A brief daily summary of what is important in information security. The podcast is published every weekday and designed to get you ready for the day with a brief, usually 5 minute long, summary of current network security related events. The content is late breaking, educational and based on listener input as well as on input received by the SANS Internet Stormcenter. You may submit questions and comments via our contact form at https://isc.sans.edu/contact.html .
SANS Stormcast Tuesday, February 24th, 2026: Malicious JPEG Analysis; Calibre Vuln; jsPDF object injection; Roundcube Exploited
February 23, 2026
7:04
1.17 MB ( 4.77 MB less)
Downloads: 0
Another day, another malicious JPEG
https://isc.sans.edu/diary/Another%20day%2C%20another%20malicious%20JPEG/32738
Calibre Path Traversal Leading to Arbitrary File Write and Potentially Code Execution CVE-2026-26064 CVE-2026-26065
https://github.com/kovidgoyal/calibre/security/advisories/GHSA-72ch-3hqc-pgmp
https://github.com/kovidgoyal/calibre/security/advisories/GHSA-vmfh-7mr7-pp2w
CVE-2026-25755: PDF Object Injection in jsPDF (addJS Method)
https://github.com/ZeroXJacks/CVEs/blob/main/2026/CVE-2026-25755.md
Roundcube Webmail Exploited CVE-2025-49113 https://roundcube.net/news/2025/06/01/security-updates-1.6.11-and-1.5.10
https://www.openwall.com/lists/oss-security/2025/06/02/3