AI Security Roundup

ISC Stormcast For Monday, June 8th, 2026 <https://isc.sans.edu/podcastdetail/9962>

Hacking Meta’s AI Chatbot Hackers are convincing Meta’s AI support chatbot to let them take over other peoples’ accounts: > A > video > posted on X showed the step-by-step process to hack …

Anthropic’s Project Glasswing Update In April, Anthropic initated Project Glasswing . The idea was to let companies use their new model to find and fix vulnerabilities in their own software. It was a …

AI Worm Researchers have prototyped an AI-powered internet worm . The coolest thing about the prototype is that it carries its own LLM with it, and runs it on computers that have been broken into. …

** Ravie Lakshmanan ** Jun 08, 2026 Cyber Espionage / Malware A China-nexus cyber espionage group has been observed deploying a BSD variant of a known backdoor called BRICKSTORM, as well as two other …

Cybersecurity researchers have disclosed details of a financially motivated data theft extortion campaign that has targeted dozens of organizations across professional, legal, and financial services …

Critical Zcash Vulnerability Found and Fixed If you’re a user—owner?—of this cryptocurrency, this is important: > On May 29, the security researcher Taylor Hornby found a critical vulnerability in …

Mythos is real. I know a big chunk of the industry thinks it’s a marketing stunt, and I get why. I get it. But I’ve seen the findings, and they’re bad. These aren’t …

Phishing has always been a numbers game. AI has turned it into a volume machine. Attackers can now create convincing emails, fake login pages, and tailored lures in minutes. Every polished message …

** Ravie Lakshmanan ** Jun 08, 2026 Cybersecurity / Hacking Monday again. The weekend was meant to be quiet. It wasn’t. Last week had poisoned packages, a broken AI helper, and a worm tearing …

** Ravie Lakshmanan ** Jun 08, 2026 Spyware / Mobile Security Meta on Monday said it detected and blocked spear-phishing attempts linked to Israeli spyware vendor NSO Group . In addition, the tech …

** Ravie Lakshmanan ** Jun 08, 2026 Vulnerability / Network Security Check Point has warned of active exploitation of a critical vulnerability impacting Remote Access VPN and Mobile Access deployments …

** Swati Khandelwal ** Jun 08, 2026 Linux / Vulnerability Security researchers have published a detailed, working exploit for a Linux kernel use-after-free that lets an unprivileged local user …

ISC Stormcast For Tuesday, June 2nd, 2026 <https://isc.sans.edu/podcastdetail/9954>

For a few days, my SANS ISC mailbox is flooded with emails that delivers SVG files. An SVG (“Scalable Vector Graphic”) is a web-friendly vector file format used for graphics and icons. No …

ISC Stormcast For Wednesday, June 3rd, 2026 <https://isc.sans.edu/podcastdetail/9956>

Enterprise applications often still use complex standards like SOAP for web services. The big advantage of SOAP is its tight and extensive standards, which enable interoperability across an enterprise …

ISC Stormcast For Thursday, June 4th, 2026 <https://isc.sans.edu/podcastdetail/9958>

Public skill marketplaces are being flooded with malicious skills that steal credentials, exfiltrate data, and hijack agents. In response, a segment of the security industry released skill scanners, a …

Microsoft Threatening Security Researcher An anonymous security researcher called “Nightmare Eclipse” has been publishing a series of significant security exploits against Microsoft Windows—including …

The Intersection of Encryption and AI As part of their 20th Anniversary celebration, Dark Reading asked five cybersecurity industry leaders who wrote blogs or columns for them over the years to select …

AI Used to Decrypt Medieval Ciphers Researchers are using machine learning algorithms to decrypt historical pencil-and-paper ciphers. Tags: AI , history of cryptography , machine learning Posted on …

** Ravie Lakshmanan ** Jun 03, 2026 Vulnerability / Network Security Cybersecurity researchers have disclosed details of an unpatched issue that could be exploited to disclose a user’s NTLMv2 …

The Fragmented State of Modern Enterprise Identity Enterprise IAM is approaching a breaking point. As organizations scale, identity becomes increasingly fragmented across thousands of applications, …

** Ravie Lakshmanan ** Jun 03, 2026 Vulnerability / Software Development Cybersecurity researchers have disclosed a one-click attack via Microsoft Visual Studio Code (VS Code) that makes it possible …