Security news aggregator

Latest coverage for Research

Research examines attack methods, defenses, and vulnerabilities, helping security teams understand risks and improve protection.

9 headlines in this view

Refine the feed

Search across headline titles and summaries.

Tag briefing

Background for this topic.

Research is the systematic study of technologies, systems, attack methods, vulnerabilities, and defensive techniques to establish evidence and produce new findings. In information security, it includes work such as discovering flaws in software or protocols, analyzing malware and attacker behavior, testing cryptographic designs, and evaluating security controls. News under this tag may describe a proof of concept, a measurement study, or a proposed technique rather than a confirmed real-world attack.

For practitioners, research can change how risks are prioritized and mitigated. A demonstrated vulnerability may require vulnerability-management teams to verify affected assets, apply fixes, or add compensating controls; responsible disclosure gives developers time to assess and remediate before technical details enable exploitation. Research involving live systems, personal data, or offensive tooling also raises privacy, authorization, dual-use, and ethical concerns. Sound findings should state their assumptions, scope, limitations, and reproducibility, since laboratory results do not automatically show that an attack is practical in every environment.

Showing 9 most recent headlines Filtered view

Researchers Estimate Losses Ranging From Hundreds of Millions to BillionsA Chinese-language phishing-as-a-service platform scammed between $470 million to $1 billion from soccer fans ahead of the 2026 FIFA World Cup starting next month. Domain-by-domain takedowns will not stop this, Group-IB warned.

Bank Info Security 1 month, 2 weeks ago

NIST Rebrands AI Consortium, Ditches 'Safety' From Name

Agency Expands Research Beyond Safety Testing to Standards and EvaluationThe U.S. National Institute of Standards and Technology is expanding one of its largest artificial intelligence initiatives, rebranding the AI Safety Institute Consortium and reopening participation as the Trump administration pushes a more industry-focused approach to AI development and governance.

Bank Info Security 1 month, 2 weeks ago

Microsoft Threatens Legal Action Over Zero-Day Leaks

Security Researchers Fear Broader Legal Pressure on Bug DisclosuresMicrosoft is pursuing legal action after a researcher publicly released six Windows zero-days and exploit code following a breakdown in coordinated disclosure talks, escalating tensions over vulnerability disclosure, platform moderation and protections for independent security researchers.

Bank Info Security 1 month, 3 weeks ago

LA Metro Hack Was Part of an Iranian Campaign

Ababil of Minab Claimed Hacktivism, But Research Points to IranResearchers say Iran-linked operators behind Ababil of Minab, not independent hacktivists, disrupted L.A. Metro in March by stealing data, deleting systems and targeting backups, signaling a shift toward destructive attacks on recovery infrastructure.

Bank Info Security 1 month, 3 weeks ago

L.A. Metro Hack Was Part of an Iran-Linked Campaign

Ababil of Minab Claimed Hacktivism, But Research Points to IranResearchers say Iran-linked operators behind Ababil of Minab, not independent hacktivists, disrupted L.A. Metro in March by stealing data, deleting systems and targeting backups, signaling a shift toward destructive attacks on recovery infrastructure.

Bank Info Security 1 month, 3 weeks ago

Anthropic Expands Public Access to Claude Mythos AI Model

Expect to See Widespread Availability of Mythos-Level Models Within 6-12 MonthsAnthropic is expanding public access to its frontier artificial intelligence model Claude Mythos "to qualifying customers' security teams on request" for such purposes as vulnerability research and red-teaming, and predicts that Mythos-class models will be publicly available within 12 months.

Hidden Install Settings Let Malicious MCP Links Execute CodeMicrosoft patched a high-severity flaw in Visual Studio Code after researchers found attackers could hide malicious settings inside MCP server install links, giving them persistent access to developer machines through what appeared to be routine artificial intelligence tool installations.

Supply-Chain Attack Uses Malicious GitHub Actions Workflow File to Steal SecretsMore than 5,000 GitHub repositories fell victim to an automated campaign, codenamed "Megalodon," in which an attacker injected malicious GitHub Actions that executed a script designed to steal development environment secrets, plus a variety of keys, tokens and other credentials, researchers said.

Bank Info Security 1 month, 3 weeks ago

Responding to Breaches With AI? Beware Cross-Contamination

Separate Breach Details Can Bleed Into Each Other, Incident Responders FindCybersecurity investigators who use artificial intelligence tools to draft incident response reports, beware: Information tied to one security incident can contaminate a report into a separate incident, if both get drafted using the same AI tool in the same session, researchers warn.