We’re looking at how DMARC adoption is shaping the email security landscape of colleges and universities in North America. The post DMARC Adoption in U.S. and Canada Higher Education Sector appeared first on Security Boulevard.
Category: Research
china, CISA, Cybersecurity, Cybersecurity and Infrastructure Security Agency, espionage, exploit, Exploits, Global Security News, Google Threat Intelligence Group, ivanti, known exploited vulnerabilities (KEV), Mandiant, Research, Threats, vulnerability
China-backed espionage group hits Ivanti customers again
Ivanti customers are confronting another string of attacks linked to an actively exploited vulnerability in the company’s VPN products. Mandiant said a nation-state backed espionage group linked to China has been exploiting the critical vulnerability, CVE-2025-22457, since mid-March. The threat group, which Google Threat Intelligence Group tracks as UNC5221, has a knack for exploiting Ivanti…
Asia Pacific, dmarc, DMARC Adoption Trends, DMARC benefits, Ecosystem News, Email Security Insights, Global Security News, Research, Security Bloggers Network
DMARC Adoption among APAC’s Higher Education Sector
On the heels of our DMARC adoption research in Europe’s higher education sector, we’re taking a look to see how schools in the Asia Pacific region are faring with their email security. The post DMARC Adoption among APAC’s Higher Education Sector appeared first on Security Boulevard.
Amazon Web Services (AWS), Check Point, cisco, Cybersecurity, Exploits, firewall, Forcepoint, Fortinet, Global Security News, google cloud, Juniper Networks, Microsoft Azure, Palo Alto Networks, Research, Technology, Versa Networks
Independent tests show why orgs should use third-party cloud security services
Businesses don’t always get what they pay for in cybersecurity. Some of the most expensive cloud network firewall vendors are among the worst performers against exploits and evasions, according to the most comprehensive, independent testing CyberRatings.org has conducted to date. Cisco, by far the most expensive cloud network firewall offering across the top 10 vendors…
cisco, Cisco Talos, credential theft, Cybercrime, Cybersecurity, Global Security News, identity, identity authentication, Ransomware, Research, Threats
Identity lapses ensnared organizations at scale in 2024
Cybercriminals predominantly relied on weaknesses in identity controls to afflict organizations in 2024, with valid accounts being the main way they gained access for the second year in a row, Cisco Talos said in an annual report released Monday. Across the incident response cases Cisco Talos responded to last year, 60% involved an identity attack…
Blog, Global Security News, Research, Security Bloggers Network
Tax Season Threat Surge
Veriti Research has identified a significant rise in tax-related malware samples across multiple platforms. The research team discovered malware samples targeting Android, Linux, and Windows, all connected to the same adversary operating from a single IP address. We believe the attacker is running multiple parallel campaigns and using “Malware-as-a-Service” tools to target various platforms simultaneously,…
crowdstrike, Cybercrime, Cybersecurity, Dtex Systems, Global Security News, North Korea, North Korean IT workers, Palo Alto Networks, Research, Threats, Unit 42
The North Korea worker problem is bigger than you think
North Korean nationals have infiltrated businesses across the globe with a more expansive level of organization and deep-rooted access than previously thought, insider risk management firm DTEX told CyberScoop. This swarm of technical North Korean experts isn’t just intruding businesses as ad hoc freelance IT workers; they’ve gained full-time employment as engineers and specialists of…
Blog, Global Security News, Research, Security Bloggers Network
Inside Daisy Cloud: 30K Stolen Credentials Exposed
Veriti research recently analyzed stolen data that was published in a telegram group named “Daisy Cloud” (potentially associated with the RedLine Stealer), exposing the inner workings of a cybercrime marketplace. This group offers thousands of stolen credentials in an ongoing basis across a wide range of services, from crypto exchanges to government portals, at disturbingly…
Blog, Global Security News, Research, Security Bloggers Network
Genetic Breach Fallout: 23andMe’s Collapse Raises Security Alarms
