SANS Stormcast Thursday, June 4th, 2026: swagger.json Scans; Android Fake Call Detection; Anthropic Dashboard

The episode opens with a deep dive into swagger.json files, the machine‑readable blueprints that describe REST APIs. Attackers routinely pull these files to map an organization’s public and internal endpoints, hunting for outdated or mis‑configured services. Security teams are urged to treat swagger.json as a critical asset, regularly scanning internal networks for exposed specifications and tightening access controls before malicious actors can weaponize the information.

Next, Google’s rollout of a caller‑ID verification feature built on the Rich Communication Services (RCS) standard is examined. By digitally signing and encrypting call‑setup messages, the Android‑only solution can confirm that the originating device is actively on a call, reducing spoofed voice attacks that have become more convincing with AI‑generated audio. The host raises unanswered questions about privacy—whether any party can ping a device to learn its call status—and the potential for cross‑platform interoperability as iOS begins supporting parts of RCS.

Finally, the discussion shifts to recent vulnerability disclosures. Anthropic’s new dashboard reveals roughly 1,600 reported issues but only 27 patches, highlighting a broader industry lag between discovery and remediation. The episode also spotlights a classic compression‑bomb denial‑of‑service flaw in the HP2 (hpack) header compression algorithm, capable of inflating a tiny payload into 32 GB of RAM usage. Listeners are urged to apply vendor patches promptly and consider rate‑limiting or decompression safeguards to mitigate similar attacks.