News – Untrusted Network

SANS ISC Diary - How has use of framing protection security headers changed in the past 3 years?

📅 Jun 10, 2026 · ☕ 1 min read

A new Diary of mine was published today on the SANS Internet Storm Center website. In this one, we’ll look at changes in the adoption of HTTP security headers that protect from “framing attacks” on one million of most popular domains on the internet over the past three years…

SANS ISC Diary - Simple bypass of the link preview function in Outlook Junk folder

📅 May 14, 2026 · ☕ 1 min read

A new Diary of mine was published today on the SANS Internet Storm Center website. In this one, we’ll look at a simple way to bypass the link preview functionality that Oulook provides for messages in the Junk folder…

SANS ISC Diary - How often are redirects used in phishing in 2026?

📅 Apr 6, 2026 · ☕ 1 min read

A new Diary of mine was published today on the SANS Internet Storm Center website. In this one, we’ll find out how often open redirect mechanisms were misused in phishing messages in the first quarter of 2026…

SANS ISC Diary - A React-based phishing page with credential exfiltration via EmailJS

📅 Mar 13, 2026 · ☕ 1 min read

A new Diary of mine was published today on the SANS Internet Storm Center website. In this one, we’ll take a look at an interesting phishing site, which was implemented as a React single-page application….

SANS ISC Diary - Another day, another malicious JPEG

📅 Feb 23, 2026 · ☕ 1 min read

A new Diary of mine was published today on the SANS Internet Storm Center website. In this one, we’ll take a look at a recent malspam campagin delivering a multi-stage infection chain involving a JScript downloader, WMI-spawned PowerShell, and an in-memory .NET assembly extracted from a JPEG file…

SANS ISC Diary - A phishing campaign with QR codes rendered using an HTML table

📅 Jan 7, 2026 · ☕ 1 min read

A new Diary of mine was published today on the SANS Internet Storm Center website. In this one, we’ll take a look at a phishing campaign, in which QR codes were implemented with the help of HTML tables instead of images…

SANS ISC Diary - Positive trends related to public IP ranges from the year 2025

📅 Dec 18, 2025 · ☕ 1 min read

A new Diary of mine was published today on the SANS Internet Storm Center website. In this one, we’ll take a look at a few positive trends related to public IP ranges from the past twelve months…

SANS ISC Diary - Use of CSS stuffing as an obfuscation technique?

📅 Nov 21, 2025 · ☕ 1 min read

A new Diary of mine was published today on the SANS Internet Storm Center website. In this one, we’ll take a look at a phishing page, which - probably as an obfusctaion technique - contained a large amount of garbage CSS code…

SANS ISC Diary - A phishing with invisible characters in the subject line

📅 Oct 28, 2025 · ☕ 1 min read

A new Diary of mine was published today on the SANS Internet Storm Center website. In this one, we’ll take a look at an unusual phishing message which contained “invisible” characters in its subject line…

SANS ISC Diary - A quick look at sextortion at scale: 1,900 messages and 205 Bitcoin addresses spanning four years

📅 Sep 2, 2025 · ☕ 1 min read

A new Diary of mine was published today on the SANS Internet Storm Center website. In this one, we’ll discuss the analysis of approximately 1,900 sextortion e-mails spanning years 2021-2025, and look at interesting statistical data that resulted from this analysis…