AI Security Roundup

Cybersecurity researchers have discovered what they say is the first Android malware that abuses Gemini, Google’s generative artificial intelligence (AI) chatbot, as part of its execution flow …

Friday Squid Blogging: Squid Cartoon I like this one . As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Blog moderation policy. Tags: …

** Ravie Lakshmanan ** Feb 20, 2026 Cybercrime / Law Enforcement A 29-year-old Ukrainian national has been sentenced to five years in prison in the U.S. for his role in facilitating North …

Two former Google engineers and one of their husbands have been indicted in the U.S. for allegedly committing trade secret theft from the search giant and other tech firms and transferring the …

** Ravie Lakshmanan ** Feb 20, 2026 Financial Crime / Banking Security The U.S. Federal Bureau of Investigation (FBI) has warned of an increase in ATM jackpotting incidents across the country, leading …

** The Hacker News ** Feb 20, 2026 Cyber Insurance / Password Security With one in three cyber-attacks now involving compromised employee accounts, insurers and regulators are placing far greater …

** Ravie Lakshmanan ** Feb 20, 2026 Malware / Threat Intelligence Cybersecurity researchers have disclosed details of a new ClickFix campaign that abuses compromised legitimate sites to deliver a …

In yet another software supply chain attack, the open-source, artificial intelligence (AI)-powered coding assistant Cline CLI was updated to stealthily install OpenClaw , a self-hosted autonomous AI …

** Ravie Lakshmanan ** Feb 20, 2026 Vulnerability / Cyber Attack Threat actors have been observed exploiting a recently disclosed critical security flaw impacting BeyondTrust Remote Support (RS) and …

ISC Stormcast For Tuesday, February 17th, 2026 https://isc.sans.edu/podcastdetail/9812

This morning, I received an interesting phishing email. I’ve a “love & hate” relation with such emails because I always have the impression to lose time when reviewing them but sometimes it’s a …

A few days ago I wrote a diary called “Malicious Script Delivering More Maliciousness”[ 1 ]. In the malware infection chain, there was a JPEG picture that embedded the last payload …

ISC Stormcast For Wednesday, February 18th, 2026 https://isc.sans.edu/podcastdetail/9814

ISC Stormcast For Thursday, February 19th, 2026 https://isc.sans.edu/podcastdetail/9816

Two popular AES libraries, aes-js and pyaes, “helpfully” provide a default IV in their AES-CTR API, leading to a large number of key/IV reuse bugs. These bugs potentially affect thousands of …

Side-Channel Attacks Against LLMs Here are three papers describing different side-channel attacks against LLMs. “ Remote Timing Attacks on Efficient Language Model Inference “: Abstract: Scaling up …

** Ravie Lakshmanan ** Feb 18, 2026 Threat Intelligence / Vulnerability The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added four security flaws to its Known Exploited …

AI Found Twelve New Vulnerabilities in OpenSSL The title of the post is” What AI Security Research Looks Like When It Works ,” and I agree: In the latest OpenSSL security release> on January 27, …

** Ravie Lakshmanan ** Feb 18, 2026 Vulnerability / Application Security Notepad++ has released a security fix to plug gaps that were exploited by an advanced threat actor from China to hijack the …

Security, IT, and engineering teams today are under relentless pressure to accelerate outcomes, cut operational drag, and unlock the full potential of AI and automation. But simply investing in tools …

** Ravie Lakshmanan ** Feb 27, 2026 Online Scam / Digital Advertising Meta on Thursday said it’s taking legal action to tackle scams on its platforms by filing lawsuits against what it calls …

A maximum severity security vulnerability in Dell RecoverPoint for Virtual Machines has been exploited as a zero-day by a suspected China-nexus threat cluster dubbed UNC6201 since mid-2024, according …

In 2025, navigating the digital seas still felt like a matter of direction. Organizations charted routes, watched the horizon, and adjusted course to reach safe harbors of resilience, trust, and …

** Ravie Lakshmanan ** Feb 18, 2026 Network Security / Enterprise Security Cybersecurity researchers have disclosed a critical security flaw in the Grandstream GXP1600 series of VoIP phones that could …

** Ravie Lakshmanan ** Feb 18, 2026 Vulnerability / Software Security Cybersecurity researchers have disclosed multiple security vulnerabilities in four popular Microsoft Visual Studio Code (VS Code) …