DiscoverSANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)SANS Stormcast Friday, January 23rd, 2026: Scanning AI Code; FortiGate Update; ISC BIND DoS; Trivial SmaterMail Vulnerability
SANS Stormcast Friday, January 23rd, 2026: Scanning AI Code; FortiGate Update; ISC BIND DoS; Trivial SmaterMail Vulnerability

SANS Stormcast Friday, January 23rd, 2026: Scanning AI Code; FortiGate Update; ISC BIND DoS; Trivial SmaterMail Vulnerability

Update: 2026-01-23
Share

Description



Is AI-Generated Code Secure?

Xavier used the free static code analysis tool Bandit to review code he wrote with heavy AI support.

https://isc.sans.edu/diary/Is%20AI-Generated%20Code%20Secure%3F/32648

Malicious Configuration Changes On Fortinet FortiGate Devices via SSO Accounts

Arctic Wolf summarized some of the attacks it is seeing against FortiGate devices via the insufficiently patched SSL vulnerability.

https://arcticwolf.com/resources/blog/arctic-wolf-observes-malicious-configuration-changes-fortinet-fortigate-devices-via-sso-accounts/

ISC BIND DoS vulnerability in Drone ID Records

HHIT and BRID records, which are used as part of Drone ID, can be used to crash named if their length is 3 bytes.

https://marlink.com/resources/knowledge-hub/isc-bind-vulnerability-discovered-and-disclosed-by-marlink-cyber/

SmarterTools SmarterMail Password Reset Vulnerability

SmarterTools recently patched a trivial vulnerability in SmarterMail that would allow anybody without authentication to reset administrator passwords.

https://labs.watchtowr.com/attackers-with-decompilers-strike-again-smartertools-smartermail-wt-2026-0001-auth-bypass/
Comments 
In Channel
SANS Stormcast Thursday, March 12th, 2026: Zombie Zip;

SANS Stormcast Thursday, March 12th, 2026: Zombie Zip;

2026-03-1207:27

SANS Stormcast Wednesday, March 11th, 2026: Windows, Fortinet, Adobe, and Zoom Patches

SANS Stormcast Wednesday, March 11th, 2026: Windows, Fortinet, Adobe, and Zoom Patches

2026-03-1106:10

SANS Stormcast Tuesday, March 10th, 2026: Encrypted Client Hello; ExitTool Vulnerability;

SANS Stormcast Tuesday, March 10th, 2026: Encrypted Client Hello; ExitTool Vulnerability;

2026-03-1007:27

SANS Stormcast Monday, March 9th, 2026: YARA-X Update; IP Camera Targeting; Node.js Upgrades; nginx UI Vuln

SANS Stormcast Monday, March 9th, 2026: YARA-X Update; IP Camera Targeting; Node.js Upgrades; nginx UI Vuln

2026-03-0905:08

SANS Stormcast Friday, March 6th, 2026: Targeted or Not? pac4j-jwt auth bypass; freescout dangerous uploads; MSFT Authenticator vs Graphene OS

SANS Stormcast Friday, March 6th, 2026: Targeted or Not? pac4j-jwt auth bypass; freescout dangerous uploads; MSFT Authenticator vs Graphene OS

2026-03-0606:55

SANS Stormcast Thursday, March 5th, 2026: XWorm Analysis; Cisco “Secure” Firewall Managmeent Center; LastPass Phishing

SANS Stormcast Thursday, March 5th, 2026: XWorm Analysis; Cisco “Secure” Firewall Managmeent Center; LastPass Phishing

2026-03-0507:38

SANS Stormcast Wednesday, March 4th, 2026: CrushFTP Brute Force; Android Patches 0-Day; 0Auth Phishing Abuse

SANS Stormcast Wednesday, March 4th, 2026: CrushFTP Brute Force; Android Patches 0-Day; 0Auth Phishing Abuse

2026-03-0405:03

SANS Stormcast Tuesday, March 3rd, 2026: Finding URLs in ZIPs in RTFs; Merkle Tree Certificates; Taming Agentic Browsers

SANS Stormcast Tuesday, March 3rd, 2026: Finding URLs in ZIPs in RTFs; Merkle Tree Certificates; Taming Agentic Browsers

2026-03-0308:10

SANS Stormcast Monday, March 2nd, 2026: Reversing Fake Fedex; Abusing .ARPA; MSFT Authenticator Update; Apex One Vuln; Special AirSnitch Webcast

SANS Stormcast Monday, March 2nd, 2026: Reversing Fake Fedex; Abusing .ARPA; MSFT Authenticator Update; Apex One Vuln; Special AirSnitch Webcast

