Normal view
Compromised jscrambler 8.14.0 npm Release Drops Rust Infostealer During Install
Hackers Weaponize Balochistan Police Portal in Multi-Group Espionage Campaigns
-
/r/netsec - Information Security News & Discussion
- Scanning malicious websites with arbitrary number of VPN tunnels (Part 2)
Scanning malicious websites with arbitrary number of VPN tunnels (Part 2)
Critical Zimbra Flaw Could Let Crafted Emails Run Malicious Code in User Sessions
-
/r/netsec - Information Security News & Discussion
- Inside Raton RAT: A Commodity Trojan That Tries to Do Everything
Inside Raton RAT: A Commodity Trojan That Tries to Do Everything
-
/r/netsec - Information Security News & Discussion
- Closing the Timing Gap: Defensive Temporal Observability
Closing the Timing Gap: Defensive Temporal Observability
Lately I’ve been thinking about time.
Uptime, pulse checks, execution time, response time. We’ve always treated these as health metrics. They tell us whether a system is alive, responsive, and performing as expected. But what if they’re also security metrics?
That idea isn’t entirely new. At the network layer, covert timing channels, beaconing detection, and behavioral baselining have shown us for decades that the intervals between events matter. Attackers have long understood that rhythm carries information. More recently, researchers have demonstrated timing side-channel attacks against LLMs, using cache latency to infer private prompts and token cadence to fingerprint model outputs.
What I find interesting is the imbalance. Most of the research asks, “How can timing be exploited?” Very little asks, “How can timing help us defend?”
A 2026 systematic survey of LLM-agent security identifies temporal anomaly detection infrastructure as an open research gap, noting that current agent deployment frameworks don’t even support the behavioral baselines such an approach would require. Even then, the discussion largely focuses on session-level behavior. The rhythm within a single execution, the space between observable events, remains largely unexplored.
Maybe time isn’t just metadata, maybe it’s another dimension of observability that we’ve been overlooking.
Time tells you duration and speed. But read carefully, it also reveals location, choke points, and absences, the things that didn’t happen when they should have.
I’ve started exploring this in my own observability work, measuring behavioral changes & entropy across inter-arrival intervals and treating rhythm as signal rather than noise to smooth away.
Curious to know who else is working on the defensive side of temporal behavior, especially for agentic systems or any thoughts or opinions on this topic.
Reference: “A Systematic Survey of Security Threats and Defenses in LLM-Based AI Agents: A Layered Attack Surface Framework,” arXiv:2604.23338 (2026). https://arxiv.org/abs/2604.23338
[link] [comments]
-
/r/netsec - Information Security News & Discussion
- Can AI-generated adversaries break TTP-based attribution? (arXiv 2026)
Can AI-generated adversaries break TTP-based attribution? (arXiv 2026)
Cyber Threat Intelligence (CTI) has traditionally attributed attacks through Tactics, Techniques and Procedures (TTPs).
In this paper we evaluate whether that assumption still holds when AI agents are explicitly configured to emulate known threat groups.
We configured AI agents to reproduce the behavior of APT28, APT29, APT41, APT44 and Lazarus inside enterprise and military cyber ranges.
Our results suggest that sufficiently capable AI agents can reproduce TTP patterns closely enough to make attribution based solely on behavioral evidence significantly more difficult.
We'd be interested in feedback from practitioners working on CTI, attribution or adversary emulation.
[link] [comments]
-
/r/netsec - Information Security News & Discussion
- Towards CSI: What's the best harness? (arXiv 2026)
Towards CSI: What's the best harness? (arXiv 2026)
We studied a question that receives surprisingly little attention:
Does the agent harness matter as much as the underlying LLM?
We benchmarked five different cybersecurity scaffolds while keeping the model fixed (alias2-mini) across all 33 CyBench challenges.
Key findings:
- No single scaffold performs best across every challenge.
- Combining heterogeneous scaffolds consistently improves coverage.
- A shared blackboard architecture solves 19/33 challenges (57.6%), outperforming every individual harness while reducing execution time.
Paper: https://arxiv.org/pdf/2605.28334
Happy to answer technical questions or discuss the benchmarking methodology.
[link] [comments]
Red Hat will support your RHEL forever now - for a price
-
The Register - Security
- Destructive Windows backdoor stuffs multiple wipers and ransomware code into a single package
Destructive Windows backdoor stuffs multiple wipers and ransomware code into a single package
-
ZDNet | security RSS
- SpaceX wants to launch 100,000 more Starlink satellites - for 100x the bandwidth
SpaceX wants to launch 100,000 more Starlink satellites - for 100x the bandwidth
-
ZDNet | security RSS
- Sony 1000X The Collexion vs. Bowers & Wilkins Px8 S2: Both wow, but one is comfier
Sony 1000X The Collexion vs. Bowers & Wilkins Px8 S2: Both wow, but one is comfier
-
ZDNet | security RSS
- I ditched Google Drive for my own self-hosted storage - and I wish I'd done it sooner
I ditched Google Drive for my own self-hosted storage - and I wish I'd done it sooner
-
The Hacker News
- URGENT - Progress Tells ShareFile Customers to Shut Down Storage Zone Controllers Over Security Threat
URGENT - Progress Tells ShareFile Customers to Shut Down Storage Zone Controllers Over Security Threat
Injective Labs GitHub Compromise Pushes Wallet-Key-Stealing npm Packages
Six New U-Boot Flaws Could Let Malicious Images Crash Devices or Run Code at Boot
Laser Attack Resets Tangem Wallet Passwords on Cards That Can't Be Patched
-
ZDNet | security RSS
- Best Buy is selling a 70-inch Fire TV for just $350 right now - and it's a model I recommend
Best Buy is selling a 70-inch Fire TV for just $350 right now - and it's a model I recommend
Researcher Details WhatsApp-to-Host Attack Chain Using Three OpenClaw Flaws