research
One keypress is all it takes to compromise four AI coding tools
Developers clone unfamiliar repositories all the time. Open-source projects, work from teammates, sample code from a tutorial, a library someone recommended on a forum. The …
Cutting the cost of SIEM rule conversion
You inherit two thousand detection rules from an acquisition. They are written for a platform your company does not use. Your senior detection engineer estimates six months to …
Phishing can masquerade as emergency alerts for disasters, researchers warn
Emergency alerts for disasters like earthquakes and tsunamis are messages we hope we never see, and we trust them when they arrive. Researchers have shown that this trust can …
Can your coding style predict whether your code is vulnerable?
Developers leave fingerprints in the code they write. Naming choices, indentation patterns, preferred APIs, and the way someone structures a loop or handles a pointer all …
What researchers learned about building an LLM security workflow
Security operations centers are running into the same wall everywhere. Detection tools generate more alerts than analysts can work through, and the early stages of any …
Researchers develop tool to expose GPS signal spoofing in transit networks
The Oak Ridge National Laboratory (ORNL) has developed a portable detector that identifies GPS spoofing in real time, including during motion, to help protect transportation …
Automated LLM red teaming gets a learning layer
Automated red teaming of large language models has settled into a familiar pattern over the past two years. An attacker model generates jailbreak attempts against a target …
AI prompt confidentiality and false citations worry researchers
Academic researchers using commercial AI tools for literature review and idea generation are sending unpublished research questions, draft hypotheses, and proprietary domain …
Even cybersecurity researchers are exposing secrets in their arXiv LaTeX source
Researchers submit papers to arXiv every day, and most of them upload the LaTeX source files alongside the PDF. The preprint service requires source uploads when available, …
ICS intrusion detection has blind spots that complicate plant security
Industrial control systems on plant floors run alongside a growing layer of monitoring software meant to catch intruders before they reach a turbine, a valve, or a chemical …
The AI criminal mastermind is already hiring on gig platforms
Labor-hire platforms let anyone with a credit card post a task and pay a stranger to complete it. The RentAHuman platform extends that model to AI agents through a Model …
Indirect prompt injection is taking hold in the wild
The open web is slowly but surely filling up with “traps” designed for LLM-powered AI agents. The technique, known as indirect prompt injection (IPI), involves …
Featured news
Resources
Don't miss
- LiteLLM vulnerability under active attack, CISA warns (CVE-2026-42271)
- The architecture of subtraction: Why it’s time to erase the roads, not just map the traffic
- Treating AI agents like service accounts for federated query security
- Malware ships with bugs that defenders could use against it
- Qilin ransomware affiliate exploited Check Point VPN zero-day (CVE-2026-50751)