** Dec 08, 2025 ** The Hacker News Cybersecurity / Password Security The holiday season compresses risk into a short, high-stakes window. Systems run hot, teams run lean, and attackers time automated …
AI Security Roundup
Daily feed of AI security, malware, and defensive research updates.
Cybersecurity researchers are calling attention to a new campaign dubbed JS#SMUGGLER that has been observed leveraging compromised websites as a distribution vector for a remote access trojan named …
** Dec 08, 2025 ** Ravie Lakshmanan Hacking News / Cybersecurity It’s been a week of chaos in code and calm in headlines. A bug that broke the internet’s favorite framework, hackers …
Sneeit WordPress RCE Exploited in the Wild While ICTBroadcast Bug Fuels Frost Botnet Attacks
A critical security flaw in the Sneeit Framework plugin for WordPress is being actively exploited in the wild, per data from Wordfence. The remote code execution vulnerability in question is …
** Dec 08, 2025 ** Ravie Lakshmanan Network Security / Vulnerability The Iranian hacking group known as MuddyWater has been observed leveraging a new backdoor dubbed UDPGangster that uses the User …
Cybersecurity researchers have disclosed details of two new Android malware families dubbed FvncBot and SeedSnatcher , as another upgraded version of ClayRat has been spotted in the wild. The findings …
** Dec 06, 2025 ** Ravie Lakshmanan AI Security / Vulnerability Over 30 security vulnerabilities have been disclosed in various artificial intelligence (AI)-powered Integrated Development Environments …
** Dec 06, 2025 ** Ravie Lakshmanan Vulnerability / Patch Management The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday formally added a critical security flaw impacting React …
** Dec 03, 2025 ** Ravie Lakshmanan Vulnerability / Website Security A critical security flaw impacting a WordPress plugin known as King Addons for Elementor has come under active exploitation in the …
** Dec 03, 2025 ** Ravie Lakshmanan Vulnerability / Endpoint Security Microsoft has silently plugged a security flaw that has been exploited by several threat actors since 2017 as part of the …
The threat actor known as Water Saci is actively evolving its tactics, switching to a sophisticated, highly layered infection chain that uses HTML Application (HTA) files and PDFs to propagate via …
** Dec 03, 2025 ** The Hacker News Cybercrime / Artificial Intelligence Remember when phishing emails were easy to spot? Bad grammar, weird formatting, and requests from a “Prince” in a …
** Dec 03, 2025 ** Ravie Lakshmanan Vulnerability / Cloud Security A maximum-severity security flaw has been disclosed in React Server Components (RSC) that, if successfully exploited, could result in …
** Dec 03, 2025 ** Ravie Lakshmanan Malware / Web3 Security Cybersecurity researchers have discovered a malicious Rust package that’s capable of targeting Windows, macOS, and Linux systems, and …
** Dec 03, 2025 ** Ravie Lakshmanan Machine Learning / Vulnerability Three critical security flaws have been disclosed in an open-source utility called Picklescan that could allow malicious actors to …
Like Social Media, AI Requires Difficult Choices In his 2020 book, “ Future Politics , ” British barrister Jamie Susskind wrote that the dominant question of the 20th century was “How much of our …
Most people know the story of Paul Bunyan. A giant lumberjack, a trusted axe, and a challenge from a machine that promised to outpace him. Paul doubled down on his old way of working, swung harder, …
** Dec 02, 2025 ** Ravie Lakshmanan AI Security / Software Supply Chain Cybersecurity researchers have disclosed details of an npm package that attempts to influence artificial intelligence …
Iran-Linked Hackers Hits Israeli Sectors with New MuddyViper Backdoor in Targeted Attacks
Israeli entities spanning academia, engineering, local government, manufacturing, technology, transportation, and utilities sectors have emerged as the target of a new set of attacks undertaken by …
** Dec 02, 2025 ** Ravie Lakshmanan Malware / Blockchain The supply chain campaign known as GlassWorm has once again reared its head, infiltrating both Microsoft Visual Studio Marketplace and Open VSX …
** Dec 02, 2025 ** The Hacker News Identity Theft / Threat Intelligence A joint investigation led by Mauro Eldritch, founder of BCA LTD , conducted together with threat-intel initiative NorthScan and …
India Orders Messaging Apps to Work Only With Active SIM Cards to Prevent Fraud and Misuse
** Dec 02, 2025 ** Ravie Lakshmanan Regulatory Compliance / Online Safety India’s Department of Telecommunications (DoT) has issued directions to app-based communication service providers to …
Vulnerability management is a core component of every cybersecurity strategy. However, businesses often use thousands of software without realising it (when was the last time you checked?), and …
** Dec 02, 2025 ** Ravie Lakshmanan Mobile Security / Vulnerability Google on Monday released monthly security updates for the Android operating system, including two vulnerabilities that it said have …
Webinar: The "Agentic" Trojan Horse: Why the New AI Browsers War is a Nightmare for Security Teams
The AI browser wars are coming to a desktop near you, and you need to start worrying about their security challenges. For the last two decades, whether you used Chrome, Edge, or Firefox, the …