< ciso
brief />
Tag Banner

All news with #research tag

264 articles · page 7 of 14

XSS Flaw in StealC Panel Lets Researchers Monitor Operators

🔍 Cybersecurity researchers disclosed an XSS vulnerability in the web-based control panel used by operators of the StealC information stealer. By exploiting it they collected system fingerprints, monitored active sessions, and stole session cookies from the infrastructure itself, according to CyberArk researcher Ari Novick. The panel's leaked source code and the stealer's distribution through the YouTube Ghost Network and other lures amplified the operational insights researchers gained. Full technical details were withheld to avoid enabling copycats.
read more →

Researchers Hijack StealC Panels via XSS, Expose Operators

🔒 A cross-site scripting (XSS) flaw in the web control panel for the StealC info‑stealer allowed researchers to observe active operator sessions, capture session cookies and harvest browser and hardware fingerprints. CyberArk exploited the issue to identify an operator’s location and device details after a panel user failed to route traffic through a VPN. The company withheld technical disclosure to avoid a quick fix and said the finding may disrupt StealC’s MaaS ecosystem.
read more →

AI Image Leaks Fuel New Wave of Sextortion Risks Worldwide

⚠️Researchers in 2025 discovered multiple unsecured databases of AI-generated images and videos, many depicting sexualized or fabricated nudes created from everyday photos. Analysis pointed to third-party generative tools such as MagicEdit and DreamPal, which offered explicit editing, face‑swap and clothing‑change features and, in some cases, disabled filters for erotic content. The exposure highlights how generative AI lowers the barrier to producing convincing fake intimate images and broadens the pool of potential sextortion victims. The post urges tightening social media privacy, using tools like Privacy Checker, and monitoring children with Kaspersky Safe Kids.
read more →

Privacy Teams Shrink as Stress and Funding Fall Short

📉 ISACA's State of Privacy 2026 report reveals privacy teams are shrinking and underfunded despite mounting regulatory and technological pressures. The median privacy staff size fell to five from eight year-over-year, and technical privacy roles are notably understaffed while demand for those skills rises. Respondents report increased stress—35% say their role is 'significantly more stressful' and 30% 'slightly more stressful'—attributed to rapid tech evolution, compliance complexity and resource shortages. To close skill gaps, organizations are training interested non-privacy staff and increasing reliance on contractors, consultants and planned AI tools for privacy tasks.
read more →

Palo Alto Networks Automates DORs with Agentic AI Design

🤖 Palo Alto Networks automated creation of its internal Document of Record (DOR) using an agent built with Google's open-source Agent Development Kit (ADK) and hosted on Vertex AI Agent Engine. The agent leverages Vertex AI RAG Engine, Vertex AI Discovery Search, Gemini models, and Cloud Storage to retrieve and synthesize grounded answers to a standardized set of 140+ questions. A FastAPI webserver on GKE orchestrates parallel processing, manages state, and publishes completed DORs back to Salesforce via Cloud Pub/Sub, reducing manual effort and improving consistency.
read more →

G7 Sets 2034 Deadline for Financial PQC Migration Plan

🔐 The G7 Cyber Expert Group has published a recommended roadmap asking financial firms and public entities to complete transition to post-quantum cryptography (PQC) by 2034 to anticipate future quantum-enabled threats. The non-prescriptive guidance outlines six phased activities from awareness and inventory to migration, testing and validation, with overlapping timelines beginning in 2025. It stresses a risk- and standards-based approach, crypto agility and cross-jurisdiction collaboration to reduce fragmentation and enhance interoperability.
read more →

64% of Third-Party Apps Access Sensitive Data in 2026

🔒 New 2026 analysis of 4,700 leading websites finds 64% of third-party applications access sensitive data without demonstrable business justification, rising from 51% in 2024. The report identifies recurring causes such as over-permissioned scripts, shadow deployments via tag managers, and persistent trackers. Specific tools flagged include Google Tag Manager, Shopify apps, and the Facebook Pixel, while government and education sites show marked increases in compromise. The study cautions that governance gaps and limited mitigation adoption leave organizations exposed.
read more →

Transparency and Accountability in Cybersecurity Vendors

🔍 Modern CISOs face growing compliance and supply-chain pressures and must verify security products rather than assume vendor claims. The AV-Comparatives TRACS study assessed 14 EPP/EDR vendors on 60+ transparency criteria — source-code review, SBOMs, audit reports, update controls, and telemetry options — and found few vendors offer comprehensive verification. Kaspersky highlights its global transparency centers, minimal telemetry, and local-processing choices as practical risk-management measures that improve predictability.
read more →

Cybercrime Inc.: Organized Hackers Outpacing IT Defense

🔒 Cybercrime has evolved into a structured, global underground economy that mirrors legitimate corporations, with departments, KPIs, and scalable supply chains. Models like ransomware-as-a-service let nontechnical actors license malware, buy access, and outsource extortion, while payments and sales are managed via closed forums and cryptocurrencies. The result is an efficient, agile adversary that exploits human error, leverages AI for social engineering, and gains a persistent speed advantage over often bureaucratic defenders.
read more →

World Economic Forum: AI, Geopolitics and Rising Cyber Risk

🔍 The World Economic Forum’s Global Cybersecurity Outlook warns cybersecurity risk will accelerate in 2026, driven primarily by advances in AI, deepening geopolitical fragmentation and supply‑chain complexity. Based on survey responses from 804 leaders (including 316 CISOs) across 92 countries, the report finds eroding confidence in national preparedness and divergent priorities between CEOs and CISOs. It highlights both the risk and defensive potential of AI and calls for strengthening collective cyber resilience through collaboration, governance and balanced adoption with robust safeguards.
read more →

