AI Security Roundup

Cybersecurity researchers have disclosed details of a telecommunications fraud campaign that uses fake CAPTCHA verification tricks to dupe unsuspecting users into sending international text messages …

Cybersecurity researchers have discovered a new Lua-based malware created years before the notorious Stuxnet worm that aimed to sabotage Iran’s nuclear program by destroying uranium enrichment …

** Ravie Lakshmanan ** Apr 25, 2026 Network Security / Infrastructure Security The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added four vulnerabilities impacting …

Friday Squid Blogging: How Squid Survived Extinction Events Science news : Scientists have finally cracked a long-standing mystery about squid and cuttlefish evolution by analyzing newly sequenced …

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has revealed that an unnamed federal civilian agency’s Cisco Firepower device running Adaptive Security Appliance (ASA) software …

** Ravie Lakshmanan ** Apr 24, 2026 Espionage / National Security, The Office of Inspector General (OIG) of the U.S. National Aeronautics and Space Administration (NASA) has revealed how a Chinese …

Hiding Bluetooth Trackers in Mail It was used to track a Dutch naval ship: Dutch journalist Just Vervaart, working for regional media network Omroep Gelderland, followed the directions posted on the …

The AI Agent Authority Gap - From Ungoverned to Delegation As discussed in our previous article, AI agents are exposing a structural gap in enterprise security, but the problem is often framed too …

Cybersecurity researchers have discovered a set of malicious apps on the Apple App Store that impersonate popular cryptocurrency wallets in an attempt to steal recovery phrases and private keys since …

** Ravie Lakshmanan ** Apr 24, 2026 Malware / Threat Intelligence Chinese-speaking individuals are the target of a new campaign that uses a trojanized version of SumatraPDF reader to deploy the …

A high-severity security flaw in LMDeploy , an open-source toolkit for compressing, deploying, and serving LLMs, has come under active exploitation in the wild less than 13 hours after its public …

ISC Stormcast For Friday, April 24th, 2026 https://isc.sans.edu/podcastdetail/9906

A previously undocumented threat activity cluster known as UNC6692 has been observed leveraging social engineering tactics via Microsoft Teams to deploy a custom malware suite on compromised hosts. …

** Ravie Lakshmanan ** Apr 23, 2026 Hacking News / Cybersecurity News You scroll past one incident and see another that feels familiar, like it should have been fixed years ago, but it still works …

Bitwarden CLI has been compromised as part of the newly discovered and ongoing Checkmarx supply chain campaign , according to new findings from JFrog and Socket. “The affected package version …

Apple yesterday released iOS/iPadOS 26.4.2 and iOS/iPadOS 18.7.8. This update fixes a single Notification Services vulnerability, CVE-2026-28950: Impact: Notifications marked for deletion could be …

We’re open-sourcing Trailmark , a library that parses source code into a queryable call graph of functions, classes, call relationships, and semantic metadata, then exposes that graph through a Python …

Last week, Anthropic announced Project Glasswing, an AI model so effective at discovering software vulnerabilities that they took the extraordinary step of postponing its public release. Instead, the …

FBI Extracts Deleted Signal Messages from iPhone Notification Database 404 Media reports (alternate site ): The FBI was able to forensically extract copies of incoming Signal messages from a …

** The Hacker News ** Apr 23, 2026 Artificial Intelligence / Enterprise Security Imagine a world where hackers don’t sleep, don’t take breaks, and find weak spots in your systems …

** Ravie Lakshmanan ** Apr 23, 2026 Artificial Intelligence / SaaS Security Vercel on Wednesday revealed that it has identified an additional set of customer accounts that were compromised as part of …

** Ravie Lakshmanan ** Apr 23, 2026 Threat Intelligence / Malware Mongolian governmental institutions have emerged as the target of a previously undocumented China-aligned advanced persistent threat …

** Ravie Lakshmanan ** Apr 23, 2026 Vulnerability / Encryption Apple has rolled out a software fix for iOS and iPadOS to address a Notification Services flaw that stored notifications marked for …

ISC Stormcast For Thursday, April 23rd, 2026 https://isc.sans.edu/podcastdetail/9904

** Ravie Lakshmanan ** Apr 22, 2026 Cloud Security / Software Security Cybersecurity researchers have warned of malicious images pushed to the official " checkmarx/kics " Docker Hub …