All news with #research tag

🤖 As organizations scale and threats increase in sophistication and velocity, SOCs are integrating AI to augment detection, investigation, and response. The market ranges from prompt-dependent copilots to autonomous, mesh agentic systems that coordinate specialized AI agents across triage, correlation, and remediation. Leading solutions prioritize contextual intelligence, non-disruptive integration, staged trust, and measurable ROI rather than promising hands-off autonomy.

⚠️ Researchers have identified 175 malicious packages on the npm registry used as infrastructure for a widespread phishing campaign called Beamglea. The packages, collectively downloaded about 26,000 times, host redirect scripts served via unpkg.com that route victims to credential-harvesting pages. Attackers automated package publication and embedded victim-specific emails into generated HTML, pre-filling login fields to increase the likelihood of successful credential capture.

🖱️ Researchers at the University of California, Irvine demonstrated a proof-of-concept called Mic-E-Mouse, showing that high-end optical mice can pick up desk-transmitted voice vibrations and be used to reconstruct nearby conversations. The attack can be executed on PC, Mac and Linux by non-privileged user-space programs, and Wiener and neural-network filtering was used to enhance muffled signals into intelligible speech. Practical limits include a quiet environment, thin desks (≈3 cm or less), mostly stationary mice and very high-DPI hardware; placing a rubber pad or mouse mat under the mouse prevents the leakage.

🔍 Cloudflare engineers describe discovering a rare race condition in the Go arm64 compiler that caused goroutine stack-unwinding crashes in production. They traced sporadic fatal panics and segfaults to async preemption interrupting a split stack-pointer adjustment, leaving an invalid stack frame. A minimal reproducer showed the assembler could split a large ADD into multiple instructions, creating a one-instruction window where preemption caused unwinder corruption. The issue was fixed upstream in go1.23.12, go1.24.6, and go1.25.0.

🔍 A leaked Geekbench entry allegedly from an unreleased iPad shows an Apple M5 chip delivering a 4,133 single‑core score and 15,437 multi‑core score, with the processor reported at 4.42 GHz and paired with 12GB of RAM and likely 256/512GB storage. In early comparisons, Apple's per‑core performance edges out Qualcomm's Snapdragon X Elite 2 in single‑thread tests, while the Snapdragon's higher core count gives it a clear multi‑core lead. The results highlight Apple's continued CPU design strength but should be treated as an unverified leak until independently confirmed.

🔍An alleged Apple M5 benchmark for an iPad Pro has surfaced on Geekbench, reporting a single-core score of 4,133 and a multi-core score of 15,437 for a variant clocked at about 4.42 GHz. The listing shows 12 GB of RAM, likely paired with 256 GB or 512 GB of storage. Early comparisons place the M5 narrowly ahead in single-thread tests versus Qualcomm's Snapdragon X Elite 2 but behind in multi-core throughput, underscoring Apple's strong per-core design.

🔓 Researchers disclosed two physical interposer attacks—Battering RAM and Wiretrap—that bypass Trusted Execution Enclaves on Intel (SGX) and AMD (SEV‑SNP) platforms. Both attacks exploit deterministic memory encryption by inserting an interposer between CPU and DRAM to capture ciphertext in transit. Battering RAM can replay ciphertext and create memory aliases to expose plaintext and implant backdoors, while Wiretrap enables ciphertext-based key recovery. Practical mitigation today is limited to preventing physical access and strengthening supply‑chain and data‑center controls such as those in ISO/IEC 27001.

🔬 Researchers from Georgia Institute of Technology and Purdue University describe WireTap, a physical memory-bus interposer attack that passively inspects DDR4 traffic to recover secrets from Intel SGX enclaves. By exploiting deterministic memory encryption, the team built an oracle enabling a full key-recovery of an SGX ECDSA attestation key from the Quoting Enclave. The prototype uses inexpensive, off-the-shelf equipment (roughly $1,000) and can be introduced via supply-chain compromise or local physical access. Intel says the scenario requires physical access and falls outside its memory-encryption threat model.

⚡Cloudflare reports it remains the fastest network for the largest number of last‑mile ISPs in its Birthday Week 2025 update. Using Real User Measurements (RUM) from Cloudflare‑branded error pages, the company compares TCP connection time trimeans against CloudFront, Google, Fastly and Akamai for the top 1,000 networks. Measured from August 6 to September 4, Cloudflare is #1 in 40% of measured ISPs and is prioritizing targeted fixes where gaps remain.

🔐Quantum computing is moving from theoretical possibility to an actionable concern for cybersecurity professionals. The article highlights the immediate risk of "harvest now, decrypt later," where adversaries capture encrypted traffic today to decrypt it when quantum-capable machines arrive. It notes that in 2024 NIST finalized initial post-quantum standards, including FIPS 203 for ML-KEM key establishment, and emphasizes the need for organizations to begin migration planning. The piece outlines current quantum-safe tools, migration challenges, and practical steps to improve readiness.

