DiscoverSANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)SANS Stormcast Thursday, January 22nd, 2026: Visual Studio Code Scripts; Cisco Unified Comm and Zoom Vuln; Insufficient Fortinet Patch; SANS SOC Survey
SANS Stormcast Thursday, January 22nd, 2026: Visual Studio Code Scripts; Cisco Unified Comm and Zoom Vuln; Insufficient Fortinet Patch; SANS SOC Survey

SANS Stormcast Thursday, January 22nd, 2026: Visual Studio Code Scripts; Cisco Unified Comm and Zoom Vuln; Insufficient Fortinet Patch; SANS SOC Survey

Update: 2026-01-22
Share

Description



Automatic Script Execution In Visual Studio Code

Visual Studio Code will read configuration files within the source code that may lead to code execution.

https://isc.sans.edu/diary/Automatic%20Script%20Execution%20In%20Visual%20Studio%20Code/32644

Cisco Unified Communications Products Remote Code Execution Vulnerability A vulnerability in Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P), Cisco Unity Connection, and Cisco Webex Calling Dedicated Instance could allow an unauthenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected device.

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-voice-rce-mORhqY4b

Zoom Vulnerability

A Command Injection vulnerability in Zoom Node Multimedia Routers (MMRs) before version 5.2.1716.0 may allow a meeting participant to execute remote code on the MMR via network access.

https://www.zoom.com/en/trust/security-bulletin/zsb-26001/

Possible new SSO Exploit (CVE-2025-59718) on 7.4.9

https://www.reddit.com/r/fortinet/comments/1qibdcb/possible_new_sso_exploit_cve202559718_on_749/

SANS SOC Survey

The 2026 SOC Survey is open, and we need your input to create a meaningful report. Please share your experience so we can advocate for what actually works in the trenches.

https://survey.sans.org/jfe/form/SV_3ViqWZgWnfQAzkO?is=socsurveystormcenter
Comments 
loading
In Channel
SANS Stormcast Thursday, March 12th, 2026: Zombie Zip;

SANS Stormcast Thursday, March 12th, 2026: Zombie Zip;

2026-03-1207:27

SANS Stormcast Wednesday, March 11th, 2026: Windows, Fortinet, Adobe, and Zoom Patches

SANS Stormcast Wednesday, March 11th, 2026: Windows, Fortinet, Adobe, and Zoom Patches

2026-03-1106:10

SANS Stormcast Tuesday, March 10th, 2026: Encrypted Client Hello; ExitTool Vulnerability;

SANS Stormcast Tuesday, March 10th, 2026: Encrypted Client Hello; ExitTool Vulnerability;

2026-03-1007:27

SANS Stormcast Monday, March 9th, 2026: YARA-X Update; IP Camera Targeting; Node.js Upgrades; nginx UI Vuln

SANS Stormcast Monday, March 9th, 2026: YARA-X Update; IP Camera Targeting; Node.js Upgrades; nginx UI Vuln

2026-03-0905:08

SANS Stormcast Friday, March 6th, 2026: Targeted or Not? pac4j-jwt auth bypass; freescout dangerous uploads; MSFT Authenticator vs Graphene OS

SANS Stormcast Friday, March 6th, 2026: Targeted or Not? pac4j-jwt auth bypass; freescout dangerous uploads; MSFT Authenticator vs Graphene OS

2026-03-0606:55

SANS Stormcast Thursday, March 5th, 2026: XWorm Analysis; Cisco “Secure” Firewall Managmeent Center; LastPass Phishing

SANS Stormcast Thursday, March 5th, 2026: XWorm Analysis; Cisco “Secure” Firewall Managmeent Center; LastPass Phishing

2026-03-0507:38

SANS Stormcast Wednesday, March 4th, 2026: CrushFTP Brute Force; Android Patches 0-Day; 0Auth Phishing Abuse

SANS Stormcast Wednesday, March 4th, 2026: CrushFTP Brute Force; Android Patches 0-Day; 0Auth Phishing Abuse

2026-03-0405:03

SANS Stormcast Tuesday, March 3rd, 2026: Finding URLs in ZIPs in RTFs; Merkle Tree Certificates; Taming Agentic Browsers

SANS Stormcast Tuesday, March 3rd, 2026: Finding URLs in ZIPs in RTFs; Merkle Tree Certificates; Taming Agentic Browsers

2026-03-0308:10

SANS Stormcast Monday, March 2nd, 2026: Reversing Fake Fedex; Abusing .ARPA; MSFT Authenticator Update; Apex One Vuln; Special AirSnitch Webcast