In 2023, a massive data breach at 23andMe shook the foundation of the consumer genomics industry. Fast forward to today, the company has filed for bankruptcy. From Veriti’s perspective, this incident highlights the devastating consequences of failing to secure deeply sensitive personal data, especially when that data reaches beyond individuals and into family legacies. Veriti…
Cybersecurity, extensions, Global Security News, Research, threat, Threats, Web Browsers
Browser extension sales, updates pose hidden threat to enterprises
Sometimes the simplest pieces of software can cause the most complex security headaches for organizations. Browser extensions, which can be bought, sold and repurposed without warning, are a blind spot for organizations — ignored and often left unrecognized as a hidden threat. John Tuckner, founder of the browser extension security company Secure Annex, recently demonstrated…
Cloud Security, Cybersecurity, Exploits, Global Security News, Kubernetes, Nginx, open source, open source software, Research, Threats
String of defects in popular Kubernetes component puts 40% of cloud environments at risk
More than 40% of cloud environments are at risk of an account takeover due to a series of five recently discovered vulnerabilities — one regarded critical — in the Ingress Ngnix Controller for Kubernetes, according to security research published this week. Upon discovering the string of vulnerabilities in one of most widely used ingress controllers…
CVE, Cybersecurity, Exploits, Global Security News, Next.js, open source, open source software, Research, vulnerability, vulnerability disclosure
Researchers raise alarm about critical Next.js vulnerability
Researchers warn that attackers could exploit a recently discovered critical vulnerability in the open-source JavaScript framework Next.js to bypass authorization in middleware and gain access to targeted systems. Vercel, the San Francisco-based company that created and maintains Next.js, released a patch for CVE-2025-29927 in Next.js 15.2.3 on March 18 and published a security advisory on…
APT37, APT43, china, Cybercrime, Cybersecurity, Evil Corp, Exploits, Global Security News, Government, India, Iran, Microsoft, microsoft windows, nation state threats, nation-state hackers, North Korea, pakistan, Ransomware, Research, Russia, Stanford University, Threats, trend micro, vulnerability, Windows, Zero Day Initiative, zero days
Nation-state groups hit hundreds of organizations with Microsoft Windows zero-day
Cybercriminals working on behalf of at least six nation-states are actively exploiting a zero-day vulnerability in Microsoft Windows to commit espionage, steal data and cryptocurrency, according to Trend Micro researchers. The vulnerability, which Trend Micro tracks as ZDI-CAN-25373, allows attackers to execute hidden malicious commands due to the way Windows displays the contents of shortcut…
AI, Global IT News, Global Security News, Research, scaling
Researchers say they’ve discovered a new method of ‘scaling up’ AI, but there’s reason to be skeptical
Have researchers discovered a new AI “scaling law”? That’s what some buzz on social media suggests — but experts are skeptical. AI scaling laws, a bit of an informal concept, describe how the performance of AI models improves as the size of the datasets and computing resources used to train them increases. Until roughly a…
AI, Global IT News, Global Security News, iclr, Research
Academics accuse AI startups of co-opting peer review for publicity
There’s a controversy brewing over “AI-generated” studies submitted to this year’s ICLR, a long-running academic conference focused on AI. At least three AI labs — Sakana, Intology, and Autoscience — claim to have used AI to generate studies that were accepted to ICLR workshops. At conferences like ICLR, workshop organizers typically review studies for publication…
credential theft, Cybercrime, Cybersecurity, Data Breaches, Flashpoint, Global Security News, identity, identity theft, Information stealing malware, infostealers, malware, Ransomware, Research, stolen credentials
Infostealers fueled cyberattacks and snagged 2.1B credentials last year
Cybercriminals used information-stealing malware to a devastating effect last year, capturing sensitive data that fueled ransomware, breaches and attacks targeting supply chains and critical infrastructure, according to a new report. Infostealers were used to steal 2.1 billion credentials last year, accounting for nearly two-thirds of 3.2 billion credentials stolen from all organizations, Flashpoint said in a…
Global Security News, Research, Security Bloggers Network
How to detect Headless Chrome bots instrumented with Puppeteer?
