All news with #research tag

🔬 Researchers at the Max Planck Institute of Biochemistry and Google Cloud created a Proteomics Lab Agent using the Agent Development Kit and Gemini models to provide personalized, multimodal AI guidance for mass spectrometry experiments. The agent analyzes recorded steps to generate publication-ready protocols, detect procedural errors, and capture tacit expertise into a searchable knowledge base. Open-sourced on GitHub, it aims to reduce troubleshooting time and improve reproducibility across labs.

🔒 Cybersecurity researchers and rights groups warn the UN Convention against Cybercrime, which begins a ratification process in Hanoi this weekend, could criminalize legitimate research and expand intrusive surveillance powers. The Cybersecurity Tech Accord and organizations such as Human Rights Watch say the draft's vague scope, broad criminalization language, and expansive data-access provisions risk arbitrary abuse and could hamper incident response. Some analysts acknowledge improvements around intent-based language but stress that robust national safeguards and explicit protections for security research are still needed.

🛡️ Pwn2Own Ireland 2025 concluded in Cork with security researchers awarded $1,024,750 after demonstrating 73 zero-day vulnerabilities across eight product categories. Targets included printers, network-attached storage, messaging apps, smart home and surveillance devices, home networking gear, flagship phones (iPhone 16, Galaxy S25, Pixel 9) and wearables. The contest expanded the attack surface to include USB port exploitation on locked mobile handsets while retaining Bluetooth, Wi‑Fi and NFC vectors. Summoning Team topped the leaderboard with $187,500 and 22 Master of Pwn points.

🔐 A high-profile entry by a hacker known as ‘Eugene’ at Pwn2Own Ireland 2025 withdrew a claimed zero-click remote code execution exploit targeting WhatsApp, forfeiting the event’s $1 million top prize. Organizers Trend Micro ZDI say Team Z3 is sharing findings privately for coordinated disclosure to Meta, while WhatsApp reports no viable exploit was publicly demonstrated. The cancellation has fueled speculation about exploit readiness and underscores the role of responsible disclosure and rigorous triage before public demonstrations.

🔊 A recent study by researchers at the University of California, Irvine shows that very high-resolution optical sensors in some mice can detect minute desk vibrations produced by speech. The theoretical attack, labeled Mic-E-Mouse, requires mice with extremely high DPI (≈10,000+) and very high polling rates (≈4,000 Hz+) and malware to exfiltrate raw sensor frames. The raw signals are extremely noisy, but Wiener filtering and ML-based denoising allowed partial speech recovery under controlled lab conditions. Significant practical limitations — few qualifying models, controlled setups with speakers inches from the sensor, and steep drops in accuracy with common barriers — plus straightforward mitigations make the attack largely a proof of concept for now.

⚠️ Researchers at SquareX demonstrated an AI Sidebar Spoofing attack that can overlay a counterfeit assistant in OpenAI's Atlas and Perplexity's Comet browsers. A malicious extension injects JavaScript to render a fake sidebar identical to the real UI and intercepts all interactions, leaving users unaware. SquareX showcased scenarios including cryptocurrency phishing, OAuth-based Gmail/Drive hijacks, and delivery of reverse-shell installation commands. The team reported the findings to vendors but received no response by publication.

⚠️ The latest releases of Cursor and Windsurf IDEs embed outdated Chromium and V8 engines that contain at least 94 known, patched vulnerabilities. Ox Security researchers demonstrated a proof‑of‑concept exploiting CVE-2025-7656 (a Maglev JIT integer overflow) to crash Cursor, and warn that similar flaws could enable denial‑of‑service or arbitrary code execution in real attacks. Attack vectors include deeplinks, malicious extensions, poisoned README previews or documentation; the two IDEs together serve an estimated 1.8 million developers. Cursor dismissed the DoS finding as out of scope and Windsurf did not respond to inquiries.

🔒On the first day of Pwn2Own Ireland 2025, security researchers exploited 34 unique zero-day vulnerabilities and collected $522,500 in cash awards. Team DDOS (Bongeun Koo and Evangelos Daravigkas) chained eight flaws to compromise a QNAP Qhora-322 router via its WAN interface and access a QNAP TS-453E, earning $100,000 and moving into second place on the Master of Pwn leaderboard. The Summoning Team led day one with $102,500 and 11.5 points after multiple successful root exploits. The Zero Day Initiative (ZDI) organized the event and coordinates 90-day responsible disclosure with affected vendors.

🧠 In episode 73 of The AI Fix, hosts Graham Cluley and Mark Stockley explore a sweep of recent AI developments, from the rise of AI-generated content to high-profile figures relying on chatbots. They discuss research suggesting Google Gemini exhibits behaviours resembling pathological gambling and report on a Gemma-style model uncovering a potential cancer therapy pathway. The show also highlights legal and security concerns— including a lawyer criticised for repeated AI use, generals consulting chatbots, and techniques for poisoning LLMs with only a few malicious samples.

