research
$20 per zero-day is already the WordPress plugin reality
Vulnerability researchers have spent the past year arguing about whether AI agents can find real bugs at scale or whether they mostly generate noise. A pipeline built in three …
Deleted Google API keys keep working for up to 23 minutes, researchers warn
Google API keys are credentials that let applications access Google services, from Maps to the Gemini AI. If a key is leaked, an attacker can use it to make API calls, rack up …
Meet Fractal, an OS made for microarchitecture reverse engineering
Probing how a CPU isolates user code from kernel code is messy work. Researchers patch kernels, write drivers, or boot stripped-down bare-metal programs, and any of those …
Most dark web activity revolves around a handful of topics
Dark web activity often becomes visible during marketplace seizures, major data leaks, or sudden spikes in criminal activity. Those events can create an impression of an …
AI red teaming agents change how LLMs get tested
Adversarial probing of LLMs has piled up a sprawling toolkit over the past three years. Attack techniques with names like Tree of Attacks with Pruning, Crescendo, and Skeleton …
When your AI assistant has the keys to production
Large language models in operational roles query telemetry, propose configuration changes, and in some deployments execute those changes against live infrastructure. Ticket …
Public Instagram posts provide raw material for AI phishing campaigns
A handful of public Instagram posts can give attackers enough material to generate convincing phishing emails with GenAI. Research from the University of Texas at Arlington …
Earbud sensors can authenticate users by their heartbeat, study finds
Researchers built a continuous authentication system called AccLock that identifies a wearer by the tiny vibrations a heartbeat makes inside the ear canal. The signal comes …
The AI backdoor your security stack is not built to see
Enterprises deploying LLMs have spent the past two years building defenses around a reasonable assumption: malicious behavior leaves a trace in the input. Scan for suspicious …
Deepfake detection is losing ground to generative models
Deepfake detection has been built around a single question for close to a decade. Given a video or audio clip, is it real or synthetic? Commercial detectors analyze pixels, …
Zombie linkages are keeping expired domains trusted for years
Domains expire, get transferred, and return to the market every day. The systems connected to those domains can continue trusting the original owner long after control has …
Vector embedding security gap exposes enterprise AI pipelines
Enterprise adoption of retrieval-augmented generation has moved sensitive corporate content into a new storage format that existing security tools cannot inspect. Companies …
Featured news
Resources
Don't miss
- Microsoft open-sources tools for designing and testing AI agents
- GitHub, Grafana Labs breaches traced back to TanStack supply chain compromise
- Microsoft Defender vulnerabilities exploited in the wild (CVE-2026-41091, CVE-2026-45498)
- Why AI changed the threat model for travel technology
- AI red teaming agents change how LLMs get tested