Headless Chrome bots powered by Puppeteer are a popular choice among bot developers. The Puppeteer API’s ease of use, combined with the lightweight nature of Headless Chrome, makes it a preferred tool over its full-browser counterpart. It is commonly used for web scraping, credential stuffing attacks, and the The post How to detect Headless Chrome…
CryptoCurrency, Cybercrime, Cybersecurity, GitHub, Global Security News, Lazarus Group, malware, North Korea, npm, Research, Socket, software security, Threats
Lazarus Group deceives developers with 6 new malicious npm packages
Lazarus Group has burrowed deeper into the npm registry and planted six new malicious packages designed to deceive software developers and disrupt their workflows, researchers at cybersecurity firm Socket said in a Monday blog post. The North Korea-linked threat group embedded BeaverTail malware into the npm packages to install backdoors and steal credentials and data…
AI, Global IT News, Global Security News, Research, sakana
Sakana claims its AI-generated paper passed peer review — but it’s a bit more nuanced than that
Japanese startup Sakana said that its AI generated the first peer-reviewed scientific publication. But while the claim isn’t untrue, there are significant caveats to note. The debate swirling around AI and its role in the scientific process grows fiercer by the day. Many researchers don’t think AI is quite ready to serve as a “co-scientist,”…
bluetooth, chip, cyber security, esp32, Exploits, Global Security News, Hardware, internet of things, IoT Security, microcontroller, Mobile Security, Mobility, Research, Security, supply chain, tarlogic, vulnerability, wifi
Billions of Devices at Risk of Hacking & Impersonation Due to Hidden Commands
Researchers warn these commands could be exploited to manipulate memory, impersonate devices, and bypass security controls.
Blog, Global Security News, Research, Security Bloggers Network
Inside Black Basta Ransomware Group’s Chat Leak
Internal conflicts within the notorious Black Basta ransomware group have led to a massive leak of the group’s internal chat messages. While the messages are disorganized and full of internal jargon, they contain a wealth of insight into the group’s operations and techniques. This type of disclosure can be a goldmine for security professionals because…
APT27, china, Cybercrime, Cybersecurity, Exploits, Global Security News, hacking, ivanti, Microsoft Threat Intelligence Center, Research, silk typhoon, Threats
Silk Typhoon shifted to specifically targeting IT management companies
The Chinese state-backed threat group Silk Typhoon shifted tactics in late 2024 to broaden access and enable follow-on attacks against downstream customers of its initial targets, Microsoft Threat Intelligence said in a blog released Wednesday. The Chinese espionage group, which is also known as APT27, has abused stolen API keys and credentials for privileged access…
crowdstrike, Cybercrime, Cybersecurity, Global Security News, hacking, Palo Alto Networks, Ransomware, ReliaQuest, Research, Threat Intelligence, Threats, Unit 42
Cybercriminals picked up the pace on attacks last year
Threat actors became increasingly efficient last year, rapidly achieving lateral movement and swiftly stealing data at a faster clip than ever before, according to multiple threat intelligence firms. The reduced time frame is a clear indicator that cybercriminals are constantly improving their ability to be successful. With the abuse of legitimate system tools to help…
AI, Global IT News, Global Security News, Research, science
Experts don’t think AI is ready to be a ‘co-scientist’
Last month, Google announced the “AI co-scientist,” an AI the company said was designed to aid scientists in creating hypotheses and research plans. Google pitched it as a way to uncover new knowledge, but experts think it — and tools like it — fall well short of PR promises. “This preliminary tool, while interesting, doesn’t…
Blog, Exploits, Global Security News, Research, Security Bloggers Network
Veriti Research Uncovers Malware Exploiting Cloud Services
Veriti Research has identified a growing trend – attackers leveraging cloud infrastructure to facilitate malware distribution and command-and-control (C2) operations. This evolving tactic not only makes detection more challenging but also exposes organizations to significant security risks. Malware Hosted on Cloud Services One of the most alarming findings from our research is that over 40%…
Blog, Global Security News, Research, Security Bloggers Network
DPRK IT Fraud Network Uses GitHub to Target Global Companies
Nisos DPRK IT Fraud Network Uses GitHub to Target Global Companies Nisos is tracking a network of likely North Korean (DPRK)-affiliated IT workers posing as Vietnamese, Japanese, and Singaporean nationals with the goal of obtaining employment in remote engineering… The post DPRK IT Fraud Network Uses GitHub to Target Global Companies appeared first on Nisos…
dmarc, DMARC Adoption Trends, DMARC benefits, Ecosystem News, Email Security Insights, Europe, Global Security News, Research, Security Bloggers Network
DMARC Adoption among Europe’s Higher Education Sector
This installment of DMARC adoption initiates a series on DMARC adoption, focusing on policy levels and best practices, in the higher education sector. We’ll begin with Europe. The post DMARC Adoption among Europe’s Higher Education Sector appeared first on Security Boulevard.
