AI Security Roundup

** The Hacker News ** Apr 14, 2026 Application Security / DevSecOps OX Security recently analyzed 216 million security findings across 250 organizations over a 90-day period. The primary takeaway: …

** Ravie Lakshmanan ** Apr 14, 2026 Data Theft / Browser Security Cybersecurity researchers have discovered a new campaign in which a cluster of 108 Google Chrome extensions has been found to …

** Ravie Lakshmanan ** Apr 14, 2026 Vulnerability / Network Security A critical security vulnerability impacting ShowDoc , a document management and collaboration service popular in China, has come …

** Ravie Lakshmanan ** Apr 14, 2026 Vulnerability / Network Security The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added half a dozen security flaws to its Known Exploited …

ISC Stormcast For Tuesday, April 14th, 2026 https://isc.sans.edu/podcastdetail/9890

** Ravie Lakshmanan ** Apr 13, 2026 Threat Intelligence / Malware Banks and financial institutions in Latin American countries like Brazil and Mexico have continued to be the target of a malware …

On Anthropic’s Mythos Preview and Project Glasswing The cybersecurity industry is obsessing over Anthropic’s new model, Claude Mythos Preview, and its effects on cybersecurity. Anthropic said that it …

** Ravie Lakshmanan ** Apr 13, 2026 Cybercrime / Threat Intelligence The U.S. Federal Bureau of Investigation (FBI), in partnership with the Indonesian National Police, has dismantled the …

Last week, I wrote about attackers scanning for various webshells, hoping to find some that do not require authentication or others that use well-known credentials. But some attackers are paying …

Anthropic restricted its Mythos Preview model last week after it autonomously found and exploited zero-day vulnerabilities in every major operating system and browser. Palo Alto Networks’ Wendi …

** Ravie Lakshmanan ** Apr 13, 2026 Cybersecurity / Hacking Monday is back, and the weekend’s backlog of chaos is officially hitting the fan. We are tracking a critical zero-day that has been quietly …

** Ravie Lakshmanan ** Apr 13, 2026 Social Engineering / Threat Intelligence The North Korean hacking group tracked as APT37 (aka ScarCruft) has been attributed to a fresh multi-stage, social …

AI Chatbots and Trust All the leading AI chatbots are sycophantic, and that’s a problem : Participants rated sycophantic AI responses as more trustworthy than balanced ones. They also said they were …

OpenAI revealed a GitHub Actions workflow used to sign its macOS apps, which downloaded the malicious Axios library on March 31, but noted that no user data or internal system was compromised. …

ISC Stormcast For Monday, April 13th, 2026 https://isc.sans.edu/podcastdetail/9888

** Ravie Lakshmanan ** Apr 12, 2026 Malware / Threat Intelligence Unknown threat actors compromised CPUID (“cpuid[.]com”), a website that hosts popular hardware monitoring tools like …

** Ravie Lakshmanan ** Apr 12, 2026 Vulnerability / Endpoint Security Adobe has released emergency updates to fix a critical security flaw in Acrobat Reader that has come under active exploitation in …

Hungarian domestic intelligence, the national police in El Salvador, and several U.S. law enforcement and police departments have been attributed to the use of an advertising-based global geolocation …

Friday Squid Blogging: Squid Overfishing in the South Pacific Regulation is hard : The South Pacific Regional Fisheries Management Organization (SPRFMO) oversees fishing across roughly 59 million …

** Ravie Lakshmanan ** Apr 10, 2026 Malware / Blockchain Cybersecurity researchers have flagged yet another evolution of the ongoing GlassWorm campaign, which employs a new Zig dropper that’s …

Sen. Sanders Talks to Claude About AI and Privacy Claude is actually pretty good on the issues. Tags: AI , privacy , video Posted on April 10, 2026 at 6:41 AM • 0 Comments

** Ravie Lakshmanan ** Apr 10, 2026 Vulnerability / Threat Intelligence A critical security vulnerability in Marimo , an open-source Python notebook for data science and analysis, has been exploited …

While much of the discussion on AI security centers around protecting ‘shadow’ AI and GenAI consumption, there’s a wide-open window nobody’s guarding: AI browser extensions. A new report …

** Ravie Lakshmanan ** Apr 10, 2026 Malware / Browser Security Google has made Device Bound Session Credentials ( DBSC ) generally available to all Windows users of its Chrome web browser, months …

I spotted an interesting piece of JavaScript code that was delivered via a phishing email in a RAR archive. The file was called “cbmjlzan.JS” …