research
PhishLumos: Exposing phishing campaigns that evade detection by hiding content
Phishing remains one of the most stubbornly persistent threats in cybersecurity: humans are tired, distracted, trusting, and susceptible to urgency and authority in ways that …
A hardware neural network backdoor that hides in plain sight
Deep learning systems on phones, cars, and other edge devices increasingly run on custom silicon. Specialized chips such as FPGAs and ASICs give these systems the speed and …
Proving what a military AI model will do is the real problem
Defense contractors build AI systems that task drones automatically and propose kill-chains to support soldiers. Several of these contractors have partnered with frontier AI …
The assembly line behind 1.5 million malicious domains
Attackers registered roughly 1.5 million malicious domains during the first five months of 2026. The registration patterns resemble industrial output. Most of the domains were …
AI sovereignty makes data centers strategic targets for cyber operations
Data centers built for frontier AI draw hundreds of megawatts of electricity and large volumes of cooling water from fixed locations with known addresses. Each one …
Making the cloud prove it followed your privacy wishes
Companies that store personal data in cloud key-value databases should handle deletion requests by running the operation and confirming the job is complete. The people making …
Every set of AI guardrails can be broken by the right prompt
Companies that build AI systems wrap them in guardrails meant to block harmful output, including deepfakes, malware, and instructions for making biological weapons or illicit …
The security in smartphones is helping send them to landfills
Billions of working smartphones reach the end of their service lives each year and move into drawers, recycling streams, and waste piles. The WEEE Forum estimated that 5.3 …
Malware ships with bugs that defenders could use against it
Static analysis tools have spent years scanning legitimate software for security bugs before it goes out the door. The same scanners work on malware, and malware carries a …
OAuth marketplace apps keep access after publishers vanish
Installing an app from the Google Workspace Marketplace or GitHub Marketplace can grant a third party access to company email, files, calendars, code repositories, CI …
Autonomous AI-driven worm can reason its way through corporate networks
Researchers at the University of Toronto, the Vector Institute, and the University of Cambridge have built and tested a proof-of-concept AI-driven worm that does not operate …
Only 11% of production agents pass the AI agent security bar
Enterprise teams are running AI agents that write code, drive browsers, answer customer calls, manage cloud infrastructure, and query data warehouses with standing …
Featured news
Resources
Don't miss
- China-linked spies backdoored authentication stack to stay hidden for years
- AI vulnerability discovery is pushing 2026 CVEs toward 66,000
- PhishLumos: Exposing phishing campaigns that evade detection by hiding content
- Onspring CISO on where automated GRC systems fall short
- Open-source CI/CD abuse detector guards against stolen credential attacks