Security news aggregator

Latest coverage for Research

Research examines attack methods, defenses, and vulnerabilities, helping security teams understand risks and improve protection.

19 headlines in this view

Refine the feed

Search across headline titles and summaries.

Tag briefing

Background for this topic.

Research is the systematic study of technologies, systems, attack methods, vulnerabilities, and defensive techniques to establish evidence and produce new findings. In information security, it includes work such as discovering flaws in software or protocols, analyzing malware and attacker behavior, testing cryptographic designs, and evaluating security controls. News under this tag may describe a proof of concept, a measurement study, or a proposed technique rather than a confirmed real-world attack.

For practitioners, research can change how risks are prioritized and mitigated. A demonstrated vulnerability may require vulnerability-management teams to verify affected assets, apply fixes, or add compensating controls; responsible disclosure gives developers time to assess and remediate before technical details enable exploitation. Research involving live systems, personal data, or offensive tooling also raises privacy, authorization, dual-use, and ethical concerns. Sound findings should state their assumptions, scope, limitations, and reproducibility, since laboratory results do not automatically show that an attack is practical in every environment.

Showing 19 most recent headlines Filtered view

Thousands of MCP Servers Leave AI Apps Open to Attack SurfacesHundreds of Model Context Protocol servers designed to help AI tools access private data are insecurely exposed online, say BackSlash Security researchers. Weak configurations leave systems vulnerable to data leaks and remote code execution attacks.

Cybersecurity researchers have disclosed a critical vulnerability in the Open VSX Registry ("open-vsx[.]org") that, if successfully exploited, could have enabled attackers to take control of the entire Visual Studio Code extensions marketplace, posing a severe supply chain risk

Hackers Can Use Unverified Email to Log onto SaaS Apps With Entra IDA flaw in a Microsoft single sign-on feature allowing cloud app account takeovers discovered in 2023 never really went away, say researchers - notwithstanding a computing giant claim that it almost immediately fixed the vulnerability known as nOAuth.

Cybersecurity researchers have detailed two now-patched security flaws in SAP Graphical User Interface (GUI) for Windows and Java that, if successfully exploited, could have enabled attackers to access sensitive information under certain conditions

Legitimate Remote Access Tool Weaponized by Attackers Using Authenticode StuffingResearchers are tracking a rise in online attacks involving legitimate ConnectWise software that's been repurposed by attackers, using a tactic that leaves the installation software vendor-signed, while adding capabilities that turn it into malware, thanks to a tactic called Authenticode stuffing.

Researcher Details Stealthy Multi-Turn Prompt Exploit Bypassing AI SafetyWell-timed nudges are enough to derail a large language model and use it for nefarious purposes, researchers have found. Dubbed "Echo Chamber," the exploit uses a chain of subtle prompts to bypass existing safety guardrails by manipulating the model's emotional tone and contextual assumptions.

Anthropic Says Top AI Models may Deceive or Coerce to SurviveArtificial intelligence models will choose harm over failure when their goals are threatened and no ethical alternatives are available, say researchers who tested 16 popular large language models. The goal was to evaluate how systems behave. The result: blackmail and deception.