research
Many popular websites still cling to password creation policies from 1985
A significant number of popular websites still allow users to choose weak or even single-character passwords, researchers at Georgia Institute of Technology have found. …
Researchers automated jailbreaking of LLMs with other LLMs
AI security researchers from Robust Intelligence and Yale University have designed a machine learning technique that can speedily jailbreak large language models (LLMs) in an …
Open-source AV/EDR bypassing lab for training and learning
Best EDR Of The Market is a user-mode endpoint detection and response (EDR) project designed to serve as a testing ground for understanding and bypassing EDR’s user-mode …
Open-source vulnerability disclosure: Exploitable weak spots
Flaws in the vulnerability disclosure process of open-source projects could be exploited by attackers to harvest the information needed to launch attacks before patches are …
Apple news: iLeakage attack, MAC address leakage bug
On Wednesday, Apple released security updates for all supported branches of iOS and iPadOS, macOS, tvOS, watchOS and Safari. This time around, the updates did not garner as …
Network Flight Simulator: Open-source adversary simulation tool
Network Flight Simulator is a lightweight utility that generates malicious network traffic and helps security teams evaluate security controls and network visibility. The tool …
Apple offers security researchers specialized iPhones to tinker with
Apple is inviting security researchers to apply for its Security Research Device Program (SRDP) again, to discover vulnerabilities and earn bug bounties. Apple started the …
Almost all VPNs are vulnerable to traffic-leaking TunnelCrack attacks
Several vulnerabilities that affect most VPN products out there can be exploited by attackers to read user traffic, steal user information, or even attack user devices, …
North Korean hackers breached Russian missile development firm
North Korean state-sponsored hackers have breached Russian missile maker NPO Mashinostroyeniya, according to SentinelLabs researchers. North Korean hackers discovered The …
Keystroke sounds can betray passwords
Researchers from several UK universities have proven that the recorded sounds of laptop keystrokes can be used to obtain sensitive user data such as passwords with a high …
Attackers can turn AWS SSM agents into remote access trojans
Mitiga researchers have documented a new post-exploitation technique attackers can use to gain persistent remote access to AWS Elastic Compute Cloud (EC2) instances (virtual …
US companies commit to safe, transparent AI development
Seven US artificial intelligence (AI) giants – Amazon, Anthropic, Google, Inflection, Meta, Microsoft, and OpenAI – have publicly committed to “help move …