All news with #research tag

🔍VulnCheck's analysis indicates Anthropic's controlled-access Project Glasswing has only one publicly attributable CVE: CVE-2026-4747, a FreeBSD NFS remote code execution flaw described as autonomously identified and exploited. Researcher Patrick Garrity reviewed the CVE database and found 75 records mentioning Anthropic, but only 40 credited to its researchers and a single CVE tied explicitly to Glasswing. Industry observers warn that public attribution may understate the model's potential, and Anthropic plans a fuller accounting by July 2026.

🤖 A new laboratory experiment examines how humans respond when pitted against LLMs in a multi-player p-beauty contest versus other humans. Using a within-subject, monetarily-incentivised design, the study finds participants choose significantly lower numbers when playing against LLMs, with a marked increase in selections of the zero Nash-equilibrium. The effect concentrates among participants with strong strategic-reasoning ability, who report perceived AI reasoning and an unexpected expectation of cooperation as motivating factors.

🧠 A new paper, What hackers talk about when they talk about AI, analyzes more than 160 cybercrime forum conversations collected over seven months to show how offenders perceive and experiment with AI. The study finds growing curiosity about using both legitimate AI services and bespoke illicit models, alongside clear doubts about reliability, cost, and operational security. Authors use a diffusion-of-innovation framework to trace early-stage adoption and offer practical guidance for law enforcement and policymakers.

🔍 OX Security analyzed 216 million security findings from 250 organizations over a 90‑day period and found that while raw alert volume rose 52% year‑over‑year, prioritized critical risk increased nearly 400%. The ratio of critical findings to alerts nearly tripled, from 0.035% to 0.092%. The report links the surge to AI-assisted development and stresses that business context now often outweighs traditional technical severity.

🔍Analysis of more than one billion CISA KEV remediation records across 10,000 organizations over four years shows defensive operations have hit a human ceiling. Time-to-Exploit averages negative seven days while vulnerability volume rose 6.5× since 2022. Qualys identifies a Manual Tax and recommends shifting to autonomous, closed-loop Risk Operations Centers that measure Risk Mass rather than raw CVE counts.

🔒 Specops compared two flagship AI accelerators, the Nvidia H200 and AMD MI300X, against the consumer RTX 5090 using Hashcat benchmarks for MD5, NTLM, bcrypt, SHA-256 and SHA-512. The RTX 5090 outperformed both AI GPUs across all tested algorithms, often by wide margins, meaning the expensive AI hardware does not translate to superior password-cracking performance. Price-to-performance was stark: the H200 costs at least ten times an RTX 5090 yet delivers lower hash rates. The practical risk remains weak or reused credentials; long passphrases, breached-password detection, and MFA are the recommended mitigations.

🛡️ Cloudflare demonstrates an automated method to reverse-engineer classic BPF socket filters and generate the exact “magic” packets that trigger stealthy Linux backdoors. By combining symbolic execution with the Z3 theorem prover and translating the resulting constraints into concrete byte values, the approach reduces manual analysis of complex BPF bytecode from hours or days to seconds. The team uses scapy to assemble crafted packets and has open-sourced the filterforge tool to accelerate threat research and detection.

⚠️ New research describes GPUBreach, a set of GDDR6 RowHammer techniques that corrupt GPU page tables to gain arbitrary GPU memory read/write and, in GPUBreach's case, full host control. The work shows chained GDDR6 bit-flips can corrupt trusted driver state and trigger kernel memory-safety bugs in NVIDIA drivers even with the IOMMU enabled. Related efforts (GDDRHammer, GeForge) also achieve GPU-side arbitrary read/write, though some require IOMMU to be disabled. Enabling ECC reduces risk but is not a guaranteed mitigation for all platforms.

⚠️ A new attack called GPUBreach demonstrates that Rowhammer-induced bit flips in GDDR6 memory can corrupt GPU page tables and allow an unprivileged CUDA kernel to gain arbitrary GPU memory read/write access. The University of Toronto team showed this capability can be chained into CPU-side privilege escalation by exploiting memory-safety bugs in the NVIDIA driver, potentially yielding a full system compromise up to a root shell. Critically, the attack works with IOMMU enabled and remains unmitigated on consumer GPUs without ECC. Full technical details and a reproduction package will be published on April 13.

🌱 Google reports that its seventh‑generation TPU, Ironwood, achieved an approximately 3.7x improvement in Compute Carbon Intensity (CCI) versus TPU v5p based on fleet measurements in January 2026. CCI captures estimated CO2e per utilized FLOP, including embodied (Scope 3) and operational (Scope 1 and 2) emissions. Google also cites a roughly 5x increase in utilized FLOPs and a rise in peak BF16 FLOPS from 459 to 2,307. The company attributes gains to hardware advances and software/system optimizations such as Mixture of Experts sparsity, wider FP8 adoption, and improved fleet orchestration, while noting results are a point‑in‑time snapshot that can vary by workload, location, and accounting method.

