AI Security Roundup

** Ravie Lakshmanan ** Apr 02, 2026 Cryptomining / Malware A financially motivated operation codenamed REF1695 has been observed leveraging fake installers to deploy remote access trojans (RATs) and …

Possible US Government iPhone Hacking Tool Leaked Wired writes (alternate source ): Security researchers at Google on Tuesday released a report describing what they’re calling “Coruna,” a highly …

A lot of the information seen on DShield honeypots [1] is repeated bot traffic, especially when looking at the Cowrie [2] telnet and SSH sessions. However, how long a session lasts, how many commands …

** Ravie Lakshmanan ** Apr 02, 2026 Mobile Security / Vulnerability Apple on Wednesday expanded the availability of iOS 18.7.7 and iPadOS 18.7.7 to a broader range of devices to protect users from the …

This is the fourth update to the TeamPCP supply chain campaign threat intelligence report, “When the Security Scanner Became the Weapon” (v3.0, March 25, 2026). Update 003 covered …

ISC Stormcast For Tuesday, March 31st, 2026 https://isc.sans.edu/podcastdetail/9872

In case of a cyber incident, most organizations fear more of data loss (via exfiltration) than regular data encryption because they have a good backup policy in place. If exfiltration happened, it …

ISC Stormcast For Wednesday, April 1st, 2026 https://isc.sans.edu/podcastdetail/9874

This is the fifth update to the TeamPCP supply chain campaign threat intelligence report, “When the Security Scanner Became the Weapon” (v3.0, March 25, 2026). Update 004 covered …

Today, most malware are called “fileless” because they try to reduce their footprint on the infected computer filesystem to the bare minimum. But they need to write something… think about persistence. …

ISC Stormcast For Thursday, April 2nd, 2026 https://isc.sans.edu/podcastdetail/9876

This post is adapted from a talk I gave at [un]prompted , the AI security practitioner conference. Thanks to Gadi Evron for inviting me to speak. You can watch the recorded presentation below or …

Code coverage is one of the most dangerous quality metrics in software testing. Many developers fail to realize that code coverage lies by omission: it measures execution, not verification. Test …

Inventors of Quantum Cryptography Win Turing Award Charles Bennett and Gilles Brassard have won the 2026 Turing Award for inventing quantum cryptography. I am incredibly pleased to see them get this …

Friday Squid Blogging: Bioluminescent Bacteria in Squid The Hawaiian bobtail squid has bioluminescent bacteria . Tags: squid Posted on March 27, 2026 at 4:18 PM • 29 Comments

Apple’s Camera Indicator Lights A thoughtful review of Apple’s system to alert users that the camera is on. It’s really well-designed, and important in a world where malware could surreptitiously …

A Taxonomy of Cognitive Security Last week, I listened to a fascinating talk by K. Melton on cognitive security, cognitive hacking, and reality pentesting. The slides from the talk are here , but—even …

** Ravie Lakshmanan ** Apr 01, 2026 Vulnerability / Browser Security Google on Thursday released security updates for its Chrome web browser to address 21 vulnerabilities, including a zero-day flaw …

Is “Hackback” Official US Cybersecurity Strategy? The 2026 US “ Cyber Strategy for America ” document is mostly the same thing we’ve seen out of the White House for over a decade, but with a more …

Google has formally attributed the supply chain compromise of the popular Axios npm package to a financially motivated North Korean threat activity cluster tracked as UNC1069 . “We have …

** Ravie Lakshmanan ** Apr 01, 2026 Data Breach / Artificial Intelligence Anthropic on Tuesday confirmed that internal code for its popular artificial intelligence (AI) coding assistant, Claude Code, …

For years, cybersecurity has followed a familiar model: block malware, stop the attack. Now, attackers are moving on to what’s next. Threat actors now use malware less frequently in favor of what’s …

** Ravie Lakshmanan ** Apr 01, 2026 Malware / Windows Security A multi-pronged phishing campaign is targeting Spanish-speaking users in organizations across Latin America and Europe to deliver Windows …

** The Hacker News ** Apr 01, 2026 Endpoint Security / Data Protection There is a character that keeps appearing in enterprise security departments, and most CISOs know exactly who that is. It doesn’t …

** Ravie Lakshmanan ** Apr 01, 2026 Social Engineering / Malware Microsoft is calling attention to a new campaign that has leveraged WhatsApp messages to distribute malicious Visual Basic Script (VBS) …