Category: Research

Auto Added by WPeMatico

AI, Cybersecurity, Cybersecurity and Infrastructure Security Agency (CISA), Geopolitics, Global Security News, Government, Government & Policy, malware, Research, Russia

After major Poland energy grid cyberattack, CISA issues warning to U.S. audience

February 10, 2026

A recent attempt at a destructive cyberattack on Poland’s power grid has prompted the Cybersecurity and Infrastructure Security Agency to publish a warning for U.S. critical infrastructure owners and operators. Tuesday’s alert follows a Jan. 30 report from Poland’s Computer Emergency Response Team concluded the December attack overlapped significantly with infrastructure used by a Russian…

Ivanti’s EPMM is under active attack, thanks to two critical zero-days

February 3, 2026

Attackers are again focusing on a familiar target in the network edge space, actively exploiting two critical zero-day vulnerabilities in Ivanti software that allows administrators to set mobile device and application controls. The vulnerabilities — CVE-2026-1281 and CVE-2026-1340 — each carry a CVSS rating of 9.8 and allow unauthenticated users to execute code remotely in…

China-based espionage group compromised Notepad++ for six months

February 2, 2026

A China-based threat group operating for almost two decades broke into the internal systems of Notepad++, an extremely popular open source-code editor, to spy on a select group of targeted users, researchers at Rapid7 said Monday. Don Ho, the author and maintainer of the open-source tool, said independent security researchers confirmed a China state-sponsored group…

China-based espionage group compromised Notepad++ for six months

February 2, 2026

Long-running North Korea threat group splits into 3 distinct operations

January 29, 2026

A North Korea-backed threat group operating since 2009 has splintered into three distinct groups with specialized malware and objectives, CrowdStrike said in a report released Thursday. Labeled “Labyrinth Chollima” by the company, the group follows a divergence pattern CrowdStrike observed previously. Labyrinth Chollima has spawned two additional groups: Golden Chollima and Pressure Chollima. The spin-offs,…

Cybercriminals and nation-state groups are exploiting a six-month old WinRAR defect

January 27, 2026

Google Threat Intelligence Group warned that a diverse and growing collection of attackers, including nation-state groups and financially motivated cybercriminals, are exploiting a path-traversal vulnerability affecting WinRAR that was disclosed and patched six months ago. The high-severity vulnerability — CVE-2025-8088 — was exploited in the wild almost two weeks before RARLAB, the vendor behind the…

Some ChatGPT browser extensions are stealing your data

January 26, 2026

ChatGPT users beware: your browser extensions could be used to steal your accounts and identity. LayerX Research has identified at least 16 Chrome browser extensions for ChatGPT floating around the internet that promise to enhance work productivity. All show signs of being built by the same threat actor and designed for the same purpose: to…

New Research Exposes Critical Gap: 64% of Third-Party Applications Access Sensitive Data Without Authorization

January 21, 2026

Boston, MA, USA, 21st January 2026, CyberNewsWire

HackerOne rolls out industry framework to support ‘good faith’ AI research

January 20, 2026

Four years ago, the Department of Justice announced it would no longer seek criminal charges against independent and third-party security researchers for “good faith” security research under the Computer Fraud and Abuse Act. Now, a prominent bug bounty platform is attempting to build a framework for industry to offer similar protections to researchers who study…

Airlock Digital Announces Independent TEI Study Quantifying Measurable ROI & Security Impact

January 20, 2026

Atlanta, GA, United States, 20th January 2026, CyberNewsWire

CISA’s secure-software buying tool had a simple XSS vulnerability of its own

January 15, 2026

A Cybersecurity and Infrastructure Security Agency tool dedicated to helping government agencies buy secure software turned out to have a cybersecurity vulnerability of its own. Jeff Williams, the former leader of the Open Worldwide Application Security Project (OWASP), told CyberScoop that he discovered a cross-site scripting vulnerability in CISA’s “Software Acquisition Guide: Supplier Response Web…

