All news with #research tag

🔒 Telecom operators must abandon perimeter assumptions and adopt a zero trust mindset that treats verification as continuous rather than a one-time event. This shift is organizational as much as technical, requiring unified IT/OT policies, least-privilege access and microsegmentation to limit lateral movement. The article recommends pragmatic steps — wrapping legacy systems with secure gateways and centralized authentication — and aligning controls with frameworks such as NIST and NIS2, while tracking concrete KPIs in the first 180 days.

🚀 Google Cloud engineers demonstrated an experimental GKE cluster running 130,000 nodes to validate extreme scalability for AI/ML workloads. The test sustained control-plane throughput near 1,000 operations per second, supported over one million datastore objects, and achieved a baseline of 130,000 Pods launching in 3 minutes 40 seconds. The project combined API-server caching KEPs, a Spanner-backed key-value storage backend, and job-level orchestration via Kueue to enable predictable admission, rapid preemption, and efficient utilization at massive scale.

🔒 Security researchers have uncovered Operation WrtHug, a global campaign that has hijacked thousands of largely end-of-life ASUS WRT routers by chaining at least six known vulnerabilities. Over roughly six months analysts identified about 50,000 unique infected IPs, predominantly in Taiwan, using a distinctive malicious self-signed AiCloud certificate with a 100-year lifetime as an indicator of compromise. Owners are urged to apply ASUS firmware updates or replace unsupported models and disable remote-access features to mitigate risk.

🔒 Kendra Albert's USENIX talk, highlighted by Bruce Schneier, argues that modern managed bug bounty programs often impose contractual confidentiality that prevents researchers from publicly sharing vulnerabilities. These restrictions can flip the original bargain of coordinated vulnerability disclosure, silencing researchers while allowing vendors to delay or avoid fixes. Schneier urges platforms and companies to prohibit mandatory non‑disclosure terms and restore the balance between researcher reporting and vendor remediation.

🔒 The Immersive Cyber Workforce Benchmark Report 2025 warns that cyber readiness is stalling despite increased confidence in incident response: resilience scores have remained flat since 2023 and the median time to complete critical exercises is 17 days. In the Orchid Corp crisis scenario participants averaged 22% decision accuracy and took 29 hours to contain incidents. Immersive highlights that only 41% of organisations include non-technical roles in simulations and that 60% of training focuses on CVEs older than two years, urging regular, completed training, senior leadership involvement and a focus on current threats and the three pillars: prove, improve, report.

🔒 A new low-cost hardware-assisted attack called TEE.fail undermines current trusted execution environments from major chipmakers. The method inserts a tiny device between a memory module and the motherboard and requires a compromised OS kernel to extract secrets, defeating protections in Confidential Compute, SEV-SNP, and TDX/SDX. The attack completes in roughly three minutes and works against DDR5 memory, meaning the physical-access threats TEEs are designed to defend against are no longer reliably mitigated.

🔍 IDC’s latest research finds organizations averaged nine cloud security incidents in 2024, with 89% reporting year-over-year increases. The study identifies CNAPP as a top-three investment for 2025, rising CISO ownership of cloud security, and persistent tool sprawl that increases cost and risk. It also documents practical uses of generative AI for detection and response and a move toward integrated, autonomous SecOps platforms. Microsoft positions its integrated CNAPP and AI-driven threat intelligence as a way to unify protection across the application lifecycle.

🌱 Google presents a Sustainable by Design approach to reduce the environmental footprint of AI and software. The post highlights projects like Green Light and Project Contrails, improvements in hardware efficiency such as Ironwood TPUs, and a fleet-wide Power Usage Effectiveness of 1.09. It introduces the 4Ms—Machine, Model, Mechanisation, Map—to guide infrastructure and development choices. The emphasis is on embedding efficiency across the software lifecycle to cut energy use, costs, and water consumption.

🏛 The Louvre has struggled for more than a decade with outdated software and unsupported Windows systems that control critical security infrastructure, French reports say. Audits in 2014 and 2017 found workstations running Windows 2000 and Windows XP, along with a video server still on Windows Server 2003 and weak, hard-coded passwords on surveillance applications. Procurement records also list multiple Thales systems as "software that cannot be updated." Authorities ordered governance and security reforms after a recent jewelry theft, though there is no indication the IT issues directly enabled that burglary.

🔒 Modern supply-chain incidents like the Chalk and Debug hijacks show that impact goes far beyond direct financial theft. Response teams worldwide paused work, scanned environments, and executed remediation efforts even though researchers at Socket Security traced the attackers' on-chain haul to roughly $600. The larger cost is operational disruption, repeated investigations, and erosion of trust across OSS ecosystems. Organizations must protect people, registries, and CI/CD pipelines to contain downstream contamination.

