AI Security Roundup

AI as Cyberattacker From Anthropic : In mid-September 2025, we detected suspicious activity that later investigation determined to be a highly sophisticated espionage campaign. The attackers used AI’s …

** Nov 21, 2025 ** Ravie Lakshmanan Compliance / Cyber Attack The U.S. Securities and Exchange Commission (SEC) has abandoned its lawsuit against SolarWinds and its chief information security officer, …

** Nov 21, 2025 ** Ravie Lakshmanan Data Breach / SaaS Security Salesforce has warned of detected “unusual activity” related to Gainsight-published applications connected to the platform. …

Scam USPS and E-Z Pass Texts and Websites Google has filed a complaint in court that details the scam : In a complaint filed Wednesday, the tech giant accused “a cybercriminal group in China” of …

Cybersecurity researchers have warned of an actively expanding botnet dubbed Tsundere that’s targeting Windows users. Active since mid-2025, the threat is designed to execute arbitrary …

** Nov 20, 2025 ** Ravie Lakshmanan Cybersecurity / Hacking News This week has been crazy in the world of hacking and online security. From Thailand to London to the US, we’ve seen arrests, …

** Nov 20, 2025 ** Ravie Lakshmanan Malware / Mobile Security Cybersecurity researchers have disclosed details of a new Android banking trojan called Sturnus that enables credential theft and full …

** Nov 20, 2025 ** The Hacker News Online Fraud / Web Security CTM360 has identified a rapidly expanding WhatsApp account-hacking campaign targeting users worldwide via a network of deceptive …

** Nov 20, 2025 ** Ravie Lakshmanan Vulnerability / Cloud Computing Oligo Security has warned of ongoing attacks exploiting a two-year-old security flaw in the Ray open-source artificial intelligence …

** Nov 20, 2025 ** Ravie Lakshmanan Malvertising / Artificial Intelligence Threat actors are leveraging bogus installers masquerading as popular software to trick users into installing malware as part …

Legal Restrictions on Vulnerability Disclosure Kendra Albert gave an excellent talk at USENIX Security this year, pointing out that the legal agreements surrounding vulnerability disclosure muzzle …

The challenge facing security leaders is monumental: Securing environments where failure is not an option. Reliance on traditional security postures, such as Endpoint Detection and Response (EDR) to …

** Nov 19, 2025 ** Ravie Lakshmanan Vulnerability / Threat Intelligence A newly discovered campaign has compromised tens of thousands of outdated or end-of-life (EoL) ASUS routers worldwide, …

Cybersecurity researchers have disclosed details of a new campaign that leverages a combination of social engineering and WhatsApp hijacking to distribute a Delphi-based banking trojan named …

** Nov 19, 2025 ** Ravie Lakshmanan Vulnerability / Threat Intelligence A recently disclosed security flaw impacting 7-Zip has come under active exploitation in the wild, according to an advisory …

** Nov 19, 2025 ** Ravie Lakshmanan AI Security / SaaS Security Malicious actors can exploit default configurations in ServiceNow’s Now Assist generative artificial intelligence (AI) platform …

** Nov 19, 2025 ** Ravie Lakshmanan Vulnerability / Network Security Fortinet has warned of a new security flaw in FortiWeb that it said has been exploited in the wild. The medium-severity …

** Nov 19, 2025 ** Ravie Lakshmanan Cyber Espionage / Malware The threat actor known as PlushDaemon has been observed using a previously undocumented Go-based network backdoor codenamed EdgeStepper to …

The malware authors associated with a Phishing-as-a-Service (PhaaS) kit known as Sneaky 2FA have incorporated Browser-in-the-Browser (BitB) functionality into their arsenal, underscoring the continued …

Meta on Tuesday said it has made available a tool called WhatsApp Research Proxy to some of its long-time bug bounty researchers to help improve the program and more effectively research the messaging …

** Nov 18, 2025 ** Ravie Lakshmanan Malware / Web Security Cybersecurity researchers have discovered a set of seven npm packages published by a single threat actor that leverages a cloaking service …

** Nov 18, 2025 ** Ravie Lakshmanan Malware / Social Engineering Cybersecurity researchers have disclosed details of a cyber attack targeting a major U.S.-based real-estate company that involved the …

** Nov 18, 2025 ** The Hacker News Cloud Security / Compliance You’ve probably already moved some of your business to the cloud—or you’re planning to. That’s a smart move. It helps …

** Nov 18, 2025 ** Ravie Lakshmanan Cyber Espionage / Malware Suspected espionage-driven threat actors from Iran have been observed deploying backdoors like TWOSTROKE and DEEPROOT as part of continued …

Identity security fabric (ISF) is a unified architectural framework that brings together disparate identity capabilities. Through ISF, identity governance and administration (IGA), access management …