SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

SANS Stormcast Friday, February 13th, 2026: SSH Bot; OpenSSH MacOS Change; Abused Employee Monitoring

Four Seconds to Botnet - Analyzing a Self-Propagating SSH Worm with Cryptographically Signed C2 [Guest Diary] https://isc.sans.edu/diary/Four%20Seconds%20to%20Botnet%20-%20Analyzing%20a%20Self%20Propagating%20SSH%20Worm%20with%20Cryptographically%20Signed%20C2%20%5BGuest%20Diary%5D/32708 [https://isc.sans.edu/diary/Four%20Seconds%20to%20Botnet%20-%20Analyzing%20a%20Self%20Propagating%20SSH%20Worm%20with%20Cryptographically%20Signed%20C2%20%5BGuest%20Diary%5D/32708] OpenSSH Update on MacOS https://www.openssh.org/releasenotes.html [https://www.openssh.org/releasenotes.html] Employee Monitoring and SimpleHelp Software Abused in Ransomware Operations https://www.huntress.com/blog/employee-monitoring-simplehelp-abused-in-ransomware-operations [https://www.huntress.com/blog/employee-monitoring-simplehelp-abused-in-ransomware-operations]

SANS Stormcast Thursday, February 12th, 2026: WSL in Malware; Apple and Adobe Patches

WSL in the Malware Ecosystem https://isc.sans.edu/diary/32704 [https://isc.sans.edu/diary/32704] Apple Patches Everything: February 2026 https://isc.sans.edu/diary/Apple%20Patches%20Everything%3A%20February%202026/32706 [https://isc.sans.edu/diary/Apple%20Patches%20Everything%3A%20February%202026/32706] Adobe Updates https://helpx.adobe.com/security/security-bulletin.html [https://helpx.adobe.com/security/security-bulletin.html]

SANS Stormcast Wednesday, February 11th, 2026: Microsoft Patch Tuesday; Secure Boot Updates; Fake 7-Zip; FortiSlob

Microsoft Patch Tuesday - February 2026 https://isc.sans.edu/diary/Microsoft%20Patch%20Tuesday%20-%20February%202026/32700 [https://isc.sans.edu/diary/Microsoft%20Patch%20Tuesday%20-%20February%202026/32700] Refreshing the root of trust https://blogs.windows.com/windowsexperience/2026/02/10/refreshing-the-root-of-trust-industry-collaboration-on-secure-boot-certificate-updates/ [https://blogs.windows.com/windowsexperience/2026/02/10/refreshing-the-root-of-trust-industry-collaboration-on-secure-boot-certificate-updates/] Fake 7-Zip downloads are turning home PCs into proxy nodes https://www.malwarebytes.com/blog/threat-intel/2026/02/fake-7-zip-downloads-are-turning-home-pcs-into-proxy-nodes [https://www.malwarebytes.com/blog/threat-intel/2026/02/fake-7-zip-downloads-are-turning-home-pcs-into-proxy-nodes] FortiNet Vulnerabilities https://fortiguard.fortinet.com/psirt/FG-IR-25-093 [https://fortiguard.fortinet.com/psirt/FG-IR-25-093] https://fortiguard.fortinet.com/psirt/FG-IR-25-1052 [https://fortiguard.fortinet.com/psirt/FG-IR-25-1052]

SANS Stormcast Tuesday, February 10th, 2026: Extracting URLs; Singal Phishing; Ivanti PoC; BeyondTrust RCE; Forticlient SQL Inection

Quick Howto: Extract URLs from RTF files https://isc.sans.edu/diary/Quick%20Howto%3A%20Extract%20URLs%20from%20RTF%20files/32692 [https://isc.sans.edu/diary/Quick%20Howto%3A%20Extract%20URLs%20from%20RTF%20files/32692] German Agencies Warn of Signal Phishing Targeting Politicians, Military, Journalists German: https://thehackernews.com/2026/02/german-agencies-warn-of-signal-phishing.html [https://thehackernews.com/2026/02/german-agencies-warn-of-signal-phishing.html] English: https://www.verfassungsschutz.de/SharedDocs/publikationen/DE/praevention_wirtschafts-und_wissenschaftsschutz/2026-02-06-gemeinsame-warnmitteilung-phishing.pdf?__blob=publicationFile&v=3 [https://www.verfassungsschutz.de/SharedDocs/publikationen/DE/praevention_wirtschafts-und_wissenschaftsschutz/2026-02-06-gemeinsame-warnmitteilung-phishing.pdf?__blob=publicationFile&v=3] Someone Knows Bash Far Too Well, And We Love It - Pre-Auth RCEs https://labs.watchtowr.com/someone-knows-bash-far-too-well-and-we-love-it-ivanti-epmm-pre-auth-rces-cve-2026-1281-cve-2026-1340/ [https://labs.watchtowr.com/someone-knows-bash-far-too-well-and-we-love-it-ivanti-epmm-pre-auth-rces-cve-2026-1281-cve-2026-1340/] Pre-Auth RCE in BeyondTrust Remote Support & PRA CVE-2026-1731 https://www.hacktron.ai/blog/cve-2026-1731-beyondtrust-remote-support-rce [https://www.hacktron.ai/blog/cve-2026-1731-beyondtrust-remote-support-rce] https://www.beyondtrust.com/trust-center/security-advisories/bt26-02 [https://www.beyondtrust.com/trust-center/security-advisories/bt26-02] Fortinet FortiClientEMS SQLi in the administrative interface https://fortiguard.fortinet.com/psirt/FG-IR-25-1142 [https://fortiguard.fortinet.com/psirt/FG-IR-25-1142]

SANS Stormcast Monday, February 9th, 2026: Azure Vulnerabilties; AI Vulnerability Discovery; GitLab AI Gateway Vuln

Microsoft Patches Four Azure Vulnerabilities (three critical) https://msrc.microsoft.com/update-guide/vulnerability [https://msrc.microsoft.com/update-guide/vulnerability] Evaluating and mitigating the growing risk of LLM-discovered 0-days https://red.anthropic.com/2026/zero-days/ [https://red.anthropic.com/2026/zero-days/] Gitlab AI Gateway Vulnerability CVE-2026-1868 https://about.gitlab.com/releases/2026/02/06/patch-release-gitlab-ai-gateway-18-8-1-released/ [https://about.gitlab.com/releases/2026/02/06/patch-release-gitlab-ai-gateway-18-8-1-released/]