SANS Internet Storm Center's Daily Network Security News Podcast
A brief daily summary of what is important in information security. The podcast is published every weekday and designed to get you ready for the day with a brief, usually 5 minutes long summary of current network security related events. The content is late breaking, educational and based on listener input as well as on input received by the SANS Internet Storm Center. You may submit questions and comments via our contact form at https://isc.sans.edu/contact.html .
10
SANS Stormcast Friday, April 3rd, 2026: Vite Exploits; OpenSSH 10.3; Claude Code Vuln (#)
SANS Stormcast Friday, April 3rd, 2026: Vite Exploits; OpenSSH 10.3; Claude Code Vuln Attempts to Exploit Exposed "Vite" Installs (CVE-2025-30208) https://isc.sans.edu/diary/Attempts%20to%20Exploit%20Exposed%20%22Vite%22%20Installs%20%28CVE-2025-30208%29/32860 OpenSSH 10.3 Release https://seclists.org/oss-sec/2026/q2/7 Claude Code Vulnerability https://adversa.ai/claude-code-security-bypass-deny-rules-disabled/ keywords: Openssh; vite; claude; code
SANS Stormcast Thursday, April 2nd, 2026: Script Removing ADS/MotW; Google Chrome 0-Day; iOS/iPadOS 18 Update; (#)
SANS Stormcast Thursday, April 2nd, 2026: Script Removing ADS/MotW; Google Chrome 0-Day; iOS/iPadOS 18 Update; Malicious Script That Gets Rid of ADS https://isc.sans.edu/diary/Malicious%20Script%20That%20Gets%20Rid%20of%20ADS/32854 Google Chrome Update fixes 21 Vulnerabilities and 0-Day https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_31.html Apple Addresses Darksword Vulnerabilities for older devices https://support.apple.com/en-us/126793 keywords: apple; ios; darksword; google; chrome; ADS; MotW
SANS Stormcast Wednesday, April 1st, 2026: Application Control Bypass; Axios NPM Module Compromise; TeamPCP vs Cloud (#)
SANS Stormcast Wednesday, April 1st, 2026: Application Control Bypass; Axios NPM Module Compromise; TeamPCP vs Cloud Application Control Bypass for Data Exfiltration https://isc.sans.edu/diary/Application%20Control%20Bypass%20for%20Data%20Exfiltration/32850 Axios NPM Module Supply Chain Compromise https://www.stepsecurity.io/blog/axios-compromised-on-npm-malicious-versions-drop-remote-access-trojan https://www.linkedin.com/events/7444763050819092480/ TeamPCP vs. Cloud Resources https://www.wiz.io/blog/tracking-teampcp-investigating-post-compromise-attacks-seen-in-the-wild keywords: teampcp; cloud; axios; npm; application conftrol; palo alto
SANS Stormcast Tuesday, March 31st, 2026: Honeypot Session Lifetime; Let's Encrypt Tests Mass Revocation; F5 RCE Exploited (#)
SANS Stormcast Tuesday, March 31st, 2026: Honeypot Session Lifetime; Let's Encrypt Tests Mass Revocation; F5 RCE Exploited Honeypot Session Lifetime https://isc.sans.edu/diary/DShield%20%28Cowrie%29%20Honeypot%20Stats%20and%20When%20Sessions%20Disconnect/32840 Let's Encrypt Tests Mass Revocation https://community.letsencrypt.org/t/lets-encrypt-2026-mass-revocation-simulation/245960 https://www.certkit.io/blog/ari-solves-mass-certificate-revocation https://www.certkit.io/blog/lets-encrypt-mass-revocation-simulation F5 Vulnerability Re-Classified (and already exploited) as RCE https://my.f5.com/manage/s/article/K000156741 keywords: F5; Lets' Encrypt; ARI; revocation; honeypot; session; lifetime;
SANS Stormcast Monday, March 30th, 2026: More TeamPCP: telnyx; Netscaler Exploit; macOS ClickFix Fix; Windows Smart Install (#)
SANS Stormcast Monday, March 30th, 2026: More TeamPCP: telnyx; Netscaler Exploit; macOS ClickFix Fix; Windows Smart Install TeamPCP Update #2: Telnyx PyPi Compromise https://isc.sans.edu/diary/TeamPCP%20Supply%20Chain%20Campaign%3A%20Update%20002%20-%20Telnyx%20PyPI%20Compromise%2C%20Vect%20Ransomware%20Mass%20Affiliate%20Program%2C%20and%20First%20Named%20Victim%20Claim/32838 Citrix Netscaler Vulnerability Details https://labs.watchtowr.com/the-sequels-are-never-as-good-but-were-still-in-pain-citrix-netscaler-cve-2026-3055-memory-overread/ macOS Clickfix Warning https://x.com/ClassicII_MrMac/status/2036797948911141129 Windows Smart Install https://textslashplain.com/2026/03/24/windows-choose-where-to-get-apps/ keywords: windows; install; smart; citrix; netscaler; teampcp; telnyx
