-
ISC Stormcast For Friday, February 6th, 2026 https://isc.sans.edu/podcastdetail/9798, (Fri, Feb 6th)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
-
Broken Phishing URLs, (Thu, Feb 5th)
For a few days, many phishing emails that landed into my mailbox contain strange URLs. They are classic emails asking you to open a document, verify your pending emails, … But the format of the URLs is broken! In a URL, parameters are extra pieces of information added after a question mark (?) to tell…
-
ISC Stormcast For Thursday, February 5th, 2026 https://isc.sans.edu/podcastdetail/9796, (Thu, Feb 5th)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
-
Malicious Script Delivering More Maliciousness, (Wed, Feb 4th)
Today, I received an interesting email with a malicious attachment. When I had a look at the automatic scan results, it seemed to be a malicious script to create a Chrome Injector to steal data. Because InfoStealers are very common these days, it looked “legit” but there was something different. The .bat file looks to…
-
ISC Stormcast For Wednesday, February 4th, 2026 https://isc.sans.edu/podcastdetail/9794, (Wed, Feb 4th)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
-
Detecting and Monitoring OpenClaw (clawdbot, moltbot), (Tue, Feb 3rd)
Last week, a new AI agent framework was introduced to automate “live”. It targets office work in particular, focusing on messaging and interacting with systems. The tool has gone viral not so much because of its features, which are similar to those of other agent frameworks, but because of a stream of security oversights in…
-
ISC Stormcast For Tuesday, February 3rd, 2026 https://isc.sans.edu/podcastdetail/9792, (Tue, Feb 3rd)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
-
Scanning for exposed Anthropic Models, (Mon, Feb 2nd)
Yesterday, a single IP address (%%ip:204.76.203.210%%) scanned a number of our sensors for what looks like an anthropic API node. The IP address is known to be a Tor exit node. The requests are pretty simple: GET /anthropic/v1/models Host: 67.171.182.193:8000 X-Api-Key: password Anthropic-Version: 2023-06-01 It looks like this is scanning for locally hosted Anthropic models,…
-
ISC Stormcast For Monday, February 2nd, 2026 https://isc.sans.edu/podcastdetail/9790, (Mon, Feb 2nd)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
-
Google Presentations Abused for Phishing, (Fri, Jan 30th)
Charlie, one of our readers, has forwarded an interesting phishing email. The email was sent to users of the Vivladi Webmail service. While not overly convincing, the email is likely sufficient to trick a non-empty group of users: The e-mail gets more interesting as the user clicks on the link. The link points to Google…
