AI Security Roundup

Hacking Wheelchairs over Bluetooth Researchers have demonstrated remotely controlling a wheelchair over Bluetooth. CISA has issued an advisory . CISA said the WHILL wheelchairs did not enforce …

Upcoming Speaking Engagements This is a current list of where and when I am scheduled to speak: I’m speaking at the David R. Cheriton School of Computer Science in Waterloo, Ontario, Canada on January …

Security experts have disclosed details of an active malware campaign that’s exploiting a DLL side-loading vulnerability in a legitimate binary associated with the open-source c-ares library to …

AI agents have quickly moved from experimental tools to core components of daily workflows across security, engineering, IT, and operations. What began as individual productivity aids, like personal …

Research analyzing 4,700 leading websites reveals that 64% of third-party applications now access sensitive data without business justification, up from 51% in 2024. Government sector malicious …

Microsoft on Tuesday rolled out its first security update for 2026 , addressing 114 security flaws, including one vulnerability that it said has been actively exploited in the wild. Of the 114 flaws, …

** Jan 14, 2026 ** Ravie Lakshmanan Vulnerability / Patch Management Fortinet has released updates to fix a critical security flaw impacting FortiSIEM that could allow an unauthenticated attacker to …

** Jan 14, 2026 ** Ravie Lakshmanan Application Security / Vulnerability Node.js has released updates to fix what it described as a critical security issue impacting “virtually every production …

** Jan 14, 2026 ** Ravie Lakshmanan Cyber Espionage / Threat Intelligence The Computer Emergency Response Team of Ukraine (CERT-UA) has disclosed details of new cyber attacks targeting its defense …

ISC Stormcast For Wednesday, January 14th, 2026 https://isc.sans.edu/podcastdetail/9766

January 2026 Microsoft Patch Tuesday Summary Published 2026-01-13. Last Updated 2026-01-13 19:05:41 UTC by Johannes Ullrich (Version: 1) 0 comment(s) Today, Microsoft released patches for 113 …

** Jan 13, 2026 ** Ravie Lakshmanan Web Security / Data Theft Cybersecurity researchers have discovered a major web skimming campaign that has been active since January 2022, targeting several major …

** Jan 13, 2026 ** Ravie Lakshmanan Web Security / Online Fraud Cybersecurity researchers have disclosed details of a malicious Google Chrome extension that’s capable of stealing API keys …

** Jan 13, 2026 ** The Hacker News Artificial Intelligence / Automation Security AI agents are no longer just writing code. They are executing it. Tools like Copilot, Claude Code, and Codex can now …

** Jan 13, 2026 ** Ravie Lakshmanan Threat Intelligence / Cyber Espionage Cybersecurity researchers have disclosed details of a previously undocumented and feature-rich malware framework codenamed …

** Jan 13, 2026 ** Ravie Lakshmanan Malware / Endpoint Security Cybersecurity researchers have disclosed details of a new campaign dubbed SHADOW#REACTOR that employs an evasive multi-stage attack …

1980s Hacker Manifesto Forty years ago, The Mentor— Loyd Blankenship —published “ The Conscience of a Hacker ” in Phrack . You bet your ass we’re all alike… we’ve been spoon-fed baby food at school …

** Jan 13, 2026 ** The Hacker News Threat Intelligence / Identity Security Old Playbook, New Scale: While defenders are chasing trends, attackers are optimizing the basics The security industry loves …

** Jan 13, 2026 ** Ravie Lakshmanan Vulnerability / SaaS Security ServiceNow has disclosed details of a now-patched critical security flaw impacting its ServiceNow AI Platform that could enable an …

** Jan 13, 2026 ** Ravie Lakshmanan Vulnerability / Network Security The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has warned of active exploitation of a high-severity security flaw …

ISC Stormcast For Tuesday, January 13th, 2026 https://isc.sans.edu/podcastdetail/9764

** Jan 12, 2026 ** Ravie Lakshmanan Vulnerability / Workflow Automation Threat actors have been observed uploading a set of eight packages on the npm registry that masqueraded as integrations …

** Jan 12, 2026 ** Ravie Lakshmanan Hacking News / Cybersecurity This week made one thing clear: small oversights can spiral fast. Tools meant to save time and reduce friction turned into easy entry …

A new wave of GoBruteforcer attacks has targeted databases of cryptocurrency and blockchain projects to co-opt them into a botnet that’s capable of brute-forcing user passwords for services such …

Corrupting LLMs Through Weird Generalizations Fascinating research: Weird Generalization and Inductive Backdoors: New Ways to Corrupt LLMs . Abstract LLMs are useful because they generalize so well. …