SANS Stormcast Friday, March 27th, 2026: TeamPCP Update; DarkSword vs Patches; LangFlow Exploited (#)
SANS Stormcast Friday, March 27th, 2026: TeamPCP Update; DarkSword vs Patches; LangFlow Exploited TeamPCP Supply Chain Campaign: Update 001 - Checkmarx Scope Wider Than Reported, CISA KEV Entry, and Detection Tools Available https://isc.sans.edu/diary/TeamPCP%20Supply%20Chain%20Campaign%3A%20Update%20001%20-%20Checkmarx%20Scope%20Wider%20Than%20Reported%2C%20CISA%20KEV%20Entry%2C%20and%20Detection%20Tools%20Available/32834 DarkSword and This Weeks iOS Updates https://cloud.google.com/blog/topics/threat-intelligence/darksword-ios-exploit-chain LangFlow Exploited https://www.cisa.gov/news-events/alerts/2026/03/25/cisa-adds-one-known-exploited-vulnerability-catalog keywords: langflow; darksword; ios; patches; teampcp; checkmarx
SANS Stormcast Thursday, March 26th, 2026: Apple Patches; SmatApeSG Update; Trivy/LiteLLM/TeamPCP Update; Google Accelerates Quantum Save Crypto Rollout (#)
SANS Stormcast Thursday, March 26th, 2026: Apple Patches; SmatApeSG Update; Trivy/LiteLLM/TeamPCP Update; Google Accelerates Quantum Save Crypto Rollout Apple Patches (almost) everything again. March 2026 edition. https://isc.sans.edu/diary/Apple%20Patches%20%28almost%29%20everything%20again.%20March%202026%20edition./32830 SmartApeSG campaign pushes Remcos RAT, NetSupport RAT, StealC, and Sectop RAT (ArechClient2) https://isc.sans.edu/diary/SmartApeSG%20campaign%20pushes%20Remcos%20RAT%2C%20NetSupport%20RAT%2C%20StealC%2C%20and%20Sectop%20RAT%20%28ArechClient2%29/32826 Trivy/LiteLLM/TeamPCP Updates https://www.sans.org/webcasts/when-security-scanner-became-weapon https://rosesecurity.dev/2026/03/24/sha-pinning-is-not-enough.html Google Moves Up Quantum Crypto Deadline https://blog.google/innovation-and-ai/technology/safety-security/cryptography-migration-timeline/ keywords: trivy...
SANS Stormcast Wednesday, March 25th, 2026: IP KVM Usage; TeampPCP, Trivy, miniLLM and More (#)
SANS Stormcast Wednesday, March 25th, 2026: IP KVM Usage; TeampPCP, Trivy, miniLLM and More Detecting IP KVM Usage https://isc.sans.edu/diary/Detecting%20IP%20KVMs/32824 TeamPCP, Trivy, MiniLLM, Iran and more https://www.aikido.dev/blog/teampcp-stage-payload-canisterworm-iran https://www.aquasec.com/blog/trivy-supply-chain-attack-what-you-need-to-know/ https://blog.gitguardian.com/trivys-march-supply-chain-attack-shows-where-secret-exposure-hurts-most/ https://www.sysdig.com/blog/teampcp-expands-supply-chain-compromise-spreads-from-trivy-to-checkmarx-github-actions keywords: ipkvm; teampcp; trivy; minillm; checkmarx; supply chain
SANS Stormcast Tuesday, March 24th, 2026: Tax Scam to EDR Kill; Netscaler Patches; gRPC-Go Authz Bypass; (#)
SANS Stormcast Tuesday, March 24th, 2026: Tax Scam to EDR Kill; Netscaler Patches; gRPC-Go Authz Bypass; From W-2 to BYOVD: How a Tax Search Leads to Kernel-Mode AV/EDR Kill https://www.huntress.com/blog/w2-malvertising-to-kernel-mode-edr-kill NetScaler ADC and NetScaler Gateway Security Bulletin for CVE-2026-3055 and CVE-2026-4368 https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX696300 gRPC-Go Authorization bypass via missing leading slash in :path CVE-2026-33186 https://github.com/grpc/grpc-go/security/advisories/GHSA-p77j-4mvh-x3m3 keywords: gRPC; Go; authz; netscaler; citrix; w-2; tax; scam; google; seo; BYOVD
SANS Stormcast Monday, March 23rd, 2026: GSocket Backdoor in Bash; Oracle Security Alert; Rockwell Attacks (#)
SANS Stormcast Monday, March 23rd, 2026: GSocket Backdoor in Bash; Oracle Security Alert; Rockwell Attacks GSocket Backdoor Delivered Through Bash Script https://isc.sans.edu/diary/GSocket+Backdoor+Delivered+Through+Bash+Script/32816/#comments Oracle Security Alert CVE-2026-21992 Released https://blogs.oracle.com/security/alert-cve-2026-21992 Rockwell Automation Reiterates Customer Guidance to Disconnect Devices from the Internet and Harden PLCs to Protect from Cyber Threats https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1771.html keywords: rockwell; oracle; gsocket; bash
