Security news aggregator

Latest coverage for Research

Research examines attack methods, defenses, and vulnerabilities, helping security teams understand risks and improve protection.

5 headlines in this view

Refine the feed

Search across headline titles and summaries.

Tag briefing

Background for this topic.

Research is the systematic study of technologies, systems, attack methods, vulnerabilities, and defensive techniques to establish evidence and produce new findings. In information security, it includes work such as discovering flaws in software or protocols, analyzing malware and attacker behavior, testing cryptographic designs, and evaluating security controls. News under this tag may describe a proof of concept, a measurement study, or a proposed technique rather than a confirmed real-world attack.

For practitioners, research can change how risks are prioritized and mitigated. A demonstrated vulnerability may require vulnerability-management teams to verify affected assets, apply fixes, or add compensating controls; responsible disclosure gives developers time to assess and remediate before technical details enable exploitation. Research involving live systems, personal data, or offensive tooling also raises privacy, authorization, dual-use, and ethical concerns. Sound findings should state their assumptions, scope, limitations, and reproducibility, since laboratory results do not automatically show that an attack is practical in every environment.

Showing 5 most recent headlines Filtered view
Bank Info Security 1 year, 2 months ago

Fileless PowerShell Loader Deploys Remcos RAT

Attack Chain Uses LNK Files, MSHTA and Memory InjectionPowerShell is becoming hackers' new favorite tool since they can load code directly into computer memory and evade traditional file-based detection methods, warn security researchers. A combination of LNK-MSHTA-PowerShell offers a stealthy and effective path to execution.

Bank Info Security 1 year, 2 months ago

Secure Code Development News to Celebrate

Fewer Applications Carry OWASP Top 10 FlawsHere's secure code development news to celebrate. After five years of steady improvement, slightly more than half of software applications don't have an OWASP Top 10 security flaw, find researchers Chris Wysopal and Jason Healey. "That makes life harder for attackers," Wysopal said.

Bank Info Security 1 year, 2 months ago

Turkish Group Hacks Zero-Day Flaw to Spy on Kurdish Forces

Microsoft Researchers Link Turkish Spy Group to Output Messenger Zero-Day HackA Turkish-linked cyberespionage group known as Marbled Dust exploited a zero-day in the Output Messenger Server Manager application to spy on Kurdish military operations in Iraq. Microsoft reported the hack and called for immediate mitigation to block credential theft and malware delivery.

Bank Info Security 1 year, 2 months ago

North Korea Targets Ukraine With Cyberespionage Operations

Phishing Campaigns Appear to Be Solely Intelligence-Gathering for DPRK LeadershipNorth Korea nation-state hackers appear to have entered the Ukrainian cyber operations fray, albeit solely for cyberespionage purposes for "gathering intelligence to help North Korean leadership determine the current risk to its forces already in the theater," cybersecurity researchers report.

Bank Info Security 1 year, 2 months ago

Russian FSB Hackers Deploy New Lostkeys Malware

Malware Targets Western Officials, NGOs and JournalistsRussian cyber espionage hackers are using a new malware strain dubbed "Lostkeys" in a targeted espionage campaign aimed at Western officials, NGOs and journalists. Google researchers attribute Lostkeys to the threat group Coldriver, an operational unit within the Federal Security Service.