
SANS StormCast Reports Phishing Attacks, Patch Updates, and Security Flaws in MetaMask, Adobe, Chrome, and Apple Services
The July 2, 2026, SANS Internet Storm Center StormCast episode, hosted by Johannes Ullrich from Riyadh, Saudi Arabia, reported a phishing attack targeting MetaMask users by exploiting the secret recovery phrase used for account resets. Attackers bypass multi-factor authentication by abusing the password reset feature, highlighting vulnerabilities in secure account recovery methods. Adobe announced a shift to a biweekly patch release cycle, issuing fixes for 11 products, including ColdFusion and Adobe Acrobat Reader, with arbitrary code execution vulnerabilities. Google Chrome’s latest update addressed 382 vulnerabilities, reflecting a trend of hundreds of patches per release compared to previous years. Apple’s Hide My Email service was found to have an unpatched flaw where oversized email attachments trigger bounce messages revealing users’ real email addresses. The episode noted no podcast would air on July 3 due to the U.S. holiday and travel.