SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

CVE-2024-40766: The Patch Fixed the Bug. Nobody Fixed the Configuration.

https://isc.sans.edu/diary/CVE-2024-40766%3A%20The%20Patch%20Fixed%20the%20Bug.%20Nobody%20Fixed%20the%20Configuration./33094

libssh2 - Out-of-Bounds Write via Unchecked packet_length in transport.c

https://www.vulncheck.com/advisories/libssh2-out-of-bounds-write-via-unchecked-packet-length-in-transport-c

PixelSmash Critical FFmpeg Vulnerability Turns Media Files into Weapons

https://jfrog.com/blog/pixelsmash-critical-ffmpeg-vulnerability-turns-media-files-into-weapons/

My Upcoming Classes

https://www.sans.org/profiles/dr-johannes-ullrich

Webshells Remain Popular

https://isc.sans.edu/diary/Webshells%20Remain%20Popular/33096

Safer pull_request_target defaults for GitHub Actions checkout

https://github.blog/changelog/2026-06-18-safer-pull_request_target-defaults-for-github-actions-checkout/

Private Access Control Tokens

https://cloudflare.net/news/news-details/2026/Cloudflare-Collaborates-With-Leading-Browsers-to-Develop-a-Privacy-First-Protocol-For-the-Global-Internet/default.aspx

https://blog.cloudflare.com/eliminating-captchas-on-iphones-and-macs-using-new-standard/

Fortibleed Update

https://socradar.io/resources/whitepapers/dismantling-fortibleed-inside-a-russian-fortinet-compromise-operation/

My Upcoming Classes

https://www.sans.org/profiles/dr-johannes-ullrich

eBanking Phishing Delivered Through IPv4-Mapped IPv6 Address

https://isc.sans.edu/diary/eBanking%20Phishing%20Delivered%20Through%20IPv4-Mapped%20IPv6%20Address/33090

NGINX ngx_http_v3_module vulnerability CVE-2026-42530

https://my.f5.com/manage/s/article/K000161616

Squidbleed (CVE-2026-47729)

https://blog.calif.io/p/squidbleed-cve-2026-47729

AMD will reinstate memory encryption on Ryzen 9000 CPUs through a BIOS update in July

https://www.tomshardware.com/pc-components/cpus/amd-will-reinstate-memory-encryption-on-ryzen-9000-cpus-through-a-bios-update-in-july-tsme-is-coming-back-after-valuable-community-feedback

My Upcoming Classes

https://www.sans.org/profiles/dr-johannes-ullrich

The browser blind spot: Why your security tool may not be blocking what you think it is [Guest Diary]

https://isc.sans.edu/diary/The%20browser%20blind%20spot%3A%20Why%20your%20security%20tool%20may%20not%20be%20blocking%20what%20you%20think%20it%20is%20%5BGuest%20Diary%5D/33084

Android 17 Security Patches

https://source.android.com/docs/security/bulletin/android-17

Oracle Critical Security Patch Update Advisory - June 2026

https://www.oracle.com/security-alerts/cspujun2026.html

Multiple JetBrains IDE plugins caught stealing AI keys

https://www.aikido.dev/blog/multiple-jetbrains-ide-plugins-caught-stealing-ai-keys

My Upcoming Classes

https://www.sans.org/profiles/dr-johannes-ullrich

From a VHDX File to a Remcos RAT

https://isc.sans.edu/diary/From%20a%20VHDX%20File%20to%20a%20Remcos%20RAT/33080

A backdoor in a LinkedIn job offer

https://roman.pt/posts/linkedin-backdoor/

A 27-Year-Old Authentication Bypass in OpenBSD's PPP Stack

https://blog.argus-systems.ai/blog/openbsd-pap-27-year-auth-bypass.html

Copilot M365 Data Leakage

https://www.varonis.com/blog/searchleak

My Upcoming Classes

https://www.sans.org/profiles/dr-johannes-ullrich