Security News

When your IoT Device Logs in as Admin, It?s too Late! [Guest Diary], (Wed, Mar 11th)

[This is a Guest Diary by Adam Thorman, an ISC intern as part of the SANS.edu BACS program]

Analyzing "Zombie Zip" Files (CVE-2026-0866), (Wed, Mar 11th)

A new vulnerability (CVE-2026-0866) has been published: Zombie Zip.

ISC Stormcast For Wednesday, March 11th, 2026 https://isc.sans.edu/podcastdetail/9844, (Wed, Mar 11th)

Microsoft Patch Tuesday March 2026, (Tue, Mar 10th)

Microsoft today released patches for 93 vulnerabilities, including 9 vulnerabilities in Chromium affecting Microsoft Edge. 8 of the vulnerabilities are rated critical. 2 were disclosed prior to today but have not yet been exploited. This update addresses no already-exploited vulnerabilities.

ISC Stormcast For Tuesday, March 10th, 2026 https://isc.sans.edu/podcastdetail/9842, (Tue, Mar 10th)

Encrypted Client Hello: Ready for Prime Time?, (Mon, Mar 9th)

Last week, two related RFCs were published: 

ISC Stormcast For Monday, March 9th, 2026 https://isc.sans.edu/podcastdetail/9840, (Mon, Mar 9th)

YARA-X 1.14.0 Release, (Sat, Mar 7th)

YARA-X&&#x23&#x3b;x26&#x3b;&#x23&#x3b;39&#x3b;s 1.14.0 release brings 4 improvements and 2 bugfixes.

ISC Stormcast For Friday, March 6th, 2026 https://isc.sans.edu/podcastdetail/9838, (Fri, Mar 6th)

ISC Stormcast For Thursday, March 5th, 2026 https://isc.sans.edu/podcastdetail/9836, (Thu, Mar 5th)

Differentiating Between a Targeted Intrusion and an Automated Opportunistic Scanning [Guest Diary], (Wed, Mar 4th)

[This is a Guest Diary by Joseph Gruen, an ISC intern as part of the SANS.edu BACS program]

Want More XWorm?, (Wed, Mar 4th)

And another XWorm[1] wave in the wild! This malware family is not new and heavily spread but delivery techniques always evolve and deserve to be described to show you how threat actors can be imaginative! This time, we are facing another piece of multi-technology malware.

ISC Stormcast For Wednesday, March 4th, 2026 https://isc.sans.edu/podcastdetail/9834, (Wed, Mar 4th)

Bruteforce Scans for CrushFTP , (Tue, Mar 3rd)

CrushFTP is a Java-based open source file transfer system. It is offered for multiple operating systems. If you run a CrushFTP instance, you may remember that the software has had some serious vulnerabilities: CVE-2024-4040 (the template-injection flaw that let unauthenticated attackers escape the VFS sandbox and achieve RCE), CVE-2025-31161 (the auth-bypass that handed over the crushadmin account on a silver platter), and the July 2025 zero-day CVE-2025-54309 that was actively exploited in the wild.

ISC Stormcast For Tuesday, March 3rd, 2026 https://isc.sans.edu/podcastdetail/9832, (Tue, Mar 3rd)

Quick Howto: ZIP Files Inside RTF, (Mon, Mar 2nd)

In diary entry "Quick Howto: Extract URLs from RTF files" I mentioned ZIP files.

Wireshark 4.6.4 Released, (Mon, Mar 2nd)

Wireshark release 4.6.4 fixes 3 vulnerabilities and 15 bugs.

ISC Stormcast For Monday, March 2nd, 2026 https://isc.sans.edu/podcastdetail/9830, (Mon, Mar 2nd)

Fake Fedex Email Delivers Donuts!, (Fri, Feb 27th)

It&#x27s Friday, let&#x27s have a look at another simple piece of malware to close a busy week! I received a Fedex notification about a delivery. Usually, such emails are simple phishing attacks that redirect you to a fake login page to collect your credentials. Here, it was a bit different:

ISC Stormcast For Friday, February 27th, 2026 https://isc.sans.edu/podcastdetail/9828, (Fri, Feb 27th)