Podcast Detail

SANS Stormcast Tuesday, January 27th, 2026: PWD scanning; MSFT Office OOB Patch; Exposed Clawdbot

If you are not able to play the podcast using the player below: Use this direct link to the audio file: https://traffic.libsyn.com/securitypodcast/9782.mp3

PWD scanning; MSFT Office OOB Patch; Exposed Clawdbot

00:00

Application Security: Securing Web Apps, APIs, and Microservices	Orlando	Mar 29th - Apr 3rd 2026
Network Monitoring and Threat Detection In-Depth	Amsterdam	Apr 20th - Apr 25th 2026

Scanning Webserver with “pwd” as a Starting Path
Attackers are adding the output of the pwd command to their web scans.
https://isc.sans.edu/diary/x/32654

Microsoft Office Security Feature Bypass Vulnerability CVE-2026-21509
Microsoft released an out-of-band patch for Office fixing a currently exploited vulnerability.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21509

Exposed Clawdbot Instances
Many users of the AI tool clawdbot expose instances without access control.
https://x.com/theonejvo/status/2015485025266098536

iTunes

MP3 Download

RSS Feed

Google

Podbean

Amazon Echo

YouTube

Spreaker

Spotify

Application Security: Securing Web Apps, APIs, and Microservices	Orlando	Mar 29th - Apr 3rd 2026
Network Monitoring and Threat Detection In-Depth	Amsterdam	Apr 20th - Apr 25th 2026
Application Security: Securing Web Apps, APIs, and Microservices	San Diego	May 11th - May 16th 2026
Network Monitoring and Threat Detection In-Depth	Online \| Arabian Standard Time	Jun 20th - Jun 25th 2026
Network Monitoring and Threat Detection In-Depth	Riyadh	Jun 20th - Jun 25th 2026
Application Security: Securing Web Apps, APIs, and Microservices	Washington	Jul 13th - Jul 18th 2026
Application Security: Securing Web Apps, APIs, and Microservices	Online \| British Summer Time	Jul 27th - Aug 1st 2026
Application Security: Securing Web Apps, APIs, and Microservices	Las Vegas	Sep 21st - Sep 26th 2026

no transcript found