Daily AI security roundup covering malware, vulnerabilities, defensive research, cloud risk, and incident response signals from trusted technical sources.
With $5.5 trillion in global AI risk exposure and 700,000 U.S. workers needing reskilling, four new AI certifications and Certified CISO v4 help close the gap between AI adoption and workforce …
** Ravie Lakshmanan ** Feb 21, 2026 Vulnerability / Patch Management The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added two security flaws impacting Roundcube webmail …
** Ravie Lakshmanan ** Feb 21, 2026 Artificial Intelligence / DevSecOps Artificial intelligence (AI) company Anthropic has begun to roll out a new security feature for Claude Code that can scan a …
A Russian-speaking, financially motivated threat actor has been observed taking advantage of commercial generative artificial intelligence (AI) services to compromise over 600 FortiGate devices …
Friday Squid Blogging: Do Squid Dream? An exploration of the interesting question. Tags: squid Posted on February 13, 2026 at 5:08 PM • 38 Comments
Upcoming Speaking Engagements This is a current list of where and when I am scheduled to speak: I’m speaking at Ontario Tech University in Oshawa, Ontario, Canada, at 2 PM ET on Thursday, February 26, …
Threat actors have started to exploit a recently disclosed critical security flaw impacting BeyondTrust Remote Support (RS) and Privileged Remote Access (PRA) products, according to watchTowr. …
** The Hacker News ** Feb 13, 2026 Supply Chain Security / DevSecOps In December 2025, in response to the Sha1-Hulud incident, npm completed a major authentication overhaul intended to reduce …
Cybersecurity researchers have discovered a malicious Google Chrome extension that’s designed to steal data associated with Meta Business Suite and Facebook Business Manager. The extension, …
We’ve all seen this before: a developer deploys a new cloud workload and grants overly broad permissions just to keep the sprint moving. An engineer generates a “temporary” API key for …
Cybersecurity researchers have disclosed details of a new Android trojan called Massiv that’s designed to facilitate device takeover ( DTO ) attacks for financial theft. The malware, according …
Cybersecurity researchers have disclosed details of a new campaign dubbed CRESCENTHARVEST , likely targeting supporters of Iran’s ongoing protests to conduct information theft and long-term …
** Ravie Lakshmanan ** Feb 19, 2026 Cybersecurity / Hacking News The cyber threat space doesn’t pause, and this week makes that clear. New risks, new tactics, and new security gaps are showing up …
** Ravie Lakshmanan ** Feb 19, 2026 Vulnerability / Network Security Microsoft has disclosed a now-patched security flaw in Windows Admin Center that could allow an attacker to escalate their …
** Ravie Lakshmanan ** Feb 19, 2026 Financial Crime / Cybercrime An international cybercrime operation against online scams has led to 651 arrests and recovered more than $4.3 million as part of an …
** Ravie Lakshmanan ** Feb 13, 2026 Cloud Security / Cyber Espionage A previously unknown threat actor tracked as UAT-9921 has been observed leveraging a new modular framework called VoidLink in its …
** Ravie Lakshmanan ** Feb 13, 2026 Malware / Critical Infrastructure Several state-sponsored actors, hacktivist entities, and criminal groups from China, Iran, North Korea, and Russia have trained …
ISC Stormcast For Wednesday, February 11th, 2026 https://isc.sans.edu/podcastdetail/9804
** Ravie Lakshmanan ** Feb 13, 2026 Threat Intelligence / Malware A previously undocumented threat actor has been attributed to attacks targeting Ukrainian organizations with malware known as CANFAIL …
Today’s patch Tuesday addresses 59 different vulnerabilities (plus two Chromium vulnerabilities affecting Microsoft Edge). While this is a lower-than-normal number, this includes six …
WSL or “Windows Subsystem Linux”[ 1 ] is a feature in the Microsoft Windows ecosystem that allows users to run a real Linux environment directly inside Windows without needing a traditional virtual …
Apple Patches Everything: February 2026 Published 2026-02-11. Last Updated 2026-02-11 19:36:59 UTC by Johannes Ullrich (Version: 1) 0 comment(s) Today, Apple released updates for all of its operating …
[This is a Guest Diary by Johnathan Husch, an ISC intern as part of the SANS.edu BACS program] Weak SSH passwords remain one of the most consistently exploited attack surfaces on the Internet. Even …
ISC Stormcast For Thursday, February 12th, 2026 https://isc.sans.edu/podcastdetail/9806
ISC Stormcast For Friday, February 13th, 2026 https://isc.sans.edu/podcastdetail/9808
