Until this past weekend, a contractor for the Cybersecurity & Infrastructure Security Agency (CISA) maintained a public GitHub repository that exposed credentials to several highly privileged AWS …
AI Security Roundup
Daily AI security roundup covering malware, vulnerabilities, defensive research, cloud risk, and incident response signals from trusted technical sources.
Canadian authorities on Wednesday arrested a 23-year-old Ottawa man on suspicion of building and operating Kimwolf , a fast spreading Internet-of-Things botnet that enslaved millions of devices for …
Lawmakers in both houses of Congress are demanding answers from the U.S. Cybersecurity & Infrastructure Security Agency (CISA) after KrebsOnSecurity reported this week that a CISA contractor …
Zero-Day Exploit Against Windows BitLocker It’s nasty , but it requires physical access to the computer: > The exploit, named YellowKey, was > published > earlier this week by a researcher …
On AI Security Good report : > Executive Summary: > Let’s say you wanted to make sure that your AI is secure. Can you just maximize the security and privacy benchmark and call it a day? Nope, …
macOS Kernel Memory Corruption Exploit A group used Anthropic’s Mythos AI model to help find a kernel memory corruption vulnerability and exploit on Apple’s M5. News article . Tags: AI , Apple , …
Laurie Anderson Is Quoting Me Not by name, but Laurie Anderson quotes me in one of the tracks of her new album: > My favorite quote is from a cryptologist who said “If you think technology will …
CISA Security Leak Crazy story : > Until this past weekend, a contractor for the Cybersecurity & Infrastructure Security Agency (CISA) maintained a public GitHub repository that exposed …
Cybersecurity researchers have disclosed details of a new Linux malware dubbed Showboat that has been put to use in a campaign targeting a telecommunications provider in the Middle East since at least …
Friday Squid Blogging: Regulating Squid Fishing in the South Pacific The South Pacific Regional Fisheries Management Organization (SPRFMO) needs to regulate squid fishing in the South Pacific. As …
** Ravie Lakshmanan ** May 22, 2026 Vulnerability / Network Security Cisco has rolled out updates for a maximum-severity security flaw impacting Secure Workload that could allow an unauthenticated, …
** Ravie Lakshmanan ** May 22, 2026 Vulnerability / Cyber Attack The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added two security flaws impacting Langflow and Trend …
** Ravie Lakshmanan ** May 22, 2026 Cybercrime / Law Enforcement The U.S. Department of Justice (DoJ) on Thursday announced the arrest of a Canadian man in connection with allegedly operating a …
Cybersecurity researchers have disclosed details of a new automated campaign called Megalodon that has pushed 5,718 malicious commits to 5,561 GitHub repositories within a six-hour window. …
1 Introduction This article provides a technical analysis of how many Windows kernel mode drivers can be interacted with from user mode without the hardware they were developed for. This work was …
** Ravie Lakshmanan ** May 22, 2026 Malware / Artificial Intelligence The Belarus-aligned threat actor known as Ghostwriter (aka UAC-0057 and UNC1151Ukraine’s National Security and Defense …
Authorities in Europe and North America have announced the dismantling of a criminal virtual private network (VPN) service used by criminal actors to obscure the origins of ransomware attacks, data …
Friday Squid Blogging: Bigfin Squid Article about the bigfin squid. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Blog moderation …
** Ravie Lakshmanan ** May 17, 2026 Server Security / Vulnerability A newly disclosed security flaw impacting NGINX Plus and NGINX Open has come under active exploitation in the wild, days after its …
** Ravie Lakshmanan ** May 17, 2026 Data Breach / Cybercrime Grafana has disclosed that an “unauthorized party” obtained a token that granted them the ability to access the company’s …
** Ravie Lakshmanan ** May 16, 2026 Vulnerability / Website Security A critical security vulnerability impacting the Funnel Builder plugin for WordPress has come under active exploitation in the wild …
ai-security
EN
ISC Stormcast For Friday, May 15th, 2026 https://isc.sans.edu/podcastdetail/9934, (Fri, May 15th)
ISC Stormcast For Friday, May 15th, 2026 https://isc.sans.edu/podcastdetail/9934
This is a Guest Diary by Gokul Prema Thangavel, an ISC intern as part of the SANS.edu Bachelor Degree Program. Introduction The SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 …
** Ravie Lakshmanan ** May 15, 2026 Vulnerability / Credential Theft The U.S.Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a newly disclosed vulnerability impacting Cisco …
Bypassing On-Camera Age-Verification Checks Some AI-based video age-verification checks can be fooled with a fake mustache . Tags: AI , biometrics Posted on May 15, 2026 at 7:06 AM • 14 Comments