Handler on Duty: Johannes Ullrich
Threat Level: green
Podcast Detail
SANS Stormcast Tuesday, April 28th, 2026: More TeamPCP; Citrix XenServer Unpatched Vulns; Phantom RPC;
If you are not able to play the podcast using the player below: Use this direct link to the audio file: https://traffic.libsyn.com/securitypodcast/9908.mp3
My Next Class
Click HERE to learn more about classes Johannes is teaching for SANS
TeamPCP Update
https://isc.sans.edu/diary/TeamPCP%20Supply%20Chain%20Campaign%3A%20Update%20008%20-%2026-Day%20Pause%20Ends%20with%20Three%20Concurrent%20Compromises%20%28Checkmarx%20KICS%2C%20Bitwarden%20CLI%20Cascade%2C%20xinference%20PyPI%29%2C%20CanisterSprawl%20npm%20Worm%20Identified%2C%20and%20Tier%201%20Coverage%20Returns/32926
https://socket.dev/blog/73-open-vsx-sleeper-extensions-glassworm
https://checkmarx.com/blog/checkmarx-security-update-april-26/
89 vulnerabilities in XAPI / Citrix XenServer
https://shittrix.moksha.dk/#rationale
Phantom RPC
https://securelist.com/phantomrpc-rpc-vulnerability/119428/
Pi-Hole Vulnerability CVE-2026-41489
https://github.com/pi-hole/pi-hole/security/advisories/GHSA-6w8x-p785-6pm4
Linux Kernel Problem CVE-2026-41651
https://nvd.nist.gov/vuln/detail/CVE-2026-41651
iTunes
MP3 Download
RSS Feed
Google
Podbean
Amazon Echo
YouTube
Spreaker
Spotify
Discussion
Login here to join the discussion.
| Application Security: Securing Web Apps, APIs, and Microservices | San Diego | May 11th - May 16th 2026 |
| Network Monitoring and Threat Detection In-Depth | Online | Arabian Standard Time | Jun 20th - Jun 25th 2026 |
| Network Monitoring and Threat Detection In-Depth | Riyadh | Jun 20th - Jun 25th 2026 |
| Application Security: Securing Web Apps, APIs, and Microservices | Washington | Jul 13th - Jul 18th 2026 |
| Application Security: Securing Web Apps, APIs, and Microservices | Online | British Summer Time | Jul 27th - Aug 1st 2026 |
| Application Security: Securing Web Apps, APIs, and Microservices | Las Vegas | Sep 21st - Sep 26th 2026 |
Subscribe to the Internet Storm Center YouTube Channel
© 2026 SANS™ Internet Storm Center
Developers: We have an API for you! 