AI Security Roundup

** Ravie Lakshmanan ** Feb 25, 2026 Cybersecurity / Malware Cybersecurity researchers have discovered four malicious NuGet packages that are designed to target ASP.NET web application developers to …

Triage is supposed to make things simpler. In a lot of teams, it does the opposite. When you can’t reach a confident verdict early, alerts turn into repeat checks, back-and-forth, and “just escalate …

** Ravie Lakshmanan ** Feb 25, 2026 Social Engineering / Cloud Security The notorious cybercrime collective known as Scattered LAPSUS$ Hunters (SLH) has been observed offering financial incentives to …

** Ravie Lakshmanan ** Feb 25, 2026 Artificial Intelligence / Vulnerability Cybersecurity researchers have disclosed multiple security vulnerabilities in Anthropic’s Claude Code, an artificial …

** Ravie Lakshmanan ** Feb 25, 2026 Vulnerability / Software Security The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a recently disclosed vulnerability in FileZen to …

** Ravie Lakshmanan ** Feb 16, 2026 Cybersecurity / Hacking This week’s recap shows how small gaps are turning into big entry points. Not always through new exploits, often through tools, add-ons, …

A new study has found that multiple cloud-based password managers, including Bitwarden, Dashlane, and LastPass, are susceptible to password recovery attacks under certain conditions. “The …

ISC Stormcast For Monday, February 16th, 2026 https://isc.sans.edu/podcastdetail/9810

** Ravie Lakshmanan ** Feb 16, 2026 Artificial Intelligence / Threat Intelligence Cybersecurity researchers disclosed they have detected a case of an information stealer infection successfully …

Microsoft has disclosed details of a new version of the ClickFix social engineering tactic in which the attackers trick unsuspecting users into running commands that carry out a Domain Name System …

** The Hacker News ** Feb 23, 2026 Artificial Intelligence / Zero Trust As more organizations run their own Large Language Models (LLMs), they are also deploying more internal services and Application …

** Ravie Lakshmanan ** Feb 23, 2026 Cybersecurity / Hacking Security news rarely moves in a straight line. This week, it feels more like a series of sharp turns, some happening quietly in the …

Cybersecurity researchers have disclosed what they say is an active “Shai-Hulud-like” supply chain worm campaign that has leveraged a cluster of at least 19 malicious npm packages to …

** Ravie Lakshmanan ** Feb 23, 2026 Threat Intelligence / Artificial Intelligence The Iranian hacking group known as MuddyWater (aka Earth Vetala, Mango Sandstorm, and MUDDYCOAST) has targeted several …

The cybercriminals in control of Kimwolf — a disruptive botnet that has infected more than 2 million devices — recently shared a screenshot indicating they’d compromised the control panel for Badbox …

A prolific data ransom gang that calls itself Scattered Lapsus ShinyHunters (SLSH) has a distinctive playbook when it seeks to extort payment from victim firms: Harassing, threatening and even …

Microsoft today released updates to fix more than 50 security holes in its Windows operating systems and other software, including patches for a whopping six “zero-day” vulnerabilities that attackers …

For the past week, the massive “Internet of Things” (IoT) botnet known as Kimwolf has been disrupting The Invisible Internet Project (I2P), a decentralized, encrypted communications network designed …

With $5.5 trillion in global AI risk exposure and 700,000 U.S. workers needing reskilling, four new AI certifications and Certified CISO v4 help close the gap between AI adoption and workforce …

** Ravie Lakshmanan ** Feb 21, 2026 Vulnerability / Patch Management The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added two security flaws impacting Roundcube webmail …

** Ravie Lakshmanan ** Feb 21, 2026 Artificial Intelligence / DevSecOps Artificial intelligence (AI) company Anthropic has begun to roll out a new security feature for Claude Code that can scan a …

A Russian-speaking, financially motivated threat actor has been observed taking advantage of commercial generative artificial intelligence (AI) services to compromise over 600 FortiGate devices …

Friday Squid Blogging: Do Squid Dream? An exploration of the interesting question. Tags: squid Posted on February 13, 2026 at 5:08 PM • 38 Comments

Upcoming Speaking Engagements This is a current list of where and when I am scheduled to speak: I’m speaking at Ontario Tech University in Oshawa, Ontario, Canada, at 2 PM ET on Thursday, February 26, …

Threat actors have started to exploit a recently disclosed critical security flaw impacting BeyondTrust Remote Support (RS) and Privileged Remote Access (PRA) products, according to watchTowr. …