Xavier’s diary entry " Abusing DLLs EntryPoint for the Fun " inspired me to do some tests with TLS Callbacks and DLLs. TLS stands for Thread Local Storage. TLS Callbacks are an …
AI Security Roundup
Daily feed of AI security, malware, and defensive research updates.
The Trump administration has pursued a staggering range of policy pivots this past year that threaten to weaken the nation’s ability and willingness to address a broad spectrum of technology …
AI Advertising Company Hacked At least some of this is coming to light : Doublespeed, a startup backed by Andreessen Horowitz (a16z) that uses a phone farm to manage at least hundreds of AI-generated …
** Dec 19, 2025 ** Ravie Lakshmanan Cybersecurity / Cloud Security A suspected Russia-aligned group has been attributed to a phishing campaign that employs device code authentication workflows to …
Friday Squid Blogging: Petting a Squid Video from Reddit shows what could go wrong when you try to pet a—looks like a Humboldt—squid. As usual, you can also use this squid post to talk about the …
Cybersecurity researchers have disclosed details of a new campaign that has used cracked software distribution sites as a distribution vector for a new version of a modular and stealthy loader known …
** Dec 19, 2025 ** Ravie Lakshmanan Vulnerability / Network Security WatchGuard has released fixes to address a critical security flaw in Fireware OS that it said has been exploited in real-world …
** Dec 19, 2025 ** Ravie Lakshmanan Cybercrime / Law Enforcement Authorities in Nigeria have announced the arrest of three “high-profile internet fraud suspects” who are alleged to have …
New UEFI Flaw Enables Early-Boot DMA Attacks on ASRock, ASUS, GIGABYTE, MSI Motherboards
** Dec 19, 2025 ** Ravie Lakshmanan Firmware Security / Vulnerability Certain motherboard models from vendors like ASRock, ASUSTeK Computer, GIGABYTE, and MSI are affected by a security vulnerability …
ISC Stormcast For Friday, December 19th, 2025 https://isc.sans.edu/podcastdetail/9746, (Fri, Dec 19th)
ISC Stormcast For Friday, December 19th, 2025 https://isc.sans.edu/podcastdetail/9746
Someone Boarded a Plane at Heathrow Without a Ticket or Passport I’m sure there’s a story here : Sources say the man had tailgated his way through to security screening and passed security, meaning he …
ThreatsDay Bulletin: WhatsApp Hijacks, MCP Leaks, AI Recon, React2Shell Exploit and 15 More Stories
** Dec 18, 2025 ** Ravie Lakshmanan Cybersecurity / Hacking News This week’s ThreatsDay Bulletin tracks how attackers keep reshaping old tools and finding new angles in familiar systems. Small …
Within the past year, artificial intelligence copilots and agents have quietly permeated the SaaS applications businesses use every day. Tools like Zoom, Slack, Microsoft 365, Salesforce, and …
ISC Stormcast For Thursday, December 18th, 2025 https://isc.sans.edu/podcastdetail/9744, (Thu, Dec 18th)
ISC Stormcast For Thursday, December 18th, 2025 https://isc.sans.edu/podcastdetail/9744
** Dec 18, 2025 ** Ravie Lakshmanan Vulnerability / Enterprise Security Hewlett Packard Enterprise (HPE) has resolved a maximum-severity security flaw in OneView Software that, if successfully …
** Dec 18, 2025 ** Ravie Lakshmanan Malware / Cloud Security A previously undocumented China-aligned threat cluster dubbed LongNosedGoblin has been attributed to a series of cyber attacks targeting …
Since the end of the year is quickly approaching, it is undoubtedly a good time to look back at what the past twelve months have brought to us… And given that the entire cyber security profession is …
Threat actors with ties to the Democratic People’s Republic of Korea (DPRK or North Korea) have been instrumental in driving a surge in global cryptocurrency theft in 2025, accounting for at …
Cisco Warns of Active Attacks Exploiting Unpatched 0-Day in AsyncOS Email Security Appliances
** Dec 18, 2025 ** Ravie Lakshmanan Vulnerability / Network Security Cisco has alerted users to a maximum-severity zero-day flaw in Cisco AsyncOS software that has been actively exploited by a …
The North Korean threat actor known as Kimsuky has been linked to a new campaign that distributes a new variant of Android malware called DocSwap via QR codes hosted on phishing sites mimicking …
** Dec 18, 2025 ** Ravie Lakshmanan Vulnerability / Software Security The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added a critical flaw impacting ASUS Live Update to …
I have already talked about various React2Shell exploit attempts we have observed in the last weeks. But new varieties of the exploit are popping up, and the most recent one is using this particular …
** Dec 17, 2025 ** Ravie Lakshmanan Vulnerability / Malware The threat actor linked to Operation ForumTroll has been attributed to a fresh set of phishing attacks targeting individuals within Russia, …
** Dec 17, 2025 ** Ravie Lakshmanan Email Security / Threat Intelligence The Russian state-sponsored threat actor known as APT28 has been attributed to what has been described as a …
** Dec 17, 2025 ** Ravie Lakshmanan Vulnerability / Network Security SonicWall has rolled out fixes to address a security flaw in Secure Mobile Access (SMA) 100 series appliances that it said has been …