AI Security Roundup

The Constitutionality of Geofence Warrants The US Supreme Court is considering the constitutionality of geofence warrants. The case centers on the trial of Okello Chatrie, a Virginia man who pleaded …

** Ravie Lakshmanan ** Jan 27, 2026 Vulnerability / Cloud Security A critical security flaw has been disclosed in Grist‑Core , an open-source, self-hosted version of the Grist relational …

** Ravie Lakshmanan ** Jan 27, 2026 Web Security / Malware Cybersecurity researchers have discovered a JScript -based command-and-control (C2) framework called PeckBirdy that has been put to use by …

** Ravie Lakshmanan ** Jan 27, 2026 Zero-Day / Vulnerability Microsoft on Monday issued out-of-band security patches for a high-severity Microsoft Office zero-day vulnerability exploited in attacks. …

ISC Stormcast For Tuesday, January 27th, 2026 https://isc.sans.edu/podcastdetail/9782

[This is a Guest Diary by Fares Azhari, an ISC intern as part of the SANS.edu BACS program] Romance scams are a form of social-engineering fraud that causes both financial and emotional harm. They …

** Ravie Lakshmanan ** Jan 26, 2026 AI Security / Vulnerability Cybersecurity researchers have discovered two malicious Microsoft Visual Studio Code (VS Code) extensions that are advertised as …

** Ravie Lakshmanan ** Jan 26, 2026 Cyber Espionage / Malware Cybersecurity researchers have discovered an ongoing campaign that’s targeting Indian users with a multi-stage backdoor as part of a …

** Ravie Lakshmanan ** Jan 26, 2026 Hacking News / Cybersecurity Security failures rarely arrive loudly. They slip in through trusted tools, half-fixed problems, and habits people stop questioning. …

** The Hacker News ** Jan 26, 2026 Endpoint Security / Artificial Intelligence If there’s a constant in cybersecurity, it’s that adversaries are always innovating. The rise of offensive AI …

Ireland Proposes Giving Police New Digital Surveillance Powers This is coming : The Irish government is planning to bolster its police’s ability to intercept communications, including encrypted …

** Ravie Lakshmanan ** Jan 26, 2026 Malware / Endpoint Security The North Korean threat actor known as Konni has been observed using PowerShell malware generated using artificial intelligence (AI) …

Based on the sensors reporting to ISC, this activity started on the 13 Jan 2026. My own sensor started seeing the first scan on the 21 Jan 2026 with limited probes. So far, this activity has been …

ISC Stormcast For Monday, January 26th, 2026 https://isc.sans.edu/podcastdetail/9780

A new multi-stage phishing campaign has been observed targeting users in Russia with ransomware and a remote access trojan called Amnesia RAT. “The attack begins with social engineering lures …

AI agents are accelerating how work gets done. They schedule meetings, access data, trigger workflows, write code, and take action in real time, pushing productivity beyond human speed across the …

** Ravie Lakshmanan ** Jan 24, 2026 Malware / Critical Infrastructure The Russian nation-state hacking group known as Sandworm has been attributed to what has been described as the “largest …

** Ravie Lakshmanan ** Jan 24, 2026 Vulnerability / Enterprise Security The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added a critical security flaw affecting Broadcom …

Friday Squid Blogging: Giant Squid in the Star Trek Universe Spock befriends a giant space squid in the comic Star Trek: Strange New Worlds: The Seeds of Salvation #5. As usual, you can also use this …

** Ravie Lakshmanan ** Jan 23, 2026 Vulnerability / Software Security The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added four security flaws to its Known Exploited …

** Ravie Lakshmanan ** Jan 23, 2026 Network Security / Vulnerability Fortinet has officially confirmed that it’s working to completely plug a FortiCloud SSO authentication bypass vulnerability …

** Ravie Lakshmanan ** Jan 23, 2026 Regulatory Compliance / National Security TikTok on Friday officially announced that it formed a joint venture that will allow the hugely popular video-sharing …

** Ravie Lakshmanan ** Jan 23, 2026 Email Security / Endpoint Security Cybersecurity researchers have disclosed details of a new dual-vector campaign that leverages stolen credentials to deploy …

AIs are Getting Better at Finding and Exploiting Internet Vulnerabilities Really interesting blog post from Anthropic: In a recent evaluation of AI models’ cyber capabilities, current Claude models …

Microsoft has warned of a multi‑stage adversary‑in‑the‑middle ( AitM ) phishing and business email compromise (BEC) campaign targeting multiple organizations in the energy sector. “The campaign …