SANS Stormcast Highlights API Security Risks, Android Caller ID Verification, and Vulnerability Disclosures

4 Jun 2026

cybersecurityAPI_securityOpenAPIswagger.jsonAndroidRCScaller_ID_verificationvulnerability_disclosureHPACKHTTP2denial_of_serviceAnthropicSANS_Stormcast

The June 4, 2026, SANS Internet Storm Center Stormcast episode highlights rising reconnaissance activity targeting swagger.json files, which define REST web services via the OpenAPI standard. Attackers exploit these files to identify API functionality, vendor packages, or vulnerabilities, emphasizing the need for organizations to proactively scan internal APIs for outdated or unintentionally public endpoints. Google announced a new caller ID verification feature for Android using RCS (Rich Communication Services), which digitally signs and verifies active calls by pinging the caller’s device, though its effectiveness and privacy implications remain unclear. Anthropic released a dashboard reporting 1,600 disclosed vulnerabilities, with only 27 fixed in upstream libraries, underscoring delays in vendor remediation and downstream patch adoption. A denial-of-service vulnerability in HP2 implementations was also disclosed, where a compression bomb in the HPACK header algorithm can expand small data into 32GB of RAM consumption. The episode notes these issues affect Android’s Google Phone app initially, with staggered rollouts to other devices, and highlights HP2’s role in HTTP/2 header compression.