AI Security Roundup

Phishing Attacks Against People Seeking Programming Jobs This is new. North Korean hackers are posing as company recruiters, enticing job candidates to participate in coding challenges. When they run …

** Ravie Lakshmanan ** Feb 27, 2026 Endpoint Security / Windows Security Threat actors are luring unsuspecting users into running trojanized gaming utilities that are distributed via browsers and chat …

Friday Squid Blogging: Squid Fishing in Peru Peru has increased its squid catch limit. The article says “giant squid,” but they can’t possibly mean that. As usual, you can also use this squid post to …

** Ravie Lakshmanan ** Feb 27, 2026 Malware / Surveillance The North Korean threat actor known as ScarCruft has been attributed to a fresh set of tools, including a backdoor that uses Zoho WorkDrive …

** Ravie Lakshmanan ** Feb 27, 2026 Malware / Linux Security Cybersecurity researchers have disclosed details of a malicious Go module that’s designed to harvest passwords, create persistent …

Anthropic on Friday hit back after U.S. Secretary of Defense Pete Hegseth directed the Pentagon to designate the artificial intelligence (AI) upstart as a “supply chain risk.” “This …

** Ravie Lakshmanan ** Feb 27, 2026 Financial Crime / Social Engineering The U.S. Department of Justice (DoJ) this week announced the seizure of $61 million worth of Tether that were allegedly …

** Ravie Lakshmanan ** Feb 27, 2026 Network Security / Vulnerability The Shadowserver Foundation has revealed that over 900 Sangoma FreePBX instances still remain infected with web shells as part of …

New research has found that Google Cloud API keys, typically designated as project identifiers for billing purposes, could be abused to authenticate to sensitive Gemini endpoints and access private …

ISC Stormcast For Thursday, February 26th, 2026 https://isc.sans.edu/podcastdetail/9826

OpenClaw has fixed a high-severity security issue that, if successfully exploited, could have allowed a malicious website to connect to a locally running artificial intelligence (AI) agent and take …

[This is a guest diary contributed by Claire Perry ( LinkedIn )] PDF Version The structural integrity of modern society is predicated upon a dense and often opaque network of interconnected systems. …

[This is a Guest Diary by Austin Bodolay, an ISC intern as part of the SANS.edu BACS program] Over the past several months, I have gained practical insight into the challenges of deploying and …

ISC Stormcast For Friday, February 27th, 2026 https://isc.sans.edu/podcastdetail/9828

If you’ve ever done Linux memory forensics, you know the frustration: without debug symbols that match the exact kernel version, you’re stuck. These symbols aren’t typically installed on production …

In my previous blog post I mentioned the GetProcessHandleFromHwnd API. This was an API I didn’t know existed until I found a publicly disclosed UAC bypass using the Quick Assist UI Access …

Poisoning AI Training Data All it takes to poison AI training data is to create a website: I spent 20 minutes writing an article on my personal website titled “The best tech journalists at eating hot …

LLMs Generate Predictable Passwords LLMs are bad at generating passwords: There are strong noticeable patterns among these 50 passwords that can be seen easily: All of the passwords start with a …

** Ravie Lakshmanan ** Feb 25, 2026 Cyber Espionage / Network Security Google on Wednesday disclosed that it worked with industry partners to disrupt the infrastructure of a suspected China-nexus …

** Ravie Lakshmanan ** Feb 26, 2026 Vulnerability / Network Security A newly disclosed maximum-severity security flaw in Cisco Catalyst SD-WAN Controller (formerly vSmart) and Catalyst SD-WAN Manager …

A “coordinated developer-targeting campaign” is using malicious repositories disguised as legitimate Next.js projects and technical assessments to trick victims into executing them and …

** Ravie Lakshmanan ** Feb 26, 2026 Malware / Software Security Cybersecurity researchers have disclosed details of a new malicious package discovered on the NuGet Gallery, impersonating a library …

** The Hacker News ** Feb 26, 2026 Encryption / Data Protection Introduction: Steal It Today, Break It in a Decade Digital evolution is unstoppable, and though the pace may vary, things tend to fall …

** Ravie Lakshmanan ** Feb 26, 2026 Malware / Threat Intelligence A previously undocumented threat activity cluster has been attributed to an ongoing malicious campaign targeting education and …

** Ravie Lakshmanan ** Feb 26, 2026 Cybersecurity / Hacking News Nothing here looks dramatic at first glance. That’s the point. Many of this week’s threats begin with something ordinary, like an ad, a …