AI Security Roundup

The threat actor known as Dragon Breath has been observed making use of a multi-stage loader codenamed RONINGLOADER to deliver a modified variant of a remote access trojan called Gh0st RAT. The …

Phishing attacks are no longer confined to the email inbox, with 1 in 3 phishing attacks now taking place over non-email channels like social media, search engines, and messaging apps. LinkedIn in …

This week showed just how fast things can go wrong when no one’s watching. Some attacks were silent and sneaky. Others used tools we trust every day — like AI, VPNs, or app stores — to cause …

Upcoming Speaking Engagements This is a current list of where and when I am scheduled to speak: My coauthor Nathan E. Sanders and I are speaking at the Rayburn House Office Building in Washington, DC …

Friday Squid Blogging: Pilot Whales Eat a Lot of Squid Short-finned pilot wales ( Globicephala macrorhynchus ) eat at lot of squid: To figure out a short-finned pilot whale’s caloric intake, Gough …

** Nov 15, 2025 ** Ravie Lakshmanan Malware / Vulnerability The botnet malware known as RondoDox has been observed targeting unpatched XWiki instances against a critical security flaw that could allow …

** Nov 14, 2025 ** Ravie Lakshmanan Malware / Threat Intelligence The North Korean threat actors behind the Contagious Interview campaign have once again tweaked their tactics by using JSON storage …

The U.S. Department of Justice (DoJ) on Friday announced that five individuals have pleaded guilty to assisting North Korea’s illicit revenue generation schemes by enabling information …

The Role of Humans in an AI-Powered World As AI capabilities grow, we must delineate the roles that should remain exclusively human. The line seems to be between fact-based decisions and …

** Nov 14, 2025 ** Ravie Lakshmanan Threat Intelligence / Vulnerability Cybersecurity researchers are sounding the alert about an authentication bypass vulnerability in Fortinet Fortiweb WAF that …

Key Takeaways: 85 active ransomware and extortion groups observed in Q3 2025, reflecting the most decentralized ransomware ecosystem to date. 1,590 victims disclosed across 85 leak sites, showing …

The Iranian state-sponsored threat actor known as APT42 has been observed targeting individuals and organizations that are of interest to the Islamic Revolutionary Guard Corps (IRGC) as part of a new …

State-sponsored threat actors from China used artificial intelligence (AI) technology developed by Anthropic to orchestrate automated cyber attacks as part of a “highly sophisticated espionage …

Cybersecurity researchers have uncovered critical remote code execution vulnerabilities impacting major artificial intelligence (AI) inference engines, including those from Meta, Nvidia, Microsoft, …

A Russian-speaking threat behind an ongoing, mass phishing campaign has registered more than 4,300 domain names since the start of the year. The activity , per Netcraft security researcher Andrew …

** Nov 13, 2025 ** Ravie Lakshmanan Cybersecurity / Hacking News Behind every click, there’s a risk waiting to be tested. A simple ad, email, or link can now hide something dangerous. Hackers …

Book Review: The Business of Secrets The Business of Secrets: Adventures in Selling Encryption Around the World by Fred Kinch (May 24, 2004) From the vantage point of today, it’s surreal reading about …

The Race for Every New CVE Based on multiple 2025 industry reports: roughly 50 to 61 percent of newly disclosed vulnerabilities saw exploit code weaponized within 48 hours. Using the CISA Known …

** Nov 13, 2025 ** Ravie Lakshmanan Botnet / Cybercrime Malware families like Rhadamanthys Stealer , Venom RAT , and the Elysium botnet have been disrupted as part of a coordinated law enforcement …

** Nov 13, 2025 ** Ravie Lakshmanan Browser Security / Threat Intelligence Cybersecurity researchers have uncovered a malicious Chrome extension that poses as a legitimate Ethereum wallet but harbors …

Cybersecurity researchers are calling attention to a large-scale spam campaign that has flooded the npm registry with thousands of fake packages since early 2024 as part of a likely financially …

** Nov 13, 2025 ** Ravie Lakshmanan Vulnerability / Network Security The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added a critical security flaw impacting WatchGuard …

On Hacking Back Former DoJ attorney John Carlin writes about hackback, which he defines thus: “A hack back is a type of cyber response that incorporates a counterattack designed to proactively engage …

** Nov 12, 2025 ** Ravie Lakshmanan Vulnerability / Patch Tuesday Microsoft on Tuesday released patches for 63 new security vulnerabilities identified in its software, including one that has come …

Active Directory remains the authentication backbone for over 90% of Fortune 1000 companies. AD’s importance has grown as companies adopt hybrid and cloud infrastructure, but so has its …