SANS Stormcast Thursday, January 8th, 2026: HTML QR Code Phishing; N8n Vulnerability; Powerbank Feature Creep
The episode highlights three emerging security concerns: attackers are embedding QR codes as HTML tables to bypass email filters and lure victims to mobile phishing sites; multiple critical vulnerabilities in the automation platform n8n, including an unauthenticated remote code execution flaw, require immediate patching for on‑premise deployments; and the growing feature creep in power banks—adding Wi‑Fi, screens, and other IoT capabilities—introduces new attack surfaces, prompting users to prefer simple models. Listeners are urged to update defenses, monitor phishing trends, and be cautious when purchasing feature‑rich IoT devices.
SANS Stormcast Wednesday, January 7th, 2026: Tailsnitch Review; D-Link DSL EoL Vuln; TOTOLINK Unpatched Vuln
The episode reviews TailSnitch, an open‑source Go tool that audits TailScale VPN configurations, highlighting its ease of use, sensible severity ratings, and optional auto‑fix feature. It then warns about a actively‑exploited command‑injection flaw in legacy D‑Link DSL modems via an...
SANS Stormcast Tuesday, January 6th, 2026: IPKVM Risks; Tailsnitch; Net-SNMP Vuln;
The episode highlights three emerging security concerns: the growing use of inexpensive IP KVM devices that often expose out‑of‑band access to the internet, the release of TailSnitch—a tool that audits TailScale configurations for misconfigurations, and a critical buffer‑overflow vulnerability (CVSS 9.8) in...
SANS Stormcast Monday, January 5th, 2026: MongoBleed/React2Shell Recap; Crypto Scams; DNS Stats; Old Fortinet Vulns
The episode recaps recent security news, highlighting ongoing activity of the React2Shell exploit and the need to patch and isolate MongoDB servers against the MongoBleed vulnerability. It warns about classic advance‑fee cryptocurrency scams promising large payouts, and shares a practical...
SANS Stormcast Sunday, December 28th, 2025: MongoDB Unauthenticated Memory Leak CVE-2025-14847
The episode warns that a critical MongoDB memory‑disclosure vulnerability (CVE‑2025‑14847), likened to Heartbleed, was patched on December 24 but is already being exploited in the wild. The flaw lets attackers manipulate BSON length fields to retrieve arbitrary memory, potentially exposing...
SANS Stormcast Monday, December 22nd, 2025: TLS Callbacks; FreeBSD RCE; NIST Time Server Issues
The episode covers three security topics: TLS callbacks (Thread Local Storage) used by malware to execute code before a program's main function, a critical FreeBSD remote code execution flaw in the rtsold daemon that parses unsanitized DNS search lists from...
SANS Stormcast Friday, December 19th, 2025: Less Vulnerabie Devices; Critical OneView Vulnerablity; Trufflehog Finds JWTs
The episode highlights a positive trend of fewer publicly exposed industrial control system devices and a roughly 50% drop in SSL 2.0/3.0 exposure, indicating improved server hygiene. It warns about a critical, unauthenticated remote‑code‑execution flaw in Hewlett‑Packard Enterprise OneView (CVSS 10.0) that...
SANS Stormcast Thursday, December 18th, 2025: More React2Shell; Donicwall and Cisco Patch; Updated Chrome Advisory
The episode highlights evolving React2Shell attacks that now target less‑common endpoints and non‑Next.js applications, urging operators to assume compromise if systems remain unpatched. It also covers active exploits in Cisco Secure Email Gateway (UAT‑9686) and a SonicWall SMA1000 local privilege...
SANS Stormcast Tuesday, December 16th, 2025: Current React2Shell Example; SAML Woes; MSMQ Issues After Patch;
The episode reviews recent activity around the React2Shell exploit, noting that while variants continue to appear in SANS honeypots, the technique is largely mature and even Iranian actors are now merely scanning for it. It then delves into ongoing SAML...
SANS Stormcast Monday, December 15th, 2025: DLL Entry Points; ClickFix and Finger; Apple Patches
The episode covered four main topics: how malware can exploit DLL entry points that run on load, the resurgence of ClickFix attacks using the obsolete finger command over port 79, a massive Apple patch addressing 48 vulnerabilities—including two actively exploited...
SANS Stormcast Friday, December 12th, 2025: Local AI Models; Mystery Chrome 0-Day; SOAPwn Attack
The episode covers three main topics: running the Gemma 3 AI model locally on modest hardware, a newly patched but undisclosed Chrome zero‑day vulnerability, and the SOAPwn flaw that lets attackers exploit .NET SOAP services via malicious file:// URLs. Guy Bruneau’s...
SANS Stormcast Thursday, December 11th, 2025: Possible CVE-2024-9042 Variant; React2shell Exploits; Notepad++ Update Hijacking; macOS Priv Escalation
The episode reviews a possible new variant of the CVE‑2024‑9042 Kubernetes OS command injection, noting its reliance on the $() syntax and the need for log‑query privileges. It then delves into React‑to‑Shell attacks (CVE‑2025‑55182), emphasizing that the underlying flaw lies...
SANS Stormcast Wednesday, December 10th, 2025: Microsoft, Adobe, Ivanti, Fortinet, and Ruby Patches.
The episode reviews the latest Patch Tuesday releases, highlighting Microsoft’s 57 fixes—including a privileged‑escalation bug in the Cloud Files Mini‑filters driver that’s already being exploited and new warnings for PowerShell’s Invoke‑WebRequest and AI co‑pilot integrations—while noting critical flaws remain in...
