-
TeamPCP Weekly Analysis: 2026-W18 (2026-04-27 through 2026-05-03), (Mon, May 4th)
Summary The most significant development of the week was the April 29 to 30 Mini Shai-Hulud worm, a self-propagating supply chain campaign that compromised four official SAP npm packages, two PyTorch Lightning PyPI versions, two intercom-client npm versions, and the intercom-php Packagist package across three package ecosystems. OX Security tracked roughly 1,800 GitHub repositories created…
-
DShield Honeypot Update, (Mon, May 4th)
This week, I will release a few updates to our DShield honeypot. The update should happen automatically if you have “automatic updates” enabled on your system. There will be two major changes: Compatibility with Ubuntu 26.04 / new versions of Raspberry Pi OS Ubuntu released version 26.04 LTS about a week ago. It will pretty…
-
ISC Stormcast For Monday, May 4th, 2026 https://isc.sans.edu/podcastdetail/9916, (Mon, May 4th)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
-
Wireshark 4.6.5 Released, (Sun, May 3rd)
Wireshark release 4.6.5 fixes 43 vulnerabilities (38 CVEs) and 35 bugs. This high number of fixes is due to AI: “This release fixes quite a few vulnerabilities. This is due to to a recent trend in AI-assisted vulnerability reports.“ Didier Stevens Senior handler blog.DidierStevens.com (c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0…
-
Malicious Ad for Homebrew Leads to MacSync Stealer, (Fri, May 1st)
Introduction As macbooks and mac minis become more popular, we’re seeing more campaigns targeting these macOS hosts. Malicious ads have popped up in search results that can lead potential victims to pages that present themselves as legitimate malware but instead are malware. This diary presents one such example from a malicious ad for a page…
-
ISC Stormcast For Friday, May 1st, 2026 https://isc.sans.edu/podcastdetail/9914, (Fri, May 1st)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
-
ISC Stormcast For Thursday, April 30th, 2026 https://isc.sans.edu/podcastdetail/9912, (Thu, Apr 30th)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
-
![Danger of Libredtail [Guest Diary], (Wed, Apr 29th)](/wp-content/uploads/2026/04/James_Roberts_pic13-SkShi9.png)
Danger of Libredtail [Guest Diary], (Wed, Apr 29th)
[This is a Guest Diary by James Roberts, an ISC intern as part of the SANS.edu BACS program] Over the last few months, I have gained valuable experience working with the Internet Storm Center (ISC) operating a honeypot and analyzing its output via a SIEM environment. This work gave me hands on experience with system…
-
Today’s Odd Web Requests, (Wed, Apr 29th)
Today, two different “new” requests hit our honeypots. Both appear to be recon requests and not associated with specific vulnerabilities. But as always, please let me know if you have additional information 1 – Broadcom API Gateway GET /bam/restart/if/required Host: [redacted]:8080 Connection: close This request is targeting a Broadcom API Gateway endpoint. As is, the request should…
-
ISC Stormcast For Wednesday, April 29th, 2026 https://isc.sans.edu/podcastdetail/9910, (Wed, Apr 29th)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
