SANS Stormcast Friday, January 16th, 2026: Cryptojacking Hidden Gifts; Bluetooth Vulnerability; Reprompt in MSFT Copilot

Update: 2026-01-16

Description

Battling Cryptojacking, Botnets, and IABs

Cryptojacking often comes with less obvious addons, like SSH backdoors

https://isc.sans.edu/diary/Battling%20Cryptojacking%2C%20Botnets%2C%20and%20IABs%20%5BGuest%20Diary%5D/32632

Microsoft Copilot Reprompt Attacks

Adding a query parameter to the URL may prefill a Copilot prompt, altering the meaning of the prompts that follow.

https://www.varonis.com/blog/reprompt

Hijacking Bluetooth Accessories Using Google Fast Pair

Google s fast pair protocol is often not implemented correctly, allowing the Hijacking of Bluetooth accessories

https://whisperpair.eu/#about

Comments

In Channel

SANS Stormcast Friday, March 13th, 2026: IOT Device Discovery; Apple Patches; Veeam Patches

2026-03-1305:19

SANS Stormcast Thursday, March 12th, 2026: Zombie Zip;

2026-03-1207:27

SANS Stormcast Wednesday, March 11th, 2026: Windows, Fortinet, Adobe, and Zoom Patches

2026-03-1106:10

SANS Stormcast Tuesday, March 10th, 2026: Encrypted Client Hello; ExitTool Vulnerability;

2026-03-1007:27

SANS Stormcast Monday, March 9th, 2026: YARA-X Update; IP Camera Targeting; Node.js Upgrades; nginx UI Vuln

2026-03-0905:08

SANS Stormcast Friday, March 6th, 2026: Targeted or Not? pac4j-jwt auth bypass; freescout dangerous uploads; MSFT Authenticator vs Graphene OS

2026-03-0606:55

SANS Stormcast Thursday, March 5th, 2026: XWorm Analysis; Cisco “Secure” Firewall Managmeent Center; LastPass Phishing

2026-03-0507:38

SANS Stormcast Wednesday, March 4th, 2026: CrushFTP Brute Force; Android Patches 0-Day; 0Auth Phishing Abuse

2026-03-0405:03

SANS Stormcast Tuesday, March 3rd, 2026: Finding URLs in ZIPs in RTFs; Merkle Tree Certificates; Taming Agentic Browsers

2026-03-0308:10

SANS Stormcast Monday, March 2nd, 2026: Reversing Fake Fedex; Abusing .ARPA; MSFT Authenticator Update; Apex One Vuln; Special AirSnitch Webcast

2026-03-0207:35

SANS Stormcast Friday, February 27th, 2026: Finding Singal (@sans_edu intern); Google API Keys and Gemini; AirSnitch Breaking Client Isolation

2026-02-2709:22

SANS Stormcast Thursday, February 26th, 2026: CLAIR Model; Cisco SD-WAN 0-Day; Cortex XDR Abuse; OpenSSL Vuln;

2026-02-2606:48

SANS Stormcast Wednesday, February 25th, 2026: Open Redirects; setHTML in Firefox; telnetd issues

2026-02-2507:29

SANS Stormcast Tuesday, February 24th, 2026: Malicious JPEG Analysis; Calibre Vuln; jsPDF object injection; Roundcube Exploited

2026-02-2407:04

SANS Stormcast Monday, February 23rd, 2026: Japanese Phishing; AI Agents Ignoring Instructions; Starkiller MFA Phishing

2026-02-2306:33

SANS Stormcast Friday, February 20th, 2026: DynoWiper Analysis; Vibe Passwords; IDE Extension Vulns; Gransstream GXP 1600 Vuln and PoC

2026-02-2006:19

SANS Stormcast Thursday, February 19th, 2026: Malware Image Resuse; Dell RecoveryPoint; Admin Center Vuln; DNS-PERSIST-01

2026-02-1907:04

SANS Stormcast Wednesday, February 18th, 2026: IR Phishing; Neenadu Android Backdoor; NiFi Bugs; LLMs Phishing; Encrypted RCS

2026-02-1807:30

SANS Stormcast Tuesday, February 17th, 2026: 64Bit Malware; Password Manager Weaknesses; OpenClaw Config Theft;

2026-02-1705:12

SANS Stormcast Monday, February 16th, 2026: Graph Generator; nslookup and clickfix; Chrome 0-Day; TURN Threats

2026-02-1606:00

00:00

1.0x

SANS Stormcast Friday, January 16th, 2026: Cryptojacking Hidden Gifts; Bluetooth Vulnerability; Reprompt in MSFT Copilot

#box-pro-ellipsis-177359776230388{-webkit-line-clamp:2;}SANS Stormcast Friday, January 16th, 2026: Cryptojacking Hidden Gifts; Bluetooth Vulnerability; Reprompt in MSFT Copilot

SANS Stormcast Friday, January 16th, 2026: Cryptojacking Hidden Gifts; Bluetooth Vulnerability; Reprompt in MSFT Copilot

Dr. Johannes B. Ullrich

SANS Stormcast Friday, January 16th, 2026: Cryptojacking Hidden Gifts; Bluetooth Vulnerability; Reprompt in MSFT Copilot