All news with #research tag

🛡️ A remote-access trojan named SleepyDuck, disguised as a Solidity extension on Open VSX, uses an Ethereum smart contract to deliver command-and-control instructions. The malicious package, downloaded over 53,000 times, activates on editor startup, when a Solidity file is opened, or when the compile command is run. On activation it collects system identifiers, creates a lock file for persistence, and polls an on-chain contract to update or replace its C2 endpoint. Open VSX has flagged the package and implemented security controls; developers should rely only on reputable publishers and official repositories.

🦆 Researchers at Secure Annex warned of a malicious Open VSX extension, juan-bianco.solidity-vlang, that delivers a remote access trojan dubbed SleepyDuck. Originally published as a benign library on October 31, 2025, it was updated to a malicious release after reaching about 14,000 downloads. The extension triggers on opening a code editor window or selecting a .sol file, harvesting host details and polling an Ethereum-based contract to obtain and update its command server. It also contains fallback logic using multiple Ethereum RPC providers to recover C2 information if the domain is taken down; users should only install extensions from trusted publishers and follow vendor guidance.

🚀 Mercado Libre leverages Spanner as the core of a developer-facing platform, exposing consistent, globally-scalable transactions through its internal gateway, Fury. Fury abstracts distributed database complexity and serves both relational and key-value workloads. Integration with BigQuery via Data Boost and Change Streams enables near-real-time analytics and reverse ETL to operational systems.

🚨 Threat actors are targeting freight brokers and carriers with malicious emails and compromised load-board posts to deliver remote monitoring and management tools (RMM) such as ScreenConnect, NetSupport, and PDQ Connect. Once installed, attackers gain remote control to alter bookings, block notifications, harvest credentials, and impersonate carriers to reroute and physically steal high-value shipments. Proofpoint tracked dozens of campaigns since January, primarily in North America, exploiting social engineering and legitimate RMM functionality.

📝 AI notetakers are increasingly treated as authoritative meeting participants, and attendees are adapting speech to influence what appears in summaries. This practice—called AI summarization optimization (AISO)—uses cue phrases, repetition, timing, and formulaic framing to steer models toward including selected facts or action items. The essay outlines evidence of model vulnerability and recommends social, organizational, and technical defenses to preserve trustworthy records.

🔐 This post proposes a lightweight, crowd-curated registry for bots and agents to simplify discovery of public keys used for cryptographic Web Bot Auth signatures. It describes a simple list format of URLs that point to signature-agent cards—extended JWKS entries containing operator metadata and keys—and shows how registries enable origins and CDNs to validate agent signatures at scale. Examples and a demo integration illustrate practical adoption.

🔓 Academic researchers disclosed TEE.Fail, a DDR5 memory-bus interposition side-channel that can extract secrets from Trusted Execution Environments such as Intel SGX, Intel TDX, and AMD SEV-SNP. By inserting an inexpensive interposer between a DDR5 DIMM and the motherboard and recording command/address and data bursts, attackers can map deterministic AES-XTS ciphertexts to plaintext values and recover signing and cryptographic keys. The method requires physical access and kernel privileges but can be implemented for under $1,000; Intel, AMD and NVIDIA were notified and are developing mitigations.

🔍 Varonis Threat Labs highlights BiDi Swap, a technique that exploits Unicode bidirectional rendering to make malicious URLs appear legitimate. By mixing Right-to-Left and Left-to-Right scripts, attackers can visually move parameters, paths, or subdomains into the apparent host name to facilitate phishing and spoofing. Browser defenses vary — some highlight domains or flag lookalikes while others leave gaps — so the report urges user caution and vendor improvements.

🔒 Cloudflare reports that, as of late October 2025, the majority of human-initiated traffic through its network is protected with post‑quantum key agreement, reducing the risk of harvest‑now/decrypt‑later attacks. The post summarizes progress since the last update 21 months earlier: NIST standardization, broad adoption of ML‑KEM hybrids, Google's Willow milestone, and Craig Gidney's optimizations that materially moved Q‑day closer. It explains why migrating key agreement was urgent and relatively straightforward, why signature/certificate migration remains the harder challenge, and what organizations and regulators should prioritize now.

🔍 This post introduces a reproducible, data-driven framework to quantify Internet resilience, motivated by the July 8, 2022 Rogers outage that affected millions. It defines resilience as the ability of a national or regional ecosystem to maintain diverse, secure routing and rapidly recover from failures. The framework combines public sources (RouteViews, RIPE RIS, traceroutes, IXPs, submarine cable maps) and focuses on measurable metrics such as RPKI, ROV, IXP distribution, submarine cable diversity, AS path diversity, and impact-weighted assessments.

