they approve one out of frustration, effectively bypassing multifactor authentication. He highlights the growing relevance of this...
7MS #709: Second Impressions of Twingate
In this episode the host revisits Twingate, focusing on the new Twingate LXC connector and how it’s been deployed to replace most remote access to datacenter servers and pentest dropboxes. He shares practical observations on performance, security benefits, and the...
It's Just Too Good to Be True.
The episode covers a wave of social‑engineering threats targeting holiday travelers, charitable donors, and taxpayers, highlighting fake booking sites, fraudulent cancer‑research crowdfunding, and IRS‑impersonation scams that promise "too‑good‑to‑be‑true" refunds. Hosts share real‑world examples—a suspicious nonprofit chair email, a BBC investigation...
SANS Stormcast Thursday, January 8th, 2026: HTML QR Code Phishing; N8n Vulnerability; Powerbank Feature Creep
The episode highlights three emerging security concerns: attackers are embedding QR codes as HTML tables to bypass email filters and lure victims to mobile phishing sites; multiple critical vulnerabilities in the automation platform n8n, including an unauthenticated remote code execution...
SANS Stormcast Wednesday, January 7th, 2026: Tailsnitch Review; D-Link DSL EoL Vuln; TOTOLINK Unpatched Vuln
The episode reviews TailSnitch, an open‑source Go tool that audits TailScale VPN configurations, highlighting its ease of use, sensible severity ratings, and optional auto‑fix feature. It then warns about a actively‑exploited command‑injection flaw in legacy D‑Link DSL modems via an...
How the World Got Owned Episode 1: The 1980s
In Episode 1, hosts Patrick Gray and Amberleigh Jack explore the formative era of 1980s hacking, recounting life on ARPANET, the rise of the 414s, the infamous Morris Worm, and the parallel hunt for German hackers alongside Clifford Stoll’s Cuckoo’s...
Poisoned at the Source. [OMITB]
In this episode, Selena Larson, Keith Mularski, and Dave Bittner examine supply‑chain attacks, focusing on a large‑scale Android malware campaign that embeds malicious code in firmware and reseller‑installed system images before devices reach consumers. They compare this threat to other...
SANS Stormcast Tuesday, January 6th, 2026: IPKVM Risks; Tailsnitch; Net-SNMP Vuln;
The episode highlights three emerging security concerns: the growing use of inexpensive IP KVM devices that often expose out‑of‑band access to the internet, the release of TailSnitch—a tool that audits TailScale configurations for misconfigurations, and a critical buffer‑overflow vulnerability (CVSS 9.8) in...
EP257 Beyond the 'Kaboom': What Actually Breaks When OT Meets the Cloud?
In this episode, Chris Sistrunk explains that the biggest OT risks now stem from routine IT‑style attacks—often “living‑off‑the‑land” exploits on engineering workstations—rather than dramatic malware like Stuxnet, as organizations connect industrial systems to the cloud for telemetry and AI. He...
SANS Stormcast Monday, January 5th, 2026: MongoBleed/React2Shell Recap; Crypto Scams; DNS Stats; Old Fortinet Vulns
The episode recaps recent security news, highlighting ongoing activity of the React2Shell exploit and the need to patch and isolate MongoDB servers against the MongoBleed vulnerability. It warns about classic advance‑fee cryptocurrency scams promising large payouts, and shares a practical...
7MS #708: Tales of Pentest Fail – Part 6
In this episode, the host recounts a recent web application penetration test that went disastrously wrong, highlighting the missteps and unexpected challenges that can arise during a pentest. The story underscores the importance of thorough planning, clear communication with clients,...
Hot Sauce and Hot Takes: An Only Malware in the Building Special.
In this special in‑studio episode, hosts Selena Larson, Dave Bittner, and former FBI cybercrime investigator Keith Mularski tackle a hot‑wings challenge while fielding personal and career‑focused questions, offering listeners a candid look at their backgrounds and the moments that shaped...
The IACR Can't Decrypt with Matt Bernhard
The episode examines the IACR's botched Helios election, where a key management failure forced the organization to discard the vote and schedule a new election. Guest Matt Bernhard, an expert in secure voting systems, explains how Helios' homomorphic encryption works,...
AI Surveillance: Unmasking Flock Safety’s Insecurities
The episode examines the security and privacy flaws of Flock Safety’s AI‑driven license‑plate readers and gunshot‑detection cameras, which are now installed in thousands of U.S. communities. Independent researcher Jon Gaines and activist‑musician Benn Jordan reveal dozens of software vulnerabilities—including outdated...
SANS Stormcast Sunday, December 28th, 2025: MongoDB Unauthenticated Memory Leak CVE-2025-14847
The episode warns that a critical MongoDB memory‑disclosure vulnerability (CVE‑2025‑14847), likened to Heartbleed, was patched on December 24 but is already being exploited in the wild. The flaw lets attackers manipulate BSON length fields to retrieve arbitrary memory, potentially exposing...
