Zimbra Zero-Day Demands Urgent Manual Update
A bug in Zimbra email servers is already being exploited in the wild, Google TAG researchers warn.
Research examines attack methods, defenses, and vulnerabilities, helping security teams understand risks and improve protection.
Search across headline titles and summaries.
Background for this topic.
Research is the systematic study of technologies, systems, attack methods, vulnerabilities, and defensive techniques to establish evidence and produce new findings. In information security, it includes work such as discovering flaws in software or protocols, analyzing malware and attacker behavior, testing cryptographic designs, and evaluating security controls. News under this tag may describe a proof of concept, a measurement study, or a proposed technique rather than a confirmed real-world attack.
For practitioners, research can change how risks are prioritized and mitigated. A demonstrated vulnerability may require vulnerability-management teams to verify affected assets, apply fixes, or add compensating controls; responsible disclosure gives developers time to assess and remediate before technical details enable exploitation. Research involving live systems, personal data, or offensive tooling also raises privacy, authorization, dual-use, and ethical concerns. Sound findings should state their assumptions, scope, limitations, and reproducibility, since laboratory results do not automatically show that an attack is practical in every environment.
A bug in Zimbra email servers is already being exploited in the wild, Google TAG researchers warn.
Security expert Daniel Kelley worked with the SlashNext team on the research
A cyber attacker gives defenders a taste of their own medicine, with GitHub honeypots concealing infostealers.
Cybersecurity researchers and threat actors are targeted by a fake proof of concept (PoC) CVE-2023-35829 exploit that installs a Linux password-stealing malware. [...]
As many as 196 hosts have been infected as part of an aggressive cloud campaign mounted by the TeamTNT group called Silentbob
In a sign that cybersecurity researchers continue to be under the radar of malicious actors, a proof-of-concept (PoC) has been discovered on GitHub, concealing a backdoor with a "crafty" persistence method
Barracuda research lifts the lid on widespread threat activity
What's old is new again, with researchers seeing a threefold increase in malware distributed through USB drives in the first half of 2023 [...]
Keeper Security highlights S&P Market Intelligence's latest research showing that lack of PAM is leaving SMBs vulnerable to attack.
Unit 42 researchers believe a Russian threat group repurposed a legitimate flyer for a BMW car sent to embassies in Kyiv, Ukraine
Cybersecurity researchers have unearthed a novel rootkit signed by Microsoft that's engineered to communicate with an actor-controlled attack infrastructure
A new fileless attack dubbed PyLoose has been observed striking cloud workloads with the goal of delivering a cryptocurrency miner, new findings from Wiz reveal
Investment will drive company-wide expansion across BloodHound Enterprise, BloodHound FOSS, consulting and training programs, and research and development.
The Guardz research team discloses the existence of new information stealing malware on the Dark Web.
ESET researchers suggested Asylum Ambuscade has been active since 2020
Businesses operating in the Latin American (LATAM) region are the target of a new Windows-based banking trojan called TOITOIN since May 2023
The threat actors behind the RomCom RAT have been suspected of phishing attacks targeting the upcoming NATO Summit in Vilnius as well as an identified organization supporting Ukraine abroad
Security researchers observed a new campaign they attribute to the Charming Kitten APT group where hackers used new NokNok malware that targets macOS systems. [...]