Security news aggregator

Latest coverage for Research

Research examines attack methods, defenses, and vulnerabilities, helping security teams understand risks and improve protection.

34 headlines in this view

Refine the feed

Search across headline titles and summaries.

Tag briefing

Background for this topic.

Research is the systematic study of technologies, systems, attack methods, vulnerabilities, and defensive techniques to establish evidence and produce new findings. In information security, it includes work such as discovering flaws in software or protocols, analyzing malware and attacker behavior, testing cryptographic designs, and evaluating security controls. News under this tag may describe a proof of concept, a measurement study, or a proposed technique rather than a confirmed real-world attack.

For practitioners, research can change how risks are prioritized and mitigated. A demonstrated vulnerability may require vulnerability-management teams to verify affected assets, apply fixes, or add compensating controls; responsible disclosure gives developers time to assess and remediate before technical details enable exploitation. Research involving live systems, personal data, or offensive tooling also raises privacy, authorization, dual-use, and ethical concerns. Sound findings should state their assumptions, scope, limitations, and reproducibility, since laboratory results do not automatically show that an attack is practical in every environment.

Showing 20 most recent headlines of 34 Filtered view
Bank Info Security 2 years, 3 months ago

Iranian TA450 Group Tries Out New Tactics on Israelis

Proofpoint Researchers Say Beware of Phishing Emails, Embedded Links in PDFsIran-aligned threat actor TA450, also called MuddyWater, is using fake salary, compensation and financial incentive emails to trick Israeli employees at multi-national organizations into clicking malicious links, according to researchers at security firm Proofpoint.

Bank Info Security 2 years, 3 months ago

Russian Nation-State Hacker Targets German Political Parties

Latest APT29 Campaign Uses a Previously Unseen Malware BackdoorA Russian hacking group is targeting German political parties as part of a Moscow-backed espionage campaign. The latest APT29 campaign marks the first time the group has been seen targeting political organizations, according to researchers at Mandiant.

Bank Info Security 2 years, 3 months ago

Likely Chinese Hacking Contractor Is Quick to Exploit N-Days

UNC5174 Exploited F5 BIG-IP and ScreenConnect VulnerabilitiesA likely Chinese hacker-for-hire used high-profile vulnerabilities in a campaign targeting a slew of Southeast Asian and U.S. governmental and research organizations, says threat intel firm Mandiant. Rapid exploitation of newly patched flaws has become a hallmark of Chinese threat actors.

Cybersecurity researchers have shared details of a now-patched security vulnerability in Amazon Web Services (AWS) Managed Workflows for Apache Airflow (MWAA) that could be potentially exploited by a malicious actor to hijack victims' sessions and achieve remote code execution on underlying instances

Bank Info Security 2 years, 3 months ago

AI Is Making Payment Fraud Better, Faster and Easier

AI Is Also Making Traditional Scams More Convincing, Warns VisaArtificial intelligence technologies such as generative AI are not helping fraudsters create new types of scams. They are doing just fine relying on the traditional scams, but the advent of AI is helping them scale up attacks and snare more victims, according to researchers at Visa.

Bank Info Security 2 years, 3 months ago

UK Official: AI in Defense Sector Is Not About Killer Robots

It Will Do Low-Level Tasks to Free Up Pros to Make Decisions, Say ResearchersThe current use of artificial intelligence in the U.K. defense sector is not about creating killer robots. It is focused on optimizing resources and increasing the efficiency of military operations, experts speaking at the Alan Turing Institute's AI UK conference told attendees.

Bank Info Security 2 years, 3 months ago

Denial-of-Service Attack Could Put Servers in Perpetual Loop

Researchers Spot Vulnerability in Application-Layer Communication ProtocolA new type of denial-of-service threat can disrupt an estimated 300,000 internet hosts that are at risk of exploitation. Researchers at the CISPA Helmholtz Center for Information Security say attackers are using IP spoofing to entangle two servers in a perpetual communication loop.

Bank Info Security 2 years, 3 months ago

Why Cybereason Is Making Its 3rd Round of Layoffs Since 2022

Among Those Leaving Is Zohar Alon, Who Was Hired in 2023 to Spearhead Product, R&DCybereason is carrying out its third round of layoffs in 21 months, with dozens of senior employees expected to be let go, Among the exiting employees is Zohar Alon, the longtime Dome9 Security leader whCybereason is carrying out its third round of layoffs in 21 months, and dozens of senior employees are expected to be let go. Among the exiting employees is Zohar Alon, the longtime Dome9 Security leader who joined Cybereason just 11 months ago as president of product and research and development.o joined Cybereason just 11 months ago as president of product and research and development.

Loading more headlines...