惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

博客园_首页
Security Archives - TechRepublic
Security Archives - TechRepublic
Application and Cybersecurity Blog
Application and Cybersecurity Blog
cs.CV updates on arXiv.org
cs.CV updates on arXiv.org
C
CERT Recently Published Vulnerability Notes
S
Security @ Cisco Blogs
S
Security Affairs
D
Darknet – Hacking Tools, Hacker News & Cyber Security
L
Lohrmann on Cybersecurity
cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
Hacker News: Ask HN
Hacker News: Ask HN
Forbes - Security
Forbes - Security
H
Heimdal Security Blog
A
Arctic Wolf
NISL@THU
NISL@THU
P
Proofpoint News Feed
W
WeLiveSecurity
S
Schneier on Security
AI
AI
Schneier on Security
Schneier on Security
N
News and Events Feed by Topic
L
LINUX DO - 最新话题
Cisco Talos Blog
Cisco Talos Blog
AWS News Blog
AWS News Blog
Hacker News - Newest:
Hacker News - Newest: "LLM"
Know Your Adversary
Know Your Adversary
Scott Helme
Scott Helme
V
Vulnerabilities – Threatpost
Cyberwarzone
Cyberwarzone
I
Intezer
S
Securelist
Help Net Security
Help Net Security
Microsoft Security Blog
Microsoft Security Blog
量子位
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
小众软件
小众软件
Last Week in AI
Last Week in AI
Jina AI
Jina AI
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
WordPress大学
WordPress大学
罗磊的独立博客
月光博客
月光博客
雷峰网
雷峰网
A
About on SuperTechFans
The GitHub Blog
The GitHub Blog
T
The Blog of Author Tim Ferriss
MongoDB | Blog
MongoDB | Blog
大猫的无限游戏
大猫的无限游戏
博客园 - 司徒正美
CTFtime.org: upcoming CTF events
CTFtime.org: upcoming CTF events

The Register - Security: Research

www.theregister.com Self-destructing Mistic backdoor linked to access broker selling corporate footholds to ransomware gangs PRC-linked spies hid inside medical and military networks for more than a year, snooping through Gmail and stealing data Nobody needs Mythos or 0-days to build a chaos-causing computer worm – free open source models work just fine ChatGPT blindly trusts browser content, turning the page into a payload Russia-linked threat group put ChatGPT to work from lure to payload Kids can bypass some age checks with a drawn-on mustache What type of 'C2 on a sleep cycle' do they leave behind? Novel Chinese spy group found in critical networks in Poland, Asia ORNL builds more sensitive GPS interference detector Researchers find sabotage malware that may predate Stuxnet Vibe coding upstart Lovable denies data leak, cites 'intentional behavior,' then throws HackerOne under the bus Anthropic, Google, Microsoft paid AI bug bounties – quietly Security reserchers tricked Apple Intelligence into cursing Don't open that WhatsApp message, Microsoft warns Security boffins harvest bumper crop of API keys from web Lightning-fast exploits mean patch fast, says Cisco Talos AI agents are 'gullible' and easy to turn into your minions Smooth criminals talking their way into cloud environments, Google says Snoops plant info-stealing malware on iPhones, Google warns Cybercrime up 245% since the start of the Iran war Rogue AI agents can work together to hack systems Fake applicants are sending security-killing malware AI agent hacked McKinsey chatbot for read-write access Kaspersky: No signs Coruna iPhone exploit kit made by US Perplexity Comet browser hole was exploitable via cal invite DEF CON hackers 'fed up with government,' Jake Braun says DEF CON hackers 'fed up with government,' Jake Braun says Ransomware payments cratered in 2025 – attacks did not Ransomware payments cratered in 2025 – attacks did not Claude's collaboration tools allowed remote code execution AI takes a swing at online anonymity Fake 'interview' repos lure Next.js devs into running secret-stealing malware AI agents abound, unbound by rules or safety disclosures RAT disguised as an RMM costs crims $300 a month Android malware taps Gemini to navigate infected devices Posting AI caricatures on social media is bad for security Payroll pirates conned the help desk, stole employee’s pay Microsoft boffins show LLM safety can be trained away For the price of Netflix, crooks can rent AI crime ops For the price of Netflix, crooks can rent AI crime ops Fast Pair, loose security: Bluetooth accessories open to silent hijack Fast Pair flaw exposes Bluetooth devices to hijacking A simple CodeBuild flaw put every AWS environment at risk A simple CodeBuild flaw put every AWS environment at risk DeadLock ransomware uses smart contracts to evade defenders Python libraries in AI/ML models can be poisoned w metadata OpenAI patches déjà vu prompt injection vuln in ChatGPT Fake Windows BSODs check in at Europe's hotels to con staff into running malware Hotel staff tricked into installing malware by bogus BSODs Your car’s web browser may be on the road to cyber ruin China's Ink Dragon hides out in European government networks Browser 'privacy' extensions have eye on your AI, log all your chats NCSC finds cyber deception tools work, if deployed right 10K Docker images spray live cloud creds across the internet 'Botnets in physical form' are top humanoid robot risk 'Botnets in physical form' are top humanoid robot risk Apache warns of 10.0-rated flaw in Tika metadata toolkit Novel clickjacking attack relies on CSS and SVG 'Exploitation is imminent' of max-severity React bug Swiss government bans SaaS and cloud for sensitive info Scattered Lapsus$ Hunters stress testing Zendesk weak spots HashJack attack shows AI browsers can be fooled with '#' New ClickFix attacks use fake Windows Updates to swipe creds Years-old bugs in open source took out major clouds at risk LLM-generated malware improving, but not operational (yet) 3.5B WhatsApp users' info scooped through enumeration flaw 3.5B WhatsApp users' info scooped through enumeration flaw 50k more ASUS routers pwned by evolving Beijing-linked op Overconfidence is the new zero-day as teams stumble through cyber simulations LLM side-channel attack could allow snoops to guess topic Landfall spyware used in 0-day attacks on Samsung phones MIT Sloan shelves paper about AI-driven ransomware Security hole slams Chromium browsers - no fix yet OpenAI Atlas Browser tripped up by malformed URLs Devs of VS Code extensions are leaking secrets en masse Chatbots that butter you up make you worse at conflict Tile trackers leak unencrypted Bluetooth data, say boffins Beijing's RedNovember hacked critical US, global orgs Lazarus RAT code resurfaces in North Korean IT-worker scams Suspected Chinese spies broke into 'numerous' enterprises Deepfaked calls hit 44% of businesses in last year: Gartner Kaspersky: RevengeHotels returns with AI-coded malware Ruh-roh. DDR5 memory vulnerable to new Rowhammer attack HybridPetya ransomware dodges UEFI Secure Boot
Threat intelligence supply chain is full of weak links
Simon Sharwood Simon Sharwood · 2026-02-25 · via The Register - Security: Research