Weird Generalizations and Inductive Backdoors in LLMs

⚠️ Recent research demonstrates that small amounts of narrow finetuning can produce broad, unexpected shifts in LLM behavior. The authors show weird generalization—models adopting outdated worldviews from bird-naming examples—and introduce inductive backdoors, where models learn triggers and behaviors via generalization. These effects enable persona hijacking and hard-to-detect misalignment.
read more →

VS Code Forks Suggest Missing Extensions, Risk Supply Chain

⚠️ AI-powered VS Code forks such as Cursor, Windsurf, Google Antigravity and Trae were found recommending extensions that do not exist in the Open VSX registry, creating unclaimed namespaces attackers could register. Koi researcher Oren Yomtov showed that a single click on a suggested install (for example, a placeholder ms-ossdata.vscode-postgresql) can deploy a rogue package, and one placeholder received over 500 installs. Cursor and Google have released fixes, and the Eclipse Foundation removed non-official contributors and tightened registry safeguards. Developers should verify publishers before accepting IDE extension recommendations.
read more →

BGP Route Leak in Venezuela: Analysis of AS8048 Event

🔍 Cloudflare analyzed a BGP route leak observed on January 2 involving AS8048 (CANTV) redistributing prefixes originated by AS21980 (Dayco Telecom) via upstreams including AS6762 (Sparkle) and AS52320 (V.tal/GlobeNet). The pattern — with eleven similar events since December, heavy AS prepending, and an upstream provider relationship — suggests misconfigured export/import policies rather than deliberate interception. ROV would not have prevented this path-based leak; adoption of ASPA, RFC9234/OTC, and Peerlock-style checks is recommended to mitigate future leaks.
read more →

Trend Micro's Digital Twin Enables Full-Scale Simulations

🛡️ In a recent interview Trend Micro COO Kevin Simzer described how a digital twin — a virtual replica built from enterprise telemetry — lets organizations run safe, comprehensive red-team simulations across real-world topologies. The approach enables what-if analyses, testing of security controls and architectural changes without risk to production systems. Simzer also noted additions like agentic capabilities to automate SIEM integration and Trend's plan to train proprietary AI models from its historical threat data.
read more →

CrowdStrike: Training GenAI Models at Scale, Distributed

🛡️ CrowdStrike outlines its methodology for training security-focused GenAI models at scale using the Google Cloud Vertex Training Cluster and an infrastructure-as-code approach. The team leverages Slurm for workload scheduling, modular data pipelines with synthetic augmentation, and a mix of parallelism strategies (data, tensor, pipeline, sequence/expert) to match model size and hardware. They optimize across GPU architectures (H100, B200) using high-performance attention kernels like Flash Attention and NCCL for inter-node communication to improve throughput, support extended contexts, and manage memory via gradient checkpointing and observability tooling.
read more →

Young Europeans' Views on AI and the Digital Future

📘 The Future Report, produced with youth consultancy Livity, surveyed over 7,000 teenagers (13–18) across France, Greece, Ireland, Italy, Poland, Spain and Sweden about their digital lives and expectations. It finds that 40% use AI daily or almost daily and that 81% of users report AI improved aspects of learning or creativity. Teens are largely optimistic yet express concerns about over-reliance, skill erosion and information trustworthiness. The report recommends stronger digital literacy, safety measures and meaningful youth participation in design and policy.
read more →

SAML Authentication Under New XML Parsing Flaws Exposed

🔓Researchers revealed new XML-parsing exploits that severely weaken SAML-based SSO, demonstrating full authentication bypass against popular Ruby and PHP SAML libraries. PortSwigger researcher Zak Fedotkin presented these techniques at Black Hat Europe and published an open-source toolkit to identify and reproduce affected deployments. The work highlights attack vectors such as attribute pollution, namespace confusion, and a new class of void canonicalization that can circumvent XML signature validation. While fixes (including updates to Ruby-SAML) have been released, Fedotkin warns that only a foundational rework of SAML libraries will eliminate these systemic weaknesses.
read more →

Battering RAM: DDR4 Interposer Breaks CPU Enclaves

🔓 Researchers at KU Leuven built a $50 DDR4 interposer that subverts confidential computing protections such as Intel SGX and AMD SEV, demonstrated at Black Hat Europe. The runtime attack, called Battering RAM, manipulates memory address mapping to gain arbitrary plaintext read/write and extract SGX provisioning keys, circumventing recent boot-time mitigations. The team warns that compromised memory modules in the supply chain could enable persistent backdoors on vulnerable cloud VMs.
read more →

IDC: Closing the AI Efficiency Gap in Inference Era

🔍 IDC warns of a growing Total Cost of Ownership (TCO) crisis as AI inference becomes the dominant workload. Their global survey of 1,300 AI decision-makers finds inference already accounts for 47% of AI operations and is magnified by agentic workflows that trigger many sequential model calls. The research attributes the problem to fragmented stacks and idle accelerators and recommends shifting to integrated, system-level architectures that unite software, storage, networking, and compute. Google Cloud highlights AI Hypercomputer as a purpose-built solution to improve utilization and cost-effectiveness.
read more →

2025 CWE Top 25: CISA and MITRE Identify Weaknesses

🔍 The Cybersecurity and Infrastructure Security Agency (CISA), with MITRE/HSSEDI, released the 2025 CWE Top 25, highlighting the most exploited software weaknesses that enable data theft, system compromise, and service disruption. The list is designed to help developers, security teams, and procurement managers prioritize fixes and adopt Secure by Design practices. CISA urges organizations to integrate the Top 25 into vulnerability management and procurement decisions to reduce risk and downstream costs.
read more →