AI Security Roundup

Cybersecurity researchers have disclosed details of a new botnet loader called Aeternum C2 that uses a blockchain-based command-and-control (C2) infrastructure to make it resilient to takedown …

ISC Stormcast For Monday, February 23rd, 2026 https://isc.sans.edu/podcastdetail/9820

In his last two diaries, Xavier discussed recent malware campaigns that download JPEG files with embedded malicious payload[ 1 , 2 ]. At that point in time, I’ve not come across the malicious “MSI …

ISC Stormcast For Tuesday, February 24th, 2026 https://isc.sans.edu/podcastdetail/9822

In 2010, OWASP added “Unvalidated Redirects and Forwards” to its Top 10 list and merged it into “Sensitive Data Exposure” in 2013 [owasp1] [owasp2]. Open redirects are often …

ISC Stormcast For Wednesday, February 25th, 2026 https://isc.sans.edu/podcastdetail/9824

On the Security of Password Managers Good article on password managers that secretly have a backdoor. New research shows that these claims aren’t true in all cases, particularly when account recovery …

Is AI Good for Democracy? Politicians fixate on the global race for technological supremacy between US and China. They debate geopolitical implications of chip exports, latest model releases from each …

Cybersecurity researchers have disclosed details of a new cryptojacking campaign that uses pirated software bundles as lures to deploy a bespoke XMRig miner program on compromised hosts. …

** Ravie Lakshmanan ** Feb 23, 2026 Malware / Threat Intelligence The Russia-linked state-sponsored threat actor tracked as APT28 has been attributed to a new campaign targeting specific entities in …

The threat activity cluster known as UnsolicitedBooker has been observed targeting telecommunications companies in Kyrgyzstan and Tajikistan, marking a shift from prior attacks aimed at Saudi Arabian …

** Ravie Lakshmanan ** Feb 24, 2026 Artificial Intelligence / Anthropic Anthropic on Monday said it identified “industrial-scale campaigns” mounted by three artificial intelligence (AI) …

** Ravie Lakshmanan ** Feb 24, 2026 Threat Intelligence / Healthcare The North Korea-linked Lazarus Group (aka Diamond Sleet and Pompilus) has been observed using Medusa ransomware in an attack …

** Ravie Lakshmanan ** Feb 24, 2026 Cyber Espionage / Malware A Russia-aligned threat actor has been observed targeting a European financial institution as part of a social engineering attack to …

A vulnerability in GitHub Codespaces could have been exploited by bad actors to seize control of repositories by injecting malicious Copilot instructions in a GitHub issue. The artificial intelligence …

Most identity programs still prioritize work the way they prioritize IT tickets: by volume, loudness, or “what failed a control check.” That approach breaks the moment your environment stops being …

[This is a Guest Diary contributed by John Moutos] Overview In this post, I’m going over my analysis of DynoWiper, a wiper family that was discovered during attacks against Polish energy …

ISC Stormcast For Friday, February 20th, 2026 https://isc.sans.edu/podcastdetail/9818

Introduction For at least the past year or so, I’ve been receiving Japanese-language phishing emails to my blog email addresses at @malware-traffic-analysis.net. I’m not Japanese, but I …

Before launching their Comet browser, Perplexity hired us to test the security of their AI-powered browsing features. Using adversarial testing guided by our TRAIL threat model, we demonstrated how …

Most phishing websites are little more than static copies of login pages for popular online destinations, and they are often quickly taken down by anti-abuse activists and security firms. But a …

Ring Cancels Its Partnership with Flock It’s a demonstration of how toxic the surveillance-tech company Flock has become when Amazon’s Ring cancels the partnership between the two companies. As …

Malicious AI Interesting : Summary: An AI agent of unknown ownership autonomously wrote and published a personalized hit piece about me after I rejected its code, attempting to damage my reputation …

Cybersecurity researchers have discovered what they say is the first Android malware that abuses Gemini, Google’s generative artificial intelligence (AI) chatbot, as part of its execution flow …

Friday Squid Blogging: Squid Cartoon I like this one . As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Blog moderation policy. Tags: …