SANS Internet Storm Center’s Storm Cast Episode Highlights Cybersecurity Threats and Analysis Techniques

The May 26, 2026, episode of the SANS Internet Storm Center’s Storm Cast, hosted by Johannes Ulrich, covers multiple cybersecurity threats and analysis techniques. Didier Stevens explored Microsoft Access (.mdb) files as a vector for executing malicious Visual Basic for Applications (VBA) code, noting the lack of official Microsoft documentation for extracting such scripts. Xavier Mertens demonstrated a bash one-liner using objdump and grep to decode stack strings, an obfuscation technique in malware that dynamically assembles strings on the stack. He also analyzed an NPM-based JavaScript info stealer targeting Windows, macOS, and Linux, which exfiltrates credentials and cryptocurrency wallet data, with ties to North Korean threat actors. Additionally, Socket identified 700+ compromised versions of Laravel Lang packages—used for PHP localization—containing remote code execution backdoors. Joe Leon highlighted delays in Google API key deactivation, noting it can take up to 23 minutes for changes to propagate, a recurring issue in cloud environments. The episode also mentioned upcoming SANS Fire training in mid-July 2026.