SANS Institute

“OUCH!” Security Awareness Newsletters

OUCH! is the world’s leading, free security awareness newsletter designed for the common computer user. Published every month and in multiple languages, each edition is carefully researched and developed by the SANS ‘Securing The Human’ team, SANS instructor subject matter experts and team members of the community. Each issue focuses on and explains a specific topic and actionable steps people can take to protect themselves, their family and their organization. OUCH! is distributed under the Creative Commons BY-NC-ND 4.0 license. You are encouraged to distribute OUCH! within your organization or share with family and friends, the only limitation is you cannot modify nor sell OUCH!.

  1. SANS Stormcast Thursday May 29th 2025: LLM Assisted Analysis; MSP Ransomware; Everetz Vulnerability
    Source: SANS Institute Published on 05.28.2025
  2. SANS Stormcast Wednesday May 28th 2025: Securing authorized_keys; ADAuditPlus SQL Injection; Dero Miner vs Docker API
    Source: SANS Institute Published on 05.27.2025
  3. SANS Stormcast Tuesday, May 27th 2025: SVG Steganography; Fortinet PoC; GitLab Duo Prompt Injection
    Source: SANS Institute Published on 05.26.2025
  4. SANS Stormcast Friday, May 23rd 2025: Backup Connectivity; Windows 2025 dMSA Abuse; Samlify Vulnerability
    Source: SANS Institute Published on 05.22.2025
  5. SANS Stormcast Thursday, May 22nd 2025: Crypto Confidence Scams; Extension Mayhem for VS Code and Chrome
    Source: SANS Institute Published on 05.21.2025
  6. SANS Stormcast Wednesday, May 21st 2025: Researchers Scanning the Internet; Forgotten DNS Records; openpgp.js Vulneraiblity
    Source: SANS Institute Published on 05.20.2025
  7. SANS Stormcast Tuesday, May 20th 2025: AutoIT Code RAT; Fake Keepass Download; Procolored Printer Software Compromise
    Source: SANS Institute Published on 05.19.2025
  8. SANS Stormcast Monday, May 18th 2025: xorsearch python functions; pwn2own Berlin; senior govt official impersonation; dynamic domain risk
    Source: SANS Institute Published on 05.18.2025
  9. SANS Stormcast Friday, May 16th: Increase in Sonicwall Scans; RVTools Compromised?; RountPress
    Source: SANS Institute Published on 05.15.2025
  10. SANS Stormcast Thursday, May 15th: Google Open Redirects; Adobe, Ivanti, and Samsung patches
    Source: SANS Institute Published on 05.14.2025
  11. SANS Stormcast Wednesday, May 14th: Microsoft Patch Tuesday; 0-Days patched for Ivanti Endpoint Manager and Fortinet Products
    Source: SANS Institute Published on 05.13.2025
  12. SANS Stormcast Tuesday, May 12th: Apple Patches; Unipi Technologies Scans;
    Source: SANS Institute Published on 05.12.2025
  13. SANS Stormcast Monday, May 11th: Steganography Challenge; End-of-Life Routers; ASUS Driverhub; RV-Tools SEO Poisoning
    Source: SANS Institute Published on 05.11.2025
  14. SANS Stormcast Friday, May 9th: SSH Exfil Tricks; magicINFO still vulnerable; SentinelOne Vulnerability; Commvault insufficient patch
    Source: SANS Institute Published on 05.08.2025
  15. SANS Stormcast Thursday, May 8th: Modular Malware; Sysaid Vuln; Cisco Wireless Controller Patch; Unifi Protect Camera Patch
    Source: SANS Institute Published on 05.07.2025
  16. SANS Stormcast Wednesday, May 7th: Infostealer with Webserver; Android Update; CISA Warning
    Source: SANS Institute Published on 05.06.2025
  17. SANS Stormcast Tuesday, May 6th: Mirai Exploiting Samsung magicInfo 9; Kali Signing Key Lost;
    Source: SANS Institute Published on 05.05.2025
  18. SANS Stormcast Monday, May 5th: Steganography Challenge; Microsoft Makes Passkeys Default and Moves Away from Authenticator as Password Manager; Magento Components Backdoored.
    Source: SANS Institute Published on 05.04.2025
  19. SANS Stormcast Thursday, May 1st: More Steganography; Malicious Python Packages GMail C2; BEC to Steal Rent Payments
    Source: SANS Institute Published on 05.01.2025
  20. SANS Stormcast Thursday, May 1st: Sonicwall Attacks; Cached Windows RDP Credentials
    Source: SANS Institute Published on 04.30.2025
  21. SANS Stormcast Wednesday, April 30th: SMS Attacks; Apple Airplay Vulnerabilities
    Source: SANS Institute Published on 04.29.2025
  22. SANS Stormcast Tuesday, April 29th: SRUM-DUMP 3; Policy Puppetry; Choice Jacking; @sansinstitute at #RSAC
    Source: SANS Institute Published on 04.28.2025
  23. SANS Stormcast Monday, April 28th: Image Steganography; SAP Netweaver Exploited
    Source: SANS Institute Published on 04.27.2025
