AI Security Roundup

ISC Stormcast For Monday, December 22nd, 2025 https://isc.sans.edu/podcastdetail/9748

Threat actors have been observed leveraging malicious dropper apps masquerading as legitimate applications to deliver an Android SMS stealer dubbed Wonderland in mobile attacks targeting users in …

Threat hunters have discerned new activity associated with an Iranian threat actor known as Infy (aka Prince of Persia), nearly five years after the hacking group was observed targeting victims in …

** Dec 20, 2025 ** Ravie Lakshmanan Cybercrime / ATM Security The U.S. Department of Justice (DoJ) this week announced the indictment of 54 individuals in connection with a multi-million dollar ATM …

The Trump administration has pursued a staggering range of policy pivots this past year that threaten to weaken the nation’s ability and willingness to address a broad spectrum of technology …

AI Advertising Company Hacked At least some of this is coming to light : Doublespeed, a startup backed by Andreessen Horowitz (a16z) that uses a phone farm to manage at least hundreds of AI-generated …

** Dec 19, 2025 ** Ravie Lakshmanan Cybersecurity / Cloud Security A suspected Russia-aligned group has been attributed to a phishing campaign that employs device code authentication workflows to …

Friday Squid Blogging: Petting a Squid Video from Reddit shows what could go wrong when you try to pet a—looks like a Humboldt—squid. As usual, you can also use this squid post to talk about the …

Cybersecurity researchers have disclosed details of a new campaign that has used cracked software distribution sites as a distribution vector for a new version of a modular and stealthy loader known …

** Dec 19, 2025 ** Ravie Lakshmanan Vulnerability / Network Security WatchGuard has released fixes to address a critical security flaw in Fireware OS that it said has been exploited in real-world …

** Dec 19, 2025 ** Ravie Lakshmanan Cybercrime / Law Enforcement Authorities in Nigeria have announced the arrest of three “high-profile internet fraud suspects” who are alleged to have …

** Dec 19, 2025 ** Ravie Lakshmanan Firmware Security / Vulnerability Certain motherboard models from vendors like ASRock, ASUSTeK Computer, GIGABYTE, and MSI are affected by a security vulnerability …

ISC Stormcast For Friday, December 19th, 2025 https://isc.sans.edu/podcastdetail/9746

Someone Boarded a Plane at Heathrow Without a Ticket or Passport I’m sure there’s a story here : Sources say the man had tailgated his way through to security screening and passed security, meaning he …

** Dec 18, 2025 ** Ravie Lakshmanan Cybersecurity / Hacking News This week’s ThreatsDay Bulletin tracks how attackers keep reshaping old tools and finding new angles in familiar systems. Small …

Within the past year, artificial intelligence copilots and agents have quietly permeated the SaaS applications businesses use every day. Tools like Zoom, Slack, Microsoft 365, Salesforce, and …

ISC Stormcast For Thursday, December 18th, 2025 https://isc.sans.edu/podcastdetail/9744

** Dec 18, 2025 ** Ravie Lakshmanan Vulnerability / Enterprise Security Hewlett Packard Enterprise (HPE) has resolved a maximum-severity security flaw in OneView Software that, if successfully …

** Dec 18, 2025 ** Ravie Lakshmanan Malware / Cloud Security A previously undocumented China-aligned threat cluster dubbed LongNosedGoblin has been attributed to a series of cyber attacks targeting …

Since the end of the year is quickly approaching, it is undoubtedly a good time to look back at what the past twelve months have brought to us… And given that the entire cyber security profession is …

Threat actors with ties to the Democratic People’s Republic of Korea (DPRK or North Korea) have been instrumental in driving a surge in global cryptocurrency theft in 2025, accounting for at …

** Dec 18, 2025 ** Ravie Lakshmanan Vulnerability / Network Security Cisco has alerted users to a maximum-severity zero-day flaw in Cisco AsyncOS software that has been actively exploited by a …

The North Korean threat actor known as Kimsuky has been linked to a new campaign that distributes a new variant of Android malware called DocSwap via QR codes hosted on phishing sites mimicking …

** Dec 18, 2025 ** Ravie Lakshmanan Vulnerability / Software Security The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added a critical flaw impacting ASUS Live Update to …

I have already talked about various React2Shell exploit attempts we have observed in the last weeks. But new varieties of the exploit are popping up, and the most recent one is using this particular …