Episodios

  • SANS Stormcast Thursday, February 5th, 2026: Malicious Scripts; Synectix Vuln; Google Chrome; Google Looker; (#)

    SANS Stormcast Thursday, February 5th, 2026: Malicious Scripts; Synectix Vuln; Google Chrome; Google Looker; (#)
    Feb 5 2026
    SANS Stormcast Thursday, February 5th, 2026: Malicious Scripts; Synectix Vuln; Google Chrome; Google Looker; Malicious Script Delivering More Maliciousness https://isc.sans.edu/diary/Malicious+Script+Delivering+More+Maliciousness/32682 Synectix LAN 232 TRIO Unauthenticated Web Admin CVE-2026-1633 https://www.cisa.gov/news-events/ics-advisories/icsa-26-034-04 Google Chrome Patches https://chromereleases.googleblog.com/2026/02/stable-channel-update-for-desktop.html LookOut: Discovering RCE and Internal Access on Looker (Google Cloud & On-Prem) https://www.tenable.com/blog/google-looker-vulnerabilities-rce-internal-access-lookout keywords: lookup; looker; google; chrome; patches; synectix; malicious script; infostealer; xworm
    Más Menos
    6 m
  • SANS Stormcast Wednesday, February 4th, 2026: Detecting OpenClaw; Synology telnetd Patch; More GlassWorm (#)

    SANS Stormcast Wednesday, February 4th, 2026: Detecting OpenClaw; Synology telnetd Patch; More GlassWorm (#)
    Feb 4 2026
    SANS Stormcast Wednesday, February 4th, 2026: Detecting OpenClaw; Synology telnetd Patch; More GlassWorm Detecting and Monitoring OpenClaw (clawdbot, moltbot) https://isc.sans.edu/diary.html/Detecting+and+Monitoring+OpenClaw+%28clawdbot%2C+moltbot%29/32678/#comment Synology telnetd Patch https://www.synology.com/en-us/releaseNote/DSM GlassWorm Loader Hits Open VSX via Developer Account Compromise https://socket.dev/blog/glassworm-loader-hits-open-vsx-via-suspected-developer-account-compromise keywords: vsx; glssworm; synology; telnetd; openclaw
    Más Menos
    5 m
  • SANS Stormcast Tuesday, February 3rd, 2026: Scanning for AI; Notepad++ Compromise; OpenClaw Vulnerabilities (#)

    SANS Stormcast Tuesday, February 3rd, 2026: Scanning for AI; Notepad++ Compromise; OpenClaw Vulnerabilities (#)
    Feb 3 2026
    SANS Stormcast Tuesday, February 3rd, 2026: Scanning for AI; Notepad++ Compromise; OpenClaw Vulnerabilities Scanning for exposed Anthropic Models
https://isc.sans.edu/diary/Scanning%20for%20exposed%20Anthropic%20Models/32674 Notepad++ Hijacked by State-Sponsored Hackers
https://www.rapid7.com/blog/post/tr-chrysalis-backdoor-dive-into-lotus-blossoms-toolkit/ https://notepad-plus-plus.org/news/hijacked-incident-info-update/ Insecure Websockets in OpenClaw https://zeropath.com/blog/openclaw-clawdbot-credential-theft-vulnerability Malicious OpenClaw Skills https://www.koi.ai/blog/clawhavoc-341-malicious-clawedbot-skills-found-by-the-bot-they-were-targeting Exposed OpenClaw Instances https://censys.com/blog/openclaw-in-the-wild-mapping-the-public-exposure-of-a-viral-ai-assistant keywords: openclaw; websockets; notpad++;
    Más Menos
    6 m
  • SANS Stormcast Monday, February 2nd, 2026: Google Presentation Abuse; Ivanti Vuln Exploited; Microsoft NTLM Strategy (#)

    SANS Stormcast Monday, February 2nd, 2026: Google Presentation Abuse; Ivanti Vuln Exploited; Microsoft NTLM Strategy (#)
    Feb 1 2026
    SANS Stormcast Monday, February 2nd, 2026: Google Presentation Abuse; Ivanti Vuln Exploited; Microsoft NTLM Strategy Google Presentation Abuse https://isc.sans.edu/diary/Google+Presentations+Abused+for+Phishing/32668/ Security Advisory Ivanti Endpoint Manager Mobile (EPMM) (CVE-2026-1281 & CVE-2026-1340) https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Endpoint-Manager-Mobile-EPMM-CVE-2026-1281-CVE-2026-1340?language=en_US Microsoft NTLM Strategy https://techcommunity.microsoft.com/blog/windows-itpro-blog/advancing-windows-security-disabling-ntlm-by-default/4489526 keywords: microsoft; ntlm; ivanti; google; presentation; phishing
    Más Menos
    7 m
  • SANS Stormcast Friday, January 30th, 2026: Residential Proxy Networks; Clowdbot/Moltbot Themed Malware; eScan Malicious Updates (#)

