AI Security Roundup

A new distributed denial-of-service (DDoS) botnet known as Kimwolf has enlisted a massive army of no less than 1.8 million infected devices comprising Android-based TVs, set-top boxes, and tablets, …

ISC Stormcast For Wednesday, December 17th, 2025 https://isc.sans.edu/podcastdetail/9742

** Dec 17, 2025 ** Ravie Lakshmanan Ad Fraud / Browser Security A new campaign named GhostPoster has leveraged logo files associated with 17 Mozilla Firefox browser add-ons to embed malicious …

Modern security teams often feel like they’re driving through fog with failing headlights. Threats accelerate, alerts multiply, and SOCs struggle to understand which dangers matter right now for …

Deliberate Internet Shutdowns For two days in September, Afghanistan had no internet . No satellite failed; no cable was cut. This was a deliberate outage, mandated by the Taliban government. It …

The threat actor known as Jewelbug has been increasingly focusing on government targets in Europe since July 2025, even as it continues to attack entities located in Southeast Asia and South America. …

Posted by Tim Willis, Google Project Zero In 2021, we updated our vulnerability disclosure policy to the current “90+30” model. Our goals were to drive faster yet thorough patch …

Introduction Some time in 2024, during a Project Zero team discussion, we were talking about how remote ASLR leaks would be helpful or necessary for exploiting some types of memory corruption bugs, …

Introduction In early June, I was reviewing a new Linux kernel feature when I learned about the MSG_OOB feature supported by stream-oriented UNIX domain sockets. I reviewed the implementation of …

Introduction I’ve recently been researching Pixel kernel exploitation and as part of this research I found myself with an excellent arbitrary write primitive…but without a KASLR leak. As necessity …

Introduction Between July 2024 and February 2025, 6 suspicious image files were uploaded to VirusTotal. Thanks to a lead from Meta, these samples came to the attention of Google Threat Intelligence …

This post was originally written in 2016 for the Project Zero blog. However, in the end it was published separately in the journal PoC||GTFO issue #13 as well as in the second volume of the printed …

Direct navigation — the act of visiting a website by manually typing a domain name in a web browser — has never been riskier: A new study finds the vast majority of “parked” domains — mostly expired …

Chinese Surveillance and AI New report: “ The Party’s AI: How China’s New AI Systems are Reshaping Human Rights .” From a summary article : China is already the world’s largest exporter of AI powered …

** Dec 16, 2025 ** Ravie Lakshmanan Cybersecurity / Cryptocurrency Cybersecurity researchers have discovered a new malicious NuGet package that typosquats and impersonates the popular .NET tracing …

** Dec 16, 2025 ** Ravie Lakshmanan Malware / Threat Detection An ongoing campaign has been observed targeting Amazon Web Services (AWS) customers using compromised Identity and Access Management ( …

** Dec 16, 2025 ** Ravie Lakshmanan Cloud Security / Vulnerability Amazon’s threat intelligence team has disclosed details of a “years-long” Russian state-sponsored campaign that …

ISC Stormcast For Tuesday, December 16th, 2025 https://isc.sans.edu/podcastdetail/9740

The security vulnerability known as React2Shell is being exploited by threat actors to deliver malware families like KSwapDoor and ZnDoor, according to findings from Palo Alto Networks Unit 42 and NTT …

** Dec 16, 2025 ** Ravie Lakshmanan Dark Web / Online Safety Google has announced that it’s discontinuing its dark web report tool in February 2026, less than two years after it was launched as …

** Dec 16, 2025 ** Ravie Lakshmanan Network Security / Vulnerability Threat actors have begun to exploit two newly disclosed security flaws in Fortinet FortiGate devices, less than a week after public …

AI-assisted coding and AI app generation platforms have created an unprecedented surge in software development. Companies are now facing rapid growth in both the number of applications and the pace of …

Exploits for React2Shell (CVE-2025-55182) remain active. However, at this point, I would think that any servers vulnerable to the “plain” exploit attempts have already been exploited …

** Dec 15, 2025 ** Ravie Lakshmanan Vulnerability / Software Security Multiple security vulnerabilities have been disclosed in the open-source private branch exchange (PBX) platform FreePBX, including …

In early December 2025, security researchers exposed a cybercrime campaign that had quietly hijacked popular Chrome and Edge browser extensions on a massive scale. A threat group dubbed ShadyPanda …