All news with #research tag

⚡Cloudflare reports it remains the fastest network for the largest number of last‑mile ISPs in its Birthday Week 2025 update. Using Real User Measurements (RUM) from Cloudflare‑branded error pages, the company compares TCP connection time trimeans against CloudFront, Google, Fastly and Akamai for the top 1,000 networks. Measured from August 6 to September 4, Cloudflare is #1 in 40% of measured ISPs and is prioritizing targeted fixes where gaps remain.

🔐Quantum computing is moving from theoretical possibility to an actionable concern for cybersecurity professionals. The article highlights the immediate risk of "harvest now, decrypt later," where adversaries capture encrypted traffic today to decrypt it when quantum-capable machines arrive. It notes that in 2024 NIST finalized initial post-quantum standards, including FIPS 203 for ML-KEM key establishment, and emphasizes the need for organizations to begin migration planning. The piece outlines current quantum-safe tools, migration challenges, and practical steps to improve readiness.

🔒 The Forrester Total Economic Impact™ study commissioned by Microsoft found that Microsoft Purview reduced the likelihood of data breaches by 30% for a composite organization, yielding more than $225,000 in annual savings from avoided incidents and fines. The report credits unified governance, automated classification, and fine‑tuned DLP policies with a 75% reduction in investigation time and 75% time savings for users searching and classifying data. Over three years the study shows $3.0M in benefits versus $633,000 in costs (NPV $2.3M; ROI 355%).

🤖 The 2025 DORA Report synthesizes survey responses from nearly 5,000 technology professionals and over 100 hours of qualitative data to examine how AI is reshaping software development. It finds AI amplifies existing team strengths and weaknesses: strong teams accelerate productivity and product performance, while weaker teams see magnified problems and increased instability. The report highlights near-universal AI adoption (90%), widespread productivity gains (>80%), a continuing trust gap in AI-generated code (~30% distrust), and recommends investment in platform engineering, user-centric workflows, and the DORA AI Capabilities Model to unlock AI’s value.

🛡️ A Gartner survey finds 62% of organisations experienced a deepfake attack in the past 12 months, with common techniques including social-engineering impersonation and attacks on biometric verification. The report also shows 32% of firms faced attacks on AI applications via prompt manipulation. Gartner’s Akif Khan urges integrating deepfake detection into collaboration tools and strengthening controls through awareness training, simulations and application-level authorisation with phishing-resistant MFA. Vendor solutions are emerging but remain early-stage, so operational effectiveness is not yet proven.

🔍 The DORA research team introduces the inaugural DORA AI Capabilities Model, identifying seven technical and cultural capabilities that amplify the benefits of AI-assisted software development. Based on interviews, literature review, and a near-5,000‑respondent survey, the model highlights priorities such as clear AI policies, healthy and AI-accessible internal data, strong version control, small-batch work, user-centricity, and quality internal platforms. The guidance focuses on practices that move organizations beyond tool adoption to measurable performance improvements.

🔍 SquareX’s Last Mile Reassembly (LMR) research, disclosed at DEF CON 32, shows how attackers split and reassemble malware inside the browser to evade Secure Web Gateways (SWGs). Palo Alto Networks has become the first major SASE vendor to publicly acknowledge this class of browser-assembled evasive attacks and announced enhancements to Prisma Browser. SquareX says LMR and related Data Splicing techniques exploit channels like WebRTC and gRPC, bypassing traditional SWG and DLP controls and underscoring the need for browser-native security.

⚠️A new study, “Mind the Gap,” examines time-of-check to time-of-use (TOCTOU) flaws in LLM-enabled agents and introduces TOCTOU-Bench, a 66-task benchmark. The authors demonstrate practical attacks such as malicious configuration swaps and payload injection and evaluate defenses adapted from systems security. Their mitigations—prompt rewriting, state integrity monitoring, and tool-fusing—achieve up to 25% automated detection and materially reduce the attack window and executed vulnerabilities.

📉 Bridewell's analysis of FOI data shows a marked fall in HMRC-impersonation phishing reports in the first half of 2025, with 41,202 incidents versus 102,226 in 2024 and 152,995 in 2023. Email-based attacks drove most of the decline while SMS phishing rose. The firm warns AI-enhanced social engineering is increasing and advises users to pause, avoid suspicious links and verify communications via official channels.

⚠️ Researchers at ETH Zürich and Google disclosed a RowHammer variant named Phoenix (CVE-2025-6202) that reliably induces bit flips on SK Hynix DDR5 devices and bypasses on-die ECC and advanced TRR protections. The team demonstrated an end-to-end privilege escalation on a production desktop with default DDR5 settings in as little as 109 seconds. Phoenix takes advantage of refresh intervals that mitigation logic does not sample, enabling flips across DIMM stacks produced between 2021 and 2024. Because DRAM chips cannot be updated in the field, the researchers recommend increasing the DRAM refresh rate to 3× as an immediate mitigation and urge vendors to pursue firmware and hardware countermeasures.

