AI Security Roundup

ISC Stormcast For Tuesday, February 17th, 2026 https://isc.sans.edu/podcastdetail/9812

This morning, I received an interesting phishing email. I’ve a “love & hate” relation with such emails because I always have the impression to lose time when reviewing them but sometimes it’s a …

A few days ago I wrote a diary called “Malicious Script Delivering More Maliciousness”[ 1 ]. In the malware infection chain, there was a JPEG picture that embedded the last payload …

ISC Stormcast For Wednesday, February 18th, 2026 https://isc.sans.edu/podcastdetail/9814

ISC Stormcast For Thursday, February 19th, 2026 https://isc.sans.edu/podcastdetail/9816

Two popular AES libraries, aes-js and pyaes, “helpfully” provide a default IV in their AES-CTR API, leading to a large number of key/IV reuse bugs. These bugs potentially affect thousands of …

Side-Channel Attacks Against LLMs Here are three papers describing different side-channel attacks against LLMs. “ Remote Timing Attacks on Efficient Language Model Inference “: Abstract: Scaling up …

** Ravie Lakshmanan ** Feb 18, 2026 Threat Intelligence / Vulnerability The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added four security flaws to its Known Exploited …

AI Found Twelve New Vulnerabilities in OpenSSL The title of the post is” What AI Security Research Looks Like When It Works ,” and I agree: In the latest OpenSSL security release> on January 27, …

** Ravie Lakshmanan ** Feb 18, 2026 Vulnerability / Application Security Notepad++ has released a security fix to plug gaps that were exploited by an advanced threat actor from China to hijack the …

Security, IT, and engineering teams today are under relentless pressure to accelerate outcomes, cut operational drag, and unlock the full potential of AI and automation. But simply investing in tools …

** Ravie Lakshmanan ** Feb 27, 2026 Online Scam / Digital Advertising Meta on Thursday said it’s taking legal action to tackle scams on its platforms by filing lawsuits against what it calls …

A maximum severity security vulnerability in Dell RecoverPoint for Virtual Machines has been exploited as a zero-day by a suspected China-nexus threat cluster dubbed UNC6201 since mid-2024, according …

In 2025, navigating the digital seas still felt like a matter of direction. Organizations charted routes, watched the horizon, and adjusted course to reach safe harbors of resilience, trust, and …

** Ravie Lakshmanan ** Feb 18, 2026 Network Security / Enterprise Security Cybersecurity researchers have disclosed a critical security flaw in the Grandstream GXP1600 series of VoIP phones that could …

** Ravie Lakshmanan ** Feb 18, 2026 Vulnerability / Software Security Cybersecurity researchers have disclosed multiple security vulnerabilities in four popular Microsoft Visual Studio Code (VS Code) …

New research from the Citizen Lab has found signs that Kenyan authorities used a commercial forensic extraction tool manufactured by Israeli company Cellebrite to break into a prominent …

The Promptware Kill Chain Attacks against modern generative artificial intelligence (AI) large language models (LLMs) pose a real threat. Yet discussions around these attacks and their potential …

In 2022 (time flies!), I wrote a diary about the 32-bits VS. 64-bits malware landscape[ 1 ]. It demonstrated that, despite the growing number of 64-bits computers, the “old-architecture” …

** Ravie Lakshmanan ** Feb 16, 2026 Zero-Day / Browser Security Google on Friday released security updates for its Chrome browser to address a security flaw that it said has been exploited in the …

Technologies are evolving fast, reshaping economies, governance, and daily life. Yet, as innovation accelerates, so do digital risks. Technological change is no longer abstract for such a country as …

Cybersecurity researchers have disclosed details of a new mobile spyware platform dubbed ZeroDayRAT that’s being advertised on Telegram as a way to grab sensitive data and facilitate real-time …

** Ravie Lakshmanan ** Feb 25, 2026 Vulnerability / Windows Security SolarWinds has released updates to address four critical security flaws in its Serv-U file transfer software that, if successfully …

** Ravie Lakshmanan ** Feb 25, 2026 Zero Day / National Security A 39-year-old Australian national who was previously employed at U.S. defense contractor L3Harris has been sentenced to a little over …

Why automating sensitive data transfers is now a mission-critical priority More than half of national security organizations still rely on manual processes to transfer sensitive data, according to The …