March 4, 2026, Sans Internet Storm Center Stormcast Episode Highlights Cybersecurity Threats

The March 4, 2026, Sans Internet Storm Center Stormcast episode covers attackers targeting CrushFTP servers by testing default credentials, specifically the username Crush Admin paired with the same password, though this is not a vulnerability in the software itself. Google’s Android Patch Tuesday addressed 140 vulnerabilities, including an actively exploited flaw in Qualcomm display drivers related to memory management. A phishing campaign exploits OAuth user confusion by redirecting victims from a legitimate Microsoft OAuth endpoint to a malicious site, tricking them into downloading spyware or credential stealers. The episode also warns about exposed Google API keys leading to unexpected charges, as improperly secured keys can result in bills exceeding tens of thousands of dollars. CrushFTP’s setup documentation suggests Crush Admin as a possible admin username but does not recommend a default password, placing responsibility on users for weak credentials. The Qualcomm display driver vulnerability highlights the urgency of Android updates, though patch availability depends on device manufacturers and carriers.