New BIFROSE Linux Malware Variant Using Deceptive VMware Domain for Evasion
Cybersecurity researchers have discovered a new Linux variant of a remote access trojan (RAT) called BIFROSE (aka Bifrost) that uses a deceptive domain mimicking VMware
Research examines attack methods, defenses, and vulnerabilities, helping security teams understand risks and improve protection.
Search across headline titles and summaries.
Background for this topic.
Research is the systematic study of technologies, systems, attack methods, vulnerabilities, and defensive techniques to establish evidence and produce new findings. In information security, it includes work such as discovering flaws in software or protocols, analyzing malware and attacker behavior, testing cryptographic designs, and evaluating security controls. News under this tag may describe a proof of concept, a measurement study, or a proposed technique rather than a confirmed real-world attack.
For practitioners, research can change how risks are prioritized and mitigated. A demonstrated vulnerability may require vulnerability-management teams to verify affected assets, apply fixes, or add compensating controls; responsible disclosure gives developers time to assess and remediate before technical details enable exploitation. Research involving live systems, personal data, or offensive tooling also raises privacy, authorization, dual-use, and ethical concerns. Sound findings should state their assumptions, scope, limitations, and reproducibility, since laboratory results do not automatically show that an attack is practical in every environment.
Cybersecurity researchers have discovered a new Linux variant of a remote access trojan (RAT) called BIFROSE (aka Bifrost) that uses a deceptive domain mimicking VMware
Moving From AFDS to Avoid 'Golden SAML' Wasn't A Cure-AllA post-SolarWinds move away from Active Directory Federation Services to Azure AD - now known as Entra ID - didn't necessarily stop hackers from forging single sign on authentication messages, warn security researchers from Semperis, who unveiled an attack they dub "Silver SAML."
North Korean state actors Lazarus Group used a Windows AppLocker zero day, along with a new and improved rootkit, in a recent cyberattack, researchers report.
Also: Malware Campaign Hits GitHub, Affects Over 100,000 ReposThis week, the Biden administration urged software developers to adopt memory-safe programming languages and moved to restrict Chinese connected cars, a pharma giant was breached, researchers found malicious repos in GitHub, the Phobos RaaS group is targeting the U.S., and Zyxel patched devices.
Cybersecurity researchers have disclosed a new attack technique called Silver SAML that can be successful even in cases where mitigations have been applied against Golden SAML attacks
Group-IB research warns of rising use of zero-day threats in targeted attacks
Hackers Are Leveraging Israel-Hamas War to Carry Out Attacks, Researcher Tells ISMGCybersecurity researchers identified a suspected Iranian espionage campaign targeting aerospace, aviation and defense industries across the Middle East. Hackers targeted employees within the aviation and defense sectors with fake job offers for tech and defense-related positions.
Study Shows Correlation Between Polite Language, Culture and LLM OutputIt pays to be nice, even to an inanimate chunk of code masquerading as a conversation partner, find Japanese researchers from Tokyo's Waseda University who investigated the performance of large language models under conditions ranging from rudeness to obsequiousness.
Forrester's David Holmes on Why CISOs Must Evaluate Microsegmentation in CloudMicrosegmentation is a fundamental concept in zero trust security, but CISOs should assess its feasibility before diving in. This is particularly true in a public cloud environment where there is no real network policy, said David Holmes, principal research analyst at Forrester.
Cybersecurity researchers have found that it's possible to compromise the Hugging Face Safetensors conversion service to ultimately hijack the models submitted by users and result in supply chain attacks
Some Researchers Confident ConnectWise ScreenConnect Flaw Was Exploited in AttackHealthcare industry groups are urging their members to take certain precautionary actions in the wake of the attack last week on Change Healthcare, a unit of Optum. The advisories come as some researchers say the incident appears to involve exploitation of flaws in ConnectWise's ScreenConnect tool.
Cybersecurity researchers are warning about a spike in email phishing campaigns that are weaponizing the Google Cloud Run service to deliver various banking trojans such as Astaroth (aka Guildma), Mekotio, and Ousaban (aka Javali) to targets across Latin America (LATAM) and Europe