AutoSpill attack steals credentials from Android password managers
Security researchers developed a new attack, which they named AutoSpill, to steal account credentials on Android during the autofill operation. [...]
Research examines attack methods, defenses, and vulnerabilities, helping security teams understand risks and improve protection.
Search across headline titles and summaries.
Background for this topic.
Research is the systematic study of technologies, systems, attack methods, vulnerabilities, and defensive techniques to establish evidence and produce new findings. In information security, it includes work such as discovering flaws in software or protocols, analyzing malware and attacker behavior, testing cryptographic designs, and evaluating security controls. News under this tag may describe a proof of concept, a measurement study, or a proposed technique rather than a confirmed real-world attack.
For practitioners, research can change how risks are prioritized and mitigated. A demonstrated vulnerability may require vulnerability-management teams to verify affected assets, apply fixes, or add compensating controls; responsible disclosure gives developers time to assess and remediate before technical details enable exploitation. Research involving live systems, personal data, or offensive tooling also raises privacy, authorization, dual-use, and ethical concerns. Sound findings should state their assumptions, scope, limitations, and reproducibility, since laboratory results do not automatically show that an attack is practical in every environment.
Security researchers developed a new attack, which they named AutoSpill, to steal account credentials on Android during the autofill operation. [...]
Researchers from the Vrije Universiteit Amsterdam have disclosed a new side-channel attack called SLAM that could be exploited to leak sensitive information from kernel memory on current and upcoming CPUs from Intel, AMD, and Arm
Threat hunters have unmasked the latest tricks adopted by a malware strain called GuLoader in an effort to make analysis more challenging
RAT Is Tailored to Exploit Vulnerabilities in Linux Kernel VersionsHackers targeted telecommunications companies in Thailand with a Linux remote access Trojan designed to attack different versions of the open-source kernel, researchers say. Dubbed "Krasue," the malware poses a "severe risk to critical systems and sensitive data," says Group-IB researchers.
The North Korean threat actor known as Kimsuky has been observed targeting research institutes in South Korea as part of a spear-phishing campaign with the ultimate goal of distributing backdoors on compromised systems
Veeam research reveals that corporate victims of ransomware are more likely to increase prices and fire staff
Says it was probably hacked, which isn't good news either A trio of Polish security researchers claim to have found that trains built by Newag SA contain software that sabotages them if the hardware is serviced by competitors.…
Akamai says it reported the flaws to Microsoft. Redmond shrugged A series of attacks against Microsoft Active Directory domains could allow miscreants to spoof DNS records, compromise Active Directory and steal all the secrets it stores, according to Akamai security researchers.…
A state-sponsored Scooby Doo villain has once again been thwarted by those meddling researchers.
"Tree of Attacks With Pruning" is the latest in a growing string of methods for eliciting unintended behavior from a large language model.
The Metomic research also suggested 34.2% of the files were shared with external contacts
YouGov and Aviva research finds that UK businesses are almost five times as likely to have experienced a cyber-attack as a fire
Security researchers discovered a remote access trojan they named Krasue that is targeting Linux systems of telecommunications companies and managed to remain undetected since 2021. [...]
Academic researchers developed a new side-channel attack called SLAM that exploits hardware features designed to improve security in upcoming CPUs from Intel, AMD, and Arm to obtain the root password hash from the kernel memory. [...]
Researchers Find Way to Hack Apple's Most Extreme Security Feature for iPhonesResearchers from Jamf Threat Labs said they have managed to manipulate the code in a compromised iPhone to effectively make it appear as if the device is entering Lockdown Mode - but "without any of the protections that would normally be implemented by the service."
Researchers Automate Tricking LLMs Into Providing Harmful InformationA small group of researchers says it has identified an automated method for jailbreaking OpenAI, Meta and Google large language models with no obvious fix. Just like the algorithms that researchers can force into giving dangerous or undesirable responses, the technique depends on machine learning.
Black Hat researchers show top password managers on Android mobiles are prone to leak passwords when using WebView autofill function.
More than five years after domain name registrars started redacting personal data from all public domain registration records, the non-profit organization overseeing the domain industry has introduced a centralized online service designed to make it easier for researchers, law enforcement and others to request the information directly from registrars.
Despite a focus on the future, there's no indication of how well the cybersecurity basics needed to stay safe are being applied.
Threat actors can take advantage of Amazon Web Services Security Token Service (AWS STS) as a way to infiltrate cloud accounts and conduct follow-on attacks