🔐 AI is rapidly reshaping how software is written, deployed, and consumed, pointing toward a future of on-demand "instant software" that is created and discarded as needed. The essay examines how improved AI tools will change the attacker/defender dynamic by automating both vulnerability discovery and, potentially, patch creation. It highlights particularly exposed areas such as IoT and legacy industrial systems and outlines several key unknowns—AI effectiveness on closed-source code, patch reliability, update lag, coordination of defenses, and risks of poisoning or social-engineering attacks. The author sketches optimistic scenarios (self-healing networks, rapid coordinated patching) while warning that attackers will adapt by targeting unpatchable legacy code and human elements.

⚠️ Last week a leaked build of Anthropic's new model, Claude Capybara (also called Mythos), revealed substantially improved capabilities for automated vulnerability discovery, exploit development, and multi-step attack reasoning. The incident marks a turning point: frontier AI can compress attack lifecycles and enable scalable, novel exploitation techniques that were once the domain of advanced state actors. Security teams should treat this as a warning and accelerate risk assessments, patching, detection, and governance measures.

🔬 Charles Bennett and Gilles Brassard have been awarded the 2026 Turing Award for inventing quantum cryptography. Bruce Schneier welcomes the recognition but reiterates his view that, while scientifically impressive, the technology is largely unnecessary for most practical security problems. In a 2008 essay, he argued that quantum key exchange doesn’t address the usual weak points of systems and that effort is better spent on system-level security and crypto agility.

⚠️ Georgia Tech researchers warn that AI-assisted 'vibe coding' is producing measurable security flaws in real projects. The Vibe Security Radar traced at least 35 new CVEs in March 2026 and reports 74 confirmed AI-related vulnerabilities to date, while estimating the true count in open source may be five to ten times higher. The team monitors roughly 50 tools and uses metadata and AI agents to map vulnerable commits back to assistants such as Claude Code, noting some tools leave no trace.

🔍 Many organizations treat the cybersecurity skills gap as a supply problem, but the 2025 Cybersecurity Skills Gap Global Research Report shows restrictive hiring definitions are a major cause. Rigid filters like four-year degrees exclude candidates with military, technical, or vendor-certified experience who already possess relevant, hands-on capabilities. Adopting a skills-first approach and mapping role-aligned certifications to job requirements expands the qualified pool, shortens onboarding, and reduces operational risk. Fortinet emphasizes partnerships and free, scalable training as practical ways to build and certify talent at scale.

🔧 Cloudflare engineers traced repeated 30-minute Atlantis restarts to Kubernetes recursively changing file ownership on a large PersistentVolume. The default pod securityContext behavior (fsGroup combined with fsGroupChangePolicy: Always) caused kubelet to run an expensive recursive chgrp across millions of files, creating a mounting bottleneck. By validating that file group ownership would remain stable and setting fsGroupChangePolicy: OnRootMismatch, restarts dropped to ~30 seconds. That single-line change recovered roughly 50 engineering hours per month (about 600 hours per year).

🔔 This week’s ThreatsDay Bulletin captures a quieter, sneakier cadence: big-picture progress on cryptography and AI set against a steady churn of pragmatic abuse. Google accelerated a PQC migration to 2029 and GitHub is bringing AI-powered detections into the PR workflow, while threat actors keep innovating around trust — using pirated ISOs, fake extensions, firmware implants and clever phishing to scale backdoors, credential theft and fraud. The common thread is operational efficiency: takedowns and disruptions are temporary, but the workflows keep returning.

🚨 In mid-November security researcher Paul McCarty flagged a vast spam campaign in the npm registry that injected tens of thousands of useless modules named after Indonesian dishes. The packages — about 86,000 at discovery — often appeared legitimate, used chains of dependencies, and some contained self-replication to publish more modules and even tied into the TEA blockchain to harvest tokens. The campaign created dependency bloat, reputational risk, and the potential for future supply-chain abuse; Kaspersky recommends developer awareness training and container/dependency scanning with tools such as KASAP and specialized runtime protection.

🔍 Cisco Talos introduces DispatchLogger, an open-source DLL that transparently instruments late-bound COM (IDispatch) interactions to enhance malware analysis visibility. The tool hooks COM instantiation APIs and returns proxy objects that forward calls while logging method names, parameters, return values, and object relationships. It supports recursive wrapping, enumerator proxies, and moniker handling to reveal high-level automation events often missed by low-level API tracing. Deployment requires injecting the DLL into target processes and preserves COM lifetime and threading semantics.

🔬 The author expresses skepticism and notes they are not qualified to fully evaluate a newly announced claim of improved quantum factoring. If validated, the finding would represent a theoretical improvement in the speed of factoring large integers with a quantum computer. The post emphasizes that the result is currently unverified and that practical consequences for deployed cryptography remain uncertain. Further expert review, replication, and analysis are necessary to determine any real-world impact.