AI Security Roundup

Friday Squid Blogging: Squid Fishing in Peru Peru has increased its squid catch limit. The article says “giant squid,” but they can’t possibly mean that. As usual, you can also use this squid post to …

** Ravie Lakshmanan ** Feb 27, 2026 Financial Crime / Social Engineering The U.S. Department of Justice (DoJ) this week announced the seizure of $61 million worth of Tether that were allegedly …

** Ravie Lakshmanan ** Feb 27, 2026 Malware / Linux Security Cybersecurity researchers have disclosed details of a malicious Go module that’s designed to harvest passwords, create persistent …

** Ravie Lakshmanan ** Feb 27, 2026 Network Security / Vulnerability The Shadowserver Foundation has revealed that over 900 Sangoma FreePBX instances still remain infected with web shells as part of …

It’s Friday, let’s have a look at another simple piece of malware to close a busy week! I received a Fedex notification about a delivery. Usually, such emails are simple phishing attacks that redirect …

** Ravie Lakshmanan ** Feb 27, 2026 Malware / Surveillance The North Korean threat actor known as ScarCruft has been attributed to a fresh set of tools, including a backdoor that uses Zoho WorkDrive …

Why Tehran’s Two-Tiered Internet Is So Dangerous Iran is slowly emerging from the most severe communications blackout in its history and one of the longest in the world. Triggered as part of January’s …

** Ravie Lakshmanan ** Feb 27, 2026 Endpoint Security / Windows Security Threat actors are luring unsuspecting users into running trojanized gaming utilities that are distributed via browsers and chat …

Phishing Attacks Against People Seeking Programming Jobs This is new. North Korean hackers are posing as company recruiters, enticing job candidates to participate in coding challenges. When they run …

** Ravie Lakshmanan ** Feb 27, 2026 Online Scam / Digital Advertising Meta on Thursday said it’s taking legal action to tackle scams on its platforms by filing lawsuits against what it calls …

A maximum severity security vulnerability in Dell RecoverPoint for Virtual Machines has been exploited as a zero-day by a suspected China-nexus threat cluster dubbed UNC6201 since mid-2024, according …

In 2025, navigating the digital seas still felt like a matter of direction. Organizations charted routes, watched the horizon, and adjusted course to reach safe harbors of resilience, trust, and …

** Ravie Lakshmanan ** Feb 18, 2026 Network Security / Enterprise Security Cybersecurity researchers have disclosed a critical security flaw in the Grandstream GXP1600 series of VoIP phones that could …

** Ravie Lakshmanan ** Feb 18, 2026 Vulnerability / Software Security Cybersecurity researchers have disclosed multiple security vulnerabilities in four popular Microsoft Visual Studio Code (VS Code) …

New research from the Citizen Lab has found signs that Kenyan authorities used a commercial forensic extraction tool manufactured by Israeli company Cellebrite to break into a prominent …

The Promptware Kill Chain Attacks against modern generative artificial intelligence (AI) large language models (LLMs) pose a real threat. Yet discussions around these attacks and their potential …

In 2022 (time flies!), I wrote a diary about the 32-bits VS. 64-bits malware landscape[ 1 ]. It demonstrated that, despite the growing number of 64-bits computers, the “old-architecture” …

** Ravie Lakshmanan ** Feb 16, 2026 Zero-Day / Browser Security Google on Friday released security updates for its Chrome browser to address a security flaw that it said has been exploited in the …

Technologies are evolving fast, reshaping economies, governance, and daily life. Yet, as innovation accelerates, so do digital risks. Technological change is no longer abstract for such a country as …

Cybersecurity researchers have disclosed details of a new mobile spyware platform dubbed ZeroDayRAT that’s being advertised on Telegram as a way to grab sensitive data and facilitate real-time …

ISC Stormcast For Friday, February 27th, 2026 https://isc.sans.edu/podcastdetail/9828

Cybersecurity researchers have disclosed details of a new botnet loader called Aeternum C2 that uses a blockchain-based command-and-control (C2) infrastructure to make it resilient to takedown …

In my previous blog post I mentioned the GetProcessHandleFromHwnd API. This was an API I didn’t know existed until I found a publicly disclosed UAC bypass using the Quick Assist UI Access …

** Ravie Lakshmanan ** Feb 26, 2026 Malware / Threat Intelligence A previously undocumented threat activity cluster has been attributed to an ongoing malicious campaign targeting education and …

** Ravie Lakshmanan ** Feb 26, 2026 Cybersecurity / Hacking News Nothing here looks dramatic at first glance. That’s the point. Many of this week’s threats begin with something ordinary, like an ad, a …