SANS Stormcast Monday, March 2nd, 2026: Reversing Fake Fedex; Abusing .ARPA; MSFT Authenticator Update; Apex One Vuln; Special AirSnitch Webcast

2026-03-0207:35

SANS Stormcast Friday, February 27th, 2026: Finding Singal (@sans_edu intern); Google API Keys and Gemini; AirSnitch Breaking Client Isolation

SANS Stormcast Friday, February 27th, 2026: Finding Singal (@sans_edu intern); Google API Keys and Gemini; AirSnitch Breaking Client Isolation

2026-02-2709:22

SANS Stormcast Thursday, February 26th, 2026: CLAIR Model; Cisco SD-WAN 0-Day; Cortex XDR Abuse; OpenSSL Vuln;

SANS Stormcast Thursday, February 26th, 2026: CLAIR Model; Cisco SD-WAN 0-Day; Cortex XDR Abuse; OpenSSL Vuln;

2026-02-2606:48

SANS Stormcast Wednesday, February 25th, 2026: Open Redirects; setHTML in Firefox; telnetd issues

SANS Stormcast Wednesday, February 25th, 2026: Open Redirects; setHTML in Firefox; telnetd issues

2026-02-2507:29

SANS Stormcast Tuesday, February 24th, 2026: Malicious JPEG Analysis; Calibre Vuln; jsPDF object injection; Roundcube Exploited

SANS Stormcast Tuesday, February 24th, 2026: Malicious JPEG Analysis; Calibre Vuln; jsPDF object injection; Roundcube Exploited

2026-02-2407:04

SANS Stormcast Monday, February 23rd, 2026: Japanese Phishing; AI Agents Ignoring Instructions; Starkiller MFA Phishing

SANS Stormcast Monday, February 23rd, 2026: Japanese Phishing; AI Agents Ignoring Instructions; Starkiller MFA Phishing

2026-02-2306:33

SANS Stormcast Friday, February 20th, 2026: DynoWiper Analysis; Vibe Passwords; IDE Extension Vulns; Gransstream GXP 1600 Vuln and PoC

SANS Stormcast Friday, February 20th, 2026: DynoWiper Analysis; Vibe Passwords; IDE Extension Vulns; Gransstream GXP 1600 Vuln and PoC

2026-02-2006:19

SANS Stormcast Thursday, February 19th, 2026: Malware Image Resuse; Dell RecoveryPoint; Admin Center Vuln; DNS-PERSIST-01

SANS Stormcast Thursday, February 19th, 2026: Malware Image Resuse; Dell RecoveryPoint; Admin Center Vuln; DNS-PERSIST-01

2026-02-1907:04

SANS Stormcast Wednesday, February 18th, 2026: IR Phishing; Neenadu Android Backdoor; NiFi Bugs; LLMs Phishing; Encrypted RCS

SANS Stormcast Wednesday, February 18th, 2026: IR Phishing; Neenadu Android Backdoor; NiFi Bugs; LLMs Phishing; Encrypted RCS

2026-02-1807:30

SANS Stormcast Tuesday, February 17th, 2026: 64Bit Malware; Password Manager Weaknesses; OpenClaw Config Theft;

SANS Stormcast Tuesday, February 17th, 2026: 64Bit Malware; Password Manager Weaknesses; OpenClaw Config Theft;

2026-02-1705:12

SANS Stormcast Monday, February 16th, 2026: Graph Generator; nslookup and clickfix; Chrome 0-Day; TURN Threats

SANS Stormcast Monday, February 16th, 2026: Graph Generator; nslookup and clickfix; Chrome 0-Day; TURN Threats

2026-02-1606:00

SANS Stormcast Friday, February 13th, 2026: SSH Bot; OpenSSH MacOS Change; Abused Employee Monitoring

SANS Stormcast Friday, February 13th, 2026: SSH Bot; OpenSSH MacOS Change; Abused Employee Monitoring

2026-02-1305:43

loading
Google Play
Download from Google Play
Castbox
Download from App Store
usUnited States
00:00
00:00
x

0.5x

0.8x

1.0x

1.25x

1.5x

2.0x

3.0x

Sleep Timer

Off

End of Episode

5 Minutes

10 Minutes

15 Minutes

30 Minutes

45 Minutes

60 Minutes

120 Minutes

SANS Stormcast Thursday, January 22nd, 2026: Visual Studio Code Scripts; Cisco Unified Comm and Zoom Vuln; Insufficient Fortinet Patch; SANS SOC Survey

SANS Stormcast Thursday, January 22nd, 2026: Visual Studio Code Scripts; Cisco Unified Comm and Zoom Vuln; Insufficient Fortinet Patch; SANS SOC Survey

Dr. Johannes B. Ullrich