Predator spyware demonstrates troubleshooting, researcher-dodging capabilities

January 14, 2026

Predator spyware operators have the ability to recognize why an infection failed, and the tech has more sophisticated capabilities for averting detection than previously known, according to research published Wednesday. Jamf Threat Labs found from an analysis of a Predator sample that it has an error code system that can alert operators to why an…

Microsoft seizes RedVDS infrastructure, disrupts fast-growing cybercrime marketplace

January 14, 2026

Microsoft announced Wednesday that it worked with international law enforcement to seize infrastructure used to run cybercrime subscription service RedVDS and organized civil actions in the United States and United Kingdom to disrupt its further use. RedVDS has enabled at least $40 million in fraud losses in the U.S. since March 2025, according to Microsoft.…

Microsoft Patch Tuesday addresses 112 defects, including one actively exploited zero-day

January 13, 2026

Microsoft’s first security update of 2026 addressed 112 vulnerabilities affecting its products and underlying systems, including one actively exploited zero-day in Desktop Window Manager. The company’s latest Patch Tuesday update marks the second consecutive month with no critical vulnerabilities disclosed. The batch of patches also contains more than 110 CVEs for the second January in…

ServiceNow patches critical AI platform flaw that could allow user impersonation

January 13, 2026

ServiceNow has addressed a critical security vulnerability in its AI platform that could have allowed unauthenticated users to impersonate legitimate users and perform unauthorized actions, the company disclosed Monday. The flaw, designated CVE-2025-12420 and carrying a severity score of 9.3 out of 10, was discovered by SaaS security firm AppOmni in October. ServiceNow deployed fixes…

Researchers rush to warn defenders of max-severity defect in n8n

January 7, 2026

Researchers warn that a critical vulnerability in n8n, an automation platform that allows organizations to integrate AI agents, workflows and hundreds of other enterprise services, could be exploited by attackers to achieve full control of targeted networks. The maximum-severity vulnerability — CVE-2026-21858 — affects about 100,000 servers globally, according to Cyera, which initially discovered and…

OpenAI says prompt injection may never be ‘solved’ for browser agents like Atlas

December 30, 2025

OpenAI is warning that prompt injection, a technique that hides malicious instructions inside ordinary online content, is becoming a central security risk for AI agents designed to operate inside a web browser and carry out tasks for users. The company said it recently shipped a security update for ChatGPT Atlas after internal automated red-teaming uncovered…

MongoBleed defect swirls, stamping out hope of year-end respite

December 29, 2025

Cybersecurity professionals are closing out 2025 confronting yet another information-disclosure vulnerability, drawing widespread concern as threat hunters and researchers race to avoid impacts comparable to previous defects dubbed with a “bleed” suffix. MongoBleed — CVE-2025-14847 — is a high-severity vulnerability affecting many versions of MongoDB with default configurations that allows unauthenticated attackers to leak server…

Cisco customers hit by fresh wave of zero-day attacks from China-linked APT

December 18, 2025

Cisco customers are confronting a fresh wave of attacks from a Chinese threat group that has actively exploited a critical zero-day vulnerability affecting the vendor’s software for email and web security since at least late November, the company said in an advisory Wednesday. Cisco said it became aware of the attacks Dec. 10. The defect…

React2Shell fallout spreads to sensitive targets as public exploits hit all-time high

December 17, 2025

Fallout from React2Shell — a stubborn vulnerability that impacts wide swaths of the internet’s scaffolding — continues to spread as public exploits and stealth backdoors proliferate and worrying details emerge about the targets attackers are pursuing. Threat researchers and incident responders are reacting to swift-moving developments on React2Shell with mounting concern. Cybercriminals, ransomware gangs and…

Amazon warns that Russia’s Sandworm has shifted its tactics

December 16, 2025

Attackers associated with Russia’s Main Intelligence Directorate (GRU) have targeted Western-based critical infrastructure with a special focus on the energy sector as part of an ongoing campaign dating back to 2021, Amazon Threat Intelligence said in a report Monday. The threat group simplified operations earlier this year by shifting away from vulnerability exploitation to focus…

Attacks pinned to critical React2Shell defect surge, surpass 50 confirmed victims

