Security news aggregator

Latest coverage for Research

Research examines attack methods, defenses, and vulnerabilities, helping security teams understand risks and improve protection.

6 headlines in this view

Refine the feed

Search across headline titles and summaries.

Tag briefing

Background for this topic.

Research is the systematic study of technologies, systems, attack methods, vulnerabilities, and defensive techniques to establish evidence and produce new findings. In information security, it includes work such as discovering flaws in software or protocols, analyzing malware and attacker behavior, testing cryptographic designs, and evaluating security controls. News under this tag may describe a proof of concept, a measurement study, or a proposed technique rather than a confirmed real-world attack.

For practitioners, research can change how risks are prioritized and mitigated. A demonstrated vulnerability may require vulnerability-management teams to verify affected assets, apply fixes, or add compensating controls; responsible disclosure gives developers time to assess and remediate before technical details enable exploitation. Research involving live systems, personal data, or offensive tooling also raises privacy, authorization, dual-use, and ethical concerns. Sound findings should state their assumptions, scope, limitations, and reproducibility, since laboratory results do not automatically show that an attack is practical in every environment.

Showing 6 most recent headlines Filtered view
Bank Info Security 1 year, 8 months ago

North Korean Hackers Spreading Malware Via Fake Interviews

Hackers Backdoor Software Libraries to Deliver MalwareSecurity researchers found backdoored software packages in the NPM software library, apparent evidence of an ongoing campaign by North Korean hackers to social engineer coders into installing infostealers. Pyongyang hackers have a history of bizarre methods for stealing money.

Bank Info Security 1 year, 8 months ago

Hackers Probing Newly Disclosed Fortinet Zero Day

Mandiant Says High-Severity Flaw Could Give Attackers Remote Unauthenticated AccessResearchers at Mandiant say a new threat cluster first observed June 27 has been exploiting a Fortinet zero day the network edge device manufacturer publicly disclosed Wednesday. Researchers said they can't assess the threat actor's motivation or location.

Many Charging Cable Interfaces Have Exposed SSH and HTTP Ports, Researchers WarnResearchers demonstrated that multiple brands of EV charging stations have vulnerabilities due to manufacturers often leaving open and unsecured SSH and HTTP ports. The risks of these vulnerabilities range from an expanded attack surface to a launching pad for assaults on the power grid.

Bank Info Security 1 year, 8 months ago

Critical OPA Vulnerability Exposes Windows Credentials

Attackers Could Exploit Flaw to Relay Credentials, Compromise SystemsA critical vulnerability in Open Policy Agent could expose NTLM credentials from Windows systems, potentially affecting millions of users. Researchers at Tenable warn that attackers could exploit the flaw through social engineering. Users must update to version v0.68.0 immediately to mitigate risks.

Bank Info Security 1 year, 8 months ago

Researchers Debut AI Tool That Helps Detect Zero-Days

Vulnerability Tool Detected Flaws in OpenAI and Nvidia APIs Used in GitHub ProjectsSecurity researchers have developed an AI tool that can detect remote code flaws and arbitrary zero-day code in software. Protect AI applied the tool to nearly 10,000 GitHub projects and on CVSS data and uncovered local file inclusion, cross-site scripting and remote code flaws in APIs.

Bank Info Security 1 year, 8 months ago

Insiders Confuse Microsoft 365 Copilot Responses

Attack Method Exploits RAG-based Tech to Manipulate AI System's OutputResearchers found an easy way to manipulate the responses of an artificial intelligence system that makes up the backend of tools such as Microsoft 365 Copilot, potentially compromising confidential information and exacerbating misinformation. Researchers called the attack "ConfusedPilot."