research
Public Instagram posts provide raw material for AI phishing campaigns
A handful of public Instagram posts can give attackers enough material to generate convincing phishing emails with GenAI. Research from the University of Texas at Arlington …
Earbud sensors can authenticate users by their heartbeat, study finds
Researchers built a continuous authentication system called AccLock that identifies a wearer by the tiny vibrations a heartbeat makes inside the ear canal. The signal comes …
The AI backdoor your security stack is not built to see
Enterprises deploying LLMs have spent the past two years building defenses around a reasonable assumption: malicious behavior leaves a trace in the input. Scan for suspicious …
Deepfake detection is losing ground to generative models
Deepfake detection has been built around a single question for close to a decade. Given a video or audio clip, is it real or synthetic? Commercial detectors analyze pixels, …
Zombie linkages are keeping expired domains trusted for years
Domains expire, get transferred, and return to the market every day. The systems connected to those domains can continue trusting the original owner long after control has …
Vector embedding security gap exposes enterprise AI pipelines
Enterprise adoption of retrieval-augmented generation has moved sensitive corporate content into a new storage format that existing security tools cannot inspect. Companies …
Researchers open-source a Wi-Fi cyber range for security training
Wireless security training programs lean heavily on generic network labs, with Wi-Fi appearing as a checkbox alongside Bluetooth, Zigbee, and cellular. Hands-on environments …
The hidden smart fridge risks that emerge years after purchase
Household refrigerators are built to last more than a decade. The software, cloud services, and mobile apps that control them are not. A new analysis from Erik Buchmann at …
Roblox chat moderation gets bypassed by leet speak and code words
Roblox runs an automated chat filter at the scale of billions of messages per day. An independent audit of about two million chat messages from four of the platform’s …
One keypress is all it takes to compromise four AI coding tools
Developers clone unfamiliar repositories all the time. Open-source projects, work from teammates, sample code from a tutorial, a library someone recommended on a forum. The …
Cutting the cost of SIEM rule conversion
You inherit two thousand detection rules from an acquisition. They are written for a platform your company does not use. Your senior detection engineer estimates six months to …
Phishing can masquerade as emergency alerts for disasters, researchers warn
Emergency alerts for disasters like earthquakes and tsunamis are messages we hope we never see, and we trust them when they arrive. Researchers have shown that this trust can …
Featured news
Resources
Don't miss
- Earbud sensors can authenticate users by their heartbeat, study finds
- AI is drowning software maintainers in junk security reports
- Attackers are exploiting critical NGINX vulnerability (CVE-2026-42945)
- Attackers accessed, downloaded code from Grafana Labs’ GitHub
- The AI backdoor your security stack is not built to see