Latest coverage for Research
Research examines attack methods, defenses, and vulnerabilities, helping security teams understand risks and improve protection.
Refine the feed
Search across headline titles and summaries.
Tag briefing
Background for this topic.
Research is the systematic study of technologies, systems, attack methods, vulnerabilities, and defensive techniques to establish evidence and produce new findings. In information security, it includes work such as discovering flaws in software or protocols, analyzing malware and attacker behavior, testing cryptographic designs, and evaluating security controls. News under this tag may describe a proof of concept, a measurement study, or a proposed technique rather than a confirmed real-world attack.
For practitioners, research can change how risks are prioritized and mitigated. A demonstrated vulnerability may require vulnerability-management teams to verify affected assets, apply fixes, or add compensating controls; responsible disclosure gives developers time to assess and remediate before technical details enable exploitation. Research involving live systems, personal data, or offensive tooling also raises privacy, authorization, dual-use, and ethical concerns. Sound findings should state their assumptions, scope, limitations, and reproducibility, since laboratory results do not automatically show that an attack is practical in every environment.
New Perfctl Malware Targets Linux Servers for Cryptocurrency Mining and Proxyjacking
Linux servers are the target of an ongoing campaign that delivers a stealthy malware dubbed perfctl with the primary aim of running a cryptocurrency miner and proxyjacking software
A Single Cloud Compromise Can Feed an Army of AI Sex Bots
Organizations that get relieved of credentials to their cloud environments can quickly find themselves part of a disturbing new trend: Cybercriminals using stolen cloud credentials to operate and resell sexualized AI-powered chat services. Researchers say these illicit chat bots, which use custom jailbreaks to bypass content filtering, often veer into darker role-playing scenarios, including child sexual exploitation and rape.
Crypto-Doubling Scams Surge Following Presidential Debate
Researchers see an uptick in crypto-doubling investment scams following the first presidential debate
China-Backed APT Group Culling Thai Government Data
CeranaKeeper is bombarding Southeast Asia with data exfiltration attacks via file-sharing services such as Pastebin, OneDrive, and GitHub, researchers say.
OpenAI Valuation Nearly Doubles to $157B After $6.6B Funding
Thrive Capital, Microsoft, SoftBank, Nvidia Reportedly Lead OpenAI's Latest FundingOpenAI’s new $6.6 billion round of funding has nearly doubled its valuation to $157 billion. With investments from Thrive Capital, Microsoft, SoftBank and Nvidia, OpenAI plans to expand its AI research while facing pressures around executive turnover and its transition away from a nonprofit model.
Alert: Adobe Commerce and Magento Stores Under Attack from CosmicSting Exploit
Cybersecurity researchers have disclosed that 5% of all Adobe Commerce and Magento stores have been hacked by malicious actors by exploiting a security vulnerability dubbed CosmicSting
'Patch yesterday': Zimbra mail servers under siege through RCE vuln
Attacks began the day after public disclosure "Patch yesterday" is the advice from infosec researchers as the latest critical vulnerability affecting Zimbra mail servers is now being mass-exploited.…
The fix for BGP's weaknesses has big, scary, issues of its own, boffins find
Bother, given the White House has bet big on RPKI – just like we all rely on immature internet infrastructure that usually works The Resource Public Key Infrastructure (RPKI) protocol has "software vulnerabilities, inconsistent specifications, and operational challenges" according to a pre-press paper from a trio of German researchers.…
Researchers Sound Alarm on Active Attacks Exploiting Critical Zimbra Postjournal Flaw
Cybersecurity researchers are warning about active exploitation attempts targeting a newly disclosed security flaw in Synacor's Zimbra Collaboration
Arc browser launches bug bounty program after fixing RCE bug
The Browser Company has introduced an Arc Bug Bounty Program to encourage security researchers to report vulnerabilities to the project and receive rewards. [...]
Ten Million Brits Hit By Fraud in Just Three Years
New Santander research claims 10 million UK consumers have suffered fraud since 2021, costing the economy £16bn
ISACA: European Security Teams Are Understaffed and Underfunded
New ISACA research reveals most cybersecurity teams are suffering from staffing and funding shortages
Free Sniper Dz Phishing Tools Fuel 140,000+ Cyber Attacks Targeting User Credentials
More than 140,000 phishing websites have been found linked to a phishing-as-a-service (PhaaS) platform named Sniper Dz over the past year, indicating that it's being used by a large number of cybercriminals to conduct credential theft
New Cryptojacking Attack Targets Docker API to Create Malicious Swarm Botnet
Cybersecurity researchers have uncovered a new cryptojacking campaign targeting the Docker Engine API with the goal of co-opting the instances to join a malicious Docker Swarm controlled by the threat actor
NVIDIA Container Toolkit Vulnerability Exposes AI Systems to Risk
The vulnerability, discovered by Wiz researchers, affects both cloud-based and on-premises AI applications using the toolkit