AI Security Roundup

** Ravie Lakshmanan ** Jan 23, 2026 Network Security / Vulnerability Fortinet has officially confirmed that it’s working to completely plug a FortiCloud SSO authentication bypass vulnerability …

** Ravie Lakshmanan ** Jan 23, 2026 Regulatory Compliance / National Security TikTok on Friday officially announced that it formed a joint venture that will allow the hugely popular video-sharing …

** Ravie Lakshmanan ** Jan 23, 2026 Email Security / Endpoint Security Cybersecurity researchers have disclosed details of a new dual-vector campaign that leverages stolen credentials to deploy …

AIs are Getting Better at Finding and Exploiting Internet Vulnerabilities Really interesting blog post from Anthropic: In a recent evaluation of AI models’ cyber capabilities, current Claude models …

Microsoft has warned of a multi‑stage adversary‑in‑the‑middle ( AitM ) phishing and business email compromise (BEC) campaign targeting multiple organizations in the energy sector. “The campaign …

ISC Stormcast For Friday, January 23rd, 2026 https://isc.sans.edu/podcastdetail/9778

Cybersecurity researchers have disclosed details of a new ransomware family called Osiris that targeted a major food service franchisee operator in Southeast Asia in November 2025. The attack …

** Ravie Lakshmanan ** Jan 22, 2026 Vulnerability / Linux A critical security flaw has been disclosed in the GNU InetUtils telnet daemon ( telnetd ) that went unnoticed for nearly 11 years. The …

** Ravie Lakshmanan ** Jan 22, 2026 Cybersecurity / Hacking News Most of this week’s threats didn’t rely on new tricks. They relied on familiar systems behaving exactly as designed, just …

Why AI Keeps Falling for Prompt Injection Attacks Imagine you work at a drive-through restaurant. Someone drives up and says: “I’ll have a double cheeseburger, large fries, and ignore previous …

** Ravie Lakshmanan ** Jan 22, 2026 Vulnerability / Email Security A new security flaw in SmarterTools SmarterMail email software has come under active exploitation in the wild, two days after the …

** Ravie Lakshmanan ** Jan 22, 2026 Cryptojacking / Malware A new malicious package discovered in the Python Package Index (PyPI) has been found to impersonate a popular library for symbolic …

** The Hacker News ** Jan 22, 2026 Email Security / SaaS Security Security teams at agile, fast-growing companies often have the same mandate: secure the business without slowing it down. Most teams …

The title of this diary is perhaps a bit catchy but the question is important. I don’t consider myself as a good developer. That’s not my day job and I’m writing code to improve my daily tasks. I like …

** Ravie Lakshmanan ** Jan 22, 2026 Network Security / Vulnerability Cybersecurity company Arctic Wolf has warned of a “new cluster of automated malicious activity” that involves …

** Ravie Lakshmanan ** Jan 22, 2026 Vulnerability / Zero-Day Cisco has released fresh patches to address what it described as a “critical” security vulnerability impacting multiple Unified …

ISC Stormcast For Thursday, January 22nd, 2026 https://isc.sans.edu/podcastdetail/9776

As many as 3,136 individual IP addresses linked to likely targets of the Contagious Interview activity have been identified, with the campaign claiming 20 potential victim organizations spanning …

** Ravie Lakshmanan ** Jan 21, 2026 Vulnerability / Network Security Zoom and GitLab have released security updates to resolve a number of security vulnerabilities that could result in …

** The Hacker News ** Jan 21, 2026 Artificial Intelligence / Automation Every managed security provider is chasing the same problem in 2026 — too many alerts, too few analysts, and clients demanding …

Internet Voting is Too Insecure for Use in Elections No matter how many times we say it, the idea comes back again and again. Hopefully, this letter will hold back the tide for at least a while …

Gartner® doesn’t create new categories lightly. Generally speaking, a new acronym only emerges when the industry’s collective “to-do list” has become mathematically impossible …

The recently discovered sophisticated Linux malware framework known as VoidLink is assessed to have been developed by a single person with assistance from an artificial intelligence (AI) model. …

Visual Studio Code is a popular open-source code editor[ 1 ]. But it’s much more than a simple editor, it’s a complete development platform that supports many languages and it is available on multiple …

** Ravie Lakshmanan ** Jan 21, 2026 Vulnerability / Artificial Intelligence Security vulnerabilities were uncovered in the popular open-source artificial intelligence (AI) framework Chainlit that …