Cybersecurity News

News items I have found interesting and informative.

AI Security Daily Briefing — December 9, 2025

In the last 24 hours, Google introduced layered defenses in Chrome to contain indirect prompt injection against its agentic AI features, the UK’s NCSC warned that LLMs will always be vulnerable to prompt injection, and new research revealed malicious VS Code extensions and AI-branded packages stealing developer data and credentials from high-value engineering environments.

AI Security Daily Briefing — December 8, 2025

Over the last 72 hours, AI security stories have centered on shadow AI forcing a rethink of governance, “IDEsaster” flaws in AI coding tools enabling data theft and RCE, FBI warnings about AI-generated virtual kidnapping scams, NATO’s use of an AI chatbot in large-scale cyber war games, and new evidence that AI image services and AI bots are reshaping data-leak and scraping risk.

AI Security Daily Briefing — December 3, 2025

I security for December 3, 2025 centers on new NSA/CISA guidance for safely integrating AI into OT, SandboxAQ’s launch of an AI security posture platform for shadow AI, research showing poetic prompts can jailbreak major models, Experian’s forecast naming AI as the top breach driver for 2026, and TÜV SÜD’s move to formalize AI penetration testing using NIST, OWASP, and MITRE ATLAS.

AI Security Daily Briefing — December 2, 2025

AI security on Dec 2 centers on a serious Codex CLI command-injection flaw, new data showing layered AI defenses still buckle under targeted attacks, Anthropic’s agents successfully exploiting real DeFi contracts, Android zero-days hitting AI-enabled mobile endpoints, and a major investment push into explainable AI-driven investigations for national security

AI Security Daily Briefing — December 1, 2025

Over the past five days, malicious and “dark” LLMs have lowered the bar for cybercrime, HashJack has exposed a new AI-browser injection vector, Olymp Loader continues to evolve as a stealthy MaaS platform, Anthropic’s Claude Opus 4.5 boosts agent capabilities amid ongoing safety concerns, and new CVEs and identity hardening moves remind defenders that AI security is inseparable from solid infrastructure and IAM hygiene.

AI Security Daily Briefing — November 24, 2025

Second-order prompt injection in ServiceNow’s Now Assist, a new vLLM RCE, DeepSeek-R1’s insecure code bias, adversarial poetry jailbreaks, and fresh field lessons on securing GenAI all highlight how AI infrastructure, models, and safety controls are being stress tested in the real world.