cyber espionage, Cybercrime, Cybersecurity, data theft, Department of Justice (DOJ), Global Security News, Google Threat Intelligence Group, North America, Ransomware, Research, Russia, Snowflake, Threats, Unit 221B
Army soldier linked to Snowflake attack spree allegedly tried to sell data to foreign spies
U.S. authorities say a 21-year-old U.S. Army soldier attempted to sell stolen sensitive information to a foreign intelligence service as part of a broader effort to extort victims and leak call records of high-ranking public officials. In November while on active duty, Cameron Wagenius made multiple attempts to extort $500,000 from a major telecommunications company…
AI, Global IT News, Global Security News, In Brief, Research, vulnerability
AI models trained on unsecured code become toxic, study finds
A group of AI researchers has discovered a curious — and troubling — phenomenon: Models say some pretty toxic stuff after being fine-tuned on unsecured code. In a recently published paper, the group explained that training models, including OpenAI’s GPT-4o and Alibaba’s Qwen2.5-Coder-32B-Instruct, on code that contains vulnerabilities leads the models to give dangerous advice,…
Asia Pacific, china, crowdstrike, Cybersecurity, Global Security News, nation state threats, Research, Salt Typhoon, Threats, Volt Typhoon
It’s not just Salt Typhoon: All China-backed attack groups are showcasing specialized offensive skills
Cyberattacks carried out by China-backed nation-state actors surged last year, showcasing technical advancements and specialized targeting in a broader escalation of the country’s ability to infiltrate global critical infrastructure, CrowdStrike said in an annual threat report released Thursday. “After decades of investment into China’s offensive capabilities, they’re now on par with other world powers,” Adam…
Cybercrime, Cybersecurity, data theft, encryption, extortion, Global Security News, Incident Response, Palo Alto Networks, Ransomware, Research, Threats, Uncategorized, Unit 42
Threat actors are increasingly trying to grind business to a halt
Cybercriminals intentionally disrupted operations at a growing rate last year, Palo Alto Networks’ threat intelligence firm Unit 42 said in an annual incident response report released Tuesday. Of the nearly 500 major cyberattacks Unit 42 responded to last year, 86% involved business disruption, including operational downtime, fraud-related losses, increased operating costs and negative reputational impacts. …
Black Basta, Conti, Cybercrime, Cybersecurity, Global Security News, Google Threat Intelligence Group, Ransomware, Recorded Future, Research
What defenders are learning from Black Basta’s leaked chat logs
Black Basta’s internal chat logs, which were leaked earlier this month, are providing defenders with actionable intelligence on the ransomware group’s operations, cybercrime experts told CyberScoop. Researchers sifting through Black Basta’s exposed communications found details about the group’s preferred tools and techniques, including custom malware loaders, indicators of compromise, cryptocurrency wallets and email addresses associated…
china, cisco, Cisco IOS XE, Cisco Talos, Cybersecurity, Cybersecurity and Infrastructure Security Agency (CISA), Exploits, Global Security News, Research, Salt Typhoon, telecommunications, Threat Intelligence, Threats
Salt Typhoon gained initial access to telecoms through Cisco devices
Salt Typhoon gained initial access to Cisco devices as part of the Chinese nation-state threat group’s sweeping attacks on U.S. telecom networks, the company confirmed Thursday in a threat intelligence report. Cisco Talos, the networking vendor’s threat intelligence unit, said it observed one instance where Salt Typhoon likely exploited a seven-year-old critical vulnerability in Cisco…
Cybercrime, Cybersecurity, Global Security News, Google Threat Intelligence Group, GRU, messaging apps, phishing, Research, Russia, Sandworm, signal, Threats, Uncategorized
Russia-aligned threat groups dupe Ukrainian targets via Signal
