-
ISC Stormcast For Thursday, March 12th, 2026 https://isc.sans.edu/podcastdetail/9846, (Thu, Mar 12th)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
-
![When your IoT Device Logs in as Admin, It?s too Late! [Guest Diary], (Wed, Mar 11th)](/wp-content/uploads/2026/03/Adam_Thorman_pic1-kx2VwW.jpeg)
When your IoT Device Logs in as Admin, It?s too Late! [Guest Diary], (Wed, Mar 11th)
[This is a Guest Diary by Adam Thorman, an ISC intern as part of the SANS.edu BACS program] Introduction Have you ever installed a new device on your home or company router? Even when setup instructions are straightforward, end users often skip the step that matters most: changing default credentials. The excitement of deploying a…
-
Analyzing “Zombie Zip” Files (CVE-2026-0866), (Wed, Mar 11th)
A new vulnerability (CVE-2026-0866) has been published: Zombie Zip. It’s a method to create a malformed ZIP file that will bypass detection by most anti-virus engines. The malformed ZIP file can not be opened with a ZIP utility, a custom loader is required. The trick is to change the compression method to STORED while the contend…
-
ISC Stormcast For Wednesday, March 11th, 2026 https://isc.sans.edu/podcastdetail/9844, (Wed, Mar 11th)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
-
Microsoft Patch Tuesday March 2026, (Tue, Mar 10th)
Microsoft today released patches for 93 vulnerabilities, including 9 vulnerabilities in Chromium affecting Microsoft Edge. 8 of the vulnerabilities are rated critical. 2 were disclosed prior to today but have not yet been exploited. This update addresses no already-exploited vulnerabilities. Disclose vulnerabilities: CVE-2026-26127: A denial of service vulnerability in .Net. Microsoft considers exploitation unlikely. The…
-
ISC Stormcast For Tuesday, March 10th, 2026 https://isc.sans.edu/podcastdetail/9842, (Tue, Mar 10th)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
-
Encrypted Client Hello: Ready for Prime Time?, (Mon, Mar 9th)
Last week, two related RFCs were published: RFC 9848: Bootstrapping TLS Encrypted ClientHello with DNS Service Bindings RFC 9849: TLS Encrypted Client Hello These TLS extensions have been discussed quite a bit already, and Cloudflare, one of the early implementers and proponents, has been in use for a while. Amidst an increased concern about threats to privacy…
-
ISC Stormcast For Monday, March 9th, 2026 https://isc.sans.edu/podcastdetail/9840, (Mon, Mar 9th)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
-
YARA-X 1.14.0 Release, (Sat, Mar 7th)
YARA-X’s 1.14.0 release brings 4 improvements and 2 bugfixes. One of the improvements is a new CLI command: deps. This command shows you the dependencies of rules. Here is an example. Rule rule1 has no dependencies, rule rule2 depends on rule rule1 and rule rule3 depends on rule rule2: Running the deps command on these rules…
-
ISC Stormcast For Friday, March 6th, 2026 https://isc.sans.edu/podcastdetail/9838, (Fri, Mar 6th)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