🔒 AWS and SANS released a whitepaper, AI for Security and Security for AI, that examines how organizations can use generative AI safely and defend against AI-powered threats. The paper examines three lenses: securing generative AI applications, using generative AI to improve cloud security posture, and protecting against AI-enabled attacks. It offers practical action items, architecture guidance, and recommendations for responsible AI and human oversight.

🚨 Balancer announced an exploit of its V2 Compostable Stable Pools on Ethereum at 07:48 UTC that resulted in reported losses exceeding $128 million. Initial analysis from GoPlus Security points to a precision rounding error in the Vault’s swap calculations that an attacker chained via batchSwap, while other researchers suggest improper authorization and callback handling in V2 vaults. Balancer says the issue is isolated to V2 Compostable Stable Pools, with V3 and other pools unaffected, and the team is working with security researchers on a full post‑mortem. Users are warned to remain vigilant for scams and phishing attempts following the incident.

🛡️ A remote-access trojan named SleepyDuck, disguised as a Solidity extension on Open VSX, uses an Ethereum smart contract to deliver command-and-control instructions. The malicious package, downloaded over 53,000 times, activates on editor startup, when a Solidity file is opened, or when the compile command is run. On activation it collects system identifiers, creates a lock file for persistence, and polls an on-chain contract to update or replace its C2 endpoint. Open VSX has flagged the package and implemented security controls; developers should rely only on reputable publishers and official repositories.

🦆 Researchers at Secure Annex warned of a malicious Open VSX extension, juan-bianco.solidity-vlang, that delivers a remote access trojan dubbed SleepyDuck. Originally published as a benign library on October 31, 2025, it was updated to a malicious release after reaching about 14,000 downloads. The extension triggers on opening a code editor window or selecting a .sol file, harvesting host details and polling an Ethereum-based contract to obtain and update its command server. It also contains fallback logic using multiple Ethereum RPC providers to recover C2 information if the domain is taken down; users should only install extensions from trusted publishers and follow vendor guidance.

🚀 Mercado Libre leverages Spanner as the core of a developer-facing platform, exposing consistent, globally-scalable transactions through its internal gateway, Fury. Fury abstracts distributed database complexity and serves both relational and key-value workloads. Integration with BigQuery via Data Boost and Change Streams enables near-real-time analytics and reverse ETL to operational systems.

🚨 Threat actors are targeting freight brokers and carriers with malicious emails and compromised load-board posts to deliver remote monitoring and management tools (RMM) such as ScreenConnect, NetSupport, and PDQ Connect. Once installed, attackers gain remote control to alter bookings, block notifications, harvest credentials, and impersonate carriers to reroute and physically steal high-value shipments. Proofpoint tracked dozens of campaigns since January, primarily in North America, exploiting social engineering and legitimate RMM functionality.

📝 AI notetakers are increasingly treated as authoritative meeting participants, and attendees are adapting speech to influence what appears in summaries. This practice—called AI summarization optimization (AISO)—uses cue phrases, repetition, timing, and formulaic framing to steer models toward including selected facts or action items. The essay outlines evidence of model vulnerability and recommends social, organizational, and technical defenses to preserve trustworthy records.

🔐 This post proposes a lightweight, crowd-curated registry for bots and agents to simplify discovery of public keys used for cryptographic Web Bot Auth signatures. It describes a simple list format of URLs that point to signature-agent cards—extended JWKS entries containing operator metadata and keys—and shows how registries enable origins and CDNs to validate agent signatures at scale. Examples and a demo integration illustrate practical adoption.

🔓 Academic researchers disclosed TEE.Fail, a DDR5 memory-bus interposition side-channel that can extract secrets from Trusted Execution Environments such as Intel SGX, Intel TDX, and AMD SEV-SNP. By inserting an inexpensive interposer between a DDR5 DIMM and the motherboard and recording command/address and data bursts, attackers can map deterministic AES-XTS ciphertexts to plaintext values and recover signing and cryptographic keys. The method requires physical access and kernel privileges but can be implemented for under $1,000; Intel, AMD and NVIDIA were notified and are developing mitigations.

🔍 Varonis Threat Labs highlights BiDi Swap, a technique that exploits Unicode bidirectional rendering to make malicious URLs appear legitimate. By mixing Right-to-Left and Left-to-Right scripts, attackers can visually move parameters, paths, or subdomains into the apparent host name to facilitate phishing and spoofing. Browser defenses vary — some highlight domains or flag lookalikes while others leave gaps — so the report urges user caution and vendor improvements.