meta_pixel
Tapesearch Logo
Log in
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

SANS Stormcast Friday, February 6th, 2026: Broken Phishing; n8n vulnerability; Android Update; Watchguard Firebox LDAP Injection

SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

SANS ISC Handlers

Tech News, News

4.9754 Ratings

🗓️ 6 February 2026

⏱️ 5 minutes

🔗️ Recording | iTunes | RSS

🧾️ Download transcript

Summary

Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SANS Stormcast Friday, February 6th, 2026: Broken Phishing; n8n vulnerability; Android Update; Watchguard Firebox LDAP Injection

Transcript

Click on a timestamp to play from that location

0:00.0

Hello and welcome to the Friday, February 6, 2026 edition of the Sands Internet Storms.

0:11.0

Stormcast, my name is Johannes Ulrich, recording today from Jacksonville, Florida.

0:16.5

And this episode is brought you by the Sands.edu undercredit certificate program in cyber security fundamentals.

0:24.6

Well, Xavier came across an interesting trick being rediscovered by phishing emails,

0:30.0

and that's essentially invalid URLs that are, well, valid enough that they may actually work in a browser.

0:38.7

So what I take advantage of here is, well, wouldn't call it an ambiguity, but really

0:44.1

browsers being able to deal with URLs that are technically not valid.

0:49.4

In this particular case, at the end of the URL, instead of having like a question mark and then the URL

0:55.8

parameters that are still limited by ampersands, well, they just have an ampersand and then

1:02.0

a couple of random characters. This is not a valid URL. I actually looked it up in the RFC myself,

1:10.1

RFC 3986 states that URLs should be limited by either white spaces, angle brackets, or double quotes.

1:19.0

But you all know that, well, browsers are somewhat forgiving with these standards, and that's apparently what's being abused here that a browser makes this

1:29.1

URL work, while a security tool that inspects the document, while it doesn't recognize

1:34.9

this as a valid URL, and as a result, will then ignore it. So, interesting little trick here,

1:42.5

and you may want to test your security tool how it deals with these kind of invalid URLs.

1:49.9

Well, and today's AI vulnerability comes thanks of N8N, and it's really just a variation of a vulnerability that we had in December, and that cost a lot of news in

2:04.0

December, because it does allow anybody who is able to create a workflow to essentially

2:09.8

execute Optory System Command. So one of those good old sort of OS command injection

2:15.6

style warn abilities, Well, apparently that vulnerability

2:19.6

hadn't been patched properly back in December, so it's back in another variation of it.

2:26.8

Better keep N8N updated. And like with all of these sort of emerging tools right now, you must be

2:33.8

probably daily check for any updates

...

Please login to see the full transcript.

Disclaimer: The podcast and artwork embedded on this page are from SANS ISC Handlers, and are the property of its owner and not affiliated with or endorsed by Tapesearch.

Generated transcripts are the property of SANS ISC Handlers and are distributed freely under the Fair Use doctrine. Transcripts generated by Tapesearch are not guaranteed to be accurate.

Copyright © Tapesearch 2026.