AI Security Roundup

** Dec 08, 2025 ** The Hacker News Cybersecurity / Password Security The holiday season compresses risk into a short, high-stakes window. Systems run hot, teams run lean, and attackers time automated …

Cybersecurity researchers are calling attention to a new campaign dubbed JS#SMUGGLER that has been observed leveraging compromised websites as a distribution vector for a remote access trojan named …

** Dec 08, 2025 ** Ravie Lakshmanan Hacking News / Cybersecurity It’s been a week of chaos in code and calm in headlines. A bug that broke the internet’s favorite framework, hackers …

A critical security flaw in the Sneeit Framework plugin for WordPress is being actively exploited in the wild, per data from Wordfence. The remote code execution vulnerability in question is …

** Dec 08, 2025 ** Ravie Lakshmanan Network Security / Vulnerability The Iranian hacking group known as MuddyWater has been observed leveraging a new backdoor dubbed UDPGangster that uses the User …

Cybersecurity researchers have disclosed details of two new Android malware families dubbed FvncBot and SeedSnatcher , as another upgraded version of ClayRat has been spotted in the wild. The findings …

** Dec 06, 2025 ** Ravie Lakshmanan AI Security / Vulnerability Over 30 security vulnerabilities have been disclosed in various artificial intelligence (AI)-powered Integrated Development Environments …

** Dec 06, 2025 ** Ravie Lakshmanan Vulnerability / Patch Management The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday formally added a critical security flaw impacting React …

** Dec 03, 2025 ** Ravie Lakshmanan Vulnerability / Website Security A critical security flaw impacting a WordPress plugin known as King Addons for Elementor has come under active exploitation in the …

** Dec 03, 2025 ** Ravie Lakshmanan Vulnerability / Endpoint Security Microsoft has silently plugged a security flaw that has been exploited by several threat actors since 2017 as part of the …

The threat actor known as Water Saci is actively evolving its tactics, switching to a sophisticated, highly layered infection chain that uses HTML Application (HTA) files and PDFs to propagate via …

** Dec 03, 2025 ** The Hacker News Cybercrime / Artificial Intelligence Remember when phishing emails were easy to spot? Bad grammar, weird formatting, and requests from a “Prince” in a …

** Dec 03, 2025 ** Ravie Lakshmanan Vulnerability / Cloud Security A maximum-severity security flaw has been disclosed in React Server Components (RSC) that, if successfully exploited, could result in …

** Dec 03, 2025 ** Ravie Lakshmanan Malware / Web3 Security Cybersecurity researchers have discovered a malicious Rust package that’s capable of targeting Windows, macOS, and Linux systems, and …

** Dec 03, 2025 ** Ravie Lakshmanan Machine Learning / Vulnerability Three critical security flaws have been disclosed in an open-source utility called Picklescan that could allow malicious actors to …

Like Social Media, AI Requires Difficult Choices In his 2020 book, “ Future Politics , ” British barrister Jamie Susskind wrote that the dominant question of the 20th century was “How much of our …

Most people know the story of Paul Bunyan. A giant lumberjack, a trusted axe, and a challenge from a machine that promised to outpace him. Paul doubled down on his old way of working, swung harder, …

** Dec 02, 2025 ** Ravie Lakshmanan AI Security / Software Supply Chain Cybersecurity researchers have disclosed details of an npm package that attempts to influence artificial intelligence …

Israeli entities spanning academia, engineering, local government, manufacturing, technology, transportation, and utilities sectors have emerged as the target of a new set of attacks undertaken by …

** Dec 02, 2025 ** Ravie Lakshmanan Malware / Blockchain The supply chain campaign known as GlassWorm has once again reared its head, infiltrating both Microsoft Visual Studio Marketplace and Open VSX …

** Dec 02, 2025 ** The Hacker News Identity Theft / Threat Intelligence A joint investigation led by Mauro Eldritch, founder of BCA LTD , conducted together with threat-intel initiative NorthScan and …

** Dec 02, 2025 ** Ravie Lakshmanan Regulatory Compliance / Online Safety India’s Department of Telecommunications (DoT) has issued directions to app-based communication service providers to …

Vulnerability management is a core component of every cybersecurity strategy. However, businesses often use thousands of software without realising it (when was the last time you checked?), and …

** Dec 02, 2025 ** Ravie Lakshmanan Mobile Security / Vulnerability Google on Monday released monthly security updates for the Android operating system, including two vulnerabilities that it said have …

The AI browser wars are coming to a desktop near you, and you need to start worrying about their security challenges. For the last two decades, whether you used Chrome, Edge, or Firefox, the …