A brief daily summary of what is important in information security. The podcast is published every weekday and designed to get you ready for the day with a brief, usually 5 minute long, summary of current network security related events. The content is late breaking, educational and based on listener input as well as on input received by the SANS Internet Stormcenter. You may submit questions and comments via our contact form at https://isc.sans.edu/contact.html .
SANS Stormcast Monday, June 15th, 2026: Arch Linux Malicious User Packages; Splunk Vuln and Exploit; Exploiting AI Coding Agents
June 14, 2026
6:50
1.26 MB ( 4.46 MB less)
Downloads: 0
Atomic Arch: Attackers Hijack Trusted AUR Packages to Deliver Rootkit-Like Malware
https://www.sonatype.com/blog/atomic-arch-npm-campaign-adds-malicious-dependency
Why Use App-Level Auth When Every Database Has Auth? (Splunk Enterprise CVE-2026-20253 Pre-Auth RCE) https://labs.watchtowr.com/why-use-app-level-auth-when-every-database-has-auth-splunk-enterprise-cve-2026-20253-pre-auth-rce/
A Fake Bug Report Hijacks Your AI Coding Agent and Nothing Catches It.
https://tenetsecurity.ai/blog/agentjacking-coding-agents-with-fake-sentry-errors/
My Upcoming Classes
https://www.sans.org/profiles/dr-johannes-ullrich