DiscoverSANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)SANS Stormcast Wednesday, January 28th, 2026: Romance Scams; DoS Vuln in React Server Components; OpenSSL Patch; Kubernetes Priv Confusion
SANS Stormcast Wednesday, January 28th, 2026: Romance Scams; DoS Vuln in React Server Components; OpenSSL Patch; Kubernetes Priv Confusion

SANS Stormcast Wednesday, January 28th, 2026: Romance Scams; DoS Vuln in React Server Components; OpenSSL Patch; Kubernetes Priv Confusion

Update: 2026-01-28
Share

Description



Initial Stages of Romance Scams [Guest Diary]

Romance scams often start with random text messages that appear to be misrouted . This guest diary by Faris Azhari is following some of the initial stages of such a scam.

https://isc.sans.edu/diary/Initial%20Stages%20of%20Romance%20Scams%20%5BGuest%20Diary%5D/32650

Denial of Service Vulnerabilities in React Server Components

Another folowup fix for the severe React vulnerability from last year, but now only fixing a DoS condition.

https://github.com/facebook/react/security/advisories/GHSA-83fc-fqcc-2hmg

OpenSSL Updates

OpenSSL released its monthly updates, fixing a potential RCE.

https://openssl-library.org/news/vulnerabilities/

Kubernetes Remote Code Execution Via Nodes/Proxy GET Permission

Many Kubernetes Helm Charts are vulnerable to possible remote code executions due to unclear defined access controls.

https://grahamhelton.com/blog/nodes-proxy-rce
Comments 
loading
In Channel
SANS Stormcast Friday, March 6th, 2026: Targeted or Not? pac4j-jwt auth bypass; freescout dangerous uploads; MSFT Authenticator vs Graphene OS

SANS Stormcast Friday, March 6th, 2026: Targeted or Not? pac4j-jwt auth bypass; freescout dangerous uploads; MSFT Authenticator vs Graphene OS

2026-03-0606:55

SANS Stormcast Thursday, March 5th, 2026: XWorm Analysis; Cisco “Secure” Firewall Managmeent Center; LastPass Phishing

SANS Stormcast Thursday, March 5th, 2026: XWorm Analysis; Cisco “Secure” Firewall Managmeent Center; LastPass Phishing

2026-03-0507:38

SANS Stormcast Wednesday, March 4th, 2026: CrushFTP Brute Force; Android Patches 0-Day; 0Auth Phishing Abuse

SANS Stormcast Wednesday, March 4th, 2026: CrushFTP Brute Force; Android Patches 0-Day; 0Auth Phishing Abuse

2026-03-0405:03

SANS Stormcast Tuesday, March 3rd, 2026: Finding URLs in ZIPs in RTFs; Merkle Tree Certificates; Taming Agentic Browsers

SANS Stormcast Tuesday, March 3rd, 2026: Finding URLs in ZIPs in RTFs; Merkle Tree Certificates; Taming Agentic Browsers

2026-03-0308:10

SANS Stormcast Monday, March 2nd, 2026: Reversing Fake Fedex; Abusing .ARPA; MSFT Authenticator Update; Apex One Vuln; Special AirSnitch Webcast

SANS Stormcast Monday, March 2nd, 2026: Reversing Fake Fedex; Abusing .ARPA; MSFT Authenticator Update; Apex One Vuln; Special AirSnitch Webcast

2026-03-0207:35

SANS Stormcast Friday, February 27th, 2026: Finding Singal (@sans_edu intern); Google API Keys and Gemini; AirSnitch Breaking Client Isolation

SANS Stormcast Friday, February 27th, 2026: Finding Singal (@sans_edu intern); Google API Keys and Gemini; AirSnitch Breaking Client Isolation

2026-02-2709:22

SANS Stormcast Thursday, February 26th, 2026: CLAIR Model; Cisco SD-WAN 0-Day; Cortex XDR Abuse; OpenSSL Vuln;

SANS Stormcast Thursday, February 26th, 2026: CLAIR Model; Cisco SD-WAN 0-Day; Cortex XDR Abuse; OpenSSL Vuln;

2026-02-2606:48

SANS Stormcast Wednesday, February 25th, 2026: Open Redirects; setHTML in Firefox; telnetd issues

SANS Stormcast Wednesday, February 25th, 2026: Open Redirects; setHTML in Firefox; telnetd issues

2026-02-2507:29

SANS Stormcast Tuesday, February 24th, 2026: Malicious JPEG Analysis; Calibre Vuln; jsPDF object injection; Roundcube Exploited

