AI Security Roundup

Since the last update , the TeamPCP supply chain campaign produced its loudest stretch since the March Trivy disclosure: an officially confirmed Checkmarx Jenkins plugin compromise and a new …

ISC Stormcast For Tuesday, May 19th, 2026 <https://isc.sans.edu/podcastdetail/9936>

ISC Stormcast For Wednesday, May 20th, 2026 <https://isc.sans.edu/podcastdetail/9938>

ISC Stormcast For Thursday, May 21st, 2026 <https://isc.sans.edu/podcastdetail/9940>

Recently, Rob wrote about a tool, Proxifier , that can intercept requests from specific processes. Proxifier is available for Windows, macOS, and Android. But I have not seen a generic Linux option …

ISC Stormcast For Friday, May 22nd, 2026 <https://isc.sans.edu/podcastdetail/9942>

I found a Node.js stealer that looked pretty well obfuscated. The file was not running out-of-the-box because it was uploaded on VT as “extracted-decoded.js” (and reformated). The SHA256 is …

In March 2026, attackers exploited a pull_request_target misconfiguration in the aquasecurity/trivy-action GitHub Action to exfiltrate organization and repository secrets, then used those credentials …

Until this past weekend, a contractor for the Cybersecurity & Infrastructure Security Agency (CISA) maintained a public GitHub repository that exposed credentials to several highly privileged AWS …

Canadian authorities on Wednesday arrested a 23-year-old Ottawa man on suspicion of building and operating Kimwolf , a fast spreading Internet-of-Things botnet that enslaved millions of devices for …

Lawmakers in both houses of Congress are demanding answers from the U.S. Cybersecurity & Infrastructure Security Agency (CISA) after KrebsOnSecurity reported this week that a CISA contractor …

Zero-Day Exploit Against Windows BitLocker It’s nasty , but it requires physical access to the computer: > The exploit, named YellowKey, was > published > earlier this week by a researcher …

On AI Security Good report : > Executive Summary: > Let’s say you wanted to make sure that your AI is secure. Can you just maximize the security and privacy benchmark and call it a day? Nope, …

macOS Kernel Memory Corruption Exploit A group used Anthropic’s Mythos AI model to help find a kernel memory corruption vulnerability and exploit on Apple’s M5. News article . Tags: AI , Apple , …

Laurie Anderson Is Quoting Me Not by name, but Laurie Anderson quotes me in one of the tracks of her new album: > My favorite quote is from a cryptologist who said “If you think technology will …

CISA Security Leak Crazy story : > Until this past weekend, a contractor for the Cybersecurity & Infrastructure Security Agency (CISA) maintained a public GitHub repository that exposed …

Cybersecurity researchers have disclosed details of a new Linux malware dubbed Showboat that has been put to use in a campaign targeting a telecommunications provider in the Middle East since at least …

Friday Squid Blogging: Regulating Squid Fishing in the South Pacific The South Pacific Regional Fisheries Management Organization (SPRFMO) needs to regulate squid fishing in the South Pacific. As …

** Ravie Lakshmanan ** May 22, 2026 Vulnerability / Network Security Cisco has rolled out updates for a maximum-severity security flaw impacting Secure Workload that could allow an unauthenticated, …

** Ravie Lakshmanan ** May 22, 2026 Vulnerability / Cyber Attack The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added two security flaws impacting Langflow and Trend …

** Ravie Lakshmanan ** May 22, 2026 Cybercrime / Law Enforcement The U.S. Department of Justice (DoJ) on Thursday announced the arrest of a Canadian man in connection with allegedly operating a …

Cybersecurity researchers have disclosed details of a new automated campaign called Megalodon that has pushed 5,718 malicious commits to 5,561 GitHub repositories within a six-hour window. …

1 Introduction This article provides a technical analysis of how many Windows kernel mode drivers can be interacted with from user mode without the hardware they were developed for. This work was …

** Ravie Lakshmanan ** May 22, 2026 Malware / Artificial Intelligence The Belarus-aligned threat actor known as Ghostwriter (aka UAC-0057 and UNC1151Ukraine’s National Security and Defense …

Authorities in Europe and North America have announced the dismantling of a criminal virtual private network (VPN) service used by criminal actors to obscure the origins of ransomware attacks, data …