** Ravie Lakshmanan ** Jan 21, 2026 Email Security / Malware LastPass is alerting users to a new active phishing campaign that’s impersonating the password management service, which aims to …
AI Security Roundup
Daily feed of AI security, malware, and defensive research updates.
** Ravie Lakshmanan ** Jan 21, 2026 Open Source / Vulnerability A security vulnerability has been disclosed in the popular binary-parser npm library that, if successfully exploited, could result in …
ISC Stormcast For Wednesday, January 21st, 2026 https://isc.sans.edu/podcastdetail/9774, (Wed, Jan 21st)
ISC Stormcast For Wednesday, January 21st, 2026 https://isc.sans.edu/podcastdetail/9774
The North Korean threat actors associated with the long-running Contagious Interview campaign have been observed using malicious Microsoft Visual Studio Code (VS Code) projects as lures to deliver a …
** Ravie Lakshmanan ** Jan 20, 2026 Vulnerability / Artificial Intelligence A set of three security vulnerabilities has been disclosed in mcp-server-git , the official Git Model Context Protocol ( MCP …
** Ravie Lakshmanan ** Jan 20, 2026 Malware / Threat Intelligence Cybersecurity researchers have uncovered a new phishing campaign that exploits social media private messages to propagate malicious …
** The Hacker News ** Jan 20, 2026 Enterprise Security / AI Security The Problem: The Identities Left Behind As organizations grow and evolve, employees, contractors, services, and systems come and go …
Evelyn Stealer Malware Abuses VS Code Extensions to Steal Developer Credentials and Crypto
** Ravie Lakshmanan ** Jan 20, 2026 Cloud Security / Developer Security Cybersecurity researchers have disclosed details of a malware campaign that’s targeting software developers with a new …
Leaked API keys are no longer unusual, nor are the breaches that follow. So why are sensitive tokens still being so easily exposed? To find out, Intruder’s research team looked at what …
Could ChatGPT Convince You to Buy Something? Eighteen months ago, it was plausible that artificial intelligence might take a different path than social media. Back then, AI’s development hadn’t …
** Ravie Lakshmanan ** Jan 20, 2026 Web Security / Vulnerability Cloudflare has addressed a security vulnerability impacting its Automatic Certificate Management Environment ( ACME ) validation logic …
IDNs or “International Domain Names” have been with us for a while now (see RFC3490[ 1 ]). They are (ab)used in many attack scenarios because.. it works! Who can immediately spot the difference …
Tudou Guarantee Marketplace Halts Telegram Transactions After Processing Over $12 Billion
** Ravie Lakshmanan ** Jan 20, 2026 Cryptocurrency / Artificial Intelligence A Telegram-based guarantee marketplace known for advertising a broad range of illicit services appears to be winding down …
ISC Stormcast For Tuesday, January 20th, 2026 https://isc.sans.edu/podcastdetail/9772, (Tue, Jan 20th)
ISC Stormcast For Tuesday, January 20th, 2026 https://isc.sans.edu/podcastdetail/9772
Google Gemini Prompt Injection Flaw Exposed Private Calendar Data via Malicious Invites
Cybersecurity researchers have disclosed details of a security flaw that leverages indirect prompt injection targeting Google Gemini as a way to bypass authorization guardrails and use Google Calendar …
** Ravie Lakshmanan ** Jan 19, 2026 Hardware Security / Vulnerability A team of academics from the CISPA Helmholtz Center for Information Security in Germany has disclosed the details of a new …
Just a few years ago, the cloud was touted as the “magic pill” for any cyber threat or performance issue. Many were lured by the “always-on” dream, trading granular control for …
⚡ Weekly Recap: Fortinet Exploits, RedLine Clipjack, NTLM Crack, Copilot Attack & More
** Ravie Lakshmanan ** Jan 19, 2026 Hacking News / Cybersecurity In cybersecurity, the line between a normal update and a serious incident keeps getting thinner. Systems that once felt reliable are …
Cybersecurity researchers have disclosed details of an ongoing campaign dubbed KongTuke that used a malicious Google Chrome extension masquerading as an ad blocker to deliberately crash the web …
AI-Powered Surveillance in Schools It all sounds pretty dystopian : Inside a white stucco building in Southern California, video cameras compare faces of passersby against a facial recognition …
** Ravie Lakshmanan ** Jan 19, 2026 Malware / Threat Intelligence Cybersecurity researchers have disclosed a cross-site scripting (XSS) vulnerability in the web-based control panel used by operators …
“How many states are there in the United States?” Published 2026-01-18. Last Updated 2026-01-18 07:46:26 UTC by Didier Stevens (Version: 1) 0 comment(s) I’ve seen many API requests …
** Ravie Lakshmanan ** Jan 17, 2026 Law Enforcement / Cybercrime Ukrainian and German law enforcement authorities have identified two Ukrainians suspected of working for the Russia-linked …
Wireshark 4.6.3 Released Published 2026-01-17. Last Updated 2026-01-17 09:25:51 UTC by Didier Stevens (Version: 1) 0 comment(s) Wireshark release 4.6.3 fixes 4 vulnerabilities and 9 bugs. Didier …
** Jan 17, 2026 ** Ravie Lakshmanan Artificial Intelligence / Data Privacy OpenAI on Friday said it would start showing ads in ChatGPT to logged-in adult U.S. users in both the free and ChatGPT Go …