** Jan 16, 2026 ** Ravie Lakshmanan Malvertising / Threat Intelligence The JavaScript (aka JScript) malware loader called GootLoader has been observed using a malformed ZIP archive that’s …
AI Security Roundup
Daily feed of AI security, malware, and defensive research updates.
Cybersecurity researchers have discovered five new malicious Google Chrome web browser extensions that masquerade as human resources (HR) and enterprise resource planning (ERP) platforms like Workday, …
AI and the Corporate Capture of Knowledge More than a decade after Aaron Swartz’s death , the United States is still living inside the contradiction that destroyed him. Swartz believed that knowledge, …
** Jan 16, 2026 ** The Hacker News Privacy / Data Protection You lock your doors at night. You avoid sketchy phone calls. You’re careful about what you post on social media. But what about the …
** Jan 16, 2026 ** Ravie Lakshmanan Malware / Cyber Espionage Security experts have disclosed details of a new campaign that has targeted U.S. government and policy entities using politically themed …
China-Linked APT Exploits Sitecore Zero-Day in Attacks on American Critical Infrastructure
** Jan 16, 2026 ** Ravie Lakshmanan Zero-Day / Cyber Espionage A threat actor likely aligned with China has been observed targeting critical infrastructure sectors in North America since at least last …
** Jan 16, 2026 ** Ravie Lakshmanan Vulnerability / Web Security Cisco on Thursday released security updates for a maximum-severity security flaw impacting Cisco AsyncOS Software for Cisco Secure …
ISC Stormcast For Friday, January 16th, 2026 https://isc.sans.edu/podcastdetail/9770, (Fri, Jan 16th)
ISC Stormcast For Friday, January 16th, 2026 https://isc.sans.edu/podcastdetail/9770
A critical misconfiguration in Amazon Web Services (AWS) CodeBuild could have allowed complete takeover of the cloud service provider’s own GitHub repositories, including its AWS JavaScript SDK, …
ThreatsDay Bulletin: AI Voice Cloning Exploit, Wi-Fi Kill Switch, PLC Vulns, and 14 More Stories
** Jan 15, 2026 ** Ravie Lakshmanan Cybersecurity / Hacking News The internet never stays quiet. Every week, new hacks, scams, and security problems show up somewhere. This week’s stories show …
Researchers Reveal Reprompt Attack Allowing Single-Click Data Exfiltration From Microsoft Copilot
** Jan 15, 2026 ** Ravie Lakshmanan Prompt Injection / Enterprise Security Cybersecurity researchers have disclosed details of a new attack method dubbed Reprompt that could allow bad actors to …
** Jan 15, 2026 ** Ravie Lakshmanan Web Security /Vulnerability A maximum-severity security flaw in a WordPress plugin called Modular DS has come under active exploitation in the wild, according to …
** Jan 15, 2026 ** The Hacker News Data Security / Artificial Intelligence As AI copilots and assistants become embedded in daily work, security teams are still focused on protecting the models …
New Vulnerability in n8n This isn’t good: We discovered a critical vulnerability ( CVE-2026-21858, CVSS 10.0 ) in n8n that enables attackers to take over locally deployed instances, impacting an …
[This is a Guest Diary by Matthew Presnal, an ISC intern as part of the SANS.edu BACS program] Cryptojacking and botnets can pose a greater threat than a simple drain of resources. These organizations …
It’s 2026, yet many SOCs are still operating the way they did years ago, using tools and processes designed for a very different threat landscape. Given the growth in volumes and complexity of …
** Jan 15, 2026 ** Ravie Lakshmanan Network Security / Vulnerability Palo Alto Networks has released security updates for a high-severity security flaw impacting GlobalProtect Gateway and Portal, for …
Microsoft Legal Action Disrupts RedVDS Cybercrime Infrastructure Used for Online Fraud
Microsoft on Wednesday announced that it has taken a " coordinated legal action " in the U.S. and the U.K. to disrupt a cybercrime subscription service called RedVDS that has allegedly …
ISC Stormcast For Thursday, January 15th, 2026 https://isc.sans.edu/podcastdetail/9768, (Thu, Jan 15th)
ISC Stormcast For Thursday, January 15th, 2026 https://isc.sans.edu/podcastdetail/9768
Infection repeatedly adds scheduled tasks and increases traffic to the same C2 domain, (Wed, Jan 14th)
Introduction In recent weeks, Lumma Stealer infections have followed a specific pattern in follow-up activity. This pattern adds scheduled tasks for the same action, which increases traffic to the …
The Black Lotus Labs team at Lumen Technologies said it null-routed traffic to more than 550 command-and-control (C2) nodes associated with the AISURU/Kimwolf botnet since early October 2025. AISURU …
Hacking Wheelchairs over Bluetooth Researchers have demonstrated remotely controlling a wheelchair over Bluetooth. CISA has issued an advisory . CISA said the WHILL wheelchairs did not enforce …
Upcoming Speaking Engagements This is a current list of where and when I am scheduled to speak: I’m speaking at the David R. Cheriton School of Computer Science in Waterloo, Ontario, Canada on January …
Security experts have disclosed details of an active malware campaign that’s exploiting a DLL side-loading vulnerability in a legitimate binary associated with the open-source c-ares library to …
AI agents have quickly moved from experimental tools to core components of daily workflows across security, engineering, IT, and operations. What began as individual productivity aids, like personal …