AI Security Roundup

** Jan 16, 2026 ** Ravie Lakshmanan Malvertising / Threat Intelligence The JavaScript (aka JScript) malware loader called GootLoader has been observed using a malformed ZIP archive that’s …

Cybersecurity researchers have discovered five new malicious Google Chrome web browser extensions that masquerade as human resources (HR) and enterprise resource planning (ERP) platforms like Workday, …

AI and the Corporate Capture of Knowledge More than a decade after Aaron Swartz’s death , the United States is still living inside the contradiction that destroyed him. Swartz believed that knowledge, …

** Jan 16, 2026 ** The Hacker News Privacy / Data Protection You lock your doors at night. You avoid sketchy phone calls. You’re careful about what you post on social media. But what about the …

** Jan 16, 2026 ** Ravie Lakshmanan Malware / Cyber Espionage Security experts have disclosed details of a new campaign that has targeted U.S. government and policy entities using politically themed …

** Jan 16, 2026 ** Ravie Lakshmanan Zero-Day / Cyber Espionage A threat actor likely aligned with China has been observed targeting critical infrastructure sectors in North America since at least last …

** Jan 16, 2026 ** Ravie Lakshmanan Vulnerability / Web Security Cisco on Thursday released security updates for a maximum-severity security flaw impacting Cisco AsyncOS Software for Cisco Secure …

ISC Stormcast For Friday, January 16th, 2026 https://isc.sans.edu/podcastdetail/9770

A critical misconfiguration in Amazon Web Services (AWS) CodeBuild could have allowed complete takeover of the cloud service provider’s own GitHub repositories, including its AWS JavaScript SDK, …

** Jan 15, 2026 ** Ravie Lakshmanan Cybersecurity / Hacking News The internet never stays quiet. Every week, new hacks, scams, and security problems show up somewhere. This week’s stories show …

** Jan 15, 2026 ** Ravie Lakshmanan Prompt Injection / Enterprise Security Cybersecurity researchers have disclosed details of a new attack method dubbed Reprompt that could allow bad actors to …

** Jan 15, 2026 ** Ravie Lakshmanan Web Security /Vulnerability A maximum-severity security flaw in a WordPress plugin called Modular DS has come under active exploitation in the wild, according to …

** Jan 15, 2026 ** The Hacker News Data Security / Artificial Intelligence As AI copilots and assistants become embedded in daily work, security teams are still focused on protecting the models …

New Vulnerability in n8n This isn’t good: We discovered a critical vulnerability ( CVE-2026-21858, CVSS 10.0 ) in n8n that enables attackers to take over locally deployed instances, impacting an …

[This is a Guest Diary by Matthew Presnal, an ISC intern as part of the SANS.edu BACS program] Cryptojacking and botnets can pose a greater threat than a simple drain of resources. These organizations …

It’s 2026, yet many SOCs are still operating the way they did years ago, using tools and processes designed for a very different threat landscape. Given the growth in volumes and complexity of …

** Jan 15, 2026 ** Ravie Lakshmanan Network Security / Vulnerability Palo Alto Networks has released security updates for a high-severity security flaw impacting GlobalProtect Gateway and Portal, for …

Microsoft on Wednesday announced that it has taken a " coordinated legal action " in the U.S. and the U.K. to disrupt a cybercrime subscription service called RedVDS that has allegedly …

ISC Stormcast For Thursday, January 15th, 2026 https://isc.sans.edu/podcastdetail/9768

Introduction In recent weeks, Lumma Stealer infections have followed a specific pattern in follow-up activity. This pattern adds scheduled tasks for the same action, which increases traffic to the …

The Black Lotus Labs team at Lumen Technologies said it null-routed traffic to more than 550 command-and-control (C2) nodes associated with the AISURU/Kimwolf botnet since early October 2025. AISURU …

Hacking Wheelchairs over Bluetooth Researchers have demonstrated remotely controlling a wheelchair over Bluetooth. CISA has issued an advisory . CISA said the WHILL wheelchairs did not enforce …

Upcoming Speaking Engagements This is a current list of where and when I am scheduled to speak: I’m speaking at the David R. Cheriton School of Computer Science in Waterloo, Ontario, Canada on January …

Security experts have disclosed details of an active malware campaign that’s exploiting a DLL side-loading vulnerability in a legitimate binary associated with the open-source c-ares library to …

AI agents have quickly moved from experimental tools to core components of daily workflows across security, engineering, IT, and operations. What began as individual productivity aids, like personal …