*SANS Internet Storm Center Stormcast* Podcast Highlights Malware, ServiceNow Vulnerability, and Starlink GPS Jamming

The SANS Internet Storm Center Stormcast podcast from January 15, 2026, covers three main topics. First, an analysis of the Luma Stealer malware, an information stealer that exfiltrates data before downloading additional instructions from Pastebin. A recent variant creates scheduled tasks every 30 minutes, which can accumulate up to 30 on an infected system, executing new malicious binaries after the initial data exfiltration. Next, a vulnerability in ServiceNow related to a basic authentication flaw: virtual agents used fixed credentials shared across all clients, enabling unauthorized authentication. Finally, a report on the jamming of Starlink terminals in Iran, caused by GPS disruption. The terminals, unable to pinpoint their location accurately, failed to align with satellites, despite a backup mode using Starlink signals, which was deemed insufficiently precise.