Daily Security Briefing #172

September 21, 2026 | Read Online

AI-driven attacks on the rise, unencrypted data exposes organizations to risk, Android malware evolves, and more…

Executive Summary

The cybersecurity landscape is witnessing significant developments, with AI playing a pivotal role in both defensive and offensive measures. A Russian-speaking threat actor has been exploiting commercial generative AI services to compromise over 600 FortiGate devices across 55 countries. Meanwhile, Anthropic’s Claude Code Security, an AI-powered vulnerability scanning tool, has been launched to help engineering and security teams detect sophisticated vulnerabilities and receive precise patch recommendations. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has also added two actively exploited Roundcube flaws to its Known Exploited Vulnerabilities catalog. Furthermore, the EC-Council has expanded its AI certification portfolio to strengthen U.S. AI workforce readiness and security.

Top Articles

1. Anthropic Debuts Claude Code Security – AI Now Scan Vulnerabilities in Your Entire Codebase

Anthropic has quietly flipped the script on application security by launching Claude Code Security, a new capability baked directly into Claude Code on the web that automatically scans entire repositories for sophisticated vulnerabilities and delivers ready-to-review patch suggestions.

Claude Code Security uses advanced AI Reasoning to outperform traditional scanners, allowing engineering and security teams to scan entire codebases automatically, detect sophisticated vulnerabilities, and receive precise patch recommendations with full human oversight. The feature is currently available in a limited research preview to Enterprise and Team customers.

ClaudeCodeSecurity | CyberPress | The Hacker News

2. AI-Assisted Threat Actor Compromises 600+ FortiGate Devices in 55 Countries

A Russian-speaking, financially motivated threat actor has been observed taking advantage of commercial generative artificial intelligence (AI) services to compromise over 600 FortiGate devices located in 55 countries, according to Amazon Threat Intelligence.

This AI-assisted hacking campaign highlights the growing threat posed by sophisticated cyberattacks, underscoring the need for organizations to implement robust security measures and stay vigilant against evolving threats. The affected countries include many in Europe, Asia, and Latin America, with the most significant number of breaches occurring in a short period of five weeks.

The Hacker News | BleepingComputer

3. Predator spyware hooks iOS SpringBoard to hide mic, camera activity

Intellexa’s Predator spyware has been found to be able to hide iOS recording indicators while secretly streaming camera and microphone feeds to its operators. This advanced surveillance technique poses a significant threat to individual privacy and security.

The use of AI-driven tools like Predator spyware underscores the need for robust cybersecurity measures to protect against such threats. Organizations must remain vigilant and implement the necessary safeguards to prevent unauthorized access to sensitive data.

BleepingComputer

4. Critical Grandstream Phone Vulnerability Exposes Calls to Interception

A critical vulnerability (CVE-2026-2329) in Grandstream’s SIP-based phone system has been identified, allowing attackers to intercept and manipulate voice calls without authentication. This vulnerability poses a significant risk to organizations relying on such systems for communication.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added this flaw to its Known Exploited Vulnerabilities catalog, emphasizing the need for prompt remediation to prevent potential breaches.

SecurityWeek

5. Cloudflare outage on February 20, 2026

Cloudflare experienced a service outage affecting a subset of customers who use its Bring Your Own IP (BYOIP) service. The outage was caused by the withdrawal of routes to the Internet via Border Gateway Protocol (BGP).

The incident highlights the potential for distributed denial-of-service (DDoS) attacks on critical infrastructure and the importance of having robust cybersecurity measures in place.

Cloudflare Blog

6. CISA Adds Two Actively Exploited Roundcube Flaws to KEV Catalog

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two security flaws impacting Roundcube webmail software to its Known Exploited Vulnerabilities catalog, citing evidence of active exploitation.

These vulnerabilities underscore the need for prompt patching and updates to prevent potential breaches, emphasizing the importance of proactive cybersecurity measures.

The Hacker News

7. EC-Council Expands AI Certification Portfolio to Strengthen U.S. AI Workforce Readiness and Security

EC-Council has expanded its AI certification portfolio to address the growing demand for AI-skilled professionals in the U.S. workforce, with four new certifications aimed at closing the gap between AI adoption and workforce readiness.

This move underscores the importance of addressing the skills gap in the face of rapidly evolving technologies like AI, emphasizing the need for ongoing education and training in cybersecurity fields.

The Hacker News

AI Transparency: This newsletter uses AI to curate, rank, and summarize cybersecurity content from leading industry blogs. All articles link directly to original authors. Executive summaries are AI-generated based on article content. I curate the sources and deliver the digest—the original authors deserve the credit for their excellent work.