research
The security in smartphones is helping send them to landfills
Billions of working smartphones reach the end of their service lives each year and move into drawers, recycling streams, and waste piles. The WEEE Forum estimated that 5.3 …
Malware ships with bugs that defenders could use against it
Static analysis tools have spent years scanning legitimate software for security bugs before it goes out the door. The same scanners work on malware, and malware carries a …
OAuth marketplace apps keep access after publishers vanish
Installing an app from the Google Workspace Marketplace or GitHub Marketplace can grant a third party access to company email, files, calendars, code repositories, CI …
Autonomous AI-driven worm can reason its way through corporate networks
Researchers at the University of Toronto, the Vector Institute, and the University of Cambridge have built and tested a proof-of-concept AI-driven worm that does not operate …
Only 11% of production agents pass the AI agent security bar
Enterprise teams are running AI agents that write code, drive browsers, answer customer calls, manage cloud infrastructure, and query data warehouses with standing …
This AI model backdoor attack stays hidden until you customize the model
Most teams that deploy AI start with a backbone model. They download a large pre-trained system, adapt it to a specific task, and put it into production. The download step …
Websites can spy on user activity by analyzing SSD behavior
Websites have spent years collecting information about visitors through browser fingerprinting, tracking scripts, and other techniques designed to identify devices and monitor …
The behavioral signals that sharpen Trojan malware detection
Malware analysts spend a lot of time deciding which signals from a sandbox run are worth keeping. A sample executed in a controlled environment can generate hundreds of …
Zapier exploit chain shows how known anti-patterns compose into critical risk
A five-stage exploit chain disclosed by Token Security researchers turned a free Zapier account into write access on Zapier’s public developer SDK packages and on …
Frontier AI models collapse under multi-turn AI attacks, Cisco finds
Attackers who probe large language models rarely give up after one refusal. They reframe, build context across turns, adopt personas, and escalate gradually. New research from …
$20 per zero-day is already the WordPress plugin reality
Vulnerability researchers have spent the past year arguing about whether AI agents can find real bugs at scale or whether they mostly generate noise. A pipeline built in three …
Deleted Google API keys keep working for up to 23 minutes, researchers warn
Google API keys are credentials that let applications access Google services, from Maps to the Gemini AI. If a key is leaked, an attacker can use it to make API calls, rack up …
Featured news
Resources
Don't miss
- Securing digital keys when your phone unlocks the car
- How security teams are getting credential visibility into developer endpoints
- What happens to oversight when AI agents write a lab’s own code
- Low-skilled attacker used Claude, Codex to breach 14 companies
- Microsoft working on patch for RoguePlanet Defender zero-day (CVE-2026-50656)