
SANS Stormcast Highlights Cybersecurity Threats Including Favicon Hash Exploits, Russian-Linked Attacks, and Critical Linux and Google Vulnerabilities
The June 30, 2026, episode of the SANS Internet Storm Center Stormcast covers multiple cybersecurity threats and techniques. A method for penetration test reconnaissance involves identifying web services by calculating and searching favicon hashes via Shodan to automate data collection. The FBI warns of Russian-linked attacks targeting high-value individuals via messaging apps like Signal, tricking victims into sharing backup recovery keys by falsely claiming account deletion risks; retaining the same phone number after account deletion preserves the compromised key. Google disclosed a critical (CVSS 10) vulnerability in its Gemini AI command-line interface, exploitable when developers clone malicious repositories containing a harmful .env file, leading to arbitrary code execution. Additionally, a Linux IPv6 fragmentation vulnerability (discovered by Mazoliano) allows unprivileged users to escalate privileges to root, enabling container escapes due to improper buffer clearing in certain distributions like CentOS, though not all Linux variants are affected.