2026-03-0207:35

SANS Stormcast Friday, February 27th, 2026: Finding Singal (@sans_edu intern); Google API Keys and Gemini; AirSnitch Breaking Client Isolation

SANS Stormcast Friday, February 27th, 2026: Finding Singal (@sans_edu intern); Google API Keys and Gemini; AirSnitch Breaking Client Isolation

2026-02-2709:22

SANS Stormcast Thursday, February 26th, 2026: CLAIR Model; Cisco SD-WAN 0-Day; Cortex XDR Abuse; OpenSSL Vuln;

SANS Stormcast Thursday, February 26th, 2026: CLAIR Model; Cisco SD-WAN 0-Day; Cortex XDR Abuse; OpenSSL Vuln;

2026-02-2606:48

SANS Stormcast Wednesday, February 25th, 2026: Open Redirects; setHTML in Firefox; telnetd issues

SANS Stormcast Wednesday, February 25th, 2026: Open Redirects; setHTML in Firefox; telnetd issues

2026-02-2507:29

SANS Stormcast Tuesday, February 24th, 2026: Malicious JPEG Analysis; Calibre Vuln; jsPDF object injection; Roundcube Exploited

SANS Stormcast Tuesday, February 24th, 2026: Malicious JPEG Analysis; Calibre Vuln; jsPDF object injection; Roundcube Exploited

2026-02-2407:04

SANS Stormcast Monday, February 23rd, 2026: Japanese Phishing; AI Agents Ignoring Instructions; Starkiller MFA Phishing

SANS Stormcast Monday, February 23rd, 2026: Japanese Phishing; AI Agents Ignoring Instructions; Starkiller MFA Phishing

2026-02-2306:33

SANS Stormcast Friday, February 20th, 2026: DynoWiper Analysis; Vibe Passwords; IDE Extension Vulns; Gransstream GXP 1600 Vuln and PoC

SANS Stormcast Friday, February 20th, 2026: DynoWiper Analysis; Vibe Passwords; IDE Extension Vulns; Gransstream GXP 1600 Vuln and PoC

2026-02-2006:19

SANS Stormcast Thursday, February 19th, 2026: Malware Image Resuse; Dell RecoveryPoint; Admin Center Vuln; DNS-PERSIST-01

SANS Stormcast Thursday, February 19th, 2026: Malware Image Resuse; Dell RecoveryPoint; Admin Center Vuln; DNS-PERSIST-01

2026-02-1907:04

SANS Stormcast Wednesday, February 18th, 2026: IR Phishing; Neenadu Android Backdoor; NiFi Bugs; LLMs Phishing; Encrypted RCS

SANS Stormcast Wednesday, February 18th, 2026: IR Phishing; Neenadu Android Backdoor; NiFi Bugs; LLMs Phishing; Encrypted RCS

2026-02-1807:30

SANS Stormcast Tuesday, February 17th, 2026: 64Bit Malware; Password Manager Weaknesses; OpenClaw Config Theft;

SANS Stormcast Tuesday, February 17th, 2026: 64Bit Malware; Password Manager Weaknesses; OpenClaw Config Theft;

2026-02-1705:12

SANS Stormcast Monday, February 16th, 2026: Graph Generator; nslookup and clickfix; Chrome 0-Day; TURN Threats

SANS Stormcast Monday, February 16th, 2026: Graph Generator; nslookup and clickfix; Chrome 0-Day; TURN Threats

2026-02-1606:00

SANS Stormcast Friday, February 13th, 2026: SSH Bot; OpenSSH MacOS Change; Abused Employee Monitoring

SANS Stormcast Friday, February 13th, 2026: SSH Bot; OpenSSH MacOS Change; Abused Employee Monitoring

2026-02-1305:43

loading
Google Play
Download from Google Play
Castbox
Download from App Store
usUnited States
00:00
00:00
x

0.5x

0.8x

1.0x

1.25x

1.5x

2.0x

3.0x

Sleep Timer

Off

End of Episode

5 Minutes

10 Minutes

15 Minutes

30 Minutes

45 Minutes

60 Minutes

120 Minutes

SANS Stormcast Friday, January 23rd, 2026: Scanning AI Code; FortiGate Update; ISC BIND DoS; Trivial SmaterMail Vulnerability

SANS Stormcast Friday, January 23rd, 2026: Scanning AI Code; FortiGate Update; ISC BIND DoS; Trivial SmaterMail Vulnerability

Dr. Johannes B. Ullrich