SANS Stormcast Thursday, April 16th, 2026: AI Credential Scans; Microsoft Update Issues; RDP Warnings; GitHub Action Vulns;

The latest Stormcast episode highlights a surge in scans targeting AI‑related configuration files such as .env, OpenClaw, Claude, and OpenAI credentials. Attackers harvest API keys and tokens, then generate massive invoices from cloud AI providers. Organizations should move secret files out of the web root, employ secret‑management tools, and enforce strict billing alerts and usage caps. By treating AI tokens like any other privileged credential, businesses can prevent unexpected spend and reduce the attack surface that these newly popular AI services present.

Microsoft’s Patch Tuesday introduced two notable changes. First, a BitLocker group‑policy tweak can force devices to request the recovery key on the next reboot, catching administrators off‑guard if keys are not readily available. Microsoft recommends pre‑adjusting policies or using rollback scripts to avoid downtime. Second, the RDP client now displays a warning the first time a user opens an RDP file, detailing whether the file is digitally signed and which local resources—such as drives or clipboard—will be shared. These prompts give users clearer visibility into potential remote‑desktop abuse.

The episode also covered a prompt‑injection flaw discovered in several GitHub Actions maintained by OpenAI vendors such as Anthropic, Google, and Microsoft. Although patches were released, none of the projects assigned a CVE, leaving the vulnerability under‑reported amid ongoing AI supply‑chain scrutiny. Developers are now more cautious, pinning exact versions and hash references to prevent silent updates. A related issue surfaced when Microsoft temporarily suspended developer accounts for open‑source VPN tools like WireGuard, delaying driver signing. The accounts have been restored, and WireGuard’s latest release is now properly signed, ensuring continued functionality.