Russian state threat groups have compromised Signal accounts used by Ukrainian military and government personnel to eavesdrop on real-time communications, Google Threat Intelligence Group said in a report released Wednesday. “This is a persistent, ongoing campaign being carried out by multiple different Russia-aligned threat actors,” Dan Black, principal analyst at Google Threat Intelligence Group, said…
Cybercrime, Cybersecurity, Darktrace, edge devices, Exploits, Fortinet, Global Security News, ivanti, Palo Alto Networks, Research, Threats, vulnerabilities, vulnerability
Edge device vulnerabilities fueled attack sprees in 2024
Edge devices harboring zero-day and n-day vulnerabilities were linked to the most consequential attack campaigns last year, Darktrace said in an annual threat report released Wednesday. Darktrace’s threat researchers found the most frequent vulnerability exploits in customers’ instances of Ivanti Connect Secure and Ivanti Policy Secure appliances, along with firewall products from Fortinet and Palo…
AI, Benchmark, evergreens, Global IT News, Global Security News, NPR, reasoning model, Research
These researchers used NPR Sunday Puzzle questions to benchmark AI ‘reasoning’ models
Every Sunday, NPR host Will Shortz, The New York Times’ crossword puzzle guru, gets to quiz thousands of listeners in a long-running segment called the Sunday Puzzle. While written to be solvable without too much foreknowledge, the brainteasers are usually challenging even for skilled contestants. That’s why some experts think they’re a promising way to…
Cybersecurity, Exploits, Global Security News, Microsoft, phishing, Research, Russia, Threat Intelligence, Threats, Volexity
Threat researchers spot ‘device code’ phishing attacks targeting Microsoft accounts
Microsoft threat researchers discovered a series of what they are calling “device code” phishing attacks that allowed a suspected Russia-aligned threat group to gain access to and steal data from critical infrastructure organizations, the company said in research released Thursday. The group, which Microsoft tracks as Storm-2372, has targeted governments, IT services and organizations operating…
china, cisco, Cisco IOS XE, Cybersecurity, Exploits, Five Eyes, Global Security News, nation state threats, nation-state hackers, Recorded Future, Research, routers, Salt Typhoon, Threats, vulnerabilities
Salt Typhoon remains active, hits more telecom networks via Cisco routers
Salt Typhoon, the Chinese nation-state threat group linked to a spree of attacks on U.S. and global telecom providers, remains active in its intrusion and has hit multiple additional networks worldwide, including two in the United States, Recorded Future said in a report released Thursday. Recorded Future’s Insikt Group observed seven compromised Cisco network devices communicating…
CVE, Cybersecurity, Exploits, Global Security News, Microsoft, Microsoft Threat Intelligence Center, Research, Russia, Seashell Blizzard, Threats, Uncategorized, vulnerabilities
Russian state threat group shifts focus to US, UK targets
A subgroup of Seashell Blizzard has shifted its focus to targets in the U.S., Canada, Australia and the U.K. within the past year, expanding the scope of its malicious activity, Microsoft’s threat intelligence team said in a report released Wednesday. The initial-access operation, which Microsoft tracks as the “BadPilot campaign,” has allowed the Russian state…
AI, ChatGPT, Climate, energy consumption, energy usage, environment, environmental impact, epoch, epoch ai, Global IT News, Global Security News, openai, Research, study
ChatGPT may not be as power-hungry as once assumed
ChatGPT, OpenAI’s chatbot platform, may not be as power-hungry as once assumed. But its appetite largely depends on how ChatGPT is being used, and the AI models that are answering the queries, according to a new study. A recent analysis by Epoch AI, a nonprofit AI research institute, attempted to calculate how much energy a…
AI, Global IT News, Global Security News, Research
Is AI making us dumb?
