AI Security Roundup

** Dec 15, 2025 ** Ravie Lakshmanan Vulnerability / Software Security Multiple security vulnerabilities have been disclosed in the open-source private branch exchange (PBX) platform FreePBX, including …

In early December 2025, security researchers exposed a cybercrime campaign that had quietly hijacked popular Chrome and Edge browser extensions on a massive scale. A threat group dubbed ShadyPanda …

ISC Stormcast For Monday, December 15th, 2025 https://isc.sans.edu/podcastdetail/9738

A Google Chrome extension with a “Featured” badge and six million users has been observed silently gathering every prompt entered by users into artificial intelligence (AI)-powered …

** Dec 15, 2025 ** Ravie Lakshmanan Ransomware / Cybercrime The pro-Russian hacktivist group known as CyberVolk (aka GLORIAMIST) has resurfaced with a new ransomware-as-a-service (RaaS) offering …

Against the Federal Moratorium on State-Level Regulation of AI Cast your mind back to May of this year: Congress was in the throes of debate over the massive budget bill . Amidst the many seismic …

Wireshark 4.6.2 Released Published 2025-12-14. Last Updated 2025-12-14 16:07:32 UTC by Didier Stevens (Version: 1) 0 comment(s) Wireshark release 4.6.2 fixes 2 vulnerabilities and 5 bugs. The Windows …

Upcoming Speaking Engagements This is a current list of where and when I am scheduled to speak: I’m speaking and signing books at the Chicago Public Library in Chicago, Illinois, USA, at 6:00 PM CT on …

Cybersecurity researchers have disclosed details of an active phishing campaign that’s targeting a wide range of sectors in Russia with phishing emails that deliver Phantom Stealer via malicious …

Introduction Since as early as November 2025, the finger protocol has been used in ClickFix social engineering attacks. BleepingComputer posted a report of this activity on November 15th , and Didier …

** Dec 13, 2025 ** Ravie Lakshmanan Network Security / Vulnerability The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added a high-severity flaw impacting Sierra Wireless …

** Dec 13, 2025 ** Ravie Lakshmanan Zero-Day / Vulnerability Apple on Friday released security updates for iOS, iPadOS, macOS, tvOS, watchOS, visionOS, and its Safari web browser to address two …

Friday Squid Blogging: Giant Squid Eating a Diamondback Squid I have no context for this video —it’s from Reddit—but one of the commenters adds some context: Hey everyone, squid biologist here! Wanted …

Introduction Between July 2024 and February 2025, 6 suspicious image files were uploaded to VirusTotal. Thanks to a lead from Meta, these samples came to the attention of Google Threat Intelligence …

Cybersecurity researchers have documented four new phishing kits named BlackForce, GhostFrame, InboxPrime AI, and Spiderman that are capable of facilitating credential theft at scale. BlackForce, …

Cybersecurity researchers are calling attention to a new campaign that’s leveraging GitHub-hosted Python repositories to distribute a previously undocumented JavaScript-based Remote Access …

Building Trustworthy AI Agents The promise of personal AI assistants rests on a dangerous assumption: that we can trust systems we haven’t made trustworthy. We can’t. And today’s versions are failing …

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has urged federal agencies to patch the recent React2Shell vulnerability by December 12, 2025, amid reports of widespread exploitation. …

The browser has become the main interface to GenAI for most enterprises: from web-based LLMs and copilots, to GenAI‑powered extensions and agentic browsers like ChatGPT Atlas . Employees are …

** Dec 12, 2025 ** Ravie Lakshmanan Software Security / Vulnerability The React team has released fixes for two new types of flaws in React Server Components (RSC) that, if successfully exploited, …

ISC Stormcast For Tuesday, December 9th, 2025 https://isc.sans.edu/podcastdetail/9730

This release addresses 57 vulnerabilities. 3 of these vulnerabilities are rated critical. One vulnerability was already exploited, and two were publicly disclosed before the patch was released. …

ISC Stormcast For Wednesday, December 10th, 2025 https://isc.sans.edu/podcastdetail/9732

Last year, Kubernetes fixed a command injection vulnerability in the Kubernetes NodeLogQuery feature ( CVE-2024-9042 ) [1]. To exploit the vulnerability, several conditions had to be met: The …

Several months ago, I got a Nucbox K8 Plus minicomputer to use as a Proxmox 9 server. At the time of this acquisition, I didn’t realize this minicomputer had an artificial intelligence (AI) …