AI Security Roundup

** The Hacker News ** Feb 26, 2026 Encryption / Data Protection Introduction: Steal It Today, Break It in a Decade Digital evolution is unstoppable, and though the pace may vary, things tend to fall …

A “coordinated developer-targeting campaign” is using malicious repositories disguised as legitimate Next.js projects and technical assessments to trick victims into executing them and …

** Ravie Lakshmanan ** Feb 26, 2026 Malware / Software Security Cybersecurity researchers have disclosed details of a new malicious package discovered on the NuGet Gallery, impersonating a library …

LLMs Generate Predictable Passwords LLMs are bad at generating passwords: There are strong noticeable patterns among these 50 passwords that can be seen easily: All of the passwords start with a …

[This is a guest diary contributed by Claire Perry ( LinkedIn )] The structural integrity of modern society is predicated upon a dense and often opaque network of interconnected systems. For decades, …

** Ravie Lakshmanan ** Feb 26, 2026 Vulnerability / Network Security A newly disclosed maximum-severity security flaw in Cisco Catalyst SD-WAN Controller (formerly vSmart) and Catalyst SD-WAN Manager …

ISC Stormcast For Thursday, February 26th, 2026 https://isc.sans.edu/podcastdetail/9826

[This is a Guest Diary by Austin Bodolay, an ISC intern as part of the SANS.edu BACS program] Over the past several months, I have gained practical insight into the challenges of deploying and …

** Ravie Lakshmanan ** Feb 25, 2026 Vulnerability / Windows Security SolarWinds has released updates to address four critical security flaws in its Serv-U file transfer software that, if successfully …

Poisoning AI Training Data All it takes to poison AI training data is to create a website: I spent 20 minutes writing an article on my personal website titled “The best tech journalists at eating hot …

If you’ve ever done Linux memory forensics, you know the frustration: without debug symbols that match the exact kernel version, you’re stuck. These symbols aren’t typically installed on production …

** Ravie Lakshmanan ** Feb 25, 2026 Zero Day / National Security A 39-year-old Australian national who was previously employed at U.S. defense contractor L3Harris has been sentenced to a little over …

Why automating sensitive data transfers is now a mission-critical priority More than half of national security organizations still rely on manual processes to transfer sensitive data, according to The …

** Ravie Lakshmanan ** Feb 25, 2026 Cybersecurity / Malware Cybersecurity researchers have discovered four malicious NuGet packages that are designed to target ASP.NET web application developers to …

Triage is supposed to make things simpler. In a lot of teams, it does the opposite. When you can’t reach a confident verdict early, alerts turn into repeat checks, back-and-forth, and “just escalate …

** Ravie Lakshmanan ** Feb 25, 2026 Social Engineering / Cloud Security The notorious cybercrime collective known as Scattered LAPSUS$ Hunters (SLH) has been observed offering financial incentives to …

** Ravie Lakshmanan ** Feb 25, 2026 Cyber Espionage / Network Security Google on Wednesday disclosed that it worked with industry partners to disrupt the infrastructure of a suspected China-nexus …

** Ravie Lakshmanan ** Feb 25, 2026 Artificial Intelligence / Vulnerability Cybersecurity researchers have disclosed multiple security vulnerabilities in Anthropic’s Claude Code, an artificial …

** Ravie Lakshmanan ** Feb 25, 2026 Vulnerability / Software Security The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a recently disclosed vulnerability in FileZen to …

** Ravie Lakshmanan ** Feb 16, 2026 Cybersecurity / Hacking This week’s recap shows how small gaps are turning into big entry points. Not always through new exploits, often through tools, add-ons, …

A new study has found that multiple cloud-based password managers, including Bitwarden, Dashlane, and LastPass, are susceptible to password recovery attacks under certain conditions. “The …

ISC Stormcast For Monday, February 16th, 2026 https://isc.sans.edu/podcastdetail/9810

** Ravie Lakshmanan ** Feb 16, 2026 Artificial Intelligence / Threat Intelligence Cybersecurity researchers disclosed they have detected a case of an information stealer infection successfully …

Microsoft has disclosed details of a new version of the ClickFix social engineering tactic in which the attackers trick unsuspecting users into running commands that carry out a Domain Name System …

ISC Stormcast For Wednesday, February 25th, 2026 https://isc.sans.edu/podcastdetail/9824