Podcast Episodes
Back to SearchSANS Stormcast Tuesday Apr 1st: Apache Camel Exploits; New Cert Authorities Requirements; Possible Oracle Breach
Episode 9388
Apache Camel Exploit Attempt by Vulnerability Scans
A recently patched vulnerability in Apache Camel has been integrated into some vulnerability sc…
11 months, 3 weeks ago
SANS Stormcast Monday, March 31st: Comparing Phishing Sites; DOH and MX Abuse Phishing; opkssh
Episode 9386
A Tale of Two Phishing Sties
Two phishing sites may use very different backends, even if the site itself appears to be visually very similar. Phish…
11 months, 4 weeks ago
SANS Stormcast Friday, March 27th: Sitecore Exploited; Blasting Past Webp; Splunk and Firefox Vulnerabilities
Episode 9384
Sitecore "thumbnailsaccesstoken" Deserialization Scans (and some new reports) CVE-2025-27218
Our honeypots detected a deserialization attack agains…
1 year ago
SANS Stormcast Thursday Mar 27th: Classifying Malware with ML; Malicious NPM Packages; Google Chrome 0-day
Episode 9382
Leveraging CNNs and Entropy-Based Feature Selection to Identify Potential Malware Artifacts of Interest
This diary explores a novel methodology …
1 year ago
SANS Stormcast Wednesday Mar 26th: XWiki Exploit; File Converter Correction; VMWare Vulnerability; Draytek Router Reboots; MMC Exploit Details;
Episode 9380
XWiki Search Vulnerablity Exploit Attempts (CVE-2024-3721)
Our honeypot detected an increase in exploit attempts for an XWiki command injection vul…
1 year ago
SANS Stormcast Tuesday Mar 25th: Privacy Awware Bots; Ingress Nightmare; Malicious File Converters; VSCode Extension Leads to Ransomware
Episode 9378
Privacy Aware Bots
A botnet is using privacy as well as CSRF prevention headers to better blend in with normal browsers. However, in the process th…
1 year ago
SANS Stormcast Monday Mar 24th: Critical Next.js Vulnerability; Microsoft Trust Signing Platform Abuse
Episode 9376
Critical Next.js Vulnerability CVE-2025-29927
A critical vulnerability in how the x-middleware-subrequest header is verified may lead to bypassing …
1 year ago
SANS Stormcast Friday Mar 21st: New Data Feeds; SEO Spam; Veeam Deserialization; IBM AIX RCE;
Episode 9374
Some New Data Feeds and Little Incident
We started offering additional data feeds, and an SEO spamer attempted to make us change a link from an old…
1 year ago
SANS Stormcast Thursday Mar 20th: Cisco Smart Licensing Attacks; Vulnerable Drivers again; Synology Advisories Updated
Episode 9372
Exploit Attempts for Cisco Smart Licensing Utility CVE-2024-20439 CVE-2024-20440
Attackers added last September's Cisco Smart Licensing Utility vul…
1 year ago
SANS Stormcast Wednesday Mar 19th 2025: Python DLL Side Loading; Tomcast RCE Correction; SAML Roulette; Windows Shortcut 0-Day
Episode 9370
Python Bot Delivered Through DLL Side-Loading
A "normal", but vulnerable to DLL side-loading PDF reader may be used to launch additional exploit co…
1 year ago