Security news aggregator

Latest coverage for Research

Research examines attack methods, defenses, and vulnerabilities, helping security teams understand risks and improve protection.

23 headlines in this view

Refine the feed

Search across headline titles and summaries.

Tag briefing

Background for this topic.

Research is the systematic study of technologies, systems, attack methods, vulnerabilities, and defensive techniques to establish evidence and produce new findings. In information security, it includes work such as discovering flaws in software or protocols, analyzing malware and attacker behavior, testing cryptographic designs, and evaluating security controls. News under this tag may describe a proof of concept, a measurement study, or a proposed technique rather than a confirmed real-world attack.

For practitioners, research can change how risks are prioritized and mitigated. A demonstrated vulnerability may require vulnerability-management teams to verify affected assets, apply fixes, or add compensating controls; responsible disclosure gives developers time to assess and remediate before technical details enable exploitation. Research involving live systems, personal data, or offensive tooling also raises privacy, authorization, dual-use, and ethical concerns. Sound findings should state their assumptions, scope, limitations, and reproducibility, since laboratory results do not automatically show that an attack is practical in every environment.

Showing 20 most recent headlines of 23 Filtered view

Defunct Ransomware Group's Diaspora Includes Hackers With Focus on Microsoft TeamsBased on intelligence gleaned from the leak of Black Basta ransomware messages, researchers are warning organizations to beware phishing attacks launched via Microsoft partner domains and via Teams, as well as the targeting of personal Google accounts accessed via corporate devices.

Some trace back to an outfit under US export controls for alleged PLA links Both Apple's and Google's online stores offer free virtual private network (VPN) apps owned by Chinese companies, according to researchers at the Tech Transparency Project, and they don't make this fact readily known to people downloading the apps.…

Krebs on Security 1 year, 1 month ago

Inside a Dark Adtech Empire Fed by Fake CAPTCHAs

Late last year, security researchers made a startling discovery: Kremlin-backed disinformation campaigns were bypassing moderation on social media platforms by leveraging the same malicious advertising technology that powers a sprawling ecosystem of online hucksters and website hackers. A new report on the fallout from that investigation finds this dark ad tech industry is far more resilient and incestuous than previously known.

Bank Info Security 1 year, 1 month ago

AI May Fix a 15-Year-Old Bug It Helped Spread

Researchers Turn to AI to Fix a Zombie Flaw that AI Helped PropagateArtificial intelligence tools that inadvertently perpetuated a decade-old bug may now also help eliminate it. The path traversal vulnerability became so embedded in developer culture that it found its way into training data for today’s AI models.

The botnet’s still alive and evolving Badbox 2.0, the botnet that infected millions of smart TV boxes and connected devices before private security researchers and law enforcement partially disrupted its infrastructure, is readying for a third round of fraud and digital attacks, according to one of the threat hunters who uncovered the original scheme.…

Bank Info Security 1 year, 1 month ago

Supply Chain Attacks Really Are Surging

Software Supply Chain Providers Under Fire by Ransomware Rings, Nation-State GroupsHackers are doubling down on software supply chain attacks, with known attacks surging from over 12 last year to more than 24 per month in April and May, threat intelligence researchers report. Ransomware-wielding groups and nation-state hackers, alike, have been tied to such attacks.

The open-source XDR/SIEM provider’s servers are in other botnets’ crosshairs too Cybercriminals are trying to spread multiple Mirai variants by exploiting a critical Wazuh vulnerability, researchers say – the first reported active attacks since the code execution bug was disclosed.…

Loading more headlines...