AI Security Roundup

Is “Satoshi Nakamoto” Really Adam Back? The New York Times has a long article where the author lays out an impressive array of circumstantial evidence that the inventor of Bitcoin is the cypherpunk …

** Ravie Lakshmanan ** Apr 20, 2026 Artificial Intelligence / Vulnerability Cybersecurity researchers have discovered a critical “by design” weakness in the Model Context Protocol’s …

Cybersecurity researchers have flagged a new malware called ZionSiphon that appears to be specifically designed to target Israeli water treatment and desalination systems. The malware has been …

Every morning, security people around the world face the same ritual: opening their vulnerability feed to find a lot of new CVE entries that appeared overnight. Over the past decade, this flood has …

** Ravie Lakshmanan ** Apr 20, 2026 Cloud Security / Data Breach Web infrastructure provider Vercel has disclosed a security breach that allows bad actors to gain unauthorized access to …

ISC Stormcast For Monday, April 20th, 2026 https://isc.sans.edu/podcastdetail/9898

** Ravie Lakshmanan ** Apr 18, 2026 Money Laundering / Regulatory Compliance Grinex, a Kyrgyzstan-incorporated cryptocurrency exchange sanctioned by the U.K. and the U.S. last year, said it’s …

Threat actors are exploiting security flaws in TBK DVR and end‑of‑life (EoL) TP-Link Wi-Fi routers to deploy Mirai -botnet variants on compromised devices, according to findings from Fortinet …

Friday Squid Blogging: New Giant Squid Video Pretty fantastic video from Japan of a giant squid eating another squid. As usual, you can also use this squid post to talk about the security stories in …

** Ravie Lakshmanan ** Apr 17, 2026 Vulnerability / Endpoint Security Huntress is warning that threat actors are exploiting three recently disclosed security flaws in Microsoft Defender to gain …

Two weeks ago, Google’s Quantum AI group published a zero-knowledge proof of a quantum circuit so optimized, they concluded that first-generation quantum computers will break elliptic curve …

Mythos and Cybersecurity Last week, Anthropic pulled back the curtain on Claude Mythos Preview , an AI model so capable at finding and exploiting software vulnerabilities that the company decided it …

Google this week announced a new set of Play policy updates to strengthen user privacy and protect businesses against fraud, even as it revealed it blocked or removed over 8.3 billion ads globally and …

** Ravie Lakshmanan ** Apr 17, 2026 DDoS / Cybercrime An international law enforcement operation has taken down 53 domains and arrested four people in connection with commercial distributed …

** Ravie Lakshmanan ** Apr 17, 2026 Vulnerability Management The National Institute of Standards and Technology (NIST) has announced changes to the way it handles cybersecurity vulnerabilities and …

** Ravie Lakshmanan ** Apr 17, 2026 Vulnerability / Enterprise Security A recently disclosed high-severity security flaw in Apache ActiveMQ Classic has come under active exploitation in the wild, per …

Introduction This diary provides indicators from a Lumma Stealer infection that was followed by Sectop RAT (ArechClient2). I searched for cracked versions of popular copyright-protected software, and …

ISC Stormcast For Friday, April 17th, 2026 https://isc.sans.edu/podcastdetail/9896

** Ravie Lakshmanan ** Apr 16, 2026 Botnet / Cryptomining Cybersecurity researchers have warned of an active malicious campaign that’s targeting the workforce in the Czech Republic with a …

** Ravie Lakshmanan ** Apr 16, 2026 Hacking News / Cybersecurity News You know that feeling when you open your feed on a Thursday morning and it’s just… a lot? Yeah. This week delivered. …

** Mohit Kumar ** Apr 16, 2026 Artificial Intelligence / Enterprise Security In 2024, compromised service accounts and forgotten API keys were behind 68% of cloud breaches. Not phishing. Not weak …

** Ravie Lakshmanan ** Apr 16, 2026 Application Security / Threat Intelligence A “novel” social engineering campaign has been observed abusing Obsidian, a cross-platform note-taking …

** The Hacker News ** Apr 16, 2026 Data Privacy / Compliance A bank approved a Taboola pixel. That pixel quietly redirected logged-in users to a Temu tracking endpoint. This occurred without the …

** Ravie Lakshmanan ** Apr 16, 2026 Vulnerability / Network Security Cisco has announced patches to address four critical security flaws impacting Identity Services and Webex Services that could …

Human Trust of AI Agents Interesting research: “ Humans expect rationality and cooperation from LLM opponents in strategic games .” Abstract: As Large Language Models (LLMs) integrate into our social …