AI Security Roundup

Cybersecurity researchers have disclosed details of a new mobile spyware platform dubbed ZeroDayRAT that’s being advertised on Telegram as a way to grab sensitive data and facilitate real-time …

** Ravie Lakshmanan ** Feb 25, 2026 Vulnerability / Windows Security SolarWinds has released updates to address four critical security flaws in its Serv-U file transfer software that, if successfully …

** Ravie Lakshmanan ** Feb 25, 2026 Zero Day / National Security A 39-year-old Australian national who was previously employed at U.S. defense contractor L3Harris has been sentenced to a little over …

Why automating sensitive data transfers is now a mission-critical priority More than half of national security organizations still rely on manual processes to transfer sensitive data, according to The …

** Ravie Lakshmanan ** Feb 25, 2026 Cybersecurity / Malware Cybersecurity researchers have discovered four malicious NuGet packages that are designed to target ASP.NET web application developers to …

Triage is supposed to make things simpler. In a lot of teams, it does the opposite. When you can’t reach a confident verdict early, alerts turn into repeat checks, back-and-forth, and “just escalate …

** Ravie Lakshmanan ** Feb 25, 2026 Social Engineering / Cloud Security The notorious cybercrime collective known as Scattered LAPSUS$ Hunters (SLH) has been observed offering financial incentives to …

** Ravie Lakshmanan ** Feb 25, 2026 Artificial Intelligence / Vulnerability Cybersecurity researchers have disclosed multiple security vulnerabilities in Anthropic’s Claude Code, an artificial …

** Ravie Lakshmanan ** Feb 25, 2026 Vulnerability / Software Security The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a recently disclosed vulnerability in FileZen to …

** Ravie Lakshmanan ** Feb 16, 2026 Cybersecurity / Hacking This week’s recap shows how small gaps are turning into big entry points. Not always through new exploits, often through tools, add-ons, …

A new study has found that multiple cloud-based password managers, including Bitwarden, Dashlane, and LastPass, are susceptible to password recovery attacks under certain conditions. “The …

ISC Stormcast For Monday, February 16th, 2026 https://isc.sans.edu/podcastdetail/9810

** Ravie Lakshmanan ** Feb 16, 2026 Artificial Intelligence / Threat Intelligence Cybersecurity researchers disclosed they have detected a case of an information stealer infection successfully …

Microsoft has disclosed details of a new version of the ClickFix social engineering tactic in which the attackers trick unsuspecting users into running commands that carry out a Domain Name System …

** The Hacker News ** Feb 23, 2026 Artificial Intelligence / Zero Trust As more organizations run their own Large Language Models (LLMs), they are also deploying more internal services and Application …

** Ravie Lakshmanan ** Feb 23, 2026 Cybersecurity / Hacking Security news rarely moves in a straight line. This week, it feels more like a series of sharp turns, some happening quietly in the …

Cybersecurity researchers have disclosed what they say is an active “Shai-Hulud-like” supply chain worm campaign that has leveraged a cluster of at least 19 malicious npm packages to …

** Ravie Lakshmanan ** Feb 23, 2026 Threat Intelligence / Artificial Intelligence The Iranian hacking group known as MuddyWater (aka Earth Vetala, Mango Sandstorm, and MUDDYCOAST) has targeted several …

The cybercriminals in control of Kimwolf — a disruptive botnet that has infected more than 2 million devices — recently shared a screenshot indicating they’d compromised the control panel for Badbox …

A prolific data ransom gang that calls itself Scattered Lapsus ShinyHunters (SLSH) has a distinctive playbook when it seeks to extort payment from victim firms: Harassing, threatening and even …

Microsoft today released updates to fix more than 50 security holes in its Windows operating systems and other software, including patches for a whopping six “zero-day” vulnerabilities that attackers …

For the past week, the massive “Internet of Things” (IoT) botnet known as Kimwolf has been disrupting The Invisible Internet Project (I2P), a decentralized, encrypted communications network designed …

With $5.5 trillion in global AI risk exposure and 700,000 U.S. workers needing reskilling, four new AI certifications and Certified CISO v4 help close the gap between AI adoption and workforce …

** Ravie Lakshmanan ** Feb 21, 2026 Vulnerability / Patch Management The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added two security flaws impacting Roundcube webmail …

** Ravie Lakshmanan ** Feb 21, 2026 Artificial Intelligence / DevSecOps Artificial intelligence (AI) company Anthropic has begun to roll out a new security feature for Claude Code that can scan a …