AI Security Roundup

ISC Stormcast For Thursday, May 28th, 2026 <https://isc.sans.edu/podcastdetail/9948>

Using the data collected over the past year and using Kibana these two ES|QL query to summarize the data, this shows the list of the most uploaded threat to two DShield sensors (local and cloud) over …

ISC Stormcast For Friday, May 29th, 2026 <https://isc.sans.edu/podcastdetail/9950>

YARA-X 1.17.0 Release Published 2026-05-31. Last Updated 2026-05-31 16:01:29 UTC by Didier Stevens (Version: 1) 0 comment(s) YARA-X’s 1.17.0 release brings 5 improvements (several performance …

Introduction This diary provides indicators from an unidentified RAT infection on Wednesday 2026-05-27 that was followed by a malicious NetSupport Manager RAT package. This originated from the …

Authorities in the Netherlands have arrested the co-owners of two related Internet hosting companies for operating IT infrastructure used by Russia to carry out cyberattacks, influence operations and …

Identifying People Using Wi-Fi Routers Not identifying people based on their use of Wi-Fi routers, but identifying people using Wi-Fi signals . > This is accomplished through what is known as > …

Friday Squid Blogging: Another Squid Someone named “Squid” seems to be a “ West Country legend .” As usual, you can also use this squid post to talk about the security stories in the news that I …

FBI’s 2025 Internet Crime Report The 2025 Internet Crime Report was published a few weeks ago, but I only just saw it. Lots of interesting statistics. Press release . News articles . Tags: crime , …

Chilling Effects Younger Americans have soured on the second Donald Trump presidency , but they are not protesting it. Despite an unpopular Iran war and an even more unpopular Trump administration , …

The North Korean state-sponsored threat actor known as Kimsuky (aka Velvet Chollima) has been attributed to a fresh set of cyber attacks targeting South Korean military and corporate entities through …

Shadow AI used to mean employees pasting things they shouldn’t into ChatGPT. It now means something bigger: employees building full applications with AI, wiring them into production systems, and …

** Ravie Lakshmanan ** May 29, 2026 Cyber Espionage / Artificial Intelligence A previously undocumented threat actor dubbed GREYVIBE has been attributed to ongoing and persistent attacks targeting …

Cybersecurity researchers have discovered a malicious NuGet package that masquerades as a C# software development kit for Sicoob, one of Brazil’s largest cooperative financial systems, to siphon …

** Ravie Lakshmanan ** May 29, 2026 Vulnerability / Artificial Intelligence An unknown threat actor has been observed using a large language model (LLM) agent to conduct post-compromise actions after …

** Ravie Lakshmanan ** May 30, 2026 Vulnerability / Network Security Palo Alto Networks has warned that a recently disclosed medium-severity security flaw impacting PAN-OS and Prisma Access has come …

Cybersecurity researchers have disclosed details of a vulnerability in OpenAI ChatGPT that leverages the artificial intelligence (AI) assistant’s implicit trust in Markdown links and images to …

** Ravie Lakshmanan ** May 31, 2026 IoT Security / Network Security Dutch authorities have announced the takedown of a botnet that enslaved millions of infected devices, including computers, tablets, …

This week, I’m attending the SEC670[ 1 ] training (“Red Teaming Tools - Developing Windows Implants, Shellcode, Command and Control”). From my point of view, this training fits perfectly with FOR610 …

** Ravie Lakshmanan ** May 23, 2026 Vulnerability / Website Security The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a recently patched critical security flaw impacting …

** Ravie Lakshmanan ** May 23, 2026 Vulnerability / Web Security A maximum-severity security vulnerability impacting LiteSpeed User-End cPanel Plugin has come under active exploitation in the wild. …

** Ravie Lakshmanan ** May 23, 2026 Malware / DevSecOps A new “coordinated” supply chain attack campaign has impacted eight packages on Packagist including malicious code designed to run a …

** Ravie Lakshmanan ** May 23, 2026 Supply Chain Attack / Malware Cybersecurity researchers have flagged a fresh software supply chain attack campaign that has targeted multiple PHP packages belonging …

** Ravie Lakshmanan ** May 23, 2026 Artificial Intelligence / Vulnerability Anthropic on Friday disclosed that Project Glasswing has helped uncover more than 10,000 high- or critical-severity …

** Ravie Lakshmanan ** May 23, 2026 Software Supply Chain / DevSecOps GitHub has rolled out new controls for npm to improve the security of the software supply chain, giving maintainers the ability to …