AI Security Roundup

Flock Exposes Its AI-Enabled Surveillance Cameras 404 Media has the story : Unlike many of Flock’s cameras, which are designed to capture license plates as people drive by, Flock’s Condor cameras are …

** Jan 02, 2026 ** Ravie Lakshmanan Cloud Security / Email Security Cybersecurity researchers have disclosed details of a phishing campaign that involves the attackers impersonating legitimate …

As web browsers evolve into all-purpose platforms, performance and productivity often suffer. Feature overload, excessive background processes, and fragmented workflows can slow down browsing sessions …

** Jan 01, 2026 ** Ravie Lakshmanan Cybersecurity / Hacking News The first ThreatsDay Bulletin of 2026 lands on a day that already feels symbolic — new year, new breaches, new tricks. If the past …

** Jan 01, 2026 ** Ravie Lakshmanan Network Security / Vulnerability Cybersecurity researchers have disclosed details of a persistent nine-month-long campaign that has targeted Internet of Things …

** Dec 31, 2026 ** Ravie Lakshmanan Software Security / Data Breach Trust Wallet on Tuesday revealed that the second iteration of the Shai-Hulud (aka Sha1-Hulud) supply chain outbreak in November 2025 …

** Dec 31, 2026 ** Ravie Lakshmanan Cybersecurity / Malware Cybersecurity researchers have disclosed details of what appears to be a new strain of Shai Hulud on the npm registry with slight …

** Dec 31, 2026 ** Ravie Lakshmanan API Security / Vulnerability IBM has disclosed details of a critical security flaw in API Connect that could allow attackers to gain remote access to the …

The threat actor behind two malicious browser extension campaigns, ShadyPanda and GhostPoster , has been attributed to a third attack campaign codenamed DarkSpectre that has impacted 2.2 million users …

** Dec 31, 2026 ** Ravie Lakshmanan Spyware / Mobile Security The U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) on Tuesday removed three individuals linked to the …

LinkedIn Job Scams Interesting article on the variety of LinkedIn job scams around the world: In India, tech jobs are used as bait because the industry employs millions of people and offers …

** Dec 30, 2026 ** Ravie Lakshmanan Vulnerability / Email Security The Cyber Security Agency of Singapore (CSA) has issued a bulletin warning of a maximum-severity security flaw in SmarterTools …

Using AI-Generated Images to Get Refunds Scammers are generating images of broken merchandise in order to apply for refunds. Tags: AI , China , scams Posted on December 30, 2025 at 7:02 AM • 0 …

The threat actor known as Silver Fox has turned its focus to India, using income tax-themed lures in phishing campaigns to distribute a modular remote access trojan called ValleyRAT (aka Winos 4.0). …

** Dec 30, 2026 ** Ravie Lakshmanan Malware / Cyber Espionage The Chinese hacking group known as Mustang Panda has leveraged a previously undocumented kernel-mode rootkit driver to deliver a new …

Artificial intelligence (AI) is making its way into security operations quickly, but many practitioners are still struggling to turn early experimentation into consistent operational value. This is …

KrebsOnSecurity.com celebrates its 16th anniversary today! A huge “thank you” to all of our readers — newcomers, long-timers and drive-by critics alike. Your engagement this past year here has been …

** Dec 29, 2026 ** Ravie Lakshmanan Hacking News / Cybersecurity Last week’s cyber news in 2025 was not about one big incident. It was about many small cracks opening at the same time. Tools …

In December 2024, the popular Ultralytics AI library was compromised, installing malicious code that hijacked system resources for cryptocurrency mining. In August 2025 , malicious Nx packages leaked …

** Dec 29, 2026 ** Ravie Lakshmanan Database Security / Vulnerability A recently disclosed security vulnerability in MongoDB has come under active exploitation in the wild, with over 87,000 …

Are We Ready to Be Governed by Artificial Intelligence? Artificial Intelligence (AI) overlords are a common trope in science-fiction dystopias, but the reality looks much more prosaic. The …

Cybersecurity researchers have disclosed details of what has been described as a “sustained and targeted” spear-phishing campaign that has published over two dozen packages to the npm …

ISC Stormcast For Sunday, December 28th, 2025 https://isc.sans.edu/podcastdetail/9750

** Dec 27, 2025 ** Ravie Lakshmanan Database Security / Vulnerability A high-severity security flaw has been disclosed in MongoDB that could allow unauthenticated users to read uninitialized heap …

** Dec 26, 2025 ** Ravie Lakshmanan Cryptocurrency / Incident Response Trust Wallet is urging users to update its Google Chrome extension to the latest version following what it described as a …