Research Archives

(Photo by John Smith/VIEWpress/Getty Images)

Threat researchers spot ‘device code’ phishing attacks targeting Microsoft accounts

Suspected Russian nation-state threat groups have duped multiple victims into granting potentially persistent access to networks via authentication requests and valid tokens.

8 hours ago By Matt Kapko

For suspected Chinese hackers, U.S. telecoms represent a tempting target for espionage. (Getty Images)

Salt Typhoon remains active, hits more telecom networks via Cisco routers

The Chinese nation-state threat group intruded five additional telecom networks between December and January, including two unnamed providers in the U.S., Recorded Future researchers said.

1 day ago By Matt Kapko

Cars drive past the headquarters of the Russian General Staff’s Main Intelligence Department (GRU) in Moscow on December 30, 2016. (Photo by NATALIA KOLESNIKOVA/AFP via Getty Images)

Russian state threat group shifts focus to US, UK targets

A subgroup of Seashell Blizzard exploited public vulnerabilities in internet-facing systems, Microsoft researchers said.

2 days ago By Matt Kapko

Infosec pros: We need CVSS, warts and all

The Common Vulnerability Scoring System has a lot of critics, but experts say it’s still the best unified way to share the severity of cybersecurity flaws.

Feb 5, 2025 By Cynthia Brumfield

Here’s all the ways an abandoned cloud instance can cause security issues

Research released Tuesday by watchTowr shows how easy an old storage bucket can be repurposed by malicious attackers.

Feb 4, 2025 By Greg Otto

From credit card fraud to zero-day exploits: Xe Group expanding cybercriminal efforts

The Vietnam-based group has grown more sophisticated since 2013, new research shows.

Feb 3, 2025 By Greg Otto

DARPA’s work focuses on two specific types of buses: Peripheral Component Interconnect Express (PCIe) and Compute Express Link (CXL). (Photo by Getty Images)

DARPA wants to create ‘self-healing’ firmware that can respond and recover from cyberattacks

The agency’s Red-C program seeks to build new defenses into bus-based computer systems.

Jan 30, 2025 By Derek B. Johnson

A flaw in Lightning.AI’s platform, which has been patched, would have given root access to an attacker and broad control over a victim’s cloud-based studio and connected systems. (Image Source: Getty Images)

Vulnerability in popular AI developer could ‘shut down essentially everything you own’

The flaw in Lightning.AI’s platform, which has been patched, would have given root access to an attacker and broad control over a victim’s cloud-based studio and connected…

Jan 29, 2025 By Derek B. Johnson

Digital generated image of html code over deep black background. (Getty Images)

Open-source security spat leads companies to join forces for new tool

A company’s licensing change to a static analysis tool has forced 10 companies together to create Opengrep.

Jan 27, 2025 By Greg Otto

A photo taken on March 31, 2023 in Manta, near Turin, shows a computer screen with the home page of the artificial intelligence OpenAI web site, displaying its chatGPT robot. (Photo by Marco BERTORELLO / AFP) (Photo by MARCO BERTORELLO/AFP via Getty Images)

‘Severe’ bug in ChatGPT’s API could be used to DDoS websites

The vulnerability, described by a researcher as “bad programming,” allows an attacker to send unlimited connection requests through ChatGPT’s API.

Jan 22, 2025 By Derek B. Johnson