All news with #research tag

🛡️ VirusTotal ran a large-scale audit of 17,845 GitHub projects implementing the MCP (Model Context Protocol) using Code Insight powered by Gemini 2.5 Flash. The automated review initially surfaced an overwhelming number of issues, and a refined prompt focused on intentional malice marked 1,408 repos as likely malicious. Manual checks showed many flagged projects were demos or PoCs, but the analysis still exposed numerous real attack vectors—credential harvesting, remote code execution via exec/subprocess, supply-chain tricks—and recurring insecure practices. The post recommends treating MCP servers like browser extensions: sign and pin versions, sandbox or WASM-isolate them, enforce strict permissions and filter model outputs to remove invisible or malicious content.

📚 Bruce Schneier will spend the 2025–26 academic year at the University of Toronto’s Munk School as an adjunct. He will organize a reading group on AI security in the fall and teach his cybersecurity policy course in the spring. He intends to collaborate with Citizen Lab, the Law School, and the Schwartz Reisman Institute, and to participate in Toronto’s academic and cultural life. He describes the opportunity as exciting.

🤝 In a Threat Vector podcast, Michael Sikorski and Michael Daniel of the Cyber Threat Alliance discuss how competing vendors must nonetheless collaborate to counter shared threats. Daniel recalls how pooled observations during the 2017 WannaCry outbreak revealed its worm-like propagation and accelerated industry response. He emphasizes that the main obstacles to sharing are human—culture, legal risk, and lack of executive prioritization—and that concrete guardrails (antitrust-compliance statements, embargo protocols, and equal treatment) build the trust needed for timely intelligence exchange. The post cautions that as adversaries adopt AI and automation, systematic collaboration is essential.

🔒 The Microsoft Bounty Program distributed $17 million this year to 344 security researchers across 59 countries, marking the largest total payout in the program’s history. In partnership with the Microsoft Security Response Center (MSRC), researchers helped identify and remediate more than a thousand potential vulnerabilities across Azure, Microsoft 365, Windows, and other Microsoft products and services. The program also expanded coverage and awards for Copilot, identity and Defender scopes, Dynamics 365 & Power Platform AI categories, and refreshed Windows attack scenario incentives to prioritize high-impact research.

🔍 In this Unlocked 403 episode host Becks speaks with ESET malware researcher Lukas Stefanko to explain how modern spyware operates and why commonplace apps can become surveillance tools. They examine ESET’s discovery of BadBazaar, describe common infection vectors, persistence techniques and permissions abuse, and note that some tools can compromise devices without any user interaction. Lukas outlines practical detection signals and step‑by‑step removal advice. The conversation also points listeners to a prior episode for deeper Android threat analysis.

🔍 Fraudsters are promoting hundreds of polished fake gaming sites across Discord and other social platforms, falsely claiming partnerships with influencers and offering a $2,500 'promo code' to lure users. Visitors create free accounts to play sleek casino-style games (for example gamblerbeast[.]com's B-Ball Blitz), but cashouts are blocked and victims are prompted for a cryptocurrency 'verification deposit' and repeated payments. Investigators, including a Discord researcher and the threat-hunting firm Silent Push, linked a shared chat API key to at least 1,270 active domains and found centralized wallets, AI-assisted support, and network-wide tracking that make these scaled scams efficient and hard to report.

🔎 UpGuard discovered an unauthenticated Elasticsearch index containing roughly 22 million web-request records, of which about 95% referenced leakzone.net. The logs included client IP addresses, destination domains, request sizes, geolocation data and ISP metadata, spanning June 25 to discovery on July 18, with about one million requests per day. Analysis found extensive use of public proxies and clustered VPN exit nodes, alongside many one-off IPs likely representing direct users. The dataset raises privacy and operational concerns for visitors, service operators, and investigators.