Daily feed of AI security, malware, and defensive research updates.
** Nov 25, 2025 ** Ravie Lakshmanan Data Exposure / Cloud Security New research has found that organizations in various sensitive sectors, including governments, telecoms, and critical infrastructure, …
Cybersecurity researchers are calling attention to a new campaign that’s leveraging a combination of ClickFix lures and fake adult websites to deceive users into running malicious commands under …
** Nov 25, 2025 ** Ravie Lakshmanan Malware / Vulnerability The threat actor known as ToddyCat has been observed adopting new methods to obtain access to corporate email data belonging to target …
Four Ways AI Is Being Used to Strengthen Democracies Worldwide Democracy is colliding with the technologies of artificial intelligence. Judging from the audience reaction at the recent World Forum on …
** Nov 25, 2025 ** Ravie Lakshmanan Malware / Browser Security Cybersecurity researchers have disclosed details of a new campaign that has leveraged Blender Foundation files to deliver an information …
** Nov 25, 2025 ** Ravie Lakshmanan Spyware / Mobile Security The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday issued an alert warning of bad actors actively leveraging …
2026 will mark a pivotal shift in cybersecurity. Threat actors are moving from experimenting with AI to making it their primary weapon, using it to scale attacks, automate reconnaissance, and craft …
** Nov 24, 2025 ** Ravie Lakshmanan Cloud Security / Vulnerability Multiple security vendors are sounding the alarm about a second wave of attacks targeting the npm registry in a manner that’s …
** Nov 24, 2025 ** Ravie Lakshmanan Vulnerability / Container Security Cybersecurity researchers have discovered five vulnerabilities in Fluent Bit , an open-source and lightweight telemetry agent, …
** Nov 24, 2025 ** Ravie Lakshmanan Cybersecurity / Hacking News This week saw a lot of new cyber trouble. Hackers hit Fortinet and Chrome with new 0-day bugs. They also broke into supply chains and …
IACR Nullifies Election Because of Lost Decryption Key The International Association of Cryptologic Research—the academic cryptography association that’s been putting conferences like Crypto (back …
** Nov 24, 2025 ** Ravie Lakshmanan Malware / Vulnerability A recently patched security flaw in Microsoft Windows Server Update Services (WSUS) has been exploited by threat actors to distribute …
New research from CrowdStrike has revealed that DeepSeek’s artificial intelligence (AI) reasoning model DeepSeek-R1 produces more security vulnerabilities in response to prompts that contain …
** Nov 22, 2025 ** Ravie Lakshmanan Cyber Espionage / Cloud Security The China-linked advanced persistent threat (APT) group known as APT31 has been attributed to cyber attacks targeting the Russian …
Bad actors are leveraging browser notifications as a vector for phishing attacks to distribute malicious links by means of a new command-and-control (C2) platform called Matrix Push C2. “This …
** Nov 22, 2025 ** Ravie Lakshmanan Zero-Day / Software Security The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added a critical security flaw impacting Oracle Identity …
More on Rewiring Democracy It’s been a month since Rewiring Democracy: How AI Will Transform Our Politics, Government, and Citizenship was published. From what we know, sales are good. Some of the …
** Nov 21, 2025 ** Ravie Lakshmanan Vulnerability / Threat Mitigation Grafana has released security updates to address a maximum severity security flaw that could allow privilege escalation or user …
** Nov 21, 2025 ** Ravie Lakshmanan Data Protection / Technology In a surprise move, Google on Thursday announced that it has updated Quick Share, its peer-to-peer file transfer service, to work with …
Friday Squid Blogging: New “Squid” Sneaker I did not know Adidas sold a sneaker called “ Squid .” As usual, you can also use this squid post to talk about the security stories in the news that I …
** Nov 21, 2025 ** The Hacker News Mobile Security / Data Protection Ever wonder how some IT teams keep corporate data safe without slowing down employees? Of course you have. Mobile devices are …
A China-nexus threat actor known as APT24 has been observed using a previously undocumented malware dubbed BADAUDIO to establish persistent remote access to compromised networks as part of a nearly …
AI as Cyberattacker From Anthropic : In mid-September 2025, we detected suspicious activity that later investigation determined to be a highly sophisticated espionage campaign. The attackers used AI’s …
** Nov 21, 2025 ** Ravie Lakshmanan Compliance / Cyber Attack The U.S. Securities and Exchange Commission (SEC) has abandoned its lawsuit against SolarWinds and its chief information security officer, …
** Nov 21, 2025 ** Ravie Lakshmanan Data Breach / SaaS Security Salesforce has warned of detected “unusual activity” related to Gainsight-published applications connected to the platform. …
