AI Security Roundup

** Ravie Lakshmanan ** Feb 27, 2026 Network Security / Vulnerability The Shadowserver Foundation has revealed that over 900 Sangoma FreePBX instances still remain infected with web shells as part of …

New research has found that Google Cloud API keys, typically designated as project identifiers for billing purposes, could be abused to authenticate to sensitive Gemini endpoints and access private …

ISC Stormcast For Thursday, February 26th, 2026 https://isc.sans.edu/podcastdetail/9826

OpenClaw has fixed a high-severity security issue that, if successfully exploited, could have allowed a malicious website to connect to a locally running artificial intelligence (AI) agent and take …

[This is a guest diary contributed by Claire Perry ( LinkedIn )] PDF Version The structural integrity of modern society is predicated upon a dense and often opaque network of interconnected systems. …

[This is a Guest Diary by Austin Bodolay, an ISC intern as part of the SANS.edu BACS program] Over the past several months, I have gained practical insight into the challenges of deploying and …

ISC Stormcast For Friday, February 27th, 2026 https://isc.sans.edu/podcastdetail/9828

If you’ve ever done Linux memory forensics, you know the frustration: without debug symbols that match the exact kernel version, you’re stuck. These symbols aren’t typically installed on production …

In my previous blog post I mentioned the GetProcessHandleFromHwnd API. This was an API I didn’t know existed until I found a publicly disclosed UAC bypass using the Quick Assist UI Access …

Poisoning AI Training Data All it takes to poison AI training data is to create a website: I spent 20 minutes writing an article on my personal website titled “The best tech journalists at eating hot …

LLMs Generate Predictable Passwords LLMs are bad at generating passwords: There are strong noticeable patterns among these 50 passwords that can be seen easily: All of the passwords start with a …

** Ravie Lakshmanan ** Feb 25, 2026 Cyber Espionage / Network Security Google on Wednesday disclosed that it worked with industry partners to disrupt the infrastructure of a suspected China-nexus …

** Ravie Lakshmanan ** Feb 26, 2026 Vulnerability / Network Security A newly disclosed maximum-severity security flaw in Cisco Catalyst SD-WAN Controller (formerly vSmart) and Catalyst SD-WAN Manager …

A “coordinated developer-targeting campaign” is using malicious repositories disguised as legitimate Next.js projects and technical assessments to trick victims into executing them and …

** Ravie Lakshmanan ** Feb 26, 2026 Malware / Software Security Cybersecurity researchers have disclosed details of a new malicious package discovered on the NuGet Gallery, impersonating a library …

** The Hacker News ** Feb 26, 2026 Encryption / Data Protection Introduction: Steal It Today, Break It in a Decade Digital evolution is unstoppable, and though the pace may vary, things tend to fall …

** Ravie Lakshmanan ** Feb 26, 2026 Malware / Threat Intelligence A previously undocumented threat activity cluster has been attributed to an ongoing malicious campaign targeting education and …

** Ravie Lakshmanan ** Feb 26, 2026 Cybersecurity / Hacking News Nothing here looks dramatic at first glance. That’s the point. Many of this week’s threats begin with something ordinary, like an ad, a …

Cybersecurity researchers have disclosed details of a new botnet loader called Aeternum C2 that uses a blockchain-based command-and-control (C2) infrastructure to make it resilient to takedown …

ISC Stormcast For Monday, February 23rd, 2026 https://isc.sans.edu/podcastdetail/9820

In his last two diaries, Xavier discussed recent malware campaigns that download JPEG files with embedded malicious payload[ 1 , 2 ]. At that point in time, I’ve not come across the malicious “MSI …

ISC Stormcast For Tuesday, February 24th, 2026 https://isc.sans.edu/podcastdetail/9822

In 2010, OWASP added “Unvalidated Redirects and Forwards” to its Top 10 list and merged it into “Sensitive Data Exposure” in 2013 [owasp1] [owasp2]. Open redirects are often …

ISC Stormcast For Wednesday, February 25th, 2026 https://isc.sans.edu/podcastdetail/9824

On the Security of Password Managers Good article on password managers that secretly have a backdoor. New research shows that these claims aren’t true in all cases, particularly when account recovery …