SANS Stormcast Highlights Critical Vulnerabilities in VS Code, Cisco, Zoom, and Fortinet

Johannes Ullrich presents the January 22, 2026 edition of the SANS Internet Storm Center Stormcast from Jacksonville, Florida. Visual Studio Code can automatically execute malicious code through a .vscode directory containing a tasks.json file that defines actions to run during specific events, such as opening a folder. This technique has been used in multiple attacks. Cisco has released patches for a critical vulnerability in Unified Communications that allows an unauthenticated attacker to gain user privileges and then root access (CVSS score 8.2). Zoom has fixed a critical vulnerability (CVSS 9.9) in its Multimedia Routers enabling remote code execution. Users report successful exploitations against Fortinet firewalls despite applying the patch for CVE-2024-55718, suggesting the vulnerability persists in version 7.4.10. Fortinet is expected to release version 7.4.11 soon. SANS is seeking participation in its 10th annual SOC survey.