AI Security Roundup

** The Hacker News ** May 13, 2026 AppSec / Webinar TL;DR: Stop chasing thousands of “toast” alerts. Join experts from Wiz to learn how hackers connect tiny flaws to build a “Lethal …

** Ravie Lakshmanan ** May 13, 2026 Vulnerability / Artificial Intelligence Microsoft has unveiled a new multi-model artificial intelligence (AI)-driven system called MDASH to facilitate vulnerability …

A few months ago, I implemented Cloudflare’s Turnstile CAPTCHA on some pages. The reason for implementing these CAPTCHAs is obvious: Bots make up a large percentage of traffic and affect site …

Apple Patches Everything Published 2026-05-11. Last Updated 2026-05-11 22:19:13 UTC by Johannes Ullrich (Version: 1) 0 comment(s) Apple today released its typical feature update across it’s …

Microsoft May 2026 Patch Tuesday Published 2026-05-12. Last Updated 2026-05-12 18:29:36 UTC by Johannes Ullrich (Version: 1) 0 comment(s) Today’s Microsoft patch Tuesday fixes 137 different …

ISC Stormcast For Tuesday, May 12th, 2026 https://isc.sans.edu/podcastdetail/9928

.. if “unproxyable” is a word that is .. I had a recent engagement where I had to look at the network traffic generated by a Windows executable. Unfortunately, it was all TLS, and all TLS1.3 to boot. …

ISC Stormcast For Wednesday, May 13th, 2026 https://isc.sans.edu/podcastdetail/9930

Go’s native fuzzing is useful, but it stands far behind state-of-the-art tooling that the Rust, C, and C++ ecosystems offer with LibAFL and AFL++. Path constraints are hard to solve. Structured inputs …

Artificial intelligence platforms may be just as susceptible to social engineering as human beings, but they are proving remarkably good at finding security vulnerabilities in human-made computer …

LLMs and Text-in-Text Steganography Turns out that LLMs are really good at hiding text messages in other text messages. Tags: academic papers , LLM , steganography Posted on May 11, 2026 at 7:04 AM • …

** Ravie Lakshmanan ** May 12, 2026 Vulnerability / AI Security OpenAI has launched Daybreak , a new cybersecurity initiative that brings together frontier artificial intelligence (AI) model …

** Ravie Lakshmanan ** May 12, 2026 Vulnerability / Network Security American educational technology company Instructure, the parent company of Canvas, said it reached an “agreement” with …

Copy.Fail Linux Vulnerability This is the worst Linux vulnerability in years. TL;DR copy.fail is a Linux kernel local privilege escalation, not a browser or clipboard attack. Disclosed by Theori on 29 …

Agentic AI is already running in production environments across many organizations today. It is executing tasks, consuming data, and taking actions — most likely without meaningful involvement from …

TeamPCP , the threat actor behind the recentsupply chain attack spree, has been linked to the compromise of the npm and PyPI packages from TanStack, UiPath, Mistral AI, OpenSearch, and Guardrails AI …

** The Hacker News ** May 12, 2026 Threat Detection / AI Security Why do the Riskiest SOC Alerts Go Unanswered? Security operations teams are drowning in alerts. But the real problem isn’t …

** Ravie Lakshmanan ** May 12, 2026 Malware / Mobile Security Cybersecurity researchers have flagged a new version of the TrickMo Android banking trojan that uses The Open Network (TON) for …

** Ravie Lakshmanan ** May 12, 2026 Supply Chain Attack / Software Security RubyGems , the standard package manager for the Ruby programming language, has temporarily paused account sign ups following …

** Ravie Lakshmanan ** May 12, 2026 Vulnerability / Email Security Exim has released security updates to address a severe security issue affecting certain configurations that could enable memory …

[This is a Guest Diary by Eric Roldan, an ISC intern as part of the SANS.edu BACS program] Through the expansion of Large Language Models (LLMs), cybersecurity has exploded with a variety of tools for …

ISC Stormcast For Thursday, May 7th, 2026 https://isc.sans.edu/podcastdetail/9922

ISC Stormcast For Friday, May 8th, 2026 https://isc.sans.edu/podcastdetail/9924

Less than two weeks after the public disclosure of the Copy Fail vulnerability (CVE-2026-31431), another local privilege escalation (LPE) vulnerability in the Linux kernel has been revealed. Referred …

YARA-X 1.16.0 Release Published 2026-05-10. Last Updated 2026-05-10 22:37:08 UTC by Didier Stevens (Version: 1) 0 comment(s) YARA-X’s 1.16.0 release brings 4 improvements and 4 bugfixes. Didier …