AI Security Roundup

And another XWorm[ 1 ] wave in the wild! This malware family is not new and heavily spread but delivery techniques always evolve and deserve to be described to show you how threat actors can be …

Manipulating AI Summarization Features Microsoft is reporting : Companies are embedding hidden instructions in “Summarize with AI” buttons that, when clicked, attempt to inject persistence commands …

** Ravie Lakshmanan ** Mar 04, 2026 Vulnerability / Enterprise Security The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a recently disclosed security flaw impacting …

** Ravie Lakshmanan ** Mar 04, 2026 Malware / Windows Security Cybersecurity researchers have disclosed details of an advanced persistent threat (APT) group dubbed Silver Dragon that has been linked …

** Ravie Lakshmanan ** Mar 04, 2026 Threat Intelligence / Application Security Cybersecurity researchers have flagged malicious Packagist PHP packages masquerading as Laravel utilities that act as a …

** The Hacker News ** Mar 04, 2026 Artificial Intelligence / SaaS Security As AI becomes the central engine for enterprise productivity, security leaders are finally getting the green light — and the …

Google said it identified a “new and powerful” exploit kit dubbed Coruna (aka CryptoWaters) targeting Apple iPhone models running iOS versions between 13.0 and 17.2.1. The exploit kit …

Cybersecurity researchers have warned of a surge in retaliatory hacktivist activity following the U.S.-Israel coordinated military campaign against Iran , codenamed Epic Fury and Roaring Lion. …

CrushFTP is a Java-based open source file transfer system. It is offered for multiple operating systems. If you run a CrushFTP instance, you may remember that the software has had some serious …

On Moltbook The MIT Technology Review has a good article on Moltbook, the supposed AI-only social network: Many people have pointed out that a lot of the viral comments were in fact posted by people …

** Ravie Lakshmanan ** Mar 03, 2026 Malware / Phishing The threat activity cluster known as SloppyLemming has been attributed to a fresh set of attacks targeting government entities and critical …

** Ravie Lakshmanan ** Mar 03, 2026 Vulnerability / Mobile Security Google on Monday disclosed that a high-severity security flaw impacting an open-source Qualcomm component used in Android devices …

Cybersecurity researchers have disclosed details of a new phishing suite called Starkiller that proxies legitimate login pages to bypass multi-factor authentication (MFA) protections. It’s …

** Ravie Lakshmanan ** Mar 03, 2026 Phishing / Malware Microsoft on Monday warned of phishing campaigns that employ phishing emails and OAuth URL redirection mechanisms to bypass conventional phishing …

The Rise of MCPs in the Enterprise The Model Context Protocol (MCP) is quickly becoming a practical way to push LLMs from “chat” into real work. By providing structured access to applications, APIs, …

** Ravie Lakshmanan ** Mar 03, 2026 Vulnerability / Artificial Intelligence The threat actor behind the recently disclosed artificial intelligence (AI)-assisted campaign targeting Fortinet FortiGate …

Every CISO knows the uncomfortable truth about their Security Operations Center: the people most responsible for catching threats in real time are the people with the least experience. Tier 1 analysts …

ISC Stormcast For Tuesday, March 3rd, 2026 https://isc.sans.edu/podcastdetail/9832

Threat hunters have called attention to a new campaign as part of which bad actors masqueraded as fake IT support to deliver the Havoc command-and-control (C2) framework as a precursor to data …

Wireshark 4.6.4 Released Published 2026-03-02. Last Updated 2026-03-02 11:11:45 UTC by Didier Stevens (Version: 1) 0 comment(s) Wireshark release 4.6.4 fixes 3 vulnerabilities and 15 bugs. Didier …

In diary entry " Quick Howto: Extract URLs from RTF files " I mentioned ZIP files. There are OLE objects inside this RTF file: They can be analyzed with oledump.py like this:

** Ravie Lakshmanan ** Mar 02, 2026 Supply Chain Attack / Malware Cybersecurity researchers have disclosed a new iteration of the ongoing Contagious Interview campaign, where the North Korean threat …

LLM-Assisted Deanonymization Turns out that LLMs are good at de-anonymization: We show that LLM agents can figure out who you are from your anonymous online posts. Across Hacker News, Reddit, …

** Ravie Lakshmanan ** Mar 02, 2026 Vulnerability / Threat Intelligence A recently disclosed security flaw patched by Microsoft may have been exploited by the Russia-linked state-sponsored threat …

Most SaaS teams remember the day their user traffic started growing fast. Few notice the day bots started targeting them. On paper, everything looks great: more sign-ups, more sessions, more API …