** The Hacker News ** Feb 26, 2026 Encryption / Data Protection Introduction: Steal It Today, Break It in a Decade Digital evolution is unstoppable, and though the pace may vary, things tend to fall …
AI Security Roundup
Daily feed of AI security, malware, and defensive research updates.
A “coordinated developer-targeting campaign” is using malicious repositories disguised as legitimate Next.js projects and technical assessments to trick victims into executing them and …
** Ravie Lakshmanan ** Feb 26, 2026 Malware / Software Security Cybersecurity researchers have disclosed details of a new malicious package discovered on the NuGet Gallery, impersonating a library …
LLMs Generate Predictable Passwords LLMs are bad at generating passwords: There are strong noticeable patterns among these 50 passwords that can be seen easily: All of the passwords start with a …
[This is a guest diary contributed by Claire Perry ( LinkedIn )] The structural integrity of modern society is predicated upon a dense and often opaque network of interconnected systems. For decades, …
** Ravie Lakshmanan ** Feb 26, 2026 Vulnerability / Network Security A newly disclosed maximum-severity security flaw in Cisco Catalyst SD-WAN Controller (formerly vSmart) and Catalyst SD-WAN Manager …
ISC Stormcast For Thursday, February 26th, 2026 https://isc.sans.edu/podcastdetail/9826, (Thu, Feb 26th)
ISC Stormcast For Thursday, February 26th, 2026 https://isc.sans.edu/podcastdetail/9826
Finding Signal in the Noise: Lessons Learned Running a Honeypot with AI Assistance [Guest Diary], (Tue, Feb 24th)
[This is a Guest Diary by Austin Bodolay, an ISC intern as part of the SANS.edu BACS program] Over the past several months, I have gained practical insight into the challenges of deploying and …
** Ravie Lakshmanan ** Feb 25, 2026 Vulnerability / Windows Security SolarWinds has released updates to address four critical security flaws in its Serv-U file transfer software that, if successfully …
Poisoning AI Training Data All it takes to poison AI training data is to create a website: I spent 20 minutes writing an article on my personal website titled “The best tech journalists at eating hot …
If you’ve ever done Linux memory forensics, you know the frustration: without debug symbols that match the exact kernel version, you’re stuck. These symbols aren’t typically installed on production …
** Ravie Lakshmanan ** Feb 25, 2026 Zero Day / National Security A 39-year-old Australian national who was previously employed at U.S. defense contractor L3Harris has been sentenced to a little over …
Why automating sensitive data transfers is now a mission-critical priority More than half of national security organizations still rely on manual processes to transfer sensitive data, according to The …
** Ravie Lakshmanan ** Feb 25, 2026 Cybersecurity / Malware Cybersecurity researchers have discovered four malicious NuGet packages that are designed to target ASP.NET web application developers to …
Triage is supposed to make things simpler. In a lot of teams, it does the opposite. When you can’t reach a confident verdict early, alerts turn into repeat checks, back-and-forth, and “just escalate …
** Ravie Lakshmanan ** Feb 25, 2026 Social Engineering / Cloud Security The notorious cybercrime collective known as Scattered LAPSUS$ Hunters (SLH) has been observed offering financial incentives to …
** Ravie Lakshmanan ** Feb 25, 2026 Cyber Espionage / Network Security Google on Wednesday disclosed that it worked with industry partners to disrupt the infrastructure of a suspected China-nexus …
** Ravie Lakshmanan ** Feb 25, 2026 Artificial Intelligence / Vulnerability Cybersecurity researchers have disclosed multiple security vulnerabilities in Anthropic’s Claude Code, an artificial …
** Ravie Lakshmanan ** Feb 25, 2026 Vulnerability / Software Security The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a recently disclosed vulnerability in FileZen to …
** Ravie Lakshmanan ** Feb 16, 2026 Cybersecurity / Hacking This week’s recap shows how small gaps are turning into big entry points. Not always through new exploits, often through tools, add-ons, …
A new study has found that multiple cloud-based password managers, including Bitwarden, Dashlane, and LastPass, are susceptible to password recovery attacks under certain conditions. “The …
ISC Stormcast For Monday, February 16th, 2026 https://isc.sans.edu/podcastdetail/9810, (Mon, Feb 16th)
ISC Stormcast For Monday, February 16th, 2026 https://isc.sans.edu/podcastdetail/9810
** Ravie Lakshmanan ** Feb 16, 2026 Artificial Intelligence / Threat Intelligence Cybersecurity researchers disclosed they have detected a case of an information stealer infection successfully …
Microsoft has disclosed details of a new version of the ClickFix social engineering tactic in which the attackers trick unsuspecting users into running commands that carry out a Domain Name System …
ISC Stormcast For Wednesday, February 25th, 2026 https://isc.sans.edu/podcastdetail/9824, (Wed, Feb 25th)
ISC Stormcast For Wednesday, February 25th, 2026 https://isc.sans.edu/podcastdetail/9824