AI Security Roundup

** Ravie Lakshmanan ** May 05, 2026 Network Security / Endpoint Security A sophisticated China-nexus advanced persistent threat (APT) group has been attributed to attacks targeting government entities …

Every AI tool, workflow automation, and productivity app your employees connected to Google or Microsoft this year left something behind: a persistent OAuth token with no expiration date, no automatic …

** Ravie Lakshmanan ** May 05, 2026 Vulnerability / Network Security Threat actors are actively exploiting a critical security flaw impacting an open-source content management system (CMS) known as …

Yup, that is for real. For me, this started with a post in X at hxxps://x.com/intcyberdigest/status/2051406295828250963?s=61 , which highlighted research by @L1v1ng0ffTh3L4N that found exactly this …

I just got an email from SSL.com last night, they are rotating out their root certificate today (May 5,2026). This is normal, business as usual stuff for a CA, but certificates get used for all kinds …

While the software industry has made genuine strides over the past few decades to deliver products securely, the furious pace of AI adoption is putting that progress at risk. Businesses are moving …

DarkSword Malware DarkSword is a sophisticated piece of malware —probably government designed—that targets iOS. Google Threat Intelligence Group (GTIG) has identified a new iOS full-chain exploit that …

We recently added a C/C++ security checklist to the Testing Handbook and challenged readers to spot the bugs in two code samples a deceptively simple Linux ping program and a Windows driver registry …

** Ravie Lakshmanan ** May 05, 2026 Cyber Espionage / Surveillance The North Korea-aligned state-sponsored hacking group known as ScarCruft has compromised a video game platform in a supply chain …

** Ravie Lakshmanan ** May 05, 2026 Vulnerability / Network Security A critical security vulnerability in Weaver (Fanwei) E-cology , an enterprise office automation (OA) and collaboration platform, …

Microsoft has disclosed details of a large-scale credential theft campaign that has leveraged a combination of code of conduct-themed lures and legitimate email services to direct users to …

ISC Stormcast For Tuesday, May 5th, 2026 https://isc.sans.edu/podcastdetail/9918

TeamPCP Weekly Analysis: 2026-W18 (2026-04-27 through 2026-05-03) Published 2026-05-04. Last Updated 2026-05-04 17:12:18 UTC by Kenneth Hartman (Version: 1) 0 comment(s) Summary The most significant …

** Ravie Lakshmanan ** May 04, 2026 Vulnerability / Enterprise Software Progress Software has released updates to address two security flaws in MOVEit Automation, including a critical bug that could …

** Ravie Lakshmanan ** May 04, 2026 Network Security / Endpoint Security An active phishing campaign has been observed targeting multiple vectors since at least April 2025, with legitimate Remote …

This week, I will release a few updates to our DShield honeypot. The update should happen automatically if you have “automatic updates” enabled on your system. There will be two major …

** Ravie Lakshmanan ** May 04, 2026 Cybersecurity / Hacking This week, the shadows moved faster than the patches. While most teams were still triaging last month’s alerts, attackers had already turned …

The China-based cybercrime group known as Silver Fox has been linked to a new campaign targeting organizations in Russia and India with a new malware called ABCDoor . The activity involved using …

** Ravie Lakshmanan ** May 04, 2026 Vulnerability / Network Security A previously unknown threat actor has been observed targeting government and military entities in Southeast Asia, alongside a …

On December 4, 2025, a 17-year-old was arrested in Osaka under Japan’s Unauthorized Access Prohibition Act. The young man had run malicious code to extract the personal data of over 7 million users of …

Hacking Polymarket Polymarket is a platform where people can bet on real-world events, political and otherwise. Leaving the ethical considerations of this aside (for one, it facilitates assassination …

A coordinated international operation involving U.S. and Chinese authorities has arrested at least 276 suspects and shut down nine scam centers used for cryptocurrency investment fraud schemes …

ISC Stormcast For Monday, May 4th, 2026 https://isc.sans.edu/podcastdetail/9916

Wireshark 4.6.5 Released Published 2026-05-03. Last Updated 2026-05-03 16:49:04 UTC by Didier Stevens (Version: 1) 0 comment(s) Wireshark release 4.6.5 fixes 43 vulnerabilities (38 CVEs) and 35 bugs. …

** Ravie Lakshmanan ** May 03, 2026 Vulnerability / Container Security The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added a recently disclosed security flaw impacting …