Research Archives

Vibe coding is here to stay. Can it ever be secure?

Research shows that AI-generated code is remarkably insecure. Yet experts tell CyberScoop it's up to industry to figure out a way to limit the issues the technology…

4 days ago By Derek B. Johnson

CrowdStrike, Microsoft aim to eliminate confusion in threat group attribution

Wild variances in naming taxonomies aren’t going away, but a new initiative from the security vendors aims to more publicly address obvious overlap in threat group attribution.

5 days ago By Matt Kapko

Future-ready cybersecurity: Lessons from the MITRE CVE crisis

The domino effect of CVE disruption is something all cybersecurity practitioners must be aware of, a Morphisec executive argues.

5 days ago By Brad LaPorte

A logo sign outside of the headquarters of Ivanti in South Jordan, Utah. (Kristoffer Tripplaar / Alamy Stock Photo)

Questions mount as Ivanti tackles another round of zero-days

The besieged security vendor maintains the latest exploited vulnerabilities in its products are entirely linked to unspecified security issues in open-source libraries. Some researchers aren’t buying it.

May 28, 2025 By Matt Kapko

A smart phone with the icons for the Google Calendar app is seen on the screen in Hong Kong, Hong Kong, on July 31, 2018. (Photo by S3studio/Getty Images)

Chinese hackers used Google Calendar to aid attacks on government entities

Google Threat Intelligence Group said it developed means to counter the activity, which it linked to APT41.

May 28, 2025 By Tim Starks

A man talks on the phone walking along Red Square in front of St. Basil’s Cathedral in central Moscow on February 28, 2023. (Photo by Alexander NEMENOV / AFP) (Photo by ALEXANDER NEMENOV/AFP via Getty Images)

New Russian state-sponsored APT quickly gains global reach, hitting expansive targets

Laundry Bear, a group recently identified by Dutch intelligence and security services, stole work-related contact details on the Netherlands’ national police force in September 2024, Microsoft researchers…

May 27, 2025 By Matt Kapko

Microsoft’s Patch Tuesday closes 72 vulnerabilities, including 5 zero-days

The company has addressed zero-day vulnerabilities for eight consecutive months without deeming any of them critical at the time of disclosure.

May 13, 2025 By Matt Kapko

SonicWall headquarters — SonicWall’s headquarters in Milpitas, California. (Getty Images)

SonicWall customers confront resurgence of actively exploited vulnerabilities

The network security device vendor is making a regular appearance on CISA’s known exploited vulnerabilities catalog. Unlike its competitors, SonicWall hasn’t signed the secure-by-design pledge.

May 9, 2025 By Matt Kapko

Amazon, CrowdStrike, Google and Palo Alto Networks claim no change to threat intel sharing under Trump

Top security leaders at some of the largest tech and cybersecurity vendors said public-private collaborative work continues, despite budget cuts and personnel changes.

May 2, 2025 By Matt Kapko

North Korean operatives have infiltrated hundreds of Fortune 500 companies

Security leaders at Mandiant and Google Cloud say nearly every major company has hired or received applications from North Korean nationals working on behalf of the country’s…

Apr 30, 2025 By Matt Kapko