🔒 The Forrester Total Economic Impact™ study commissioned by Microsoft found that Microsoft Purview reduced the likelihood of data breaches by 30% for a composite organization, yielding more than $225,000 in annual savings from avoided incidents and fines. The report credits unified governance, automated classification, and fine‑tuned DLP policies with a 75% reduction in investigation time and 75% time savings for users searching and classifying data. Over three years the study shows $3.0M in benefits versus $633,000 in costs (NPV $2.3M; ROI 355%).

🤖 The 2025 DORA Report synthesizes survey responses from nearly 5,000 technology professionals and over 100 hours of qualitative data to examine how AI is reshaping software development. It finds AI amplifies existing team strengths and weaknesses: strong teams accelerate productivity and product performance, while weaker teams see magnified problems and increased instability. The report highlights near-universal AI adoption (90%), widespread productivity gains (>80%), a continuing trust gap in AI-generated code (~30% distrust), and recommends investment in platform engineering, user-centric workflows, and the DORA AI Capabilities Model to unlock AI’s value.

🛡️ A Gartner survey finds 62% of organisations experienced a deepfake attack in the past 12 months, with common techniques including social-engineering impersonation and attacks on biometric verification. The report also shows 32% of firms faced attacks on AI applications via prompt manipulation. Gartner’s Akif Khan urges integrating deepfake detection into collaboration tools and strengthening controls through awareness training, simulations and application-level authorisation with phishing-resistant MFA. Vendor solutions are emerging but remain early-stage, so operational effectiveness is not yet proven.

🔍 The DORA research team introduces the inaugural DORA AI Capabilities Model, identifying seven technical and cultural capabilities that amplify the benefits of AI-assisted software development. Based on interviews, literature review, and a near-5,000‑respondent survey, the model highlights priorities such as clear AI policies, healthy and AI-accessible internal data, strong version control, small-batch work, user-centricity, and quality internal platforms. The guidance focuses on practices that move organizations beyond tool adoption to measurable performance improvements.

🔍 SquareX’s Last Mile Reassembly (LMR) research, disclosed at DEF CON 32, shows how attackers split and reassemble malware inside the browser to evade Secure Web Gateways (SWGs). Palo Alto Networks has become the first major SASE vendor to publicly acknowledge this class of browser-assembled evasive attacks and announced enhancements to Prisma Browser. SquareX says LMR and related Data Splicing techniques exploit channels like WebRTC and gRPC, bypassing traditional SWG and DLP controls and underscoring the need for browser-native security.

⚠️A new study, “Mind the Gap,” examines time-of-check to time-of-use (TOCTOU) flaws in LLM-enabled agents and introduces TOCTOU-Bench, a 66-task benchmark. The authors demonstrate practical attacks such as malicious configuration swaps and payload injection and evaluate defenses adapted from systems security. Their mitigations—prompt rewriting, state integrity monitoring, and tool-fusing—achieve up to 25% automated detection and materially reduce the attack window and executed vulnerabilities.

📉 Bridewell's analysis of FOI data shows a marked fall in HMRC-impersonation phishing reports in the first half of 2025, with 41,202 incidents versus 102,226 in 2024 and 152,995 in 2023. Email-based attacks drove most of the decline while SMS phishing rose. The firm warns AI-enhanced social engineering is increasing and advises users to pause, avoid suspicious links and verify communications via official channels.

⚠️ Researchers at ETH Zürich and Google disclosed a RowHammer variant named Phoenix (CVE-2025-6202) that reliably induces bit flips on SK Hynix DDR5 devices and bypasses on-die ECC and advanced TRR protections. The team demonstrated an end-to-end privilege escalation on a production desktop with default DDR5 settings in as little as 109 seconds. Phoenix takes advantage of refresh intervals that mitigation logic does not sample, enabling flips across DIMM stacks produced between 2021 and 2024. Because DRAM chips cannot be updated in the field, the researchers recommend increasing the DRAM refresh rate to 3× as an immediate mitigation and urge vendors to pursue firmware and hardware countermeasures.

🤖 Security leaders report early wins from AI in detection, triage, and automation, but emphasize limits and oversight. Prioritizing high-value telemetry for real-time detection while moving lower-priority logs to data lakes improves signal-to-noise and shortens response times, according to Myke Lyons. Financial firms are experimenting with agentic AI to block business email compromise in real time, yet researchers and practitioners warn of missed detections and 'ghost alerts.' Organizations that treat AI as a copilot with governance, explainability, and institutional context see more reliable, safer outcomes.

🛡️ Unit 42 describes how IDE-integrated AI code assistants can be abused to insert backdoors, leak secrets, or produce harmful output by exploiting features like chat, auto-complete, and context attachment. The report highlights an indirect prompt injection vector where attackers contaminate public or third‑party data sources; when that data is attached as context, malicious instructions can hijack the assistant. It recommends reviewing generated code, controlling attached context, adopting standard LLM security practices, and contacting Unit 42 if compromise is suspected.