🔍 Cloudflare investigated a production soft lockup traced to the Linux BPF LPM trie, a core data structure for IP and IP+Port longest-prefix matching. Benchmarks on 96-core AMD EPYC hardware showed lookups remain relatively fast at modest sizes, but updates, deletes and especially freeing maps degrade severely at scale, causing multi-second CPU stalls and customer packet loss. The post refreshes trie basics, presents measured results (lookups, updates, deletes, free costs), and diagnoses kernel implementation limits — notably binary child pointers, absent level compression, and allocator-induced cache and dTLB pressure — then outlines plans to upstream benchmarks and refactor toward a level-compressed multibit trie to reduce traversal height, cache/TLB misses, and freeing overhead.

🔍 This article frames the shift from legacy SOCs to AI-SOC platforms, arguing leaders must evaluate impact, transparency, and integration rather than pursue AI for its own sake. It outlines four architectural dimensions—functional domain, implementation model, integration architecture, and deployment—and prescribes a phased adoption path with concrete vendor questions. The piece flags key risks including explainability gaps, data residency, vendor lock-in, model drift, and cost surprises, and highlights mitigation through governance, human-in-the-loop controls, and measurable POCs.

🔐 The arrival of cryptographically relevant quantum computers will create a "silent boom" where adversaries can capture encrypted traffic today and decrypt it later, making intrusions neither observed nor observable. This undermines traditional incident response and shifts responsibility to engineering teams, not a vendor checkbox. Organizations must pursue quantum readiness by engaging developers to inventory algorithms and data, assess internet-facing assets for PQC support, and build testing capability for new ciphers within their release cycles.

🛡️ Penetration testing remains a critical control, but the classic, one-size-fits-all approach can create hidden financial and operational burdens. Administrative overheads, complex scoping decisions and indirect remediation work all add time and cost while risking scope creep and disruption. The article recommends flexible, consumption-based models—such as PTaaS and Outpost24's CyberFlex—to improve coverage, transparency and ROI.

⚖️ More than seven in 10 IT leaders list regulatory compliance as a top-three challenge when deploying generative AI, according to a recent Gartner survey. Fewer than 25% are very confident in managing security, governance, and compliance risks. With the EU AI Act already in effect and new state laws in Colorado, Texas, and California on the way, CIOs worry about conflicting rules and rising legal exposure. Experts advise centralized governance, rigorous model testing, and external audits for high-risk use cases.

🔒 Phishing remains a pervasive threat—IBM attributes roughly 15% of data breaches to these attacks—yet standard training approaches are delivering limited protection. Recent studies cited in the article show annual awareness modules and embedded simulated-phish interventions often fail to change user behavior or secure genuine engagement, with many users closing training pages outright. Security leaders are advised to treat training as one element of a broader risk-reduction strategy that pairs behavioral design, clear escalation steps, measurable metrics, incentives, and technical controls such as two-factor authentication and improved phishing detection.

🔍 Janice Richardson, researcher and Council of Europe expert, reflects on Google’s Future Report, based on more than 7,000 teens from seven EU countries. She highlights young people’s use of the internet for learning, cultural exploration and creative problem solving, noting strong critical thinking and pragmatic attitudes toward algorithms. Richardson stresses closing the digital literacy gap and equipping teachers and parents to support safe, balanced online engagement.

🔒 Two independent research teams demonstrated practical physical attacks that extract encrypted data from server trusted execution environments by intercepting DDR4 memory traffic. The U.S. WireTap proof-of-concept slowed memory clocks and used an inexpensive legacy logic analyzer to recover keys from Intel SGX. The Battering RAM team employed a tiny interposer and a Raspberry Pi Pico to mirror writes and target both Intel SGX and AMD SEV-SNP covertly. Both efforts drastically lower cost and complexity compared with prior work, though vendors note that physical attacks sit outside their threat model.

🔍 Researchers at GreyNoise have identified a large-scale, multi-country botnet that began targeting Remote Desktop Protocol (RDP) services in the United States on October 8. The campaign uses over 100,000 IP addresses and employs two RDP-specific techniques: RD Web Access timing attacks to infer valid usernames and RDP Web Client login enumeration to observe differing server behaviors. Nearly all sources share a common TCP fingerprint, indicating coordinated clusters. Administrators should block attacking IPs, review RDP logs, and avoid exposing remote desktop services to the public internet—use VPNs and enable multi-factor authentication.

🔒 DarkAtlas researchers warn that APT groups are leveraging legitimate RMM platforms to gain initial access, increasingly favoring ScreenConnect as it evades basic detection. Attackers abuse features like unattended access, VPN, REST API and file transfer, deploy in-memory installers that leave little disk artefacts, and register persistent services such as ScreenConnect.WindowsClient.exe. Defenders should monitor invite links, config files, in-memory activity and specific event IDs for effective DFIR.

🔐 Apple has increased the top award in its Apple Security Bounty program to $2m for exploit chains that emulate sophisticated mercenary spyware. Bonuses for Lockdown Mode bypasses and vulnerabilities found in beta software can more than double that payout, potentially exceeding $5m. Apple also raised many category rewards — including $100,000 for a Gatekeeper bypass and $1m for broad unauthorized iCloud access — and introduced a Target Flags initiative to speed and standardize exploitability demonstrations.