Episode Details

Back to Episodes

SANS Stormcast Friday, January 23rd, 2026: Scanning AI Code; FortiGate Update; ISC BIND DoS; Trivial SmaterMail Vulnerability

Episode 9778 Published 2 months ago
Description

Is AI-Generated Code Secure?
Xavier used the free static code analysis tool Bandit to review code he wrote with heavy AI support.
https://isc.sans.edu/diary/Is%20AI-Generated%20Code%20Secure%3F/32648
Malicious Configuration Changes On Fortinet FortiGate Devices via SSO Accounts
Arctic Wolf summarized some of the attacks it is seeing against FortiGate devices via the insufficiently patched SSL vulnerability.
https://arcticwolf.com/resources/blog/arctic-wolf-observes-malicious-configuration-changes-fortinet-fortigate-devices-via-sso-accounts/
ISC BIND DoS vulnerability in Drone ID Records
HHIT and BRID records, which are used as part of Drone ID, can be used to crash named if their length is 3 bytes.
https://marlink.com/resources/knowledge-hub/isc-bind-vulnerability-discovered-and-disclosed-by-marlink-cyber/
SmarterTools SmarterMail Password Reset Vulnerability
SmarterTools recently patched a trivial vulnerability in SmarterMail that would allow anybody without authentication to reset administrator passwords.
https://labs.watchtowr.com/attackers-with-decompilers-strike-again-smartertools-smartermail-wt-2026-0001-auth-bypass/
Listen Now

Love PodBriefly?

If you like Podbriefly.com, please consider donating to support the ongoing development.

Support Us