All news with #research tag

🔒 Unit 42 researchers discovered an Azure Private Endpoint DNS behavior that can unintentionally or deliberately produce denial-of-service conditions for Azure services. In several scenarios — accidental internal, accidental vendor, and malicious actor — linking a Private DNS zone to a virtual network can force name resolution to the private zone and fail when no A record exists, breaking connectivity to otherwise public endpoints. Microsoft documents a partial mitigation (fallback to internet); alternatives include manually adding DNS records and performing comprehensive discovery with Resource Graph.

🤖 In episode 84 of The AI Fix, hosts Graham Cluley and Mark Stockley survey a series of recent AI developments that raise practical and philosophical questions. They discuss reports that Grok will be integrated into Pentagon networks, a campaign by insiders to poison training data, and research showing small amounts of tainted data can sway model behavior. The episode also covers Google removing AI health overviews after risky outputs, findings that asking a model the same question twice can improve answers, and surprising advances in automated theorem solving.

🔍 CyberArk researchers disclosed they exploited a cross-site scripting (XSS) vulnerability in the web panel of the StealC infostealer to retrieve active session cookies and operational metadata. Researcher Ari Novick used the weakness to link a StealC customer, dubbed YouTubeTA, to the theft of roughly 390,000 passwords and over 30 million cookies from victims seeking cracked Adobe software on YouTube. Analysis of hardware fingerprints, language settings, time zones and IP addresses indicated the operator used an Apple Pro with an M3 chip, supported English and Russian, operated in an Eastern European time zone and connected via Ukrainian ISP TRK Cable TV, underscoring how weaknesses in criminal tooling can expose both victims and customers to supply-chain risk.

🔍 Cybersecurity researchers disclosed an XSS vulnerability in the web-based control panel used by operators of the StealC information stealer. By exploiting it they collected system fingerprints, monitored active sessions, and stole session cookies from the infrastructure itself, according to CyberArk researcher Ari Novick. The panel's leaked source code and the stealer's distribution through the YouTube Ghost Network and other lures amplified the operational insights researchers gained. Full technical details were withheld to avoid enabling copycats.

🔒 A cross-site scripting (XSS) flaw in the web control panel for the StealC info‑stealer allowed researchers to observe active operator sessions, capture session cookies and harvest browser and hardware fingerprints. CyberArk exploited the issue to identify an operator’s location and device details after a panel user failed to route traffic through a VPN. The company withheld technical disclosure to avoid a quick fix and said the finding may disrupt StealC’s MaaS ecosystem.

⚠️Researchers in 2025 discovered multiple unsecured databases of AI-generated images and videos, many depicting sexualized or fabricated nudes created from everyday photos. Analysis pointed to third-party generative tools such as MagicEdit and DreamPal, which offered explicit editing, face‑swap and clothing‑change features and, in some cases, disabled filters for erotic content. The exposure highlights how generative AI lowers the barrier to producing convincing fake intimate images and broadens the pool of potential sextortion victims. The post urges tightening social media privacy, using tools like Privacy Checker, and monitoring children with Kaspersky Safe Kids.

📉 ISACA's State of Privacy 2026 report reveals privacy teams are shrinking and underfunded despite mounting regulatory and technological pressures. The median privacy staff size fell to five from eight year-over-year, and technical privacy roles are notably understaffed while demand for those skills rises. Respondents report increased stress—35% say their role is 'significantly more stressful' and 30% 'slightly more stressful'—attributed to rapid tech evolution, compliance complexity and resource shortages. To close skill gaps, organizations are training interested non-privacy staff and increasing reliance on contractors, consultants and planned AI tools for privacy tasks.

🤖 Palo Alto Networks automated creation of its internal Document of Record (DOR) using an agent built with Google's open-source Agent Development Kit (ADK) and hosted on Vertex AI Agent Engine. The agent leverages Vertex AI RAG Engine, Vertex AI Discovery Search, Gemini models, and Cloud Storage to retrieve and synthesize grounded answers to a standardized set of 140+ questions. A FastAPI webserver on GKE orchestrates parallel processing, manages state, and publishes completed DORs back to Salesforce via Cloud Pub/Sub, reducing manual effort and improving consistency.

🔐 The G7 Cyber Expert Group has published a recommended roadmap asking financial firms and public entities to complete transition to post-quantum cryptography (PQC) by 2034 to anticipate future quantum-enabled threats. The non-prescriptive guidance outlines six phased activities from awareness and inventory to migration, testing and validation, with overlapping timelines beginning in 2025. It stresses a risk- and standards-based approach, crypto agility and cross-jurisdiction collaboration to reduce fragmentation and enhance interoperability.

🔒 New 2026 analysis of 4,700 leading websites finds 64% of third-party applications access sensitive data without demonstrable business justification, rising from 51% in 2024. The report identifies recurring causes such as over-permissioned scripts, shadow deployments via tag managers, and persistent trackers. Specific tools flagged include Google Tag Manager, Shopify apps, and the Facebook Pixel, while government and education sites show marked increases in compromise. The study cautions that governance gaps and limited mitigation adoption leave organizations exposed.

