Daily AI security roundup covering malware, vulnerabilities, defensive research, cloud risk, and incident response signals from trusted technical sources.
Introduction This diary provides indicators from the SmartApeSG (ZPHP, HANEYMANEY) campaign I saw on Tuesday, 2026-03-24. SmartApeSG is one of many campaigns that use the ClickFix technique. This past …
Apple Patches (almost) everything again. March 2026 edition. Published 2026-03-25. Last Updated 2026-03-25 21:29:57 UTC by Johannes Ullrich (Version: 1) 0 comment(s) Apple released the next version of …
This is the first update to the TeamPCP supply chain campaign threat intelligence report, “When the Security Scanner Became the Weapon” (v3.0, March 25, 2026). That report covers the full …
ISC Stormcast For Thursday, March 26th, 2026 https://isc.sans.edu/podcastdetail/9866
Using dimensional analysis, you can categorically rule out a whole category of logic and arithmetic bugs that plague DeFi formulas. No code changes required, just better reasoning! One of the first …
We’re releasing a new Claude plugin for developing and auditing code that implements dimensional analysis, a technique we explored in our most recent blog post . Most LLM-based security skills ask the …
Team Mirai and Democracy Japan’s election last month and the rise of the country’s newest and most innovative political party, Team Mirai , illustrates the viability of a different way to do politics. …
Sen. Wyden Warns of Another Section 702 Abuse Sen. Ron Wyden is warning us of an abuse of Section 702: Wyden took to the Senate floor to deliver a lengthy speech, ostensibly about the since approved …
As the US Midterms Approach, AI Is Going to Emerge as a Key Issue Concerning Voters In December, the Trump administration signed an executive order that neutered states’ ability to regulate AI by …
** Ravie Lakshmanan ** Mar 26, 2026 Malware / Web Security Cybersecurity researchers have discovered a new payment skimmer that uses WebRTC data channels as a means to receive payloads and exfiltrate …
** Ravie Lakshmanan ** Mar 25, 2026 Cybercrime / Dark Web The alleged administrator of the LeakBase cybercrime forum has been arrested by Russian law enforcement authorities, state media reported …
** Ravie Lakshmanan ** Mar 26, 2026 Cybersecurity / Hacking News Some weeks in security feel loud. This one feels sneaky. Less big dramatic fireworks, more of that slow creeping sense that too many …
Unmasking impostors is something the art world has faced for decades, and there are valuable lessons from the works of Elmyr de Hory that can apply to the world of defensive cybersecurity. During the …
** Ravie Lakshmanan ** Mar 26, 2026 Malware / Mobile Security The kernel exploit for two security vulnerabilities used in the recently uncovered Apple iOS exploit kit known as Coruna is an updated …
** Ravie Lakshmanan ** Mar 26, 2026 Browser Security / Vulnerability Cybersecurity researchers have disclosed a vulnerability in Anthropic’s Claude Google Chrome Extension that could have been …
** The Hacker News ** Mar 26, 2026 Security Testing / Security Automation Most teams have security tools in place. Alerts are firing, dashboards look clean, threat intel is flowing in. On the surface, …
So, I’ve been slow to get on the Claude Code/OpenCode/Codex/OpenClaw bandwagon, but I had some time last week so I asked Claude to review ( /security-review ) some of my python scripts. He found …
ISC Stormcast For Tuesday, March 24th, 2026 https://isc.sans.edu/podcastdetail/9862
A long-term and ongoing campaign attributed to a China-nexus threat actor has embedded itself in telecom networks to conduct espionage against government networks. The strategic positioning activity, …
Cybersecurity researchers have uncovered malicious artifacts distributed via Docker Hub following the Trivy supply chain attack , highlighting the widening blast radius across developer environments. …
Microsoft Xbox One Hacked It’s an impressive feat , over a decade after the box was released: Since reset glitching wasn’t possible, Gaasedelen thought some voltage glitching could do the trick. So, …
** Ravie Lakshmanan ** Mar 23, 2026 Vulnerability / Endpoint Security Threat actors are suspected to be exploiting a maximum-severity security flaw impacting Quest KACE Systems Management Appliance …
A financially motivated data theft and extortion group is attempting to inject itself into the Iran war, unleashing a worm that spreads through poorly secured cloud services and wipes data on infected …
** Ravie Lakshmanan ** Mar 23, 2026 Email Security / Cloud Security Microsoft has warned of fresh campaigns that are capitalizing on the upcoming tax season in the U.S. to harvest credentials and …
AWS Bedrock is Amazon’s platform for building AI-powered applications. It gives developers access to foundation models and the tools to connect those models directly to enterprise data and …
