AI Security Roundup

** Ravie Lakshmanan ** Apr 10, 2026 Malware / Website Security Unknown threat actors have hijacked the update system for the Smart Slider 3 Pro plugin for WordPress and Joomla to push a poisoned …

** Ravie Lakshmanan ** Apr 09, 2026 Vulnerability / Mobile Security Details have emerged about a now-patched security vulnerability in a widely used third-party Android software development kit (SDK) …

** Ravie Lakshmanan ** Apr 09, 2026 Malware / Windows Security A previously undocumented threat cluster dubbed UAT-10362 has been attributed to spear-phishing campaigns targeting Taiwanese …

** Ravie Lakshmanan ** Apr 09, 2026 Hacking News / Cybersecurity News Thursday. Another week, another batch of things that probably should’ve been caught sooner but weren’t. This …

On Microsoft’s Lousy Cloud Security ProPublica has a scoop : In late 2024, the federal government’s cybersecurity evaluators rendered a troubling verdict on one of Microsoft’s biggest cloud computing …

We added a new chapter to our Testing Handbook: a comprehensive security checklist for C and C++ code . We’ve identified a broad range of common bug classes, known footguns, and API gotchas across C …

An apparent hack-for-hire campaign likely orchestrated by a threat actor with suspected ties to the Indian government targeted journalists, activists, and government officials across the Middle East …

As AI tools become more accessible, employees are adopting them without formal approval from IT and security teams. While these tools may boost productivity, automate tasks, or fill gaps in existing …

** Ravie Lakshmanan ** Apr 09, 2026 Vulnerability / Threat Intelligence Threat actors have been exploiting a previously unknown zero-day vulnerability in Adobe Reader using maliciously crafted PDF …

In a previous diary [1], we looked to see how numbers were used within passwords submitted to honeypots. One of the items of interest was how dates, and more specifically years, were represented …

ISC Stormcast For Thursday, April 9th, 2026 https://isc.sans.edu/podcastdetail/9886

** Ravie Lakshmanan ** Apr 08, 2026 Cryptomining / Network Security Cybersecurity researchers have flagged a new variant ofmalware called Chaos that’scapable of hitting misconfigured cloud …

This is the seventh update to the TeamPCP supply chain campaign threat intelligence report, “When the Security Scanner Became the Weapon” (v3.0, March 25, 2026). Update 006 covered …

** Ravie Lakshmanan ** Apr 08, 2026 IoT Security / Network Security Cybersecurity researchers have lifted the curtain on a stealthy botnet that’s designed for distributed denial-of-service …

One question that often comes up when I talk about honeypots: Are attackers able to figure out if they are connected to a honeypot? The answer is pretty simple: Yes! Most “medium …

** Ravie Lakshmanan ** Apr 08, 2026 Vulnerability / Cloud Security The Russian threat actor known as APT28 (aka Forest Blizzard and Pawn Storm) has been linked to a fresh spear-phishing campaign …

The Fragmented State of Modern Enterprise Identity Enterprise IAM is approaching a breaking point. As organizations scale, identity becomes increasingly fragmented across thousands of applications, …

Python Supply-Chain Compromise This is news : A malicious supply chain compromise has been identified in the Python Package Index package litellm version 1.82.8. The published wheel contains a …

The North Korea-linked persistent campaign known as Contagious Interview has spread its tentacles by publishing malicious packages targeting the Go, Rust, and PHP ecosystems. “The threat …

** Ravie Lakshmanan ** Apr 08, 2026 Artificial Intelligence / Secure Coding Artificial Intelligence (AI) company Anthropic announced a new cybersecurity initiative called Project Glasswing that will …

Iran-affiliated cyber actors are targeting internet-facing operational technology (OT) devices across critical infrastructures in the U.S., including programmable logic controllers (PLCs), …

ISC Stormcast For Wednesday, April 8th, 2026 https://isc.sans.edu/podcastdetail/9884

This is the sixth update to the TeamPCP supply chain campaign threat intelligence report, “When the Security Scanner Became the Weapon” (v3.0, March 25, 2026). Update 005 covered …

ISC Stormcast For Friday, April 3rd, 2026 https://isc.sans.edu/podcastdetail/9878

ISC Stormcast For Monday, April 6th, 2026 https://isc.sans.edu/podcastdetail/9880