AI Security Roundup

** Ravie Lakshmanan ** May 02, 2026 Data Breach / Enterprise Security Cybersecurity company Trellix has announced that it suffered a breach that enabled unauthorized access to a “portion” …

Introduction As macbooks and mac minis become more popular, we’re seeing more campaigns targeting these macOS hosts. Malicious ads have popped up in search results that can lead potential …

ISC Stormcast For Friday, May 1st, 2026 https://isc.sans.edu/podcastdetail/9914

** Ravie Lakshmanan ** May 01, 2026 Supply Chain Attack / Malware A new software supply chain attack campaign has been observed using sleeper packages as a conduit to subsequently push malicious …

A Ransomware Negotiator Was Working for a Ransomware Gang Someone pleaded guilty to secretly working for a ransomware gang as he negotiated ransomware payments for clients. Tags: cybercrime , …

** Ravie Lakshmanan ** May 01, 2026 Data Breach / Law Enforcement The U.S. Department of Justice (DoJ) on Thursday announced the sentencing of two cybersecurity professionals to four years each in …

The managed security services market is projected to grow from $38.31 billion in 2025 to $69.16 billion by 2030 [1] , with cybersecurity being the fastest-growing sector [2] . Despite this …

** Ravie Lakshmanan ** May 01, 2026 Malware / Social Engineering Cybersecurity researchers are warning of two cybercrime groups that are carrying out “rapid, high-impact attacks” operating …

Cybersecurity researchers have disclosed details of a new China-aligned espionage campaign targeting government and defense sectors across South, East, and Southeast Asia, along with one European …

** Ravie Lakshmanan ** May 01, 2026 Malware / Threat Intelligence A newly discovered Vietnamese-linked operation has been observed using a Google AppSheet as a “phishing relay” to …

** Ravie Lakshmanan ** Apr 30, 2026 Supply Chain Attack / Malware In yet another software supply chain attack, threat actors have managed to compromise the popular Python package Lightning to push two …

A Brazilian tech firm that specializes in protecting networks from distributed denial-of-service (DDoS) attacks has been enabling a botnet responsible for an extended campaign of massive DDoS attacks …

** Ravie Lakshmanan ** Apr 30, 2026 Hacking News / Cybersecurity News The internet is noisy this week. We are seeing some wild new tactics, like people using fake cell towers to send scam texts, while …

** Ravie Lakshmanan ** Apr 30, 2026 Cloud Security / Threat Intelligence Cybersecurity researchers have disclosed details of a stealthy Python-based backdoor framework called DEEP#DOOR that comes with …

Intro A sophisticated, high-resilience malicious campaign was identified by Atos Threat Research Center (TRC) in March 2026. This operation specifically targets the high-privilege professional …

Fast16 Malware Researchers have reverse-engineered a piece of malware named Fast16. It’s almost certainly state-sponsored, probably US in origin, and was deployed against Iran years before Stuxnet: …

** Ravie Lakshmanan ** Apr 30, 2026 Linux / Vulnerability Cybersecurity researchers have disclosed details of a Linux local privilege escalation (LPE) flaw that could allow an unprivileged local user …

Google has addressed a maximum severity security flaw in Gemini CLI – the “@google/gemini-cli” npm package and the “google-github-actions/run-gemini-cli” GitHub Actions …

ISC Stormcast For Thursday, April 30th, 2026 https://isc.sans.edu/podcastdetail/9912

[This is a Guest Diary by James Roberts, an ISC intern as part of the SANS.edu BACS program] Over the last few months, I have gained valuable experience working with the Internet Storm Center (ISC) …

** Ravie Lakshmanan ** Apr 29, 2026 Supply Chain Attack / Malware Cybersecurity researchers are sounding the alarm about a new supply chain attack campaign targeting SAP-related npm Packages with …

Cybersecurity researchers have discovered malicious code in an npm package after a malicious package as a dependency to the project by Anthropic’s Claude Opus large language model (LLM). The …

Today, two different “new” requests hit our honeypots. Both appear to be recon requests and not associated with specific vulnerabilities. But as always, please let me know if you have …

** The Hacker News ** Apr 29, 2026 Artificial Intelligence / Exposure Validation In February 2026, researchers uncovered a shift that completely changed the game: threat actors are now using custom AI …

LibAFL is all the rage in the fuzzing community these days, especially with LLVM’s libFuzzer being placed in maintenance mode . Written in Rust, LibAFL claims improved performance, modularity, …