AI Security Roundup

Gartner® doesn’t create new categories lightly. Generally speaking, a new acronym only emerges when the industry’s collective “to-do list” has become mathematically impossible …

The recently discovered sophisticated Linux malware framework known as VoidLink is assessed to have been developed by a single person with assistance from an artificial intelligence (AI) model. …

Visual Studio Code is a popular open-source code editor[ 1 ]. But it’s much more than a simple editor, it’s a complete development platform that supports many languages and it is available on multiple …

** Ravie Lakshmanan ** Jan 21, 2026 Vulnerability / Artificial Intelligence Security vulnerabilities were uncovered in the popular open-source artificial intelligence (AI) framework Chainlit that …

** Ravie Lakshmanan ** Jan 21, 2026 Email Security / Malware LastPass is alerting users to a new active phishing campaign that’s impersonating the password management service, which aims to …

** Ravie Lakshmanan ** Jan 21, 2026 Open Source / Vulnerability A security vulnerability has been disclosed in the popular binary-parser npm library that, if successfully exploited, could result in …

ISC Stormcast For Wednesday, January 21st, 2026 https://isc.sans.edu/podcastdetail/9774

The North Korean threat actors associated with the long-running Contagious Interview campaign have been observed using malicious Microsoft Visual Studio Code (VS Code) projects as lures to deliver a …

** Ravie Lakshmanan ** Jan 20, 2026 Vulnerability / Artificial Intelligence A set of three security vulnerabilities has been disclosed in mcp-server-git , the official Git Model Context Protocol ( MCP …

** Ravie Lakshmanan ** Jan 20, 2026 Malware / Threat Intelligence Cybersecurity researchers have uncovered a new phishing campaign that exploits social media private messages to propagate malicious …

** The Hacker News ** Jan 20, 2026 Enterprise Security / AI Security The Problem: The Identities Left Behind As organizations grow and evolve, employees, contractors, services, and systems come and go …

** Ravie Lakshmanan ** Jan 20, 2026 Cloud Security / Developer Security Cybersecurity researchers have disclosed details of a malware campaign that’s targeting software developers with a new …

Leaked API keys are no longer unusual, nor are the breaches that follow. So why are sensitive tokens still being so easily exposed? To find out, Intruder’s research team looked at what …

Could ChatGPT Convince You to Buy Something? Eighteen months ago, it was plausible that artificial intelligence might take a different path than social media. Back then, AI’s development hadn’t …

** Ravie Lakshmanan ** Jan 20, 2026 Web Security / Vulnerability Cloudflare has addressed a security vulnerability impacting its Automatic Certificate Management Environment ( ACME ) validation logic …

IDNs or “International Domain Names” have been with us for a while now (see RFC3490[ 1 ]). They are (ab)used in many attack scenarios because.. it works! Who can immediately spot the difference …

** Ravie Lakshmanan ** Jan 20, 2026 Cryptocurrency / Artificial Intelligence A Telegram-based guarantee marketplace known for advertising a broad range of illicit services appears to be winding down …

ISC Stormcast For Tuesday, January 20th, 2026 https://isc.sans.edu/podcastdetail/9772

Cybersecurity researchers have disclosed details of a security flaw that leverages indirect prompt injection targeting Google Gemini as a way to bypass authorization guardrails and use Google Calendar …

** Ravie Lakshmanan ** Jan 19, 2026 Hardware Security / Vulnerability A team of academics from the CISPA Helmholtz Center for Information Security in Germany has disclosed the details of a new …

Just a few years ago, the cloud was touted as the “magic pill” for any cyber threat or performance issue. Many were lured by the “always-on” dream, trading granular control for …

** Ravie Lakshmanan ** Jan 19, 2026 Hacking News / Cybersecurity In cybersecurity, the line between a normal update and a serious incident keeps getting thinner. Systems that once felt reliable are …

Cybersecurity researchers have disclosed details of an ongoing campaign dubbed KongTuke that used a malicious Google Chrome extension masquerading as an ad blocker to deliberately crash the web …

AI-Powered Surveillance in Schools It all sounds pretty dystopian : Inside a white stucco building in Southern California, video cameras compare faces of passersby against a facial recognition …

** Ravie Lakshmanan ** Jan 19, 2026 Malware / Threat Intelligence Cybersecurity researchers have disclosed a cross-site scripting (XSS) vulnerability in the web-based control panel used by operators …