Researchers from Microsoft and Carnegie Mellon University recently published a study looking at how using generative AI at work affects critical thinking skills. “Used improperly, technologies can and do result in the deterioration of cognitive faculties that ought to be preserved,” the paper states. When people rely on generative AI at work, their effort shifts…
AI, Artificial Intelligence, CISO, cyber security, Cybersecurity, GenAI, Global Security News, it teams, Research, Security, sophos, study
IT Teams Worry About Increasing Cost of Cyber Tools From AI Features, While Criminals Barely Use Them
Most IT leaders believe generative AI will increase the cost of their security tools, according to Sophos research. But, by the looks of cyber crime forums, hackers are barely using AI.
AI, Benchmark, Global IT News, Global Security News, NPR, npr sunday puzzle, reasoning model, Research, sunday puzzle
These researchers used NPR Sunday Puzzle questions to benchmark AI ‘reasoning’ models
Every Sunday, NPR host Will Shortz, The New York Times’ crossword puzzle guru, gets to quiz thousands of listeners in a long-running segment called the Sunday Puzzle. While written to be solvable without too much foreknowledge, the brainteasers are usually challenging even for skilled contestants. That’s why some experts think they’re a promising way to…
CVE, CVSS, Cybersecurity, Exploits, Global Security News, MITRE, National Vulnerability Database, NIST, Research, Threats, vulnerabilities
Infosec pros: We need CVSS, warts and all
A key pillar of a strong cybersecurity program is identifying vulnerabilities in the complex mix of software programs, packages, apps, and snippets driving all activities across an organization’s digital infrastructure. At the heart of spotting and fixing these flaws is the widely used Common Vulnerability Scoring System (CVSS), maintained by a nonprofit called the Forum…
Amazon Web Services (AWS), cloud computing, Cybersecurity, Cybersecurity and Infrastructure Security Agency (CISA), Exploits, Global Security News, open source, Research, S3 bucket, SSL, VPN gateway, watchTowr Labs
Here’s all the ways an abandoned cloud instance can cause security issues
There is a line of thought among the public that “the internet is forever.” A security company published research Tuesday that showed why “forever” can be a security nightmare. Over the course of four months, cybersecurity researchers at watchTowr monitored and ultimately took control of what they referred to as “abandoned” digital infrastructure, focusing on…
Cybercrime, Cybersecurity, Exploits, Global Security News, intezer, Research, Solis Security, Threats, VeraCore, XE Group, zero days
From credit card fraud to zero-day exploits: Xe Group expanding cybercriminal efforts
A cybercriminal organization that has been operating for over a decade has moved from credit-card skimming to exploiting zero-day vulnerabilities, according to a joint investigation by cybersecurity firms Solis Security and Intezer. The group, tracked as XE Group, now poses heightened risks to global supply chains, particularly in manufacturing and distribution sectors, by leveraging stealthier…
Blog, Exploits, Global Security News, Research, Security Bloggers Network
Hackers Hijack JFK File Release: Malware & Phishing Surge
Veriti Research has uncovered a potentially growing cyber threat campaign surrounding the release of the declassified JFK, RFK, and MLK files. Attackers are capitalizing on public interest in these historical documents to launch potential malware campaigns, phishing schemes, and exploit attempts. Our research indicates that cybercriminals are quick to react to major public events, and…
Cybersecurity, DARPA, Exploits, firmware, Global Security News, Government, Innovation, Research, Technology
DARPA wants to create ‘self-healing’ firmware that can respond and recover from cyberattacks
Imagine, for a moment, that your network is hit with ransomware. One of your employees clicked on a malicious link and now your network is compromised, data is encrypted and most of the organization’s systems are locked or offline. Then imagine if instead of assembling an incident response team, notifying the board and contacting law…
AI, Cloud, Cybersecurity, Global IT News, Global Security News, Research, Technology, Threat Intelligence
Vulnerability in popular AI developer could ‘shut down essentially everything you own’
