Handler on Duty: Johannes Ullrich
Threat Level: green
Podcast Detail
SANS Stormcast Monday, July 6th, 2026: Apple Patch Policy; FatFS Vulns; OpenWRT; Multi-Agent Offensive AI;
If you are not able to play the podcast using the player below: Use this direct link to the audio file: https://traffic.libsyn.com/securitypodcast/9994.mp3
My Next Class
Click HERE to learn more about classes Johannes is teaching for SANS
Apple Updated Patch Policy
https://www.reuters.com/business/apple-says-it-is-releasing-updates-early-response-ai-cybersecurity-concerns-2026-06-29/
T3MP3ST multi-agent offensive-security framework
https://github.com/elder-plinius/T3MP3ST
Seven FatFs bugs, one very large blast radius
https://www.runzero.com/blog/fatfs-bugs/
OpenWRT Releases v25.12.5
https://github.com/openwrt/openwrt/releases
My Upcoming Classes
https://www.sans.org/profiles/dr-johannes-ullrich
| Application Security: Securing Web Apps, APIs, and Microservices | Washington | Jul 13th - Jul 18th 2026 |
| Application Security: Securing Web Apps, APIs, and Microservices | Online | British Summer Time | Jul 27th - Aug 1st 2026 |
| Application Security: Securing Web Apps, APIs, and Microservices | Las Vegas | Sep 21st - Sep 25th 2026 |
| Network Monitoring and Threat Detection In-Depth | Amsterdam | Nov 9th - Nov 14th 2026 |
| Application Security: Securing Web Apps, APIs, and Microservices | Washington | Dec 14th - Dec 18th 2026 |
Podcast Transcript
Hello and welcome to the Monday, July 6, 2026 edition of the SANS Internet Storm Center's Stormcast. My name is Johannes Ullrich, recording today from Jacksonville, Florida. And this episode is brought to you by the SANS.edu undergraduate certificate program in cybersecurity fundamentals. Last week when I covered Apple's updates, I did mention that they felt a little bit different than what we usually saw for Apple. They weren't really sort of an emergency update where we had some very specific exploited vulnerabilities being fixed, but they also weren't just a big broad update. We usually saw where we get patches for every single of Apple's products. We only got them sort of for the iOS, macOS and Safari with a heavy focus on WebKit vulnerabilities. And that sort of also explains the inclusion of Safari. Well, Reuters now published that this is apparently sort of a new strategy going forward from Apple when it comes to patches and releasing security updates. They're no longer necessarily going to wait for the next major update. So currently we are like on iOS, macOS of 25. Sorry, 26.5. The next sort of update would then be 26.6. But what they released basically last week were vulnerabilities they fixed in some of the betas for 26.6. And they didn't really want to wait until 26.6 is released. So they accelerated the release of these patches. And that's something that we should expect in the future. So basically expect more and sort of more incremental security updates from Apple that aren't necessarily sort of bundled in with some of the feature updates that we have seen in the past. When talking about discovering and exploiting vulnerabilities with the aid of AI, clients, vielleicht more or agendas. They don't have to worry about what we are The next slide is by Plinus Elder. Elder Plinus has released a new tool T3MP3ST. And what's sort of unique about it is, it's not a new model than there are now a number of them that can be used to find vulnerabilities and exploit them. Instead, it's really more a harness that can then be used for existing coding agents that you already use. So if you're using anything like cloud or such, or even your local model to code, well, you can use T3MP3ST in order to then use that model to find vulnerabilities and also create exploits for them the advantage is well as sort of pointed out in the readme file that you don't have yet another token bill of course now it goes against whatever tokens you're using with these existing models on the other hand I sort of I'm really interested in trying it out with local models with you know it's of course more interesting because they have more control over what models are using and also what safeguards these models may be implementing and run zero published a blog post with details regarding seven different flaws in fat FS everybody listening to this podcast probably has heard about the fat file system the good old sort of no Windows style file system well it's of course often used for anything kind of that mounts SD cards USB media and one of the popular open source implementations is fatFS so if you have an IOT device for example that can mount an SDcard it probably runs fat FS the library to implement the fat file system seven of these bugs were now disclosed and many of them allowing arbitrary code execution this is in particular a problem for IOT devices you don't always need to physically mount a file system like some kind of ISO file or something like this can often be used to mount then a virtual drive to a system and trigger some of these vulnerabilities which could of course be exploited in for privilege escalation and open WRT did release an update that fixes a number of interesting security vulnerabilities version 25.12 .5 don't usually mention them and nothing here sort of screams patch now but certainly even your open source devices need to be updated occasionally and we have seen all the havoc that attackers are creating with sort of no border security devices like that none of these is sort of unauthenticated device takeover type vulnerabilities there are a number of approach escalation vulnerabilities also some DHCP related vulnerabilities that can be exploited by network adjacent devices so not exactly sort of a remote attacker as always you never really should expose the admin interfaces of any device like this to the internet use VPNs and such for it but on the other hand there's also an SH update here that fixes some SCP issues in this release well and that's it for today so thanks for listening thanks for liking and subscribing to this podcast and as always talk to you again tomorrow bye you