December 10, 2025

Security experts have observed a steady increase in malicious activity from a widening pool of attackers seeking to exploit React2Shell, a critical vulnerability disclosed last week in React Server Components. Authorities are also responding to heightened concern about the defect, with the Cybersecurity and Infrastructure Security Agency shortening the deadline for agencies to patch the…

UK cyber agency warns LLMs will always be vulnerable to prompt injection

December 8, 2025

The UK’s top cyber agency issued a warning to the public Monday: large language model AI tools may always contain a persistent flaw that allows malicious actors to hijack models and potentially weaponize them against users. When ChatGPT launched in 2022, security researchers began testing the tool and other LLMs for functionality, security and privacy.…

Attackers hit React defect as researchers quibble over proof

December 5, 2025

Attackers of different origins and motivations swiftly exploited a critical vulnerability dubbed React2Shell, affecting React Server Components shortly after Meta and the React team publicly disclosed the flaw with a patch Wednesday. Multiple security firms are actively responding to active exploitation in the wild as a scrum of reports conclude the malicious activity is limited…

Officials warn about expansive, ongoing China espionage threat riding on Brickstorm malware

December 4, 2025

Cybersecurity authorities and threat analysts unveiled alarming details Thursday about a suspected China state-sponsored espionage and data theft campaign that Google previously warned about in September. The outlook based on their limited visibility into China’s sustained ability to burrow into critical infrastructure and government agency networks undetected, dating back to at least 2022, is grim.…

SpyCloud Data Shows Corporate Users 3x More Likely to Be Targeted by Phishing Than by Malware

December 4, 2025

Austin, TX, USA, 4th December 2025, CyberNewsWire

Developers scramble as critical React flaw threatens major apps

December 3, 2025

Security researchers and code developers are scrambling to patch and investigate a critical vulnerability affecting React Server Components, an open-source library used widely across the internet and embedded into many essential software frameworks. The rapid response underscores the potential consequences of exploitation. Although no attacks have been observed or reported, researchers expect them soon and…

BreachLock Named a Leader in 2025 GigaOm Radar Report for Penetration Testing as a Service (PTaaS) for Third Consecutive Year

December 1, 2025

New York, New York, 1st December 2025, CyberNewsWire

BreachLock Named a Leader in 2025 GigaOm Radar Report for Penetration Testing as a Service (PTaaS) for Third Consecutive Year

December 1, 2025

New York, New York, 1st December 2025, CyberNewsWire

Underground AI models promise to be hackers ‘cyber pentesting waifu’

November 25, 2025

As legitimate businesses purchase AI tools from some of the largest companies in the world, cybercriminals are accessing an increasingly sophisticated underground market for custom LLMs designed to assist with lower-level hacking tasks. In a report published Tuesday, Palo Alto Networks’ Unit 42 looked at how underground hacking forums advertise and sell custom, jailbroken, and…

Shai-Hulud worm returns stronger and more automated than ever before

November 24, 2025

Security researchers and authorities are warning about a fresh wave of supply-chain attacks linked to a self-replicating worm that attackers have injected into almost 500 npm (node.js package manager) software packages, exposing more than 26,000 open-source repositories on GitHub. The trojanized npm packages, which were first discovered late Sunday by Charlie Eriksen, security researcher at…

New research finds that Claude breaks bad if you teach it to cheat

November 24, 2025

According to Anthropic, its large language model Claude is designed to be a “harmless” and helpful assistant. But new research released by the company Nov. 21 shows that when Claude is taught to cheat in one area, it becomes broadly malicious and untrustworthy in other areas. The research, conducted by 21 people — including contributors…

Amazon warns of global rise in specialized cyber-enabled kinetic targeting

November 19, 2025

Amazon said the lines between cyberattacks and physical, real-world attacks are blurring quickly — prompting the tech giant to call for a new category of warfare: cyber-enabled kinetic targeting. Nation-states have combined and understood how logical systems and the physical world interact for a long time, but more non-traditional attackers are showcasing expertise in using…

