AI Security Roundup

** Ravie Lakshmanan ** May 12, 2026 Malware / Mobile Security Cybersecurity researchers have flagged a new version of the TrickMo Android banking trojan that uses The Open Network (TON) for …

** Ravie Lakshmanan ** May 12, 2026 Supply Chain Attack / Software Security RubyGems , the standard package manager for the Ruby programming language, has temporarily paused account sign ups following …

** Ravie Lakshmanan ** May 12, 2026 Vulnerability / Email Security Exim has released security updates to address a severe security issue affecting certain configurations that could enable memory …

[This is a Guest Diary by Eric Roldan, an ISC intern as part of the SANS.edu BACS program] Through the expansion of Large Language Models (LLMs), cybersecurity has exploded with a variety of tools for …

ISC Stormcast For Thursday, May 7th, 2026 https://isc.sans.edu/podcastdetail/9922

ISC Stormcast For Friday, May 8th, 2026 https://isc.sans.edu/podcastdetail/9924

Less than two weeks after the public disclosure of the Copy Fail vulnerability (CVE-2026-31431), another local privilege escalation (LPE) vulnerability in the Linux kernel has been revealed. Referred …

YARA-X 1.16.0 Release Published 2026-05-10. Last Updated 2026-05-10 22:37:08 UTC by Didier Stevens (Version: 1) 0 comment(s) YARA-X’s 1.16.0 release brings 4 improvements and 4 bugfixes. Didier …

ISC Stormcast For Monday, May 11th, 2026 https://isc.sans.edu/podcastdetail/9926

An ongoing data extortion attack targeting the widely-used education technology platform Canvas disrupted classes and coursework at school districts and universities across the United States today, …

Smart Glasses for the Authorities ICE is developing its own version of smart glasses, with facial recognition tied to various databases. Tags: biometrics , DHS , face recognition Posted on May 7, 2026 …

Insider Betting on Polymarket Insider trading is rife on Polymarket: Analysis by the Anti-Corruption Data Collective, a non-profit research and advocacy group, found that long-shot bets—­defined as …

Friday Squid Blogging: Giant Squid Live in the Waters of Western Australia Evidence of them has been found by analyzing DNA in the seawater. As usual, you can also use this squid post to talk about …

** Ravie Lakshmanan ** May 08, 2026 Malware / Threat Intelligence Cybersecurity researchers have disclosed details of a new Linux backdoor named PamDOORa that’s being advertised on the Rehub …

** Ravie Lakshmanan ** May 08, 2026 Linux / DevOps A previously undocumented Linux implant codenamed Quasar Linux RAT (QLNX) is targeting developers’ systems to establish a silent foothold as …

The dark secret of enterprise security operations is that defenders have quietly institutionalized the practice of not looking. This is not just anecdotal, but rather backed by a recent report …

** The Hacker News ** May 08, 2026 Artificial Intelligence / Threat Detection The hardest part of cybersecurity isn’t the technology, it’s the people. Every major breach you’ve read about lately …

Threat hunters have flagged a previously undocumented Brazilian banking trojan dubbed TCLBANKER that’s capable of targeting 59 banking, fintech, and cryptocurrency platforms. The activity is …

Cybersecurity researchers have discovered fraudulent apps on the official Google Play Store for Android that falsely claimed to offer access to call histories for any phone number, only to trick users …

Cybersecurity researchers have disclosed a critical security vulnerability in Ollama that, if successfully exploited, could allow a remote, unauthenticated attacker to leak its entire process memory. …

** Ravie Lakshmanan ** May 09, 2026 Vulnerability / Web Hosting cPanel has released updates to address three vulnerabilities in cPanel and Web Host Manager (WHM) that could be exploited to achieve …

Introduction This diary describes a Remcos RAT infection that I generated in my lab on Thursday, 2026-03-11. This infection was from the SmartApeSG campaign that used a ClickFix-style fake CAPTCHA …

Cybersecurity researchers have exposed a new Mirai -derived botnet that self-identifies as xlabs_v1 and targets internet-exposed devices running Android Debug Bridge ( ADB ) to enlist them in a …

The Iranian state-sponsored hacking group known as MuddyWater (aka Mango Sandstorm, Seedworm, and Static Kitten) has been attributed to a ransomware attack in what has been described as a “false …

Analysts recently confirmed what identity security teams have quietly feared: AI agents are being deployed faster than enterprises can govern them. In their inaugural Market Guide for Guardian Agents, …