SANS Stormcast Thursday, January 22nd, 2026: Visual Studio Code Scripts; Cisco Unified Comm and Zoom Vuln; Insufficient Fortinet Patch; SANS SOC Survey

Visual Studio Code’s flexibility also creates a hidden attack surface. When a project contains a .vscode folder with a tasks.json file, the IDE can automatically run scripts as soon as the folder opens. Threat actors exploit this behavior by bundling malicious tasks into seemingly harmless repositories, allowing code execution without user interaction. Developers who routinely clone open‑source projects into VS Code should audit the .vscode directory, disable auto‑run features, or switch to editors that prompt for trust. This simple hygiene step blocks a technique that has already appeared in multiple supply‑chain incidents.

Cisco’s Unified Communications suite received a critical patch after researchers discovered an input‑validation flaw that lets unauthenticated users elevate privileges to root. Although the CVSS base score sits at 8.2, the potential for full system compromise justifies immediate remediation across all affected devices. At the same time, Zoom’s node multimedia router suffered a near‑perfect 9.9 CVSS vulnerability, granting arbitrary code execution to any meeting participant. Fortinet’s single sign‑on module also shows a lingering exploit chain; version 7.4.10 still permits bypass, with a temporary fix of disabling SSO until the forthcoming 7.4.11 update arrives. Organizations must prioritize these patches, verify firmware integrity, and monitor for exploitation attempts.

The SANS Internet Storm Center is now launching its 10th annual SOC survey, inviting security operations professionals to share insights on staffing, tooling, and incident response trends. Over a decade of responses have shaped industry benchmarks, helping leaders allocate budgets and refine detection strategies. Participating in the survey not only contributes to a richer data set but also provides respondents with a comparative report that highlights gaps and best‑practice opportunities. For teams juggling patch management, IDE hardening, and emerging cloud threats, the survey results can inform risk‑based prioritization and reinforce a culture of continuous improvement.