Hackers turn open-source AI framework into global cryptojacking operation

November 18, 2025

Malicious hackers have been attacking the development environment of an open-source AI framework, twisting its functions into a global cryptojacking bot for profit, according to researchers at cybersecurity firm Oligo. The flaw exists in an Application Programming Interface for Ray, an open-source framework for automating, scaling and optimizing compute resources that Oligo researchers called “Kubernetes…

Fortinet’s delayed alert on actively exploited defect put defenders at a disadvantage

November 17, 2025

Federal authorities and researchers alerted organizations Friday to a massively exploited vulnerability in Fortinet’s web application firewall. While the actively exploited critical defect poses significant risk to Fortinet’s customers, researchers are particularly agitated about the vendor’s delayed communications and, ultimately, post-exploitation warnings about the vulnerability. Fortinet addressed CVE-2025-64446 in a software update pushed Oct. 28,…

Deeper Network Promo Deeper Network Promo

AI, Asia Pacific, Cybersecurity, Geopolitics, Global Security News, Research, Technology

China’s ‘autonomous’ AI-powered hacking campaign still required a ton of human work

November 14, 2025

Anthropic made headlines Thursday when it released research claiming that a previously unknown Chinese state-sponsored hacking group used the company’s Claude AI generative AI product to breach at least 30 different organizations. According to Anthropic’s report, the threat actor was able to bypass Claude’s security guardrails using two methods: breaking up the work into discrete…

Google, researchers see signs that Lighthouse text scammers disrupted after lawsuit

November 14, 2025

The phishing kit Lighthouse, which has aided text scams like those soliciting victims to pay unpaid road tolls, appears to have been hampered shortly after Google filed a lawsuit aimed at its creators. Google said on Thursday that Lighthouse had been shut down. Two other organizations that have tracked the suspected Chinese operators of Lighthouse…

Amazon pins Cisco, Citrix zero-day attacks to APT group

November 12, 2025

Amazon’s threat intelligence team said it observed an advanced persistent threat group exploiting zero-day vulnerabilities affecting Cisco Identity Service Engine and Citrix NetScaler products before the vendors disclosed and patched the defects last summer. Amazon’s MadPot honeypot service detected active exploitation of the critical defects — CVE-2025-5777 in Citrix and CVE-2025-20337 in Cisco — and…

Amazon rolls out AI bug bounty program

November 11, 2025

Amazon became the latest company to open its large language models to outside security researchers, announcing the creation of a new bug bounty program for the tech giant’s AI tools. The program will allow select third-party researchers and academic teams to prod NOVA, Amazon’s suite of foundational AI models and receive compensation for their findings.…

What’s left to worry (and not worry) about in the F5 breach aftermath

November 10, 2025

Researchers aren’t very concerned about the dozens of undisclosed F5 vulnerabilities a nation-state attacker stole during a prolonged attack on F5’s internal systems. Yet, the heist of sensitive intelligence from a widely used vendor’s internal network resembles previous espionage-driven attacks that could pose long-term consequences downstream. F5, which became aware of the attack Aug. 9…

New Landfall spyware apparently targeting Samsung phones in Middle East

November 7, 2025

A new commercial-grade spyware has apparently been targeting Samsung Galaxy phones in the Middle East, but it’s not clear who’s behind it, researchers said in a blog post Friday. Whoever’s responsible, they seized upon a previously unknown, unpatched vulnerability known as a zero-day — a flaw Samsung has since closed, the researchers from Palo Alto…

Apple addresses more than 100 vulnerabilities in security updates for iPhones, Macs and iPads

November 4, 2025

Apple disclosed an exceptionally high number of vulnerabilities in core services and components used across its most popular devices, as the tech giant addressed 105 vulnerabilities in MacOS 26.1 and 56 vulnerabilities with the release of iOS 26.1 and iPadOS 26.1. The company’s latest security update includes some flaws that affect software spanning iPhones, Macs…

2025 Insider Risk Report Finds Most Organizations Struggle to Detect and Predict Insider Risks

November 4, 2025

Baltimore, USA, 4th November 2025, CyberNewsWire

OpenAI releases ‘Aardvark’ security and patching model

October 30, 2025

A new security-focused AI model released Thursday by OpenAI aims to automate bug hunting, patching and remediation. The model, powered by ChatGPT-5 and given the name Aardvark, has been used internally at OpenAI and among external partners. Currently offered in an invite-only Beta, it’s designed to continuously scan source code repositories to find known vulnerabilities…