🔍 Modern CISOs face growing compliance and supply-chain pressures and must verify security products rather than assume vendor claims. The AV-Comparatives TRACS study assessed 14 EPP/EDR vendors on 60+ transparency criteria — source-code review, SBOMs, audit reports, update controls, and telemetry options — and found few vendors offer comprehensive verification. Kaspersky highlights its global transparency centers, minimal telemetry, and local-processing choices as practical risk-management measures that improve predictability.

🔒 Cybercrime has evolved into a structured, global underground economy that mirrors legitimate corporations, with departments, KPIs, and scalable supply chains. Models like ransomware-as-a-service let nontechnical actors license malware, buy access, and outsource extortion, while payments and sales are managed via closed forums and cryptocurrencies. The result is an efficient, agile adversary that exploits human error, leverages AI for social engineering, and gains a persistent speed advantage over often bureaucratic defenders.

🔍 The World Economic Forum’s Global Cybersecurity Outlook warns cybersecurity risk will accelerate in 2026, driven primarily by advances in AI, deepening geopolitical fragmentation and supply‑chain complexity. Based on survey responses from 804 leaders (including 316 CISOs) across 92 countries, the report finds eroding confidence in national preparedness and divergent priorities between CEOs and CISOs. It highlights both the risk and defensive potential of AI and calls for strengthening collective cyber resilience through collaboration, governance and balanced adoption with robust safeguards.

⚠️ Recent research demonstrates that small amounts of narrow finetuning can produce broad, unexpected shifts in LLM behavior. The authors show weird generalization—models adopting outdated worldviews from bird-naming examples—and introduce inductive backdoors, where models learn triggers and behaviors via generalization. These effects enable persona hijacking and hard-to-detect misalignment.

⚠️ AI-powered VS Code forks such as Cursor, Windsurf, Google Antigravity and Trae were found recommending extensions that do not exist in the Open VSX registry, creating unclaimed namespaces attackers could register. Koi researcher Oren Yomtov showed that a single click on a suggested install (for example, a placeholder ms-ossdata.vscode-postgresql) can deploy a rogue package, and one placeholder received over 500 installs. Cursor and Google have released fixes, and the Eclipse Foundation removed non-official contributors and tightened registry safeguards. Developers should verify publishers before accepting IDE extension recommendations.

🔍 Cloudflare analyzed a BGP route leak observed on January 2 involving AS8048 (CANTV) redistributing prefixes originated by AS21980 (Dayco Telecom) via upstreams including AS6762 (Sparkle) and AS52320 (V.tal/GlobeNet). The pattern — with eleven similar events since December, heavy AS prepending, and an upstream provider relationship — suggests misconfigured export/import policies rather than deliberate interception. ROV would not have prevented this path-based leak; adoption of ASPA, RFC9234/OTC, and Peerlock-style checks is recommended to mitigate future leaks.

🛡️ In a recent interview Trend Micro COO Kevin Simzer described how a digital twin — a virtual replica built from enterprise telemetry — lets organizations run safe, comprehensive red-team simulations across real-world topologies. The approach enables what-if analyses, testing of security controls and architectural changes without risk to production systems. Simzer also noted additions like agentic capabilities to automate SIEM integration and Trend's plan to train proprietary AI models from its historical threat data.

🛡️ CrowdStrike outlines its methodology for training security-focused GenAI models at scale using the Google Cloud Vertex Training Cluster and an infrastructure-as-code approach. The team leverages Slurm for workload scheduling, modular data pipelines with synthetic augmentation, and a mix of parallelism strategies (data, tensor, pipeline, sequence/expert) to match model size and hardware. They optimize across GPU architectures (H100, B200) using high-performance attention kernels like Flash Attention and NCCL for inter-node communication to improve throughput, support extended contexts, and manage memory via gradient checkpointing and observability tooling.

📘 The Future Report, produced with youth consultancy Livity, surveyed over 7,000 teenagers (13–18) across France, Greece, Ireland, Italy, Poland, Spain and Sweden about their digital lives and expectations. It finds that 40% use AI daily or almost daily and that 81% of users report AI improved aspects of learning or creativity. Teens are largely optimistic yet express concerns about over-reliance, skill erosion and information trustworthiness. The report recommends stronger digital literacy, safety measures and meaningful youth participation in design and policy.

🔓Researchers revealed new XML-parsing exploits that severely weaken SAML-based SSO, demonstrating full authentication bypass against popular Ruby and PHP SAML libraries. PortSwigger researcher Zak Fedotkin presented these techniques at Black Hat Europe and published an open-source toolkit to identify and reproduce affected deployments. The work highlights attack vectors such as attribute pollution, namespace confusion, and a new class of void canonicalization that can circumvent XML signature validation. While fixes (including updates to Ruby-SAML) have been released, Fedotkin warns that only a foundational rework of SAML libraries will eliminate these systemic weaknesses.