A brief daily summary of what is important in information security. The podcast is published every weekday and designed to get you ready for the day with a brief, usually 5 minute long, summary of current network security related events. The content is late breaking, educational and based on listener input as well as on input received by the SANS Internet Stormcenter. You may submit questions and comments via our contact form at https://isc.sans.edu/contact.html .
SANS Stormcast Wednesday, September 17th, 2025: Phishing Resistants; More npm Attacks; ChatGPT MCP abuse
September 16, 2025
8:47
1.48 MB ( 5.9 MB less)
Downloads: 0
Why You Need Phishing-Resistant Authentication NOW.
The recent compromise of a number of high-profile npmjs.com accounts has yet again shown how dangerous a simple phishing email can be.
https://isc.sans.edu/diary/Why%20You%20Need%20Phishing%20Resistant%20Authentication%20NOW./32290
S1ngularity/nx Attackers Strike Again
A second wave of attacks has hit over a hundred npm-related GitHub repositories. The updated payload implements a worm that propagates itself to other repositories.
https://www.aikido.dev/blog/s1ngularity-nx-attackers-strike-again
ChatGPT s Calendar Integration Can Be Exploited to Steal Emails
ChatGPT s new MCP integration can be used, via prompt injection, to affect software connected to ChatGPT via MCP.
https://www.linkedin.com/posts/eito-miyamura-157305121_we-got-chatgpt-to-leak-your-private-email-activity-7372306174253256704-xoX1/