SANS Stormcast Tuesday, February 24th, 2026: Malicious JPEG Analysis; Calibre Vuln; jsPDF object injection; Roundcube Exploited

2026-02-2407:04

SANS Stormcast Monday, February 23rd, 2026: Japanese Phishing; AI Agents Ignoring Instructions; Starkiller MFA Phishing

SANS Stormcast Monday, February 23rd, 2026: Japanese Phishing; AI Agents Ignoring Instructions; Starkiller MFA Phishing

2026-02-2306:33

SANS Stormcast Friday, February 20th, 2026: DynoWiper Analysis; Vibe Passwords; IDE Extension Vulns; Gransstream GXP 1600 Vuln and PoC

SANS Stormcast Friday, February 20th, 2026: DynoWiper Analysis; Vibe Passwords; IDE Extension Vulns; Gransstream GXP 1600 Vuln and PoC

2026-02-2006:19

SANS Stormcast Thursday, February 19th, 2026: Malware Image Resuse; Dell RecoveryPoint; Admin Center Vuln; DNS-PERSIST-01

SANS Stormcast Thursday, February 19th, 2026: Malware Image Resuse; Dell RecoveryPoint; Admin Center Vuln; DNS-PERSIST-01

2026-02-1907:04

SANS Stormcast Wednesday, February 18th, 2026: IR Phishing; Neenadu Android Backdoor; NiFi Bugs; LLMs Phishing; Encrypted RCS

SANS Stormcast Wednesday, February 18th, 2026: IR Phishing; Neenadu Android Backdoor; NiFi Bugs; LLMs Phishing; Encrypted RCS

2026-02-1807:30

SANS Stormcast Tuesday, February 17th, 2026: 64Bit Malware; Password Manager Weaknesses; OpenClaw Config Theft;

SANS Stormcast Tuesday, February 17th, 2026: 64Bit Malware; Password Manager Weaknesses; OpenClaw Config Theft;

2026-02-1705:12

SANS Stormcast Monday, February 16th, 2026: Graph Generator; nslookup and clickfix; Chrome 0-Day; TURN Threats

SANS Stormcast Monday, February 16th, 2026: Graph Generator; nslookup and clickfix; Chrome 0-Day; TURN Threats

2026-02-1606:00

SANS Stormcast Friday, February 13th, 2026: SSH Bot; OpenSSH MacOS Change; Abused Employee Monitoring

SANS Stormcast Friday, February 13th, 2026: SSH Bot; OpenSSH MacOS Change; Abused Employee Monitoring

2026-02-1305:43

SANS Stormcast Thursday, February 12th, 2026: WSL in Malware; Apple and Adobe Patches

SANS Stormcast Thursday, February 12th, 2026: WSL in Malware; Apple and Adobe Patches

2026-02-1206:09

SANS Stormcast Wednesday, February 11th, 2026: Microsoft Patch Tuesday; Secure Boot Updates; Fake 7-Zip; FortiSlob

SANS Stormcast Wednesday, February 11th, 2026: Microsoft Patch Tuesday; Secure Boot Updates; Fake 7-Zip; FortiSlob

2026-02-1107:54

SANS Stormcast Tuesday, February 10th, 2026: Extracting URLs; Singal Phishing; Ivanti PoC; BeyondTrust RCE; Forticlient SQL Inection

SANS Stormcast Tuesday, February 10th, 2026: Extracting URLs; Singal Phishing; Ivanti PoC; BeyondTrust RCE; Forticlient SQL Inection

2026-02-1004:30

SANS Stormcast Monday, February 9th, 2026: Azure Vulnerabilties; AI Vulnerability Discovery; GitLab AI Gateway Vuln

SANS Stormcast Monday, February 9th, 2026: Azure Vulnerabilties; AI Vulnerability Discovery; GitLab AI Gateway Vuln

2026-02-0905:23

loading
Google Play
Download from Google Play
Castbox
Download from App Store
usUnited States
00:00
00:00
1.0x

0.5x

0.8x

1.0x

1.25x

1.5x

2.0x

3.0x

Sleep Timer

Off

End of Episode

5 Minutes

10 Minutes

15 Minutes

30 Minutes

45 Minutes

60 Minutes

120 Minutes

SANS Stormcast Wednesday, January 28th, 2026: Romance Scams; DoS Vuln in React Server Components; OpenSSL Patch; Kubernetes Priv Confusion

SANS Stormcast Wednesday, January 28th, 2026: Romance Scams; DoS Vuln in React Server Components; OpenSSL Patch; Kubernetes Priv Confusion

Dr. Johannes B. Ullrich