< ciso
brief />
Tag Banner

All news with #research tag

264 articles · page 5 of 14

One-line Kubernetes fix reclaimed 600 hours for Atlantis

🔧 Cloudflare engineers traced repeated 30-minute Atlantis restarts to Kubernetes recursively changing file ownership on a large PersistentVolume. The default pod securityContext behavior (fsGroup combined with fsGroupChangePolicy: Always) caused kubelet to run an expensive recursive chgrp across millions of files, creating a mounting bottleneck. By validating that file group ownership would remain stable and setting fsGroupChangePolicy: OnRootMismatch, restarts dropped to ~30 seconds. That single-line change recovered roughly 50 engineering hours per month (about 600 hours per year).
read more →

ThreatsDay Bulletin: PQC Push, AI Bugs, Pirated Backdoors

🔔 This week’s ThreatsDay Bulletin captures a quieter, sneakier cadence: big-picture progress on cryptography and AI set against a steady churn of pragmatic abuse. Google accelerated a PQC migration to 2029 and GitHub is bringing AI-powered detections into the PR workflow, while threat actors keep innovating around trust — using pirated ISOs, fake extensions, firmware implants and clever phishing to scale backdoors, credential theft and fraud. The common thread is operational efficiency: takedowns and disruptions are temporary, but the workflows keep returning.
read more →

IndonesianFoods: Large-scale npm spam campaign analysis

🚨 In mid-November security researcher Paul McCarty flagged a vast spam campaign in the npm registry that injected tens of thousands of useless modules named after Indonesian dishes. The packages — about 86,000 at discovery — often appeared legitimate, used chains of dependencies, and some contained self-replication to publish more modules and even tied into the TEA blockchain to harvest tokens. The campaign created dependency bloat, reputational risk, and the potential for future supply-chain abuse; Kaspersky recommends developer awareness training and container/dependency scanning with tools such as KASAP and specialized runtime protection.
read more →

Transparent COM Instrumentation for Malware Analysis

🔍 Cisco Talos introduces DispatchLogger, an open-source DLL that transparently instruments late-bound COM (IDispatch) interactions to enhance malware analysis visibility. The tool hooks COM instantiation APIs and returns proxy objects that forward calls while logging method names, parameters, return values, and object relationships. It supports recursive wrapping, enumerator proxies, and moniker handling to reveal high-level automation events often missed by low-level API tracing. Deployment requires injecting the DLL into target processes and preserves COM lifetime and threading semantics.
read more →

Possible Quantum Speedup for Factoring: Skeptical View

🔬 The author expresses skepticism and notes they are not qualified to fully evaluate a newly announced claim of improved quantum factoring. If validated, the finding would represent a theoretical improvement in the speed of factoring large integers with a quantum computer. The post emphasizes that the result is currently unverified and that practical consequences for deployed cryptography remain uncertain. Further expert review, replication, and analysis are necessary to determine any real-world impact.
read more →

Face Value: How Easily Facial Recognition Can Be Fooled

🔍Jake Moore, ESET Global Cybersecurity Advisor, demonstrated practical methods that can defeat widely used facial recognition systems. Using modified smart glasses, AI-generated images and real-time face swaps he showed how identities can be exposed, synthetic faces can bypass eKYC checks, and watchlists can be evaded. His findings highlight the need for rigorous adversarial testing and stronger verification controls; he will present live demos at RSAC 2026.
read more →

Google paid $17.1M to security researchers in 2025

💰 Google paid $17.1 million to 747 security researchers in 2025 through its Vulnerability Reward Program, an all-time annual high and more than a 40% increase over 2024. The company said it has awarded over $81.6 million in bounties since 2010, with the top single reward reaching $250,000. In 2025 Google launched an AI Vulnerability Rewards Program, added AI-focused categories to the Chrome VRP, and introduced a rewards track for OSV-SCALIBR. Program-specific payouts included Android & Google Devices (~$2.9M), Chrome (~$3.72M), and Cloud (~$3.57M).
read more →

Why Password Audits Miss Accounts Attackers Actually Want

🔐 Password audits commonly validate complexity, length and rotation but frequently miss the accounts attackers prefer. Many organizations overlook reused or breached credentials, orphaned and dormant accounts, and high‑value service accounts with non‑expiring passwords. Point-in-time checks also fail to catch continuous threats like credential stuffing. Modern audits should add breached-password screening, risk-based prioritization, and continuous monitoring using tools such as Specops Password Policy.
read more →

AirSnitch: Cross-Layer Wi-Fi Identity Desynchronization

⚠️AirSnitch exploits cross-layer identity desynchronization between Layers 1 and 2 to mount full, bidirectional machine-in-the-middle attacks. An attacker on the same SSID, a different SSID, or another segment tied to the same AP can intercept and modify link-layer traffic. The technique affects home, office, and enterprise Wi‑Fi and enables DNS poisoning, credential theft, and exploitation of unpatched flaws.
read more →

Anthropic Uses Claude Opus 4.6 to Find 22 Firefox Flaws

🔍 Anthropic reported discovering 22 new vulnerabilities in the Firefox browser using Claude Opus 4.6 during a two-week assessment in January 2026. Fourteen issues were rated high, seven moderate and one low, and most were patched in Firefox 148. The model detected a JavaScript use-after-free bug in about 20 minutes, which researchers validated in a virtualized environment. When tasked to produce exploits the model succeeded only twice after many attempts and roughly $4,000 in API spend, underscoring that discovery is cheaper than reliable exploitation.
read more →

