AI Security Roundup

Vulnerability management is a core component of every cybersecurity strategy. However, businesses often use thousands of software without realising it (when was the last time you checked?), and …

** Dec 02, 2025 ** Ravie Lakshmanan Mobile Security / Vulnerability Google on Monday released monthly security updates for the Android operating system, including two vulnerabilities that it said have …

The AI browser wars are coming to a desktop near you, and you need to start worrying about their security challenges. For the last two decades, whether you used Chrome, Edge, or Firefox, the …

Banning VPNs This is crazy. Lawmakers in several US states are contemplating banning VPNs , because…think of the children! As of this writing, Wisconsin lawmakers are escalating their war on privacy …

** Dec 01, 2025 ** Ravie Lakshmanan Hacking News / Cybersecurity Hackers aren’t kicking down the door anymore. They just use the same tools we use every day — code packages, cloud accounts, …

A threat actor known as ShadyPanda has been linked to a seven-year-long browser extension campaign that has amassed over 4.3 million installations over time. Five of these extensions started off as …

** Dec 01, 2025 ** Ravie Lakshmanan Surveillance / National Security India’s telecommunications ministry has reportedly asked major mobile device manufacturers to preload a government-backed …

** Dec 01, 2025 ** Ravie Lakshmanan Malware / Threat Intelligence The threat actor known as Tomiris has been attributed to attacks targeting foreign ministries, intergovernmental organizations, and …

A new Android malware named Albiriox has been advertised under a malware-as-a-service (MaaS) model to offer a “full spectrum” of features to facilitate on-device fraud (ODF), screen …

** Nov 30, 2025 ** Ravie Lakshmanan Hacktivism / Vulnerability The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has updated its Known Exploited Vulnerabilities ( KEV ) catalog to …

Prompt Injection Through Poetry In a new paper, “ Adversarial Poetry as a Universal Single-Turn Jailbreak Mechanism in Large Language Models ,” researchers found that turning LLM prompts into poetry …

** Nov 28, 2025 ** Ravie Lakshmanan Supply Chain Attack / Malware The North Korean threat actors behind the Contagious Interview campaign have continued to flood the npm registry with 197 more …

Friday Squid Blogging: Flying Neon Squid Found on Israeli Beach A meter-long flying neon squid ( Ommastrephes bartramii ) was found dead on an Israeli beach. The species is rare in the Mediterranean. …

** Nov 28, 2025 ** Ravie Lakshmanan Malware / Vulnerability Cybersecurity researchers have discovered vulnerable code in legacy Python packages that could potentially pave the way for a supply chain …

** Nov 28, 2025 ** The Hacker News Enterprise Security / Threat Detection As IT environments become increasingly distributed and organizations adopt hybrid and remote work at scale, traditional …

** Nov 28, 2025 ** Ravie Lakshmanan Email Security / Enterprise Security Cybersecurity researchers have shed light on a cross-tenant blind spot that allows attackers to bypass Microsoft Defender for …

** Nov 27, 2025 ** Ravie Lakshmanan Web Security / Zero Trust Microsoft has announced plans to improve the security of Entra ID authentication by blocking unauthorized script injection attacks …

** Nov 27, 2025 ** Ravie Lakshmanan Malware / Social Engineering The threat actor known as Bloody Wolf has been attributed to a cyber attack campaign that has targeted Kyrgyzstan since at least June …

** Nov 27, 2025 ** Ravie Lakshmanan Cybersecurity / Hacking News Hackers have been busy again this week. From fake voice calls and AI-powered malware to huge money-laundering busts and new scams, …

** Nov 27, 2025 ** Ravie Lakshmanan Ransomware / Cloud Security Gainsight has disclosed that the recent suspicious activity targeting its applications has affected more customers than previously …

The second wave of the Shai-Hulud supply chain attack has spilled over to the Maven ecosystem after compromising more than 830 packages in the npm registry. The Socket Research Team said it identified …

South Korea’s financial sector has been targeted by what has been described as a sophisticated supply chain attack that led to the deployment of Qilin ransomware. “This operation combined …

Enterprises today are expected to have at least 6-8 detection tools, as detection is considered a standard investment and the first line of defense. Yet security leaders struggle to justify dedicating …

Huawei and Chinese Surveillance This quote is from House of Huawei: The Secret History of China’s Most Powerful Company . “Long before anyone had heard of Ren Zhengfei or Huawei, Wan Runnan had been …

** Nov 26, 2025 ** The Hacker News Software Security / Patch Management If you’re using community tools like Chocolatey or Winget to keep systems updated, you’re not alone. These platforms …