AI Security Roundup

A financially motivated data theft and extortion group is attempting to inject itself into the Iran war, unleashing a worm that spreads through poorly secured cloud services and wipes data on infected …

** Ravie Lakshmanan ** Mar 23, 2026 Email Security / Cloud Security Microsoft has warned of fresh campaigns that are capitalizing on the upcoming tax season in the U.S. to harvest credentials and …

AWS Bedrock is Amazon’s platform for building AI-powered applications. It gives developers access to foundation models and the tools to connect those models directly to enterprise data and …

** Ravie Lakshmanan ** Mar 23, 2026 Cybersecurity / Hacking Another week, another reminder that the internet is still a mess. Systems people thought were secure are being broken in simple ways, …

The North Korean threat actors behind the Contagious Interview campaign, also tracked as WaterPlum, have been attributed to a malware family tracked as StoatWaffle that’s distributed via …

ISC Stormcast For Thursday, March 19th, 2026 https://isc.sans.edu/podcastdetail/9856

This activity was found and reported by BACS student Adam Thorman as part of one of his assignments which I posted his final paper [ 1 ] last week. This activity appeared to only have occurred on the …

ISC Stormcast For Friday, March 20th, 2026 https://isc.sans.edu/podcastdetail/9858

Yesterday, I discovered a malicious Bash script that installs a GSocket backdoor on the victim’s computer. I don’t know the source of the script not how it is delivered to the victim. GSocket[ 1 ] is …

ISC Stormcast For Monday, March 23rd, 2026 https://isc.sans.edu/podcastdetail/9860

The U.S. Justice Department joined authorities in Canada and Germany in dismantling the online infrastructure behind four highly disruptive botnets that compromised more than three million Internet of …

Hacking a Robot Vacuum Someone tries to remote control his own DJI Romo vacuum, and ends up controlling 7,000 of them from all around the world. The IoT is horribly insecure, but we already knew that …

Proton Mail Shared User Information with the Police 404 Media has a story about Proton Mail giving subscriber data to the Swiss government, who passed the information to the FBI. It’s metadata—payment …

** The Hacker News ** Mar 20, 2026 Artificial Intelligence / Data Protection Artificial Intelligence (AI) is changing how individuals and organizations conduct many activities, including how …

** Ravie Lakshmanan ** Mar 20, 2026 Data Privacy / Mobile Security Google on Thursday announced a new “advanced flow” for Android sideloading that requires a mandatory 24-hour wait period …

Friday Squid Blogging: Jumbo Flying Squid in the South Pacific The population needs better conservation. As usual, you can also use this squid post to talk about the security stories in the news that …

A critical security flaw impacting Langflow has come under active exploitation within 20 hours of public disclosure, highlighting the speed at which threat actors weaponize newly published …

The threat actors behind the supply chain attack targeting the popular Trivy scanner are suspected to be conducting follow-on attacks that have led to the compromise of a large number of npm packages …

Trivy, a popular open-source vulnerability scanner maintained by Aqua Security, was compromised a second time within the span of a month to deliver malware capable of stealing sensitive CI/CD secrets. …

** Ravie Lakshmanan ** Mar 21, 2026 Vulnerability / Threat Intelligence The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added five security flaws impacting Apple, Craft CMS, …

** Ravie Lakshmanan ** Mar 21, 2026 Vulnerability / Threat Intelligence Oracle has released security updates to address a critical security flaw impacting Identity Manager and Web Services Manager …

** Ravie Lakshmanan ** Mar 21, 2026 Cyber Espionage / Threat Intelligence Threat actors affiliated with Russian Intelligence Services are conducting phishing campaigns to compromise commercial …

ISC Stormcast For Wednesday, March 18th, 2026 https://isc.sans.edu/podcastdetail/9854

A very popular target of attackers scanning our honeypots is “phpmyadmin”. phpMyAdmin is a script first released in the late 90s, before many security concepts had been discovered. …

Meta’s AI Glasses and Privacy Surprising no one, Meta’s new AI glasses are a privacy disaster . I’m not sure what can be done here. This is a technology that will exist, whether we like it or not. …