Hacking Team successor linked to malware campaign, new ‘Dante’ commercial spyware

October 27, 2025

Kaspersky researchers said Monday that they’ve unearthed a malware campaign they’re linking to the successor company of the infamous Italy-based surveillance tech firm Hacking Team, and at the same time discovered new commercial malware tied to the same firm. The malware campaign that Kaspersky dubbed Operation ForumTroll targeted government organizations, media outlets, financial institutions, universities,…

Researchers track surge in high-level Smishing Triad activity

October 23, 2025

Researchers have uncovered a long-running phishing campaign that uses text messages to trick victims, and it’s both bigger and more complex than previously thought. The operation, dubbed Smishing Triad, is managed in Chinese and involves thousands of malicious actors, including dozens of active, high-level participants, Palo Alto Networks’ research unit told CyberScoop. Unit 42 has…

Researchers uncover remote code execution flaw in abandoned Rust code library

October 21, 2025

Security specialists at Edera discovered and disclosed a high-severity vulnerability in an early and since-abandoned code for an open-source async tar archive library for the Rust programming language. Researchers warned that potential exploitation, which allows for remote code execution, could bear major impacts due to widespread forking and a lack of visibility into the code’s…

Behind the struggle for control of the CVE program

October 20, 2025

On April 16, less than a month after nonprofit R&D organization MITRE celebrated the 25th anniversary of the Common Vulnerability and Exposures (CVE) effort, the program narrowly escaped a sudden demise when a last-minute, 11-month contract extension averted a shutdown. That near-miss put vulnerability experts and cybersecurity defenders on edge, most of whom still fear…

North Korean operatives spotted using evasive techniques to steal data and cryptocurrency

October 16, 2025

North Korean operatives that dupe job seekers into installing malicious code on their devices have been spotted using new malware strains and techniques, resulting in the theft of credentials or cryptocurrency and ransomware deployment, according to researchers from Cisco Talos and Google Threat Intelligence Group. Cisco Talos said it observed an attack linked to Famous…

Flax Typhoon can turn your own software against you

October 14, 2025

By Derek B. Johnson For more than a year, hackers from a Chinese state-backed espionage group maintained backdoor access to a popular software mapping tool by turning one of its own features into a webshell, according to new research from ReliaQuest. In a report published Tuesday, researchers said that Flax Typhoon — a group that…

Fortra cops to exploitation of GoAnywhere file-transfer service defect

October 13, 2025

Fortra, in its most forceful admission yet, confirmed a maximum-severity defect it disclosed in GoAnywhere MFT has been actively exploited in attacks, yet researchers are still pressing the vendor to be more forthcoming about how attackers obtained a private key required to achieve exploitation. The vendor published a summary of its investigation into CVE-2025-10035 Thursday,…

SonicWall admits attacker accessed all customer firewall configurations stored on cloud portal

October 9, 2025

A brute-force attack exposed firewall configuration files of every SonicWall customer who used the company’s cloud backup service, the besieged vendor said Wednesday. An investigation aided by Mandiant confirmed the totality of compromise that occurred when unidentified attackers hit a customer-facing system of SonicWall controls. The company previously said less than 5% of its firewall…

Dozens of Oracle customers impacted by Clop data theft for extortion campaign

October 9, 2025

Clop, the notorious ransomware group, began targeting Oracle E-Business Suite customers three months ago and started exploiting a zero-day affecting the enterprise platform to steal massive amounts of data from victims as early as Aug. 9, Google Threat Intelligence Group and Mandiant said in a report Thursday. “We’re still assessing the scope of this incident,…

Dozens of Oracle customers impacted by Clop data theft for extortion campaign

October 9, 2025

Dozens of Oracle customers impacted by Clop data theft for extortion campaign

October 9, 2025

Dozens of Oracle customers impacted by Clop data theft for extortion campaign

October 9, 2025