AI Security Roundup

** Dec 26, 2025 ** Ravie Lakshmanan AI Security / DevSecOps A critical security flaw has been disclosed in LangChain Core that could be exploited by an attacker to steal sensitive secrets and even …

** Dec 25, 2025 ** Ravie Lakshmanan Cybersecurity / Hacking News It’s getting harder to tell where normal tech ends and malicious intent begins. Attackers are no longer just breaking in — …

** Dec 25, 2025 ** Ravie Lakshmanan Data Breach / Financial Crime The encrypted vault backups stolen from the 2022 LastPass data breach have enabled bad actors to take advantage of weak master …

** Dec 25, 2025 ** Ravie Lakshmanan Vulnerability / Enterprise Security Fortinet on Wednesday said it observed “recent abuse” of a five-year-old security flaw in FortiOS SSL VPN in the …

** Dec 25, 2025 ** Ravie Lakshmanan Vulnerability / Endpoint Security The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a security flaw impacting Digiever DS-2105 Pro network …

Urban VPN Proxy Surreptitiously Intercepts AI Chats This is pretty scary : Urban VPN Proxy targets conversations across ten AI platforms: ChatGPT, Claude, Gemini, Microsoft Copilot, Perplexity, …

** Dec 24, 2025 ** Ravie Lakshmanan Online Fraud / Artificial Intelligence The fraudulent investment scheme known as Nomani has witnessed an increase by 62%, according to data from ESET, as campaigns …

** Dec 24, 2025 ** Ravie Lakshmanan Malware / Endpoint Security Cybersecurity researchers have discovered a new variant of a macOS information stealer called MacSync that’s delivered by means of …

The U.S. Securities and Exchange Commission (SEC) has filed charges against multiple companies for their alleged involvement in an elaborate cryptocurrency scam that swindled more than $14 million …

** Dec 24, 2025 ** Ravie Lakshmanan Privacy / Antitrust Apple has been fined €98.6 million ($116 million) by Italy’s antitrust authority after finding that the company’s App Tracking …

** Dec 24, 2025 ** The Hacker News Password Management / Access Control Every year, cybercriminals find new ways to steal money and data from businesses. Breaching a business network, extracting …

Cybersecurity researchers have discovered two malicious Google Chrome extensions with the same name and published by the same developer that come with capabilities to intercept traffic and capture …

Denmark Accuses Russia of Conducting Two Cyberattacks News : The Danish Defence Intelligence Service (DDIS) announced on Thursday that Moscow was behind a cyber-attack on a Danish water utility in …

** Dec 23, 2025 ** Ravie Lakshmanan Financial Crime / Law Enforcement The U.S. Justice Department (DoJ) on Monday announced the seizure of a web domain and database that it said was used to further a …

Passwd is designed specifically for organizations operating within Google Workspace. Rather than competing as a general consumer password manager, its purpose is narrow, and business-focused: secure …

A law enforcement operation coordinated by INTERPOL has led to the recovery of $3 million and the arrest of 574 suspects by authorities from 19 countries, amidst a continued crackdown on cybercrime …

** Dec 23, 2025 ** Ravie Lakshmanan Cybersecurity / Surveillance The U.S. Federal Communications Commission (FCC) on Monday announced a ban on all drones and critical components made in a foreign …

** Dec 23, 2025 ** Ravie Lakshmanan Vulnerability / Workflow Automation A critical security vulnerability has been disclosed in the n8n workflow automation platform that, if successfully exploited, …

Microsoft Is Finally Killing RC4 After twenty-six years, Microsoft is finally upgrading the last remaining instance of the encryption algorithm RC4 in Windows. of the most visible holdouts in …

As the internet becomes an essential part of daily life, its environmental footprint continues to grow. Data centers, constant connectivity, and resource-heavy browsing habits all contribute to energy …

Cybersecurity researchers have disclosed details of a new malicious package on the npm repository that works as a fully functional WhatsApp API, but also contains the ability to intercept every …

** Dec 22, 2025 ** Ravie Lakshmanan Hacking News / Cybersecurity Cyber threats last week showed how attackers no longer need big hacks to cause big damage. They’re going after the everyday tools …

ISC Stormcast For Monday, December 22nd, 2025 https://isc.sans.edu/podcastdetail/9748

Threat actors have been observed leveraging malicious dropper apps masquerading as legitimate applications to deliver an Android SMS stealer dubbed Wonderland in mobile attacks targeting users in …

Threat hunters have discerned new activity associated with an Iranian threat actor known as Infy (aka Prince of Persia), nearly five years after the hacking group was observed targeting victims in …