AI Security Roundup

I have written about how to use IP KVMs securely , and recently, researchers at Eclypsium published yet another report on IP KVM vulnerabilities. But there is another issue I haven’t mentioned …

** Ravie Lakshmanan ** Apr 01, 2026 Email Security / Artificial Intelligence The Computer Emergency Response Team of Ukraine (CERT-UA) has disclosed details of a new phishing campaign in which the …

ISC Stormcast For Wednesday, March 25th, 2026 https://isc.sans.edu/podcastdetail/9864

Introduction This diary provides indicators from the SmartApeSG (ZPHP, HANEYMANEY) campaign I saw on Tuesday, 2026-03-24. SmartApeSG is one of many campaigns that use the ClickFix technique. This past …

Apple Patches (almost) everything again. March 2026 edition. Published 2026-03-25. Last Updated 2026-03-25 21:29:57 UTC by Johannes Ullrich (Version: 1) 0 comment(s) Apple released the next version of …

This is the first update to the TeamPCP supply chain campaign threat intelligence report, “When the Security Scanner Became the Weapon” (v3.0, March 25, 2026). That report covers the full …

ISC Stormcast For Thursday, March 26th, 2026 https://isc.sans.edu/podcastdetail/9866

Using dimensional analysis, you can categorically rule out a whole category of logic and arithmetic bugs that plague DeFi formulas. No code changes required, just better reasoning! One of the first …

We’re releasing a new Claude plugin for developing and auditing code that implements dimensional analysis, a technique we explored in our most recent blog post . Most LLM-based security skills ask the …

Team Mirai and Democracy Japan’s election last month and the rise of the country’s newest and most innovative political party, Team Mirai , illustrates the viability of a different way to do politics. …

Sen. Wyden Warns of Another Section 702 Abuse Sen. Ron Wyden is warning us of an abuse of Section 702: Wyden took to the Senate floor to deliver a lengthy speech, ostensibly about the since approved …

As the US Midterms Approach, AI Is Going to Emerge as a Key Issue Concerning Voters In December, the Trump administration signed an executive order that neutered states’ ability to regulate AI by …

** Ravie Lakshmanan ** Mar 26, 2026 Malware / Web Security Cybersecurity researchers have discovered a new payment skimmer that uses WebRTC data channels as a means to receive payloads and exfiltrate …

** Ravie Lakshmanan ** Mar 25, 2026 Cybercrime / Dark Web The alleged administrator of the LeakBase cybercrime forum has been arrested by Russian law enforcement authorities, state media reported …

** Ravie Lakshmanan ** Mar 26, 2026 Cybersecurity / Hacking News Some weeks in security feel loud. This one feels sneaky. Less big dramatic fireworks, more of that slow creeping sense that too many …

Unmasking impostors is something the art world has faced for decades, and there are valuable lessons from the works of Elmyr de Hory that can apply to the world of defensive cybersecurity. During the …

** Ravie Lakshmanan ** Mar 26, 2026 Malware / Mobile Security The kernel exploit for two security vulnerabilities used in the recently uncovered Apple iOS exploit kit known as Coruna is an updated …

** Ravie Lakshmanan ** Mar 26, 2026 Browser Security / Vulnerability Cybersecurity researchers have disclosed a vulnerability in Anthropic’s Claude Google Chrome Extension that could have been …

** The Hacker News ** Mar 26, 2026 Security Testing / Security Automation Most teams have security tools in place. Alerts are firing, dashboards look clean, threat intel is flowing in. On the surface, …

So, I’ve been slow to get on the Claude Code/OpenCode/Codex/OpenClaw bandwagon, but I had some time last week so I asked Claude to review ( /security-review ) some of my python scripts. He found …

ISC Stormcast For Tuesday, March 24th, 2026 https://isc.sans.edu/podcastdetail/9862

A long-term and ongoing campaign attributed to a China-nexus threat actor has embedded itself in telecom networks to conduct espionage against government networks. The strategic positioning activity, …

Cybersecurity researchers have uncovered malicious artifacts distributed via Docker Hub following the Trivy supply chain attack , highlighting the widening blast radius across developer environments. …

Microsoft Xbox One Hacked It’s an impressive feat , over a decade after the box was released: Since reset glitching wasn’t possible, Gaasedelen thought some voltage glitching could do the trick. So, …

** Ravie Lakshmanan ** Mar 23, 2026 Vulnerability / Endpoint Security Threat actors are suspected to be exploiting a maximum-severity security flaw impacting Quest KACE Systems Management Appliance …