SANS Stormcast Covers E-commerce Fraud Detection, Outlook Phishing Vulnerability, and Critical Nginx and Cisco Security Flaws

The May 15, 2026, episode of the SANS Internet Storm Center Stormcast, hosted by Johannes Ullrich in San Diego, covered two primary security topics. An undergraduate intern, Joshua Nicholson, demonstrated methods to identify fraudulent e-commerce websites, including stolen product images from eBay and unauthorized multi-vendor credit card charges after testing with a $5-limit card. Separately, researcher Yan discovered an Outlook vulnerability where links missing the HTTP/HTTPS protocol prefix (e.g., starting with just the hostname) fail to display in the junk folder, obscuring phishing URLs. Additionally, security firm DeepFirst disclosed four vulnerabilities in Nginx, including a heap-based buffer overflow in the mod_rewrite module (CVE unspecified) enabling arbitrary code execution, though current proof-of-concept exploits require ASLR to be disabled. Patches for Nginx were released by F5 and major Linux distributions, while Cisco addressed a critical CVSS 10.0 authentication bypass flaw in its Catalyst SD-WAN controller, already exploited in the wild. The episode also noted no podcast would air on May 18 due to travel.