⚠️ A new 2025 Consumer Impact Report from the Identity Theft Resource Center (ITRC) finds identity fraud is driving severe mental and financial harm, with one quarter of surveyed consumers saying they seriously considered self-harm after an incident. The figure rises to 68% among self-identified victims but falls to 14% for those who contacted the ITRC, underscoring the value of professional support. The study of 1,033 general consumers also highlights rising repeat victimisation, large monetary losses — including more than 20% losing over $100,000 and 10% losing at least $1m — social media account takeovers as the most common crime, and widespread concern that AI will be a major battleground for identity security.

🔎 Early detection turns cybersecurity from a reactive cost into a business enabler. Investing in continuous visibility, threat intelligence, and rapid detection reduces incident costs, preserves uptime, and protects revenue and reputation. Solutions such as ANY.RUN's Threat Intelligence Feeds and TI Lookup deliver real-time IOCs, context-enriched analyses, and STIX/TAXII-ready integrations so SOCs can prioritize and act faster, lowering MTTR and operational burden.

💳 Criminal gangs operating from China send deceptive texts about overdue tolls, postal fees, and municipal fines to trick victims into divulging credit-card details. Investigators say the groups exploit an installation trick that provisions stolen card numbers into Google and Apple Wallet accounts in Asia, then share those virtual cards with buyers in the United States. The Department of Homeland Security estimates the scheme has generated over $1 billion in the last three years, enabling purchases of phones, gift cards, apparel and cosmetics by fraud rings that coordinate messaging, remote provisioning, and cross-border purchasing.

🔍 Organizations are facing a growing threat from applicants who pose as legitimate job seekers but are in fact operatives tied to overseas actor networks. Recent cases — including a July 2024 incident at KnowBe4 and longer running campaigns tracked as WageMole and DeceptiveDevelopment — show perpetrators use stolen identities, deepfakes and remote infrastructure to gain employment. The article outlines practical detection cues for recruitment teams and containment steps to limit insider risk.

🔒 A recent PPI survey of 50 banks and 53 insurers in Germany reports a sixfold rise in cyberattacks compared with 2021. Sixty-four percent of respondents now view cyberattacks as the sector's top challenge, ahead of digitization, credit quality and regulation. Firms cite low employee awareness and difficulty with real-time detection; malware installation and IT disruption are the most frequent attack types.

🛡️ Roughly 70% of senior security leaders say internal conflicts during a cyber crisis cause more disruption than the attack itself, according to the Cytactic 2025 State of Cyber Incident Response Management (CIRM) Report. The survey of 480 US cybersecurity executives highlights blurred authority, poor communication, and unrehearsed roles that delay response. Experts recommend demonstrating security's business value, reducing operational friction with passwordless controls, and aligning incentives with lines of business.

📊 Cloudflare explains why measuring the Internet is uniquely difficult and how rigorous methodology, ethics, and clear representation make findings reliable. An internal February 2022 Lviv traffic spike illustrates how context and complementary data can prevent misclassification of benign events as attacks. The post contrasts active and passive techniques and direct versus indirect measurement, outlines a lifecycle of curation, modeling, and validation, and stresses low-impact, ethical approaches. It concludes by inviting collaboration and continued exploration of passive measurement methods.

🔍 During a 2022 internship at Cloudflare, Ram Sundara Raman examined whether connection tampering by network middleboxes can be detected using only passive production data. He sampled one in 10,000 TCP connections and logged the first ten inbound packets, then developed 19 tampering signatures while confronting scale, noisy telemetry, and limited ground truth. The work exposed practical limits of passive observation and the care required to interpret packet-level signals, and its outputs are published on Cloudflare Radar.

📡 This week Cloudflare Research publishes a series of posts revealing methods and findings that advance a more measurable, resilient, and transparent Internet. The series explores Internet measurement fundamentals, resilience frameworks, post-quantum deployment, and networking innovations, with deep dives into products such as Cloudflare Radar and experiments like Merkle Tree Certificates. Expect practical analysis, IETF-aligned protocol discussion, and real-world deployment considerations.

🔒 Incogni's Social Media Privacy Ranking 2025, summarized by Kaspersky, evaluates 15 platforms across 18 criteria to compare messaging apps on privacy and data handling. Overall scores place Discord, Telegram and Snapchat near the top, but a subset of practical criteria ranks Telegram first, followed by Snapchat and Discord. The analysis highlights default settings, data collection by mobile apps, handling of government requests, and encryption differences, noting that only WhatsApp provides end-to-end encryption for all chats by default.