CISO-Board Meetings Brief and Lacking Strategic Depth Across Boards

📊 Boards receive regular CISO briefings—typically quarterly—but those interactions are often short and surface-level. A recent IANS/Artico Search/The CAP Group study of more than 650 CISOs found most updates are time-boxed to ~30 minutes, and only 30% of boards describe relationships as strong and collaborative. Directors want more forward-looking, operational insight on threats—especially those driven by AI—and fewer passive status reports. CISOs with extended airtime report deeper, strategy-focused engagement.
read more →

2026 Browser Report: Enterprise Security Blind Spots

🛡️ The 2026 State of Browser Security Report from Keep Aware warns that modern browsers—now hosting embedded AI copilots and generative tools—have become the primary execution layer for enterprise work and the largest emerging security gap. The study finds broad adoption of AI web tools, frequent uploads of internal and regulated data, and that traditional DLP and network controls fail to inspect typed inputs, pasted content, and in-session file uploads. It highlights phishing, malicious extensions, and social engineering as leading browser attack vectors and urges organizations to adopt browser-specific visibility, continuous extension governance, and account-level controls for AI usage.
read more →

Fourteen Long-Lived Software Bugs That Took Decades

🛠 This article reviews fourteen long-dormant software vulnerabilities that persisted for ten to thirty years and were only recently discovered or fixed. It highlights flaws across foundational components — from libpng and Python modules to Windows internals, bootloaders, network daemons, and secrets vaults — illustrating how legacy design choices and sparse code review can leave pervasive risks. The piece summarizes impacts, discovery timelines, and the remediation actions taken by vendors and maintainers.
read more →

Study Finds Hackers Disrupt Operations at Many Firms

🔒 A representative survey by the Centre for European Economic Research (ZEW) found that a notable share of German companies experienced cyberattacks in 2025. In the information economy about one in seven firms and in industry about one in eight reported damage. Larger firms (100+ employees) were more frequently affected. The most common consequence was operational downtime, alongside financial losses, ransom demands, and data exfiltration.
read more →

Google unveils Merkle Tree Certificates for Post‑Quantum TLS

🔐 Google is developing Merkle Tree Certificates (MTCs) in Chrome to make HTTPS certificates resilient to future quantum attacks while avoiding the bandwidth cost of adding post‑quantum algorithms to traditional X.509 chains. Working with Cloudflare and the PLANTS working group, Chrome proposes a model where a CA signs a single tree head and browsers receive lightweight proofs of inclusion. Google is running a feasibility study (Phase 1), plans to invite compatible Certificate Transparency logs in Q1 2027 (Phase 2), and aims to finalize requirements and launch a Chrome Quantum‑resistant Root Store (CQRS) and MTC-only root program by Q3 2027.
read more →

LLM-Assisted Deanonymization: Practical Risks Revealed

🔎 A new study demonstrates that large language models can reliably deanonymize users from a handful of anonymous posts. Across Hacker News, Reddit, LinkedIn, and anonymized interview transcripts, LLM agents infer location, occupation, and interests and then search the web to find likely identities. The researchers report high precision results that scale to tens of thousands of candidates, showing that automated deanonymization is now practical and widely feasible.
read more →

Smashing Security Podcast 456: DDoS, Ransomware Fails

🛡️ In episode 456 of Smashing Security, Graham Cluley and guest Paul Ducklin examine allegations that an internet archiving service operator weaponised its own CAPTCHA to DDoS a Finnish blogger, tampered with archive content to smear them, and issued bizarre threats about AI-generated pornography. The hosts also cover a ransomware crew that accidentally corrupted victims' decryption keys, rendering extortion efforts ineffective. The episode closes with a calm Pick of the Week and a furious rant about web forms.
read more →

Firefly: Nanosecond Clock Synchronization for Data Centers

🕒 Firefly is a software-driven clock synchronization system from Google that achieves nanosecond-level timing across data center NICs using commodity hardware. It separates fast internal NIC-to-NIC consensus from external UTC alignment and builds consensus over a d-regular random graph. Practical techniques—RTT filtering, path profiling, and optional switch/NIC features—reduce jitter and asymmetry. It yields consistent sub-10ns internal alignment while scaling to large fabrics.
read more →

Security Analysis of Password Managers and Server Risks

🔒 New research examines whether cloud-based password managers can be misused by those controlling servers. Researchers reverse-engineered and closely analyzed Bitwarden, Dashlane, and LastPass, finding that features such as account recovery, shared vaults, and group organization can be abused so a server operator or a compromised server can extract credentials or entire vaults. The study also describes protocol-level attacks that can weaken encryption, potentially converting ciphertext into plaintext. The author contrasts these cloud models with Password Safe, a local-only manager that avoids recovery features and the cloud.
read more →

Arkanix Stealer: Short-Lived AI-Assisted Info Stealer

🔍 Kaspersky researchers analyzed a short-lived information stealer called Arkanix, promoted on dark web forums in late 2025 and likely developed with LLM assistance. The project included a control panel, a Discord community, and two tiers: a Python-based basic build and a VMProtect-wrapped C++ premium variant with enhanced AV evasion and wallet injection. Arkanix features modular data theft from browsers, wallets, Telegram and Discord, plus optional post-exploitation modules; the author removed infrastructure within two months, complicating detection and tracking.
read more →