🤖 Security leaders report early wins from AI in detection, triage, and automation, but emphasize limits and oversight. Prioritizing high-value telemetry for real-time detection while moving lower-priority logs to data lakes improves signal-to-noise and shortens response times, according to Myke Lyons. Financial firms are experimenting with agentic AI to block business email compromise in real time, yet researchers and practitioners warn of missed detections and 'ghost alerts.' Organizations that treat AI as a copilot with governance, explainability, and institutional context see more reliable, safer outcomes.

🛡️ Unit 42 describes how IDE-integrated AI code assistants can be abused to insert backdoors, leak secrets, or produce harmful output by exploiting features like chat, auto-complete, and context attachment. The report highlights an indirect prompt injection vector where attackers contaminate public or third‑party data sources; when that data is attached as context, malicious instructions can hijack the assistant. It recommends reviewing generated code, controlling attached context, adopting standard LLM security practices, and contacting Unit 42 if compromise is suspected.

🧨 Researchers have developed Phoenix, a new Rowhammer variant that defeats DDR5 TRR protections on SK Hynix modules by synchronizing and self-correcting against missed refresh intervals. After reverse-engineering TRR behavior, the team identified refresh slots that were not sampled and used precise hammering patterns covering 128 and 2,608 refresh intervals to flip bits. In tests they flipped bits across all tested DIMMs and produced a working privilege-escalation exploit, achieving a root shell on commodity DDR5 systems in under two minutes. The authors published an academic paper and an FPGA-based repository with experiments and proof-of-concept code.

🔬 Google funded and collaborated on open-source DDR5 Rowhammer test platforms and academic research to evaluate current in-DRAM mitigations. Working with Antmicro and ETH Zurich, the team produced FPGA-based RDIMM and SO‑DIMM testers and used them to discover the Phoenix attack family, which includes a self-correcting refresh synchronization technique that can bypass enhanced TRR on some DDR5 modules. Google also led JEDEC standardization work on PRAC to enable deterministic row-activation counting and continues to share tools and findings to improve defenses.

⚡ This weekly recap synthesizes critical cyber events and trends, highlighting a new bootkit, AI-enhanced attack tooling, and persistent supply-chain intrusions. HybridPetya samples demonstrate techniques to bypass UEFI Secure Boot, enabling bootkit persistence that can evade AV and survive OS reinstalls. The briefing also covers vendor emergency patches, novel Android RATs, fileless frameworks, and practical patch priorities for defenders.

🔧 Google has open-sourced XProf, an upgraded ML profiler, and published the Cloud Diagnostics XProf library to simplify profiling and optimizing models on xPUs. The release brings unified XLA-based profiling across JAX, PyTorch/XLA and TensorFlow/Keras, and supports programmatic and on-demand trace capture. The Cloud Diagnostics library packages dependencies, stores profiles in Google Cloud Storage for retention, provisions TensorBoard on VMs or GKE for faster loading, and produces shareable links for collaborative analysis with tunable machine types for performance.

🔒 A recent paper demonstrates theoretical attacks on the Fiat–Shamir transformation, extending known insecurities into less contrived scenarios while stopping short of immediate practical exploitation. Bruce Schneier notes the result is exciting from a research perspective but does not currently translate into real-world cryptanalysis. The work highlights limits in our ability to produce broad security proofs for the transform. It serves as a reminder that theoretical advances can reshape confidence in cryptographic proof techniques even when deployed systems remain unaffected.

🛡️ NYU researchers built a proof-of-concept LLM that can be embedded in a binary to synthesize and execute ransomware payloads dynamically, performing reconnaissance, generating polymorphic code and coordinating extortion with minimal human input. ESET detected traces and initially called it the first AI-powered ransomware before clarifying it was a lab prototype rather than an in-the-wild campaign. Experts including IST's Taylor Grossman say the work was predictable but remains controllable today. They advise reinforcing CIS and NIST controls and prioritizing basic cyber hygiene to mitigate such threats.

🔍 Silent Push researchers have identified 45 previously unreported domains tied to China-linked threat clusters Salt Typhoon and UNC4841, with registrations dating as far back as May 2020. The infrastructure shows overlap with UNC4841, the group associated with exploitation of a Barracuda ESG zero‑day (CVE-2023-2868). Investigators discovered three Proton Mail addresses used to register 16 domains with fabricated contact details and found many domains resolving to high‑density IP addresses. Organizations are urged to search five years of DNS logs and audit requests to the listed IPs and subdomains.

🚨 A GitHub supply chain campaign dubbed GhostAction has exposed 3,325 secrets across multiple package ecosystems and repositories. GitGuardian says attackers abused compromised maintainer accounts to insert malicious GitHub Actions workflows that trigger on push or manual dispatch, read repository secrets, and exfiltrate them via HTTP POST to an external domain. Compromised credentials include PyPI, npm, DockerHub, Cloudflare, AWS keys and database credentials; vendors were notified and many repositories reverted the changes.