A brief daily summary of what is important in information security. The podcast is published every weekday and designed to get you ready for the day with a brief, usually 5 minute long, summary of current network security related events. The content is late breaking, educational and based on listener input as well as on input received by the SANS Internet Stormcenter. You may submit questions and comments via our contact form at https://isc.sans.edu/contact.html .
SANS Stormcast Friday, March 6th, 2026: Targeted or Not? pac4j-jwt auth bypass; freescout dangerous uploads; MSFT Authenticator vs Graphene OS
March 05, 2026
6:55
1.14 MB ( 4.66 MB less)
Downloads: 0
Differentiating Between a Targeted Intrusion and an Automated Opportunistic Scanning [Guest Diary]
https://isc.sans.edu/diary/Differentiating%20Between%20a%20Targeted%20Intrusion%20and%20an%20Automated%20Opportunistic%20Scanning%20%5BGuest%20Diary%5D/32768
CVE-2026-29000: Critical Authentication Bypass in pac4j-jwt - Using Only a Public Key (CVSS 10)
https://www.codeant.ai/security-research/pac4j-jwt-authentication-bypass-public-key
FreeScout Help Desk Vulnerability
https://github.com/freescout-help-desk/freescout/security/advisories/GHSA-mw88-x7j3-74vc
Microsoft Authenticator Not Supported on Graphene OS
https://www.heise.de/en/news/GrapheneOS-Microsoft-Authenticator-does-not-support-secure-Android-OS-11200495.html