AI Security Roundup

** Ravie Lakshmanan ** Apr 14, 2026 Mobile Security / Network Security Google has announced the integration of a Rust-based Domain Name System (DNS) parser into the modem firmware as part of its …

A nascent Android remote access trojan called Mirax has been observed actively targeting Spanish-speaking countries, with campaigns reaching more than 220,000 accounts on Facebook, Instagram, …

How Hackers Are Thinking About AI Interesting paper: “ What hackers talk about when they talk about AI: Early-stage diffusion of a cybercrime innovation. ” Abstract: The rapid expansion of artificial …

** The Hacker News ** Apr 14, 2026 Application Security / DevSecOps OX Security recently analyzed 216 million security findings across 250 organizations over a 90-day period. The primary takeaway: …

** Ravie Lakshmanan ** Apr 14, 2026 Data Theft / Browser Security Cybersecurity researchers have discovered a new campaign in which a cluster of 108 Google Chrome extensions has been found to …

** Ravie Lakshmanan ** Apr 14, 2026 Vulnerability / Network Security A critical security vulnerability impacting ShowDoc , a document management and collaboration service popular in China, has come …

** Ravie Lakshmanan ** Apr 14, 2026 Vulnerability / Network Security The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added half a dozen security flaws to its Known Exploited …

ISC Stormcast For Tuesday, April 14th, 2026 https://isc.sans.edu/podcastdetail/9890

** Ravie Lakshmanan ** Apr 13, 2026 Threat Intelligence / Malware Banks and financial institutions in Latin American countries like Brazil and Mexico have continued to be the target of a malware …

On Anthropic’s Mythos Preview and Project Glasswing The cybersecurity industry is obsessing over Anthropic’s new model, Claude Mythos Preview, and its effects on cybersecurity. Anthropic said that it …

** Ravie Lakshmanan ** Apr 13, 2026 Cybercrime / Threat Intelligence The U.S. Federal Bureau of Investigation (FBI), in partnership with the Indonesian National Police, has dismantled the …

Last week, I wrote about attackers scanning for various webshells, hoping to find some that do not require authentication or others that use well-known credentials. But some attackers are paying …

Anthropic restricted its Mythos Preview model last week after it autonomously found and exploited zero-day vulnerabilities in every major operating system and browser. Palo Alto Networks’ Wendi …

** Ravie Lakshmanan ** Apr 13, 2026 Cybersecurity / Hacking Monday is back, and the weekend’s backlog of chaos is officially hitting the fan. We are tracking a critical zero-day that has been quietly …

** Ravie Lakshmanan ** Apr 13, 2026 Social Engineering / Threat Intelligence The North Korean hacking group tracked as APT37 (aka ScarCruft) has been attributed to a fresh multi-stage, social …

AI Chatbots and Trust All the leading AI chatbots are sycophantic, and that’s a problem : Participants rated sycophantic AI responses as more trustworthy than balanced ones. They also said they were …

OpenAI revealed a GitHub Actions workflow used to sign its macOS apps, which downloaded the malicious Axios library on March 31, but noted that no user data or internal system was compromised. …

ISC Stormcast For Monday, April 13th, 2026 https://isc.sans.edu/podcastdetail/9888

** Ravie Lakshmanan ** Apr 12, 2026 Malware / Threat Intelligence Unknown threat actors compromised CPUID (“cpuid[.]com”), a website that hosts popular hardware monitoring tools like …

** Ravie Lakshmanan ** Apr 12, 2026 Vulnerability / Endpoint Security Adobe has released emergency updates to fix a critical security flaw in Acrobat Reader that has come under active exploitation in …

Hungarian domestic intelligence, the national police in El Salvador, and several U.S. law enforcement and police departments have been attributed to the use of an advertising-based global geolocation …

Friday Squid Blogging: Squid Overfishing in the South Pacific Regulation is hard : The South Pacific Regional Fisheries Management Organization (SPRFMO) oversees fishing across roughly 59 million …

** Ravie Lakshmanan ** Apr 10, 2026 Malware / Blockchain Cybersecurity researchers have flagged yet another evolution of the ongoing GlassWorm campaign, which employs a new Zig dropper that’s …

Sen. Sanders Talks to Claude About AI and Privacy Claude is actually pretty good on the issues. Tags: AI , privacy , video Posted on April 10, 2026 at 6:41 AM • 0 Comments

** Ravie Lakshmanan ** Apr 10, 2026 Vulnerability / Threat Intelligence A critical security vulnerability in Marimo , an open-source Python notebook for data science and analysis, has been exploited …