AI Security Roundup

We added a new chapter to our Testing Handbook: a comprehensive security checklist for C and C++ code . We’ve identified a broad range of common bug classes, known footguns, and API gotchas across C …

An apparent hack-for-hire campaign likely orchestrated by a threat actor with suspected ties to the Indian government targeted journalists, activists, and government officials across the Middle East …

As AI tools become more accessible, employees are adopting them without formal approval from IT and security teams. While these tools may boost productivity, automate tasks, or fill gaps in existing …

** Ravie Lakshmanan ** Apr 09, 2026 Vulnerability / Threat Intelligence Threat actors have been exploiting a previously unknown zero-day vulnerability in Adobe Reader using maliciously crafted PDF …

In a previous diary [1], we looked to see how numbers were used within passwords submitted to honeypots. One of the items of interest was how dates, and more specifically years, were represented …

ISC Stormcast For Thursday, April 9th, 2026 https://isc.sans.edu/podcastdetail/9886

** Ravie Lakshmanan ** Apr 08, 2026 Cryptomining / Network Security Cybersecurity researchers have flagged a new variant ofmalware called Chaos that’scapable of hitting misconfigured cloud …

This is the seventh update to the TeamPCP supply chain campaign threat intelligence report, “When the Security Scanner Became the Weapon” (v3.0, March 25, 2026). Update 006 covered …

** Ravie Lakshmanan ** Apr 08, 2026 IoT Security / Network Security Cybersecurity researchers have lifted the curtain on a stealthy botnet that’s designed for distributed denial-of-service …

One question that often comes up when I talk about honeypots: Are attackers able to figure out if they are connected to a honeypot? The answer is pretty simple: Yes! Most “medium …

** Ravie Lakshmanan ** Apr 08, 2026 Vulnerability / Cloud Security The Russian threat actor known as APT28 (aka Forest Blizzard and Pawn Storm) has been linked to a fresh spear-phishing campaign …

Python Supply-Chain Compromise This is news : A malicious supply chain compromise has been identified in the Python Package Index package litellm version 1.82.8. The published wheel contains a …

The North Korea-linked persistent campaign known as Contagious Interview has spread its tentacles by publishing malicious packages targeting the Go, Rust, and PHP ecosystems. “The threat …

** Ravie Lakshmanan ** Apr 08, 2026 Artificial Intelligence / Secure Coding Artificial Intelligence (AI) company Anthropic announced a new cybersecurity initiative called Project Glasswing that will …

Iran-affiliated cyber actors are targeting internet-facing operational technology (OT) devices across critical infrastructures in the U.S., including programmable logic controllers (PLCs), …

ISC Stormcast For Wednesday, April 8th, 2026 https://isc.sans.edu/podcastdetail/9884

This is the sixth update to the TeamPCP supply chain campaign threat intelligence report, “When the Security Scanner Became the Weapon” (v3.0, March 25, 2026). Update 005 covered …

ISC Stormcast For Friday, April 3rd, 2026 https://isc.sans.edu/podcastdetail/9878

ISC Stormcast For Monday, April 6th, 2026 https://isc.sans.edu/podcastdetail/9880

In one of his recent diaries, Johannes discussed how open redirects are actively being sought out by threat actors[ 1 ], which made me wonder about how commonly these mechanisms are actually misused… …

ISC Stormcast For Tuesday, April 7th, 2026 https://isc.sans.edu/podcastdetail/9882

Webshells remain a popular method for attackers to maintain persistence on a compromised web server. Many “arbitrary file write” and “remote code execution” vulnerabilities are …

WhatsApp’s new “Private Inference” feature represents one of the most ambitious attempts to combine end-to-end encryption with AI-powered capabilities, such as message summarization. To make this …

Mixed Boolean-Arithmetic (MBA) obfuscation disguises simple operations like x + y behind tangles of arithmetic and bitwise operators. Malware authors and software protectors rely on it because no …

An elusive hacker who went by the handle “ UNKN ” and ran the early Russian ransomware groups GandCrab and REvil now has a name and a face. Authorities in Germany say 31-year-old Russian Daniil …