Normal view

Closing the Timing Gap: Defensive Temporal Observability

Lately I’ve been thinking about time.

Uptime, pulse checks, execution time, response time. We’ve always treated these as health metrics. They tell us whether a system is alive, responsive, and performing as expected. But what if they’re also security metrics?

That idea isn’t entirely new. At the network layer, covert timing channels, beaconing detection, and behavioral baselining have shown us for decades that the intervals between events matter. Attackers have long understood that rhythm carries information. More recently, researchers have demonstrated timing side-channel attacks against LLMs, using cache latency to infer private prompts and token cadence to fingerprint model outputs.

What I find interesting is the imbalance. Most of the research asks, “How can timing be exploited?” Very little asks, “How can timing help us defend?”

A 2026 systematic survey of LLM-agent security identifies temporal anomaly detection infrastructure as an open research gap, noting that current agent deployment frameworks don’t even support the behavioral baselines such an approach would require. Even then, the discussion largely focuses on session-level behavior. The rhythm within a single execution, the space between observable events, remains largely unexplored.

Maybe time isn’t just metadata, maybe it’s another dimension of observability that we’ve been overlooking.

Time tells you duration and speed. But read carefully, it also reveals location, choke points, and absences, the things that didn’t happen when they should have.

I’ve started exploring this in my own observability work, measuring behavioral changes & entropy across inter-arrival intervals and treating rhythm as signal rather than noise to smooth away.

Curious to know who else is working on the defensive side of temporal behavior, especially for agentic systems or any thoughts or opinions on this topic.

Reference: “A Systematic Survey of Security Threats and Defenses in LLM-Based AI Agents: A Layered Attack Surface Framework,” arXiv:2604.23338 (2026). https://arxiv.org/abs/2604.23338

submitted by /u/Standard-964
[link] [comments]

Can AI-generated adversaries break TTP-based attribution? (arXiv 2026)

Cyber Threat Intelligence (CTI) has traditionally attributed attacks through Tactics, Techniques and Procedures (TTPs).

In this paper we evaluate whether that assumption still holds when AI agents are explicitly configured to emulate known threat groups.

We configured AI agents to reproduce the behavior of APT28, APT29, APT41, APT44 and Lazarus inside enterprise and military cyber ranges.

Our results suggest that sufficiently capable AI agents can reproduce TTP patterns closely enough to make attribution based solely on behavioral evidence significantly more difficult.

We'd be interested in feedback from practitioners working on CTI, attribution or adversary emulation.

submitted by /u/Obvious-Language4462
[link] [comments]

Towards CSI: What's the best harness? (arXiv 2026)

We studied a question that receives surprisingly little attention:

Does the agent harness matter as much as the underlying LLM?

We benchmarked five different cybersecurity scaffolds while keeping the model fixed (alias2-mini) across all 33 CyBench challenges.

Key findings:

  • No single scaffold performs best across every challenge.
  • Combining heterogeneous scaffolds consistently improves coverage.
  • A shared blackboard architecture solves 19/33 challenges (57.6%), outperforming every individual harness while reducing execution time.

Paper: https://arxiv.org/pdf/2605.28334

Happy to answer technical questions or discuss the benchmarking methodology.

submitted by /u/Obvious-Language4462
[link] [comments]

Destructive Windows backdoor stuffs multiple wipers and ransomware code into a single package

10 July 2026 at 17:35
A newly identified destructive Windows backdoor combines ransomware-like encryption with multiple data-wiping features, according to Microsoft. Last October, the Redmond threat-hunting team first spotted attacks using the Golang-based implant they've named GigaWiper. Its developers stuffed multiple malware families into the software as on-demand commands, giving criminals a Swiss Army knife of command-and-control (C2) and destructive capabilities, including multiple wiping commands and file encryption without any possibility of decryption. “The consolidation of multiple destructive capabilities into a modular backdoor reflects a notable shift in wiper malware, which are typically designed purely to destroy rather than to extort and carry real-world consequences,” Microsoft Threat Intelligence wrote in a Thursday blog. Microsoft declined to answer The Register's questions about the scale and scope of GigaWiper attacks. In the blog, Redmond’s malware analysts said they uncovered two types of GigaWiper samples in victims’ environments, and both are unstripped portable executable files written in Golang. One is a standalone wiper that operates at the physical disk level, as opposed to deleting individual files. It overwrites raw disk content, removes partition metadata, and then reboots the system using Windows shutdown functionality with restart and zero-delay. The second sample is the more interesting one. It includes the same disk-wiping functionality, but that’s just one component of the backdoor. This malware also establishes persistence and sets up C2 communication using RabbitMQ over AMQP for receiving commands from the C2 server, and Redis for updating command status and output. GigaWiper also organizes its commands into different categories, including "always run" for tasks such as continuous screen recording, "manage command" for system management functions, and separate "special command" and "shell command" modes for executing additional functionality. These include the standalone wiper command, along with another command that disables Windows recovery, triggers a blue screen of death (BSOD), and leaves the device unable to boot. It also has a destructive command based largely on Crucio ransomware. It encrypts files with randomly generated keys that are never saved, which means victim organizations will never be able to decrypt these files. Another command bulk encrypts or decrypts files with AES-256 in Cipher Block Chaining (CBC) mode, while a different command uses MinIO Client (mc) to upload stolen files to remote storage. The malware also runs PowerShell commands, takes screen shots and recordings of the compromised device, collects system info, clears Windows event logs, and allows remote control over the system along with keyboard and mouse control - among other capabilities that attackers can use at will. According to Redmond, GigaWiper combines components from at least three previously separate malware families, including Crucio ransomware, a Go reimplementation of FlockWiper, and a standalone disk wiper. “Overall, these findings show the evolution of the actor’s tooling over time,” the security sleuths wrote. “Functionality was merged into a single robust backdoor, granting the actor more ways to control and destroy infected systems.” ®

