AI Security Roundup

ISC Stormcast For Tuesday, February 24th, 2026 https://isc.sans.edu/podcastdetail/9822

In 2010, OWASP added “Unvalidated Redirects and Forwards” to its Top 10 list and merged it into “Sensitive Data Exposure” in 2013 [owasp1] [owasp2]. Open redirects are often …

Is AI Good for Democracy? Politicians fixate on the global race for technological supremacy between US and China. They debate geopolitical implications of chip exports, latest model releases from each …

** Ravie Lakshmanan ** Feb 23, 2026 Malware / Threat Intelligence The Russia-linked state-sponsored threat actor tracked as APT28 has been attributed to a new campaign targeting specific entities in …

** Ravie Lakshmanan ** Feb 24, 2026 Artificial Intelligence / Anthropic Anthropic on Monday said it identified “industrial-scale campaigns” mounted by three artificial intelligence (AI) …

The threat activity cluster known as UnsolicitedBooker has been observed targeting telecommunications companies in Kyrgyzstan and Tajikistan, marking a shift from prior attacks aimed at Saudi Arabian …

** Ravie Lakshmanan ** Feb 24, 2026 Threat Intelligence / Healthcare The North Korea-linked Lazarus Group (aka Diamond Sleet and Pompilus) has been observed using Medusa ransomware in an attack …

Most identity programs still prioritize work the way they prioritize IT tickets: by volume, loudness, or “what failed a control check.” That approach breaks the moment your environment stops being …

** Ravie Lakshmanan ** Feb 24, 2026 Cyber Espionage / Malware A Russia-aligned threat actor has been observed targeting a European financial institution as part of a social engineering attack to …

A vulnerability in GitHub Codespaces could have been exploited by bad actors to seize control of repositories by injecting malicious Copilot instructions in a GitHub issue. The artificial intelligence …

Cybersecurity researchers have disclosed details of a new cryptojacking campaign that uses pirated software bundles as lures to deploy a bespoke XMRig miner program on compromised hosts. …

** The Hacker News ** Feb 23, 2026 Artificial Intelligence / Zero Trust As more organizations run their own Large Language Models (LLMs), they are also deploying more internal services and Application …

In his last two diaries, Xavier discussed recent malware campaigns that download JPEG files with embedded malicious payload[ 1 , 2 ]. At that point in time, I’ve not come across the malicious “MSI …

** Ravie Lakshmanan ** Feb 23, 2026 Cybersecurity / Hacking Security news rarely moves in a straight line. This week, it feels more like a series of sharp turns, some happening quietly in the …

On the Security of Password Managers Good article on password managers that secretly have a backdoor. New research shows that these claims aren’t true in all cases, particularly when account recovery …

Cybersecurity researchers have disclosed what they say is an active “Shai-Hulud-like” supply chain worm campaign that has leveraged a cluster of at least 19 malicious npm packages to …

** Ravie Lakshmanan ** Feb 23, 2026 Threat Intelligence / Artificial Intelligence The Iranian hacking group known as MuddyWater (aka Earth Vetala, Mango Sandstorm, and MUDDYCOAST) has targeted several …

ISC Stormcast For Monday, February 23rd, 2026 https://isc.sans.edu/podcastdetail/9820

Introduction For at least the past year or so, I’ve been receiving Japanese-language phishing emails to my blog email addresses at @malware-traffic-analysis.net. I’m not Japanese, but I …

The cybercriminals in control of Kimwolf — a disruptive botnet that has infected more than 2 million devices — recently shared a screenshot indicating they’d compromised the control panel for Badbox …

A prolific data ransom gang that calls itself Scattered Lapsus ShinyHunters (SLSH) has a distinctive playbook when it seeks to extort payment from victim firms: Harassing, threatening and even …

Microsoft today released updates to fix more than 50 security holes in its Windows operating systems and other software, including patches for a whopping six “zero-day” vulnerabilities that attackers …

For the past week, the massive “Internet of Things” (IoT) botnet known as Kimwolf has been disrupting The Invisible Internet Project (I2P), a decentralized, encrypted communications network designed …

Most phishing websites are little more than static copies of login pages for popular online destinations, and they are often quickly taken down by anti-abuse activists and security firms. But a …

With $5.5 trillion in global AI risk exposure and 700,000 U.S. workers needing reskilling, four new AI certifications and Certified CISO v4 help close the gap between AI adoption and workforce …