AI Security Roundup

IoT Hack Someone hacked an Italian ferry . It looks like the malware was installed by someone on the ferry, and not remotely. Tags: France , hacking , Internet of Things , malware Posted on December …

Friday Squid Blogging: Squid Camouflage New research : Abstract: Coleoid cephalopods have the most elaborate camouflage system in the animal kingdom. This enables them to hide from or deceive both …

A China-linked advanced persistent threat (APT) group has been attributed to a highly-targeted cyber espionage campaign in which the adversary poisoned Domain Name System (DNS) requests to deliver its …

** Dec 26, 2025 ** Ravie Lakshmanan AI Security / DevSecOps A critical security flaw has been disclosed in LangChain Core that could be exploited by an attacker to steal sensitive secrets and even …

** Dec 25, 2025 ** Ravie Lakshmanan Cybersecurity / Hacking News It’s getting harder to tell where normal tech ends and malicious intent begins. Attackers are no longer just breaking in — …

** Dec 25, 2025 ** Ravie Lakshmanan Data Breach / Financial Crime The encrypted vault backups stolen from the 2022 LastPass data breach have enabled bad actors to take advantage of weak master …

** Dec 25, 2025 ** Ravie Lakshmanan Vulnerability / Enterprise Security Fortinet on Wednesday said it observed “recent abuse” of a five-year-old security flaw in FortiOS SSL VPN in the …

** Dec 25, 2025 ** Ravie Lakshmanan Vulnerability / Endpoint Security The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a security flaw impacting Digiever DS-2105 Pro network …

Urban VPN Proxy Surreptitiously Intercepts AI Chats This is pretty scary : Urban VPN Proxy targets conversations across ten AI platforms: ChatGPT, Claude, Gemini, Microsoft Copilot, Perplexity, …

** Dec 24, 2025 ** Ravie Lakshmanan Online Fraud / Artificial Intelligence The fraudulent investment scheme known as Nomani has witnessed an increase by 62%, according to data from ESET, as campaigns …

** Dec 24, 2025 ** Ravie Lakshmanan Malware / Endpoint Security Cybersecurity researchers have discovered a new variant of a macOS information stealer called MacSync that’s delivered by means of …

The U.S. Securities and Exchange Commission (SEC) has filed charges against multiple companies for their alleged involvement in an elaborate cryptocurrency scam that swindled more than $14 million …

** Dec 24, 2025 ** Ravie Lakshmanan Privacy / Antitrust Apple has been fined €98.6 million ($116 million) by Italy’s antitrust authority after finding that the company’s App Tracking …

** Dec 24, 2025 ** The Hacker News Password Management / Access Control Every year, cybercriminals find new ways to steal money and data from businesses. Breaching a business network, extracting …

Cybersecurity researchers have discovered two malicious Google Chrome extensions with the same name and published by the same developer that come with capabilities to intercept traffic and capture …

Denmark Accuses Russia of Conducting Two Cyberattacks News : The Danish Defence Intelligence Service (DDIS) announced on Thursday that Moscow was behind a cyber-attack on a Danish water utility in …

** Dec 23, 2025 ** Ravie Lakshmanan Financial Crime / Law Enforcement The U.S. Justice Department (DoJ) on Monday announced the seizure of a web domain and database that it said was used to further a …

Passwd is designed specifically for organizations operating within Google Workspace. Rather than competing as a general consumer password manager, its purpose is narrow, and business-focused: secure …

A law enforcement operation coordinated by INTERPOL has led to the recovery of $3 million and the arrest of 574 suspects by authorities from 19 countries, amidst a continued crackdown on cybercrime …

** Dec 23, 2025 ** Ravie Lakshmanan Cybersecurity / Surveillance The U.S. Federal Communications Commission (FCC) on Monday announced a ban on all drones and critical components made in a foreign …

** Dec 23, 2025 ** Ravie Lakshmanan Vulnerability / Workflow Automation A critical security vulnerability has been disclosed in the n8n workflow automation platform that, if successfully exploited, …

Microsoft Is Finally Killing RC4 After twenty-six years, Microsoft is finally upgrading the last remaining instance of the encryption algorithm RC4 in Windows. of the most visible holdouts in …

As the internet becomes an essential part of daily life, its environmental footprint continues to grow. Data centers, constant connectivity, and resource-heavy browsing habits all contribute to energy …

Cybersecurity researchers have disclosed details of a new malicious package on the npm repository that works as a fully functional WhatsApp API, but also contains the ability to intercept every …

** Dec 22, 2025 ** Ravie Lakshmanan Hacking News / Cybersecurity Cyber threats last week showed how attackers no longer need big hacks to cause big damage. They’re going after the everyday tools …