Research Archives

Infosec pros: We need CVSS, warts and all

The Common Vulnerability Scoring System has a lot of critics, but experts say it’s still the best unified way to share the severity of cybersecurity flaws.

4 hours ago By Cynthia Brumfield

Here’s all the ways an abandoned cloud instance can cause security issues

Research released Tuesday by watchTowr shows how easy an old storage bucket can be repurposed by malicious attackers.

1 day ago By Greg Otto

From credit card fraud to zero-day exploits: Xe Group expanding cybercriminal efforts

The Vietnam-based group has grown more sophisticated since 2013, new research shows.

2 days ago By Greg Otto

DARPA’s work focuses on two specific types of buses: Peripheral Component Interconnect Express (PCIe) and Compute Express Link (CXL). (Photo by Getty Images)

DARPA wants to create ‘self-healing’ firmware that can respond and recover from cyberattacks

The agency’s Red-C program seeks to build new defenses into bus-based computer systems.

Jan 30, 2025 By Derek B. Johnson

A flaw in Lightning.AI’s platform, which has been patched, would have given root access to an attacker and broad control over a victim’s cloud-based studio and connected systems. (Image Source: Getty Images)

Vulnerability in popular AI developer could ‘shut down essentially everything you own’

The flaw in Lightning.AI’s platform, which has been patched, would have given root access to an attacker and broad control over a victim’s cloud-based studio and connected…

Jan 29, 2025 By Derek B. Johnson

Digital generated image of html code over deep black background. (Getty Images)

Open-source security spat leads companies to join forces for new tool

A company’s licensing change to a static analysis tool has forced 10 companies together to create Opengrep.

Jan 27, 2025 By Greg Otto

A photo taken on March 31, 2023 in Manta, near Turin, shows a computer screen with the home page of the artificial intelligence OpenAI web site, displaying its chatGPT robot. (Photo by Marco BERTORELLO / AFP) (Photo by MARCO BERTORELLO/AFP via Getty Images)

‘Severe’ bug in ChatGPT’s API could be used to DDoS websites

The vulnerability, described by a researcher as “bad programming,” allows an attacker to send unlimited connection requests through ChatGPT’s API.

Jan 22, 2025 By Derek B. Johnson

botnet, attack, ddos, red team, mykings — (Getty Images)

Cloudflare detected (and blocked) the biggest DDoS attack on record

The company said that the 5.6 Tbps attack is indicative of the steady increase in the size of these attacks.

Jan 22, 2025 By Greg Otto

On Dec. 27, VulnCheck detailed the vulnerability, tracked as CVE-2024-12856, wherein an attacker can leverage default credentials in Four-Faith F3x24 and F3x36 routers to remotely inject commands into the operating system. (Getty Images)

Thousands of industrial routers vulnerable to command injection flaw

The vulnerability, found in versions of Four-Faith routers, appears to have been exploited in the wild and has been connected to attempted infections of Mirai.

Dec 30, 2024 By Derek B. Johnson

Turla was able bypass traditional security measures and gain long-term access to Ukrainian military networks. (Getty Images)

Turla living off other cybercriminals’ tools in order to attack Ukrainian targets

A Russian nation-state threat actor has been observed leveraging tools from other cybercriminal groups to compromise targets in Ukraine, a recent report by Microsoft Threat Intelligence disclosed.…

Dec 11, 2024 By Greg Otto