Scammers Are Recruiting.
The episode spotlights a surge in social engineering threats, beginning with a conference scam warning and a retired federal investigator's "Scammer Psychological Kill Chain" framework for detecting attacks. It highlights a 1,000% rise in job scams targeting desperate job seekers,...
SANS Stormcast Monday, December 22nd, 2025: TLS Callbacks; FreeBSD RCE; NIST Time Server Issues
The episode covers three security topics: TLS callbacks (Thread Local Storage) used by malware to execute code before a program's main function, a critical FreeBSD remote code execution flaw in the rtsold daemon that parses unsanitized DNS search lists from...
SANS Stormcast Friday, December 19th, 2025: Less Vulnerabie Devices; Critical OneView Vulnerablity; Trufflehog Finds JWTs
The episode highlights a positive trend of fewer publicly exposed industrial control system devices and a roughly 50% drop in SSL 2.0/3.0 exposure, indicating improved server hygiene. It warns about a critical, unauthenticated remote‑code‑execution flaw in Hewlett‑Packard Enterprise OneView (CVSS 10.0) that...
Trust No Link, My Darling.
The episode covers the latest social engineering threats, from AI‑driven virtual kidnapping extortion and celebrity impersonation scams to Google’s dual strategy of suing phishing operations while supporting new anti‑scam legislation and AI tools. It offers practical home‑network advice, emphasizing IoT...
SANS Stormcast Thursday, December 18th, 2025: More React2Shell; Donicwall and Cisco Patch; Updated Chrome Advisory
The episode highlights evolving React2Shell attacks that now target less‑common endpoints and non‑Next.js applications, urging operators to assume compromise if systems remain unpatched. It also covers active exploits in Cisco Secure Email Gateway (UAT‑9686) and a SonicWall SMA1000 local privilege...
Microsegmentation (Noun) [Word Notes]
The episode defines microsegmentation as a zero‑trust security method that isolates individual application workloads, enabling granular protection for each. It highlights how this approach reduces lateral movement risks within networks and supports compliance by enforcing policy at the workload level....
SANS Stormcast Tuesday, December 16th, 2025: Current React2Shell Example; SAML Woes; MSMQ Issues After Patch;
The episode reviews recent activity around the React2Shell exploit, noting that while variants continue to appear in SANS honeypots, the technique is largely mature and even Iranian actors are now merely scanning for it. It then delves into ongoing SAML...
SANS Stormcast Monday, December 15th, 2025: DLL Entry Points; ClickFix and Finger; Apple Patches
The episode covered four main topics: how malware can exploit DLL entry points that run on load, the resurgence of ClickFix attacks using the obsolete finger command over port 79, a massive Apple patch addressing 48 vulnerabilities—including two actively exploited...
7MS #705: A Phishing Campaign Fail Tale
In this episode, the host recounts a recent phishing campaign that initially attracted many victims but was abruptly terminated, highlighting how even well‑executed attacks can fail due to unforeseen factors. The discussion underscores the importance of understanding the broader attack...
SANS Stormcast Friday, December 12th, 2025: Local AI Models; Mystery Chrome 0-Day; SOAPwn Attack
The episode covers three main topics: running the Gemma 3 AI model locally on modest hardware, a newly patched but undisclosed Chrome zero‑day vulnerability, and the SOAPwn flaw that lets attackers exploit .NET SOAP services via malicious file:// URLs. Guy Bruneau’s...
Don’t Let Public Ports Bite.
The episode covers three major security threats: a bot‑driven Monotype font‑licensing extortion that collapsed when a knowledgeable employee disproved the claims; a massive Walmart robocall scam using AI‑generated voices to steal personal data, prompting FCC action against the U.S. voice...
SANS Stormcast Thursday, December 11th, 2025: Possible CVE-2024-9042 Variant; React2shell Exploits; Notepad++ Update Hijacking; macOS Priv Escalation
The episode reviews a possible new variant of the CVE‑2024‑9042 Kubernetes OS command injection, noting its reliance on the $() syntax and the need for log‑query privileges. It then delves into React‑to‑Shell attacks (CVE‑2025‑55182), emphasizing that the underlying flaw lies...
Risky Business #818 -- React2Shell Is a Fun One
Patrick Gray and Adam Boileau unpack a week of cyber news, led by the shocking CVSS 10/10 React2Shell vulnerability that lets attackers execute code on React JavaScript servers—a flaw quickly weaponized by Chinese APT groups. They also note Linux’s new...
SANS Stormcast Wednesday, December 10th, 2025: Microsoft, Adobe, Ivanti, Fortinet, and Ruby Patches.
The episode reviews the latest Patch Tuesday releases, highlighting Microsoft’s 57 fixes—including a privileged‑escalation bug in the Cloud Files Mini‑filters driver that’s already being exploited and new warnings for PowerShell’s Invoke‑WebRequest and AI co‑pilot integrations—while noting critical flaws remain in...