    SANS Stormcast Friday, January 30th, 2026: Residential Proxy Networks; Clowdbot/Moltbot Themed Malware; eScan Malicious Updates (#)
    Jan 30 2026
    SANS Stormcast Friday, January 30th, 2026: Residential Proxy Networks; Clowdbot/Moltbot Themed Malware; eScan Malicious Updates No Place Like Home Network: Disrupting the World's Largest Residential Proxy Network Google dismantled the IPIDEA network that used residential proxies to route malicious traffic. https://cloud.google.com/blog/topics/threat-intelligence/disrupting-largest-residential-proxy-network Fake Clawdbot VS Code Extension Installs ScreenConnect RAT The news about Clawdbot (now Moltbot) is used to distribute malware, in particular malicious VS Code extensions. https://www.aikido.dev/blog/fake-clawdbot-vscode-extension-malware Threat Bulletin: Critical eScan Supply Chain Compromise Anti-virus vendor eScan was compromised, and its update servers were used to install malware on some customer systems. https://www.morphisec.com/blog/critical-escan-threat-bulletin/ keywords: escan; update; malcious; anti virus; vs code; clawdbot; moltbot; residential; proxy; network
    Más Menos
    6 m
  • SANS Stormcast Thursday, January 29th, 2026: WebLogic AI Slop; Fortinet Patches; WebLogic AI Slop; Fortinet Patches (#)

    SANS Stormcast Thursday, January 29th, 2026: WebLogic AI Slop; Fortinet Patches; WebLogic AI Slop; Fortinet Patches (#)
    Jan 29 2026
    SANS Stormcast Thursday, January 29th, 2026: WebLogic AI Slop; Fortinet Patches; WebLogic AI Slop; Fortinet Patches Odd WebLogic Request. Possible CVE-2026-21962 Exploit Attempt or AI Slop? We are seeing attempts to attack CVE-2026-21962, a recent weblog vulnerability, using a non-working AI slop exploit https://isc.sans.edu/diary/Odd%20WebLogic%20Request.%20Possible%20CVE-2026-21962%20Exploit%20Attempt%20or%20AI%20Slop%3F/32662 Fortinet Patches are Rolling Out Fortinet is starting to roll out patches for the recent SSO vulnerability https://fortiguard.fortinet.com/psirt/FG-IR-26-060 SolarWinds Web Helpdesk Vulnerability Another set of vulnerabilities in SolarWinds Web Helpdesk may result in unauthenticated system access https://horizon3.ai/attack-research/cve-2025-40551-another-solarwinds-web-help-desk-deserialization-issue/ keywords: solarwinds; fortinet; weblogic
    Más Menos
    6 m
  • SANS Stormcast Wednesday, January 28th, 2026: Romance Scams; DoS Vuln in React Server Components; OpenSSL Patch; Kubernetes Priv Confusion (#)

    SANS Stormcast Wednesday, January 28th, 2026: Romance Scams; DoS Vuln in React Server Components; OpenSSL Patch; Kubernetes Priv Confusion (#)
    Jan 28 2026
    SANS Stormcast Wednesday, January 28th, 2026: Romance Scams; DoS Vuln in React Server Components; OpenSSL Patch; Kubernetes Priv Confusion Initial Stages of Romance Scams [Guest Diary] Romance scams often start with random text messages that appear to be "misrouted". This guest diary by Faris Azhari is following some of the initial stages of such a scam. https://isc.sans.edu/diary/Initial%20Stages%20of%20Romance%20Scams%20%5BGuest%20Diary%5D/32650 Denial of Service Vulnerabilities in React Server Components Another folowup fix for the severe React vulnerability from last year, but now only fixing a DoS condition. https://github.com/facebook/react/security/advisories/GHSA-83fc-fqcc-2hmg OpenSSL Updates OpenSSL released its monthly updates, fixing a potential RCE. https://openssl-library.org/news/vulnerabilities/ Kubernetes Remote Code Execution Via Nodes/Proxy GET Permission Many Kubernetes Helm Charts are vulnerable to possible remote code executions due to unclear defined access controls. https://grahamhelton.com/blog/nodes-proxy-rce keywords: kubernetes; rce; proxy; openssl; dos; react; romance scam
    Más Menos
    8 m
  • SANS Stormcast Tuesday, January 27th, 2026: PWD scanning; MSFT Office OOB Patch; Exposed Clawdbot (#)

    SANS Stormcast Tuesday, January 27th, 2026: PWD scanning; MSFT Office OOB Patch; Exposed Clawdbot (#)
    Jan 27 2026
    SANS Stormcast Tuesday, January 27th, 2026: PWD scanning; MSFT Office OOB Patch; Exposed Clawdbot Scanning Webserver with "pwd" as a Starting Path Attackers are adding the output of the pwd command to their web scans. https://isc.sans.edu/diary/x/32654 Microsoft Office Security Feature Bypass Vulnerability CVE-2026-21509 Microsoft released an out-of-band patch for Office fixing a currently exploited vulnerability. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21509 Exposed Clawdbot Instances Many users of the AI tool clawdbot expose instances without access control. https://x.com/theonejvo/status/2015485025266098536 keywords: clwadbot; office; patch; microsoft; webserver; scan; pwd
    Más Menos
    6 m