SANS ISC StormCast: the Under-15-Minute Daily Security Input You Should Be Subscribed To

What it is

The SANS Internet Storm Center publishes **StormCast**, a 5-to-15 minute daily podcast in which an incident handler walks through what's currently being exploited in the wild, fresh CVEs worth knowing about, and patterns showing up in honeypot data. Tuesday's edition is the one I'm linking here, but the show runs every weekday.

Why it earns its slot

Most threat-intel sources are either trade press (slow, narrative-led) or full vulnerability databases (firehose, no editorial). StormCast is rare in combining a tight editorial filter with a daily cadence. The format optimises for the actual question oncall engineers have at 9am: *is anything I run currently under active exploitation?*

Why this matters for KYAX clients

If your team has anyone in an incident-response, detection-engineering or SOC role and they aren't already listening, fix that this week. The cost is one short walk's worth of attention per day; the upside is finding out about a critical CVE roughly 24-48 hours before it shows up in a vendor newsletter. We make it standing-required listening for our own security desk, and recommend it to every client who runs a security team of any size.

*StormCast content is published under CC-BY-NC-SA 4.0 — full attribution above; this commentary is original.*

---

*Source: [SANS Internet Storm Center](https://isc.sans.edu/podcastdetail/9928) — SANS ISC, 2026-05-12. Commentary is original to KYAX.*