URGENT - Progress Tells ShareFile Customers to Shut Down Storage Zone Controllers Over Security Threat

10 July 2026 at 16:30
Progress Software has told ShareFile customers to shut down the Windows servers running their Storage Zone Controllers, confirming to The Hacker News that it is responding to a "credible external security threat." The company has temporarily disabled access to the affected accounts, a step it says it took "out of an abundance of caution" while it works with internal and external security

Injective Labs GitHub Compromise Pushes Wallet-Key-Stealing npm Packages

10 July 2026 at 16:29
Unknown threat actors compromised the Injective Labs SDK project's GitHub repository and leveraged it to publish a malicious package on the npm registry to steal cryptocurrency wallet private keys and mnemonic seed phrases. The compromised version, @injectivelabs/sdk-ts@1.20.21, came embedded with fake telemetry functionality that exfiltrated data from cryptocurrency wallets. The version was

Six New U-Boot Flaws Could Let Malicious Images Crash Devices or Run Code at Boot

10 July 2026 at 15:57
Researchers at firmware security firm Binarly have found six new flaws in U-Boot, the small program that starts up hardware as varied as home routers, smart cameras, and the management chips inside data-center servers. Four of the bugs can crash a device. The other two could let an attacker who slips a malicious image in front of the bootloader run their own code, before the device

Laser Attack Resets Tangem Wallet Passwords on Cards That Can't Be Patched

10 July 2026 at 14:51
Researchers at Ledger's Donjon security team have shown that a precisely timed laser pulse, aimed at the chip inside a Tangem crypto wallet card, can reset the card's password to anything the attacker picks. No old password. No backup card. Once it is reset, whoever did it controls the wallet and can move the coins out. This is not an emergency for most owners. The attack needs

Researcher Details WhatsApp-to-Host Attack Chain Using Three OpenClaw Flaws

10 July 2026 at 14:19
Details have emerged about three now-patched security flaws in the OpenClaw personal artificial intelligence (AI) assistant that, if successfully exploited, could enable credential theft, privilege escalation, and arbitrary code execution on the host. A brief description of the high-severity vulnerabilities is as follows - GHSA-hjr6-g723-hmfm (CVSS score: 8.8) - An operating system

New MODBEACON RAT Uses gRPC Streaming for Encrypted C2 Traffic

10 July 2026 at 13:15
The China-linked cybercrime group known as Silver Fox has been attributed to a new Rust-based remote access trojan (RAR) called MODBEACON. Chinese cybersecurity company QiAnXin said that while the threat cluster may appear like a low-sophistication, high-activity operation that propagates malware via counterfeit installers using SEO poisoning techniques, it belies their true organizational

Fashion mart Miinto unzips breach details, warns shoppers to watch for phisherfolk

10 July 2026 at 12:10
Danish ecommerce company Miinto admitted an intruder has been looking at its order data, according to emails it sent to customers this week. The emails, seen by The Register, do not comment on the scale of the data accessed by the perp or how exactly the breach occurred, although UK-based customers of the Copenhagen-HQ'd biz have received them. “We are writing to let you know about a security incident that may have affected some of the personal data associated with a purchase you made on Miinto,” the email states. “We have reported this to the police and to the relevant data protection authority, and we are contacting you directly so that you know exactly what happened and what to watch out for. We know a notice like this can be unsettling, and we want to be as clear and transparent with you as we can.” “An unauthorized party gained access to our internal order management system, and the perpetrator may have retrieved order data where your order data is potentially included,” it adds. Miinto, an online marketplace for fashion brands, confirmed that names, email and physical addresses, and phone numbers were among the data types exposed to crooks. Customers’ payment methods were compromised too. The email explained this would reveal whether customers paid using a card, and what type of card, or pay-in-three services like Klarna, but the attack did not expose details such as card or verification numbers. Miinto warned customers of the risk of phishing attacks that impersonate the brand and use the details swiped from the breach to make communications seem more convincing. “We have taken this incident extremely seriously and have worked quickly to contain it,” the email states. It removed the intruder from systems and improved its security measures, increasing access controls on its order management system. “We sincerely apologize for any concern or distress this notice may cause,” Miinto wrote. “Protecting the information you entrust to us is a priority we do not take lightly. “We have already strengthened the security of our systems, and we are continuing to invest in measures designed to reduce the risk of anything like this happening again.” The company did not disclose the attack via public channels, nor did it respond to The Register’s request for comment. Founded in 2009, Miinto operates in 14 countries and in January reported annual revenues soaring 86 percent to 869 million kr ($132.9 million). ®

Unpatched XRING Flaw in XQUIC Lets Remote Clients Crash HTTP/3 Servers

10 July 2026 at 11:47
A single wrong variable on one line in XQUIC, Alibaba's QUIC and HTTP/3 library, lets any remote client crash the server with a short burst of completely legal traffic. There is no patch. FoxIO researcher Sébastien Féry disclosed the flaw on July 8 and nicknamed it XRING. He says it needs no login and no malformed packets: about 260 bytes of ordinary QPACK traffic takes the server

❌