AI Security Roundup

** Nov 30, 2025 ** Ravie Lakshmanan Hacktivism / Vulnerability The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has updated its Known Exploited Vulnerabilities ( KEV ) catalog to …

Prompt Injection Through Poetry In a new paper, “ Adversarial Poetry as a Universal Single-Turn Jailbreak Mechanism in Large Language Models ,” researchers found that turning LLM prompts into poetry …

** Nov 28, 2025 ** Ravie Lakshmanan Supply Chain Attack / Malware The North Korean threat actors behind the Contagious Interview campaign have continued to flood the npm registry with 197 more …

Friday Squid Blogging: Flying Neon Squid Found on Israeli Beach A meter-long flying neon squid ( Ommastrephes bartramii ) was found dead on an Israeli beach. The species is rare in the Mediterranean. …

** Nov 28, 2025 ** Ravie Lakshmanan Malware / Vulnerability Cybersecurity researchers have discovered vulnerable code in legacy Python packages that could potentially pave the way for a supply chain …

** Nov 28, 2025 ** The Hacker News Enterprise Security / Threat Detection As IT environments become increasingly distributed and organizations adopt hybrid and remote work at scale, traditional …

** Nov 28, 2025 ** Ravie Lakshmanan Email Security / Enterprise Security Cybersecurity researchers have shed light on a cross-tenant blind spot that allows attackers to bypass Microsoft Defender for …

** Nov 27, 2025 ** Ravie Lakshmanan Web Security / Zero Trust Microsoft has announced plans to improve the security of Entra ID authentication by blocking unauthorized script injection attacks …

** Nov 27, 2025 ** Ravie Lakshmanan Malware / Social Engineering The threat actor known as Bloody Wolf has been attributed to a cyber attack campaign that has targeted Kyrgyzstan since at least June …

** Nov 27, 2025 ** Ravie Lakshmanan Cybersecurity / Hacking News Hackers have been busy again this week. From fake voice calls and AI-powered malware to huge money-laundering busts and new scams, …

** Nov 27, 2025 ** Ravie Lakshmanan Ransomware / Cloud Security Gainsight has disclosed that the recent suspicious activity targeting its applications has affected more customers than previously …

The second wave of the Shai-Hulud supply chain attack has spilled over to the Maven ecosystem after compromising more than 830 packages in the npm registry. The Socket Research Team said it identified …

South Korea’s financial sector has been targeted by what has been described as a sophisticated supply chain attack that led to the deployment of Qilin ransomware. “This operation combined …

Enterprises today are expected to have at least 6-8 detection tools, as detection is considered a standard investment and the first line of defense. Yet security leaders struggle to justify dedicating …

Huawei and Chinese Surveillance This quote is from House of Huawei: The Secret History of China’s Most Powerful Company . “Long before anyone had heard of Ren Zhengfei or Huawei, Wan Runnan had been …

** Nov 26, 2025 ** The Hacker News Software Security / Patch Management If you’re using community tools like Chocolatey or Winget to keep systems updated, you’re not alone. These platforms …

** Nov 26, 2025 ** Ravie Lakshmanan Malware / Cyber Espionage The threat actors behind a malware family known as RomCom targeted a U.S.-based civil engineering company via a JavaScript loader dubbed …

The U.S. Federal Bureau of Investigation (FBI) has warned that cybercriminals are impersonating financial institutions with an aim to steal money or sensitive information to facilitate account …

** Nov 26, 2025 ** Ravie Lakshmanan Browser Security / Cryptocurrency Cybersecurity researchers have discovered a new malicious extension on the Chrome Web Store that’s capable of injecting a …

** Nov 25, 2025 ** Ravie Lakshmanan Data Exposure / Cloud Security New research has found that organizations in various sensitive sectors, including governments, telecoms, and critical infrastructure, …

Cybersecurity researchers are calling attention to a new campaign that’s leveraging a combination of ClickFix lures and fake adult websites to deceive users into running malicious commands under …

** Nov 25, 2025 ** Ravie Lakshmanan Malware / Vulnerability The threat actor known as ToddyCat has been observed adopting new methods to obtain access to corporate email data belonging to target …

Four Ways AI Is Being Used to Strengthen Democracies Worldwide Democracy is colliding with the technologies of artificial intelligence. Judging from the audience reaction at the recent World Forum on …

** Nov 25, 2025 ** Ravie Lakshmanan Malware / Browser Security Cybersecurity researchers have disclosed details of a new campaign that has leveraged Blender Foundation files to deliver an information …

** Nov 25, 2025 ** Ravie Lakshmanan Spyware / Mobile Security The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday issued an alert warning of bad actors actively leveraging …