AI Security Roundup

** Mohit Kumar ** Apr 16, 2026 Artificial Intelligence / Enterprise Security In 2024, compromised service accounts and forgotten API keys were behind 68% of cloud breaches. Not phishing. Not weak …

** Ravie Lakshmanan ** Apr 16, 2026 Application Security / Threat Intelligence A “novel” social engineering campaign has been observed abusing Obsidian, a cross-platform note-taking …

** The Hacker News ** Apr 16, 2026 Data Privacy / Compliance A bank approved a Taboola pixel. That pixel quietly redirected logged-in users to a Temu tracking endpoint. This occurred without the …

** Ravie Lakshmanan ** Apr 16, 2026 Vulnerability / Network Security Cisco has announced patches to address four critical security flaws impacting Identity Services and Webex Services that could …

Human Trust of AI Agents Interesting research: “ Humans expect rationality and cooperation from LLM opponents in strategic games .” Abstract: As Large Language Models (LLMs) integrate into our social …

** Ravie Lakshmanan ** Apr 16, 2026 Malware / Threat Intelligence The Computer Emergencies Response Team of Ukraine (CERT-UA) has disclosed details of a new campaign that has targeted governments and …

ISC Stormcast For Thursday, April 16th, 2026 https://isc.sans.edu/podcastdetail/9894

[This is a Guest Diary by Alec Jaffe, an ISC intern as part of the SANS.edu Bachelor’s Degree in Applied Cybersecurity (BACS) program [1]. Security cameras are great at monitoring physical …

** Ravie Lakshmanan ** Apr 15, 2026 Threat Intelligence / Cloud Security Threat actors have been observed weaponizing n8n , a popular artificial intelligence (AI) workflow automation platform, to …

Few technologies have moved from experimentation to boardroom mandate as quickly as AI. Across industries, leadership teams have embraced its broader potential, and boards, investors, and executives …

** Ravie Lakshmanan ** Apr 15, 2026 Vulnerability / Data Breach A number of critical vulnerabilities impacting products from Adobe, Fortinet, Microsoft, and SAP have taken center stage in …

** Ravie Lakshmanan ** Apr 15, 2026 Web Security / Vulnerability A recently disclosed critical security flaw impacting nginx-ui, an open-source, web-based Nginx management tool, has come under active …

Defense in Depth, Medieval Style This article on the walls of Constantinople is fascinating. The system comprised four defensive lines arranged in formidable layers: The brick-lined ditch, divided by …

Microsoft on Tuesday released updates to address a record 169 security flaws across its product portfolio, including one vulnerability that has been actively exploited in the wild. Of these 169 …

** Ravie Lakshmanan ** Apr 15, 2026 Vulnerability / Secure Coding OpenAI on Tuesday unveiled GPT-5.4-Cyber , a variant of its latest flagship model, GPT‑5.4 , that’s specifically optimized for …

Starting March 10, 2026, my DShield sensor started getting probe for various AI models such as claude, openclaw, huggingface, etc. Reviewing the data already reported by other DShield sensors to ISC, …

ISC Stormcast For Wednesday, April 15th, 2026 https://isc.sans.edu/podcastdetail/9892

Microsoft today pushed software updates to fix a staggering 167 security vulnerabilities in its Windows operating systems and related software, including a SharePoint Server zero-day and a publicly …

Microsoft Patch Tuesday April 2026. Published 2026-04-14. Last Updated 2026-04-14 17:46:09 UTC by Johannes Ullrich (Version: 1) 0 comment(s) This month’s Microsoft Patch Tuesday looks like a …

** Ravie Lakshmanan ** Apr 14, 2026 Vulnerability / DevSecOps Two high-severity security vulnerabilities have been disclosed in Composer, a package manager for PHP, that, if successfully exploited, …

Upcoming Speaking Engagements This is a current list of where and when I am scheduled to speak: I’m speaking at DemocracyXChange 2026 in Toronto, Ontario, Canada, on April 18, 2026. I’m speaking at …

Cybersecurity researchers have unmasked a novel ad fraud scheme that has been found to leverage search engine poisoning (SEO) techniques and artificial intelligence (AI)-generated content to push …

** Ravie Lakshmanan ** Apr 14, 2026 Mobile Security / Network Security Google has announced the integration of a Rust-based Domain Name System (DNS) parser into the modem firmware as part of its …

A nascent Android remote access trojan called Mirax has been observed actively targeting Spanish-speaking countries, with campaigns reaching more than 220,000 accounts on Facebook, Instagram, …

How Hackers Are Thinking About AI Interesting paper: “ What hackers talk about when they talk about AI: Early-stage diffusion of a cybercrime innovation. ” Abstract: The rapid expansion of artificial …