New Security Tools Target Growing macOS Threats
A public dataset and platform-agnostic analysis tool aim to help organizations in the fight against Apple-targeted malware, which researchers say has lacked proper attention.
Research examines attack methods, defenses, and vulnerabilities, helping security teams understand risks and improve protection.
Search across headline titles and summaries.
Background for this topic.
Research is the systematic study of technologies, systems, attack methods, vulnerabilities, and defensive techniques to establish evidence and produce new findings. In information security, it includes work such as discovering flaws in software or protocols, analyzing malware and attacker behavior, testing cryptographic designs, and evaluating security controls. News under this tag may describe a proof of concept, a measurement study, or a proposed technique rather than a confirmed real-world attack.
For practitioners, research can change how risks are prioritized and mitigated. A demonstrated vulnerability may require vulnerability-management teams to verify affected assets, apply fixes, or add compensating controls; responsible disclosure gives developers time to assess and remediate before technical details enable exploitation. Research involving live systems, personal data, or offensive tooling also raises privacy, authorization, dual-use, and ethical concerns. Sound findings should state their assumptions, scope, limitations, and reproducibility, since laboratory results do not automatically show that an attack is practical in every environment.
A public dataset and platform-agnostic analysis tool aim to help organizations in the fight against Apple-targeted malware, which researchers say has lacked proper attention.
The North Korean threat actors behind the Contagious Interview campaign have once again tweaked their tactics by using JSON storage services to stage malicious payloads
Most enterprises use more than 1,000 apps, according to ESG research, yet about half are integrated with IGA. Industry innovations enable teams to expand app coverage and get more IGA value.
Growing Enterprise Use Cases and National Missions Signal Toward a Quantum EraQuantum computers are finally emerging from sterile labs after decades of research and development. Recent breakthroughs and use cases indicate that the quantum decade has begun, with collaboration across the private sector, startup community, government and academia accelerating development.
Cybersecurity researchers have uncovered critical remote code execution vulnerabilities impacting major artificial intelligence (AI) inference engines, including those from Meta, Nvidia, Microsoft, and open-source PyTorch projects such as vLLM and SGLang
Anthropic’s Claude Code AI assistant performed 80% to 90% of the tasks involved in a recent cyber-attack campaign, said Anthropic researchers
Cybersecurity researchers are sounding the alert about an authentication bypass vulnerability in Fortinet Fortiweb WAF that could allow an attacker to take over admin accounts and completely compromise a device
Flaw Enabled Remote Code Execution, Say AWS ResearchersResearchers from AWS said they spotted a hacking campaign taking advantage of a zero-day vulnerability in Cisco network access control software before the routing giant patched it earlier this year. The flaw let attackers perform pre-authentication remote code execution.
Checkout.com will instead donate the amount to fund cybercrime research Ransomware is a huge business, because affected orgs keep forking over money to get their data back. However, instead of paying a ransom demand after getting hit by extortionists last week, payment services provider Checkout.com donated the demanded amount to fund cybercrime research.…
Cybersecurity researchers have uncovered a malicious Chrome extension that poses as a legitimate Ethereum wallet but harbors functionality to exfiltrate users' seed phrases
Cybersecurity researchers are calling attention to a large-scale spam campaign that has flooded the npm registry with thousands of fake packages since early 2024 as part of a likely financially motivated effort
In this blog entry, Trend™ Research analyses the layered command-and-control approaches that Lumma Stealer uses to maintain its ongoing operations while enhancing collection of victim-environment data.
Fiery Driver Version Didn't Validate Source File, Had Hardcoded CredentialsPrinter servers from major manufactures such as Canon and Sharp could be susceptible to a supply chain hack due to flaws in a driver updater, researchers warn. Cyderes said Wednesday it identified two major security risks in a version of the Fiery Driver Updater.
Threat actors were exploiting vulnerable versions of Triofox after a patched version was released, said Google Cloud researchers
Cybersecurity researchers have discovered a malicious npm package named "@acitons/artifact" that typosquats the legitimate "@actions/artifact" package with the intent to target GitHub-owned repositories
Cybersecurity researchers have disclosed details of a new Android remote access trojan (RAT) called Fantasy Hub that's sold on Russian-speaking Telegram channels under a Malware-as-a-Service (MaaS) model
Encryption protects content, not context Mischief-makers can guess the subjects being discussed with LLMs using a side-channel attack, according to Microsoft researchers. They told The Register that models from some providers, including Anthropic, AWS, DeepSeek, and Google, haven't been fixed, putting both personal users and enterprise communications at risk.…
Pedestrians Uniquely Refract Directional Radio SignalsThe way you use your walk - specifically when striding through a Wi-Fi field shaped by directional antennae - can reveal who you are, found researchers who investigated the surveillance potential of wireless routers. "Every router is a potential surveillance device," say researchers.
Cybersecurity researchers have called attention to a massive phishing campaign targeting the hospitality industry that lures hotel managers to ClickFix-style pages and harvest their credentials by deploying malware like PureRAT
Cybersecurity researchers have disclosed a new set of three extensions associated with the GlassWorm campaign, indicating continued attempts on part of threat actors to target the Visual Studio Code (VS Code) ecosystem