research
No one knows how many old shims can still bypass UEFI Secure Boot
The vast majority of UEFI computers carry a Microsoft certificate that will trust a small first-stage loader called a shim, a program Microsoft signs so that Linux and …
New tutorials on underground hacking forums have roughly doubled
Underground hacking forums are producing more original tutorials again, with growing attention on financial fraud, particularly the theft and fraudulent use of payment card …
Fake smart home residents could stand in for real ones in security research
Smart home security research runs on a scarce ingredient: recordings of how real people use the gadgets in their homes. Getting that data means wiring up someone’s house …
A hardware security AI assistant that checks chips for hidden backdoors
Chip designers license blocks of circuitry from outside vendors and drop them into larger products. A single processor can carry components from a range of suppliers, each …
The open source library holding up your stack might have one maintainer
Every serious software product runs on code that someone else wrote and released for free. A web service leans on a cryptography library, a data pipeline pulls in a parser, …
Most data brokers won’t tell you what happened to your deletion request
Data brokers collect personal details on most adults in the United States and sell them to buyers that include employers, landlords, insurance companies, and government …
Your coding agent says no in chat and yes in the code
Millions of developers share their keyboard with GitHub Copilot. Inside Visual Studio Code, it opens their files, writes and edits code, runs scripts, and reworks its own …
Malicious AI agent skills can slip past the scanners built to stop them
Developers who build with AI coding agents grab capabilities off public marketplaces the same way they grab packages from npm or PyPI. The add-ons are called agent skills. …
A single malware file can outweigh an entire AI dataset
Antivirus vendors and security startups keep shipping AI features that promise to read malware the way a seasoned analyst would. The results inside security teams tell a …
macOS is becoming a proving ground for AI agents
Somewhere right now, a Mac Mini is sitting on a shelf doing someone’s chores. Nobody’s watching it. It reads a version number out of Terminal, hops over to Safari, …
Researchers make the case for a cybersecurity AI scientist
Autonomous AI agents have started doing real security work. Language-model agents probe software for flaws, run penetration tests, and chain together attack steps that once …
Non-interactive SSH attacks dominate after login
Anyone who runs a server with SSH exposed to the internet sees the same pattern in the logs. A steady stream of automated scanners tries to log in, hour after hour, from …
Featured news
Resources
Don't miss
- The best defense against AI attacks turns out to be a skeptical human
- Your vendor’s vendor might be the real breach risk
- Fake OAuth client IDs are helping attackers slip past sign-in logs
- Security threat prompts Progress to disable ShareFile accounts, tell customers to shut down servers
- Why SBOMs, signing, and provenance still don’t tell you if software is safe