Hello and welcome to the Tuesday, August 5th, 2025 edition of the Sands and then at Storm Center's Stormcast.

My name is Johannes Ulrich, recording day from Jacksonville, Florida.

And this episode is brought you by the Sands.edu undercredit certificate program in Applied Cybersecurity.

Today I added a new daily notification report that you may subscribe to their email or, well, just download the raw

JSON from the website if you want to sort of build your own little report like this. This is really something that I found useful.

I originally build it for myself and figured, well, you know, why not share it with others?

So you may also see some interesting new things in our data. It does summarize,

some of the highlights of the data for each day starts out with our

suspicious domains for the particular day that we sort of identified than any new URLs from

our web honeypots. So here looks like, for example, some of these Odine calls were new.

And then yet another variation of SharePoint, of course.

This is actually an older vulnerability here.

Just a slightly different sort of way of using it.

This U-edit part here I think think, is usually U-Editor.

So attackers trying something a little bit different.

Top S-H data.

Here we are looking at the new usernames that we have seen.

Sys ad-EM-3.

That could potentially be interesting.

Haven't really looked at the details here yet for this particular one.

There are some odd ones like this user agent.

That just happens if an attacker is sending an HTTP request to a Telnet server.

...