  24. SANS Stormcast Friday, April 25th: SMS Gateway Scans; Comvault Exploit; Patch Window Shrinkage; More inetpub issues;
    Source: SANS Institute Published on 04.24.2025
  25. SANS Stormcast Thursday, April 24th: Honeypot iptables Maintenance; XRPL.js Compromise; Erlang/OTP SSH Vuln affecting Cisco
    Source: SANS Institute Published on 04.23.2025
  26. SANS Stormcast Wednesday, April 23rd: More xorsearch Updates; DKIM Replay Attack; SSL.com Vulnerability Fixed
    Source: SANS Institute Published on 04.22.2025
  27. SANS Stormcast Tuesday, April 22nd: Phishing via Google; ChatGPT Fingerprint; Asus AI Cloud Vuln; PyTorch RCE
    Source: SANS Institute Published on 04.21.2025
  28. ANS Stormcast Monday, April 21st: MSFT Entra Lockouts; Erlang/OTP SSH Exploit; Sonicwall Exploit; bubble.io bug
    Source: SANS Institute Published on 04.20.2025
  29. SANS Stormcast Friday, April 18th: Remnux Cloud Environment; Erlang/OTP SSH Vuln; Brickstorm Backdoor Analysis; GPT 4.1 Safety Controversy
    Source: SANS Institute Published on 04.17.2025
  30. SANS Stormcast Thursday April 17th: Apple Updates; Oracle Updates; Google Chrome Updates; CVE News;
    Source: SANS Institute Published on 04.16.2025
  31. SANS Stormcast Wednesday Apr 16th: File Upload Service Abuse; OpenSSH 10.0 Released; Apache Roller Vuln; Possible CVE Changes
    Source: SANS Institute Published on 04.15.2025
  32. SANS Stormcast Tuesday April 15th: xorsearch Update; Short Lived Certificates; New USB Malware
    Source: SANS Institute Published on 04.14.2025
  33. SANS Stormcast Monday April 14th: Langlow AI Attacks; Fortinet Attack Cleanup; MSFT Inetpub;
    Source: SANS Institute Published on 04.13.2025
  34. SANS Stormcast Friday April 11th: Network Infraxploit; Windows Hello Broken; Dell Update; Langflow Exploit
    Source: SANS Institute Published on 04.11.2025
  35. SANS Stormcast ThursdayApril 10th: Getting Past PyArmor; CenterStack RCE; Android 0-Day Patch; VMware Tanzu Patches; Odd Win11 Directory; WhatsApp File Confusion; SANS AI Guide;
    Source: SANS Institute Published on 04.09.2025
  36. SANS Stormcast Tuesday, April 8th: Microsoft Patch Tuesday; Adobe Patches; OpenSSL 3.5 with PQC; Fortinet
    Source: SANS Institute Published on 04.09.2025
  37. SANS Stormcast Tuesday, April 8th:
    Source: SANS Institute Published on 04.07.2025
  38. SANS Stormcast Monday April 7th 2025: New Username Report; Quickshell Vulnerability; Apache Traffic Director Request Smuggeling
    Source: SANS Institute Published on 04.06.2025
  39. SANS Stormcast Friday, Apr 4th: URL Frequency Analysis; Ivanti Flaw Exploited; WinRAR MotW Vuln; Tax filing scams; Oracle Breach Update
    Source: SANS Institute Published on 04.03.2025
  40. SANS Stormcast Thursday Apr 3rd: Juniper Password Scans; Hacking Call Records; End to End Encrypted GMail
    Source: SANS Institute Published on 04.02.2025
  41. SANS Stormcast Wednesday Apr 2nd: Apple Updates Everything;
    Source: SANS Institute Published on 04.01.2025
  42. SANS Stormcast Tuesday Apr 1st: Apache Camel Exploits; New Cert Authorities Requirements; Possible Oracle Breach
    Source: SANS Institute Published on 03.31.2025
  43. SANS Stormcast Monday, March 31st: Comparing Phishing Sites; DOH and MX Abuse Phishing; opkssh
    Source: SANS Institute Published on 03.30.2025
  44. SANS Stormcast Friday, March 27th: Sitecore Exploited; Blasting Past Webp; Splunk and Firefox Vulnerabilities
    Source: SANS Institute Published on 03.27.2025
  45. SANS Stormcast Thursday Mar 27th: Classifying Malware with ML; Malicious NPM Packages; Google Chrome 0-day
    Source: SANS Institute Published on 03.26.2025
  46. SANS Stormcast Wednesday Mar 26th: XWiki Exploit; File Converter Correction; VMWare Vulnerability; Draytek Router Reboots; MMC Exploit Details;
    Source: SANS Institute Published on 03.25.2025
  47. SANS Stormcast Tuesday Mar 25th: Privacy Awware Bots; Ingress Nightmare; Malicious File Converters; VSCode Extension Leads to Ransomware
    Source: SANS Institute Published on 03.24.2025
  48. SANS Stormcast Monday Mar 24th: Critical Next.js Vulnerability; Microsoft Trust Signing Platform Abuse
    Source: SANS Institute Published on 03.23.2025
  49. SANS Stormcast Friday Mar 21st: New Data Feeds; SEO Spam; Veeam Deserialization; IBM AIX RCE;
    Source: SANS Institute Published on 03.20.2025
  50. SANS Stormcast Thursday Mar 20th: Cisco Smart Licensing Attacks; Vulnerable Drivers again; Synology Advisories Updated
    Source: SANS Institute Published on 03.19.2025