Daily AI security roundup covering malware, vulnerabilities, defensive research, cloud risk, and incident response signals from trusted technical sources.
** Dec 31, 2026 ** Ravie Lakshmanan Spyware / Mobile Security The U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) on Tuesday removed three individuals linked to the …
LinkedIn Job Scams Interesting article on the variety of LinkedIn job scams around the world: In India, tech jobs are used as bait because the industry employs millions of people and offers …
** Dec 30, 2026 ** Ravie Lakshmanan Vulnerability / Email Security The Cyber Security Agency of Singapore (CSA) has issued a bulletin warning of a maximum-severity security flaw in SmarterTools …
Using AI-Generated Images to Get Refunds Scammers are generating images of broken merchandise in order to apply for refunds. Tags: AI , China , scams Posted on December 30, 2025 at 7:02 AM • 0 …
The threat actor known as Silver Fox has turned its focus to India, using income tax-themed lures in phishing campaigns to distribute a modular remote access trojan called ValleyRAT (aka Winos 4.0). …
** Dec 30, 2026 ** Ravie Lakshmanan Malware / Cyber Espionage The Chinese hacking group known as Mustang Panda has leveraged a previously undocumented kernel-mode rootkit driver to deliver a new …
Artificial intelligence (AI) is making its way into security operations quickly, but many practitioners are still struggling to turn early experimentation into consistent operational value. This is …
KrebsOnSecurity.com celebrates its 16th anniversary today! A huge “thank you” to all of our readers — newcomers, long-timers and drive-by critics alike. Your engagement this past year here has been …
** Dec 29, 2026 ** Ravie Lakshmanan Hacking News / Cybersecurity Last week’s cyber news in 2025 was not about one big incident. It was about many small cracks opening at the same time. Tools …
In December 2024, the popular Ultralytics AI library was compromised, installing malicious code that hijacked system resources for cryptocurrency mining. In August 2025 , malicious Nx packages leaked …
** Dec 29, 2026 ** Ravie Lakshmanan Database Security / Vulnerability A recently disclosed security vulnerability in MongoDB has come under active exploitation in the wild, with over 87,000 …
Are We Ready to Be Governed by Artificial Intelligence? Artificial Intelligence (AI) overlords are a common trope in science-fiction dystopias, but the reality looks much more prosaic. The …
Cybersecurity researchers have disclosed details of what has been described as a “sustained and targeted” spear-phishing campaign that has published over two dozen packages to the npm …
ISC Stormcast For Sunday, December 28th, 2025 https://isc.sans.edu/podcastdetail/9750
** Dec 27, 2025 ** Ravie Lakshmanan Database Security / Vulnerability A high-severity security flaw has been disclosed in MongoDB that could allow unauthenticated users to read uninitialized heap …
** Dec 26, 2025 ** Ravie Lakshmanan Cryptocurrency / Incident Response Trust Wallet is urging users to update its Google Chrome extension to the latest version following what it described as a …
IoT Hack Someone hacked an Italian ferry . It looks like the malware was installed by someone on the ferry, and not remotely. Tags: France , hacking , Internet of Things , malware Posted on December …
Friday Squid Blogging: Squid Camouflage New research : Abstract: Coleoid cephalopods have the most elaborate camouflage system in the animal kingdom. This enables them to hide from or deceive both …
A China-linked advanced persistent threat (APT) group has been attributed to a highly-targeted cyber espionage campaign in which the adversary poisoned Domain Name System (DNS) requests to deliver its …
** Dec 26, 2025 ** Ravie Lakshmanan AI Security / DevSecOps A critical security flaw has been disclosed in LangChain Core that could be exploited by an attacker to steal sensitive secrets and even …
** Dec 25, 2025 ** Ravie Lakshmanan Cybersecurity / Hacking News It’s getting harder to tell where normal tech ends and malicious intent begins. Attackers are no longer just breaking in — …
** Dec 25, 2025 ** Ravie Lakshmanan Data Breach / Financial Crime The encrypted vault backups stolen from the 2022 LastPass data breach have enabled bad actors to take advantage of weak master …
** Dec 25, 2025 ** Ravie Lakshmanan Vulnerability / Enterprise Security Fortinet on Wednesday said it observed “recent abuse” of a five-year-old security flaw in FortiOS SSL VPN in the …
** Dec 25, 2025 ** Ravie Lakshmanan Vulnerability / Endpoint Security The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a security flaw impacting Digiever DS-2105 Pro network …
Urban VPN Proxy Surreptitiously Intercepts AI Chats This is pretty scary : Urban VPN Proxy targets conversations across ten AI platforms: ChatGPT, Claude, Gemini, Microsoft Copilot, Perplexity, …
