Over 269,000 Websites Infected with JSFireTruck JavaScript Malware in One Month
Cybersecurity researchers are calling attention to a "large-scale campaign" that has been observed compromising legitimate websites with malicious JavaScript injections
Research examines attack methods, defenses, and vulnerabilities, helping security teams understand risks and improve protection.
Search across headline titles and summaries.
Background for this topic.
Research is the systematic study of technologies, systems, attack methods, vulnerabilities, and defensive techniques to establish evidence and produce new findings. In information security, it includes work such as discovering flaws in software or protocols, analyzing malware and attacker behavior, testing cryptographic designs, and evaluating security controls. News under this tag may describe a proof of concept, a measurement study, or a proposed technique rather than a confirmed real-world attack.
For practitioners, research can change how risks are prioritized and mitigated. A demonstrated vulnerability may require vulnerability-management teams to verify affected assets, apply fixes, or add compensating controls; responsible disclosure gives developers time to assess and remediate before technical details enable exploitation. Research involving live systems, personal data, or offensive tooling also raises privacy, authorization, dual-use, and ethical concerns. Sound findings should state their assumptions, scope, limitations, and reproducibility, since laboratory results do not automatically show that an attack is practical in every environment.
Cybersecurity researchers are calling attention to a "large-scale campaign" that has been observed compromising legitimate websites with malicious JavaScript injections
Cybersecurity researchers have discovered a novel attack technique called TokenBreak that can be used to bypass a large language model's (LLM) safety and content moderation guardrails with just a single character change
Cybersecurity researchers have uncovered a new account takeover (ATO) campaign that leverages an open-source penetration testing framework called TeamFiltration to breach Microsoft Entra ID (formerly Azure Active Directory) user accounts
Cybersecurity researchers have uncovered over 20 configuration-related risks affecting Salesforce Industry Cloud (aka Salesforce Industries), exposing sensitive data to unauthorized internal and external parties
Cybersecurity researchers have shed light on a previously undocumented Rust-based information stealer called Myth Stealer that's being propagated via fraudulent gaming websites
The reconnaissance activity targeting American cybersecurity company SentinelOne was part of a broader set of partially-related intrusions into several targets between July 2024 and March 2025
OpenAI has revealed that it banned a set of ChatGPT accounts that were likely operated by Russian-speaking threat actors and two Chinese nation-state hacking groups to assist with malware development, social media automation, and research about U.S. satellite communications technologies, among other things
Cybersecurity researchers have flagged a supply chain attack targeting over a dozen packages associated with GlueStack to deliver malware