AI Security Roundup

** Ravie Lakshmanan ** Apr 13, 2026 Threat Intelligence / Malware Banks and financial institutions in Latin American countries like Brazil and Mexico have continued to be the target of a malware …

On Anthropic’s Mythos Preview and Project Glasswing The cybersecurity industry is obsessing over Anthropic’s new model, Claude Mythos Preview, and its effects on cybersecurity. Anthropic said that it …

** Ravie Lakshmanan ** Apr 13, 2026 Cybercrime / Threat Intelligence The U.S. Federal Bureau of Investigation (FBI), in partnership with the Indonesian National Police, has dismantled the …

Last week, I wrote about attackers scanning for various webshells, hoping to find some that do not require authentication or others that use well-known credentials. But some attackers are paying …

Anthropic restricted its Mythos Preview model last week after it autonomously found and exploited zero-day vulnerabilities in every major operating system and browser. Palo Alto Networks’ Wendi …

** Ravie Lakshmanan ** Apr 13, 2026 Cybersecurity / Hacking Monday is back, and the weekend’s backlog of chaos is officially hitting the fan. We are tracking a critical zero-day that has been quietly …

** Ravie Lakshmanan ** Apr 13, 2026 Social Engineering / Threat Intelligence The North Korean hacking group tracked as APT37 (aka ScarCruft) has been attributed to a fresh multi-stage, social …

AI Chatbots and Trust All the leading AI chatbots are sycophantic, and that’s a problem : Participants rated sycophantic AI responses as more trustworthy than balanced ones. They also said they were …

OpenAI revealed a GitHub Actions workflow used to sign its macOS apps, which downloaded the malicious Axios library on March 31, but noted that no user data or internal system was compromised. …

ISC Stormcast For Monday, April 13th, 2026 https://isc.sans.edu/podcastdetail/9888

** Ravie Lakshmanan ** Apr 12, 2026 Malware / Threat Intelligence Unknown threat actors compromised CPUID (“cpuid[.]com”), a website that hosts popular hardware monitoring tools like …

** Ravie Lakshmanan ** Apr 12, 2026 Vulnerability / Endpoint Security Adobe has released emergency updates to fix a critical security flaw in Acrobat Reader that has come under active exploitation in …

Hungarian domestic intelligence, the national police in El Salvador, and several U.S. law enforcement and police departments have been attributed to the use of an advertising-based global geolocation …

Friday Squid Blogging: Squid Overfishing in the South Pacific Regulation is hard : The South Pacific Regional Fisheries Management Organization (SPRFMO) oversees fishing across roughly 59 million …

** Ravie Lakshmanan ** Apr 10, 2026 Malware / Blockchain Cybersecurity researchers have flagged yet another evolution of the ongoing GlassWorm campaign, which employs a new Zig dropper that’s …

Sen. Sanders Talks to Claude About AI and Privacy Claude is actually pretty good on the issues. Tags: AI , privacy , video Posted on April 10, 2026 at 6:41 AM • 0 Comments

** Ravie Lakshmanan ** Apr 10, 2026 Vulnerability / Threat Intelligence A critical security vulnerability in Marimo , an open-source Python notebook for data science and analysis, has been exploited …

While much of the discussion on AI security centers around protecting ‘shadow’ AI and GenAI consumption, there’s a wide-open window nobody’s guarding: AI browser extensions. A new report …

** Ravie Lakshmanan ** Apr 10, 2026 Malware / Browser Security Google has made Device Bound Session Credentials ( DBSC ) generally available to all Windows users of its Chrome web browser, months …

I spotted an interesting piece of JavaScript code that was delivered via a phishing email in a RAR archive. The file was called “cbmjlzan.JS” …

** Ravie Lakshmanan ** Apr 10, 2026 Malware / Website Security Unknown threat actors have hijacked the update system for the Smart Slider 3 Pro plugin for WordPress and Joomla to push a poisoned …

** Ravie Lakshmanan ** Apr 09, 2026 Vulnerability / Mobile Security Details have emerged about a now-patched security vulnerability in a widely used third-party Android software development kit (SDK) …

** Ravie Lakshmanan ** Apr 09, 2026 Malware / Windows Security A previously undocumented threat cluster dubbed UAT-10362 has been attributed to spear-phishing campaigns targeting Taiwanese …

** Ravie Lakshmanan ** Apr 09, 2026 Hacking News / Cybersecurity News Thursday. Another week, another batch of things that probably should’ve been caught sooner but weren’t. This …

On Microsoft’s Lousy Cloud Security ProPublica has a scoop : In late 2024, the federal government’s cybersecurity evaluators rendered a troubling verdict on one of Microsoft’s biggest cloud computing …