-
Google Presentations Abused for Phishing, (Fri, Jan 30th)
Charlie, one of our readers, has forwarded an interesting phishing email. The email was sent to users of the Vivladi Webmail service. While not overly convincing, the email is likely sufficient to trick a non-empty group of users: The e-mail gets more interesting as the user clicks on the link. The link points to Google…
-
ISC Stormcast For Friday, January 30th, 2026 https://isc.sans.edu/podcastdetail/9788, (Fri, Jan 30th)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
-
ISC Stormcast For Thursday, January 29th, 2026 https://isc.sans.edu/podcastdetail/9786, (Thu, Jan 29th)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
-
Odd WebLogic Request. Possible CVE-2026-21962 Exploit Attempt or AI Slop?, (Wed, Jan 28th)
I was looking for possible exploitation of CVE-2026-21962, a recently patched WebLogic vulnerability. While looking for related exploit attempts in our data, I came across the following request: GET /weblogic//weblogic/..;/bea_wls_internal/ProxyServlet host: 71.126.165.182 user-agent: Mozilla/5.0 (compatible; Exploit/1.0) accept-encoding: gzip, deflate accept: */* connection: close wl-proxy-client-ip: 127.0.0.1;Y21kOndob2FtaQ== proxy-client-ip: 127.0.0.1;Y21kOndob2FtaQ== x-forwarded-for: 127.0.0.1;Y21kOndob2FtaQ== According to write-ups about CVE-2026-21962, this…
-
ISC Stormcast For Wednesday, January 28th, 2026 https://isc.sans.edu/podcastdetail/9784, (Wed, Jan 28th)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
-
![Initial Stages of Romance Scams [Guest Diary], (Tue, Jan 27th)](/wp-content/uploads/2026/01/Fares_Azhari_1-SVvmBQ.png)
Initial Stages of Romance Scams [Guest Diary], (Tue, Jan 27th)
[This is a Guest Diary by Fares Azhari, an ISC intern as part of the SANS.edu BACS program] Romance scams are a form of social-engineering fraud that causes both financial and emotional harm. They vary in technique and platform, but most follow the same high-level roadmap: initial contact, relationship building, financial exploitation. In this blog post I focus…
-
ISC Stormcast For Tuesday, January 27th, 2026 https://isc.sans.edu/podcastdetail/9782, (Tue, Jan 27th)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
-
ISC Stormcast For Monday, January 26th, 2026 https://isc.sans.edu/podcastdetail/9780, (Mon, Jan 26th)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
-
Scanning Webserver with /$(pwd)/ as a Starting Path, (Sun, Jan 25th)
Based on the sensors reporting to ISC, this activity started on the 13 Jan 2026. My own sensor started seeing the first scan on the 21 Jan 2026 with limited probes. So far, this activity has been limited to a few scans based on the reports available in ISC [5] (select Match Partial URL and Draw):…
-
ISC Stormcast For Friday, January 23rd, 2026 https://isc.sans.edu/podcastdetail/9778, (Fri, Jan 23rd)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