A popular platform for developing AI systems has patched an easily exploitable vulnerability that would have given an attacker remote code execution privileges. Researchers at application security firm Noma detail how the flaw, embedded in Javascript code for Lightning.AI’s development platform, could be manipulated to give an attacker virtually unfettered access to a user’s cloud…
Aikido Security, Amplify, Arnica, Cybersecurity, endor labs, Global Security News, Jit, Kodem, Legit Security, Mobb, open source, OpenGrep, Orca Security, Research, security testing, Semgrep, Static Analysis, Technology
Open-source security spat leads companies to join forces for new tool
A conflux of open-source developers and application security companies has been embroiled in a complex debate after a recent change in the licensing policy of a widely used static code analysis tool, resulting in a faction of organizations creating a new, open-source rival. The issue started with a recent change in the licensing policy of…
AI, ai industry, AI research, Global IT News, Global Security News, pressure, Research, researchers, stress
The AI industry’s pace has researchers stressed
To outside observers, AI researchers are in an enviable position. They’re sought after by tech giants. They’re taking home eye-popping salaries. And they’re in the hottest industry of the moment. But all this comes with intense pressure. More than half a dozen researchers TechCrunch spoke with, some of whom requested anonymity for fear of reprisals,…
Blog, Global Security News, Research, Security Bloggers Network
Japanese Companies Threatened by DPRK IT Workers
Nisos Japanese Companies Threatened by DPRK IT Workers The Japanese government warned domestic companies in March 2024 about contracting North Korean (DPRK) IT workers posing as Japanese nationals to earn cash, as it is suspected… The post Japanese Companies Threatened by DPRK IT Workers appeared first on Nisos by Nisos The post Japanese Companies Threatened…
AI, ChatGPT, DDoS, Exploits, Global Security News, openai, Research, Technology, Threats
‘Severe’ bug in ChatGPT’s API could be used to DDoS websites
A vulnerability in ChatGPT’s API can generate DDoS attacks against targeted websites, but the security researcher who discovered it says the flaw has since been addressed by OpenAI. In a security advisory posted to the developer platform GitHub, German security researcher Benjamin Flesch detailed the bug, which occurs when the API is processing HTTP POST…
botnets, CloudFlare, Cybersecurity, DDoS, Global Security News, Internet of Things (IoT), Mirai, Qualys, Research, Threats
CloudFlare detected (and blocked) the biggest DDoS attack on record
Web infrastructure and security company Cloudflare says it detected the biggest Distributed Denial-of-Service (DDoS) attack ever recorded, a 5.6 terabits per second (Tbps) attack directed at an internet service provider (ISP) in Eastern Asia. Despite the staggering volume of the attack, Cloudflare successfully managed and mitigated it without human intervention. The company said in research…
AI, benchmarks, Global IT News, Global Security News, hallucinations, LLMs, Research, TC
AI isn’t very good at history, new paper finds
Top LLMs performed poorly on a high-level history test, a new paper has found. © 2024 TechCrunch. All rights reserved. For personal use only.
Blog, Global Security News, Research, Security Bloggers Network
Trump’s Digital Footprint: Unveiling Malicious Campaigns Amid Political Milestones
As the political landscape heats up, so does the activity in the cyber threat domain. High-profile events such as inaugurations often become a prime opportunity for cybercriminals to launch malicious campaigns. With Trump’s upcoming inauguration on January 20th, our research sheds light on the digital threats tied to such politically charged events, focusing on previous…
Blog, Global Security News, Research, Security Bloggers Network
The Insider Threat Digital Recruitment Marketplace
Nisos The Insider Threat Digital Recruitment Marketplace Nisos routinely monitors mainstream and alternative social media platforms, as well as cloud-based messaging applications and dark web forums… The post The Insider Threat Digital Recruitment Marketplace appeared first on Nisos by Nisos The post The Insider Threat Digital Recruitment Marketplace appeared first on Security Boulevard.
