SANS Stormcast Highlights HTTP/3 Challenges, Android and Oracle Patches, and Malicious JetBrains Plugins

18 Jun 2026

cybersecurityHTTP/3QUICUDPTLS inspectionAndroid 17OracleJetBrainsmalwarevulnerabilitiespatching

The June 18, 2026, SANS Internet Storm Center Stormcast covered HTTP/3 (QUIC), a UDP-based encrypted protocol now accounting for 30% of web traffic, supported by major browsers and servers. Traditional TLS inspection tools fail with HTTP/3 due to its encryption and proxy-blind nature, requiring organizations to block outbound UDP traffic beyond just port 443, as QUIC can operate on any port and supports services like SMB and DNS-over-QUIC. Detection may involve filtering HTTPS DNS records advertising QUIC support. Google’s Android 17 update patched 21 vulnerabilities, aligning with the July 1 patch level, while Oracle’s monthly Critical Security Patch Update addressed 245 flaws, notably in Fusion Middleware. Additionally, malicious JetBrains IDE plugins were discovered stealing AI API keys by exfiltrating them via HTTP to attacker-controlled IP addresses. The episode noted no podcast on June 19 due to the Juneteenth holiday.