AI Security Roundup

Security teams today are not short on tools or data. They are overwhelmed by both. Yet within the terabytes of alerts, exposures, and misconfigurations – security teams still struggle to understand …

** Ravie Lakshmanan ** Mar 18, 2026 Network Security / Ransomware Amazon Threat Intelligence is warning of an active Interlock ransomware campaign that’s exploiting a recently disclosed critical …

** Ravie Lakshmanan ** Mar 18, 2026 Vulnerability / Data Protection Cybersecurity researchers have disclosed a critical security flaw impacting the GNU InetUtils telnet daemon (telnetd) that could be …

When a Magecart payload hides inside the EXIF data of a dynamically loaded third-party favicon, no repository scanner will catch it – because the malicious code never actually touches your repo. As …

** Ravie Lakshmanan ** Mar 18, 2026 Network Security / Vulnerability Cybersecurity researchers have warned about the risks posed by low-cost IP KVM (Keyboard, Video, Mouse over Internet Protocol) …

The U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) has sanctioned six individuals and two entities for their involvement in the Democratic People’s Republic of …

ISC Stormcast For Monday, March 16th, 2026 https://isc.sans.edu/podcastdetail/9850

Attempts to find proxy servers are among the most common scans our honeypots detect. Most of the time, the attacker attempts to use a host header or include the hostname in the URL to trigger the …

ISC Stormcast For Tuesday, March 17th, 2026 https://isc.sans.edu/podcastdetail/9852

Yesterday, in my diary about the scans for “/proxy/” URLs, I noted how attackers are using IPv4-mapped IPv6 addresses to possibly obfuscate their attack. These addresses are defined in RFC …

If you run security at any reasonably complex organization, your validation stack probably looks something like this: a BAS tool in one corner. A pentest engagement, or maybe an automated pentesting …

South Korean Police Accidentally Post Cryptocurrency Wallet Password An expensive mistake : Someone jumped at the opportunity to steal $4.4 million in crypto assets after South Korea’s National Tax …

Possible New Result in Quantum Factorization I’m skeptical about—and not qualified to review—this new result in factorization with a quantum computer, but if it’s true it’s a theoretical improvement …

** Ravie Lakshmanan ** Mar 16, 2026 Malware / Cryptocurrency The GlassWorm malware campaign is being used to fuel an ongoing attack that leverages the stolen GitHub tokens to inject malware into …

** Ravie Lakshmanan ** Mar 16, 2026 Cybersecurity / Hacking Some weeks in security feel normal. Then you read a few tabs and get that immediate “ah, great, we’re doing this now” feeling. This week has …

** Ravie Lakshmanan ** Mar 17, 2026 Threat Intelligence / Endpoint Security North Korean threat actors have been observed sending phishing to compromise targets and obtain access to a victim’s …

** Ravie Lakshmanan ** Mar 17, 2026 Vulnerability / Network Security The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a medium-severity security flaw impacting Wing FTP …

The ransomware operation known as LeakNet has adopted the ClickFix social engineering tactic delivered through compromised websites as an initial access method. The use of ClickFix, where users are …

** The Hacker News ** Mar 17, 2026 Artificial Intelligence / Security Leadership A majority of security leaders are struggling to defend AI systems with tools and skills that are not fit for the …

Cybersecurity researchers have disclosed details of a new method for exfiltrating sensitive data from artificial intelligence (AI) code execution environments using domain name system (DNS) queries. …

** Ravie Lakshmanan ** Mar 14, 2026 Artificial Intelligence / Endpoint Security China’s National Computer Network Emergency Response Technical Team (CNCERT) has issued a warning about the …

Upcoming Speaking Engagements This is a current list of where and when I am scheduled to speak: I’m giving the Ross Anderson Lecture at the University of Cambridge’s Churchill College at 5:30 PM GMT …

Cybersecurity researchers have flagged a new iteration of the GlassWorm campaign that they say represents a “significant escalation” in how it propagates through the Open VSX registry. …

Introduction This diary describes a Remcos RAT infection that I generated in my lab on Thursday, 2026-03-11. This infection was from the SmartApeSG campaign that used a ClickFix-style fake CAPTCHA …

Disclaimer : This report has been prepared by the Threat Research Center to enhance cybersecurity awareness and support the strengthening of defense capabilities. It is based on independent research …