AI, generative ai, Global IT News, Global Security News, open source, reasoning, Research, sky-t1
Researchers open source Sky-T1, a ‘reasoning’ AI model that can be trained for less than $450
So-called reasoning AI models are becoming easier — and cheaper — to develop. On Friday, NovaSky, a team of researchers based out of UC Berkeley’s Sky Computing Lab, released Sky-T1-32B-Preview, a reasoning model that’s competitive with an earlier version of OpenAI’s o1 on a number of key benchmarks. Sky-T1 appears to be the first truly…
2025, Agentics, AI, AI and Machine Learning in Security, AI and ML in Security, Analytics & Intelligence, Autonomous, cyberattacks, Cybersecurity, General Intelligence, Global Security News, nation-states, openai, predictions, Research, Security Awareness, Security Boulevard (Original), Social - Facebook, Social - LinkedIn, Social - X, task force, Threat Intelligence
Beware the Rise of the Autonomous Cyber Attacker
AI’s growing sophistication signals a future in which networks can be compromised autonomously, and the industry must prepare for this near-term reality. The post Beware the Rise of the Autonomous Cyber Attacker appeared first on Security Boulevard.
AI, generative ai, Global IT News, Global Security News, Research, synthetic, synthetic data, Training
The promise and perils of synthetic data
Is it possible for an AI to be trained just on data generated by another AI? It might sound like a harebrained idea. But it’s one that’s been around for quite some time — and as new, real data is increasingly hard to come by, it’s been gaining traction. Anthropic used some synthetic data to…
AI, deep learning, Global IT News, Global Security News, quantization, Research, study
A popular technique to make AI more efficient has drawbacks
One of the most widely used techniques to make AI models more efficient, quantization, has limits — and the industry could be fast approaching them. In the context of AI, quantization refers to lowering the number of bits — the smallest units a computer can process — needed to represent information. Consider this analogy: When…
AI, alignment, Anthropic, deception, generative ai, Global IT News, Global Security News, Research, study
New Anthropic study shows AI really doesn’t want to be forced to change its views
AI models can deceive, new research from Anthropic shows — pretending to have different views during training when in reality maintaining their original preferences. There’s no reason for panic now, the team behind the study said. Yet they said their work could be critical in understanding potential threats from future, more capable AI systems. “Our…
AI, generative ai, Global IT News, Global Security News, reasoning, reasoning models, Research
‘Reasoning’ AI models have become a trend, for better or worse
Call it a reasoning renaissance. In the wake of the release of OpenAI’s o1, a so-called reasoning model, there’s been an explosion of reasoning models from rival AI labs. In early November, DeepSeek, an AI research company funded by quantitative traders, launched a preview of its first reasoning algorithm, DeepSeek-R1. That same month, Alibaba’s Qwen…
AI, generative ai, Global IT News, Global Security News, Microsoft, open source, phi-4, Research
Microsoft debuts Phi-4, a new generative AI model, in research preview
Microsoft has announced the newest addition to its Phi family of generative AI models. Called Phi-4, the model is improved in several areas over its predecessors, Microsoft claims — in particular math problem solving. That’s partly the result of improved training data quality. Phi-4 is available in very limited access as of Thursday night: only…
Cybersecurity, Exploits, Geopolitics, Global Security News, Microsoft, Research, Threats, Turla
Turla living off other cybercriminals’ tools in order to attack Ukrainian targets
A Russian nation-state threat actor has been observed leveraging tools from other cybercriminal groups to compromise targets in Ukraine, a recent report by Microsoft Threat Intelligence disclosed. This clandestine approach, which is the second time in as many weeks that Microsoft has highlighted the group’s effort, shows how Turla uses a wide range of attack…
Clop, Exploits, Global Security News, LockBit, MITRE, Ransomware, Research, Technology, Threats
Latest round of MITRE ATT&CK evaluations put cybersecurity products through rigors of ransomware
MITRE Corporation released findings Wednesday from its latest round of ATT&CK evaluations, assessing the capabilities of enterprise cybersecurity solutions against some of the most prevalent ransomware tactics and North Korean malware. The sixth such evaluation from the nonprofit research organization measured 19 different vendors’ ability to protect enterprise systems by evaluating them against two prominent…