Research

And they're being stressed by geopolitical concerns that threaten to slow important data-sharing efforts

Researchers from Georgia Tech have found that the supply chain for threat intelligence data is susceptible to adversarial action, and proposed a method to improve data sharing that they think will make it stronger.

Brenden Kuerbis, a research scientist at the Georgia Tech's School of Public Policy sketched the proposal on Monday by noting that in January 2026, China appeared to ban security software developed by some US and Israeli firms – probably because it fears data leakage if local firms use the foreign software.

“This move represents more than just another salvo in ongoing tech tensions between the two governments,” he wrote. “It threatens to fracture a foundational practice of internet cybersecurity: the global threat intelligence ecosystem that allows defenders worldwide to collect, analyze, and share information about emerging attacks and responses to cyber threats that know no borders.”

According to other researchers at the institution, the ecosystem was already weak before China’s action.

They will discuss their work at the Network and Distributed System Security (NDSS) Symposium in San Diego, when they present a paper titled “Actively Understanding the Dynamics and Risks of the Threat Intelligence Ecosystem.”

The researchers identified three main players in the ecosystem:

  • Threat intelligence platforms like VirusTotal and MalwareBazaar;
  • Antivirus companies that produce their own threat intelligence, and tools to make it usable;
  • Malware sandbox services that offer analysis-as-a-service to anyone trying to understand the behavior of a binary.

The paper points out that threat intelligence is a big business, but that the quality of information available is not great because different stakeholders release different data.

They reached that conclusion after creating “benign yet suspicious binaries” and sharing them with 30 security vendors. The binaries included code that allowed the researchers to track how the vendors shared the packages.

That experiment revealed that 67 percent of infosec vendors conduct sandbox analysis of newly discovered malware, but only 17 percent share any threat intelligence they gather with that technique. They also found that many researchers share indicators of compromise, but few share binaries that would let other researchers and defenders develop a better understanding of attacks.

Another finding is that a handful of “nexus vendors” share more threat intelligence than others. While those vendors are very useful, other info-sharing bottlenecks among supply chain participants slow the propagation of information – often by “hours to days” – and therefore increase the amount of time before defenders act against attacks.

The researchers think not all threat intelligence researchers do a great job.

“Our study revealed that while a few vendors thoroughly analyze malware, most conduct shallow analysis and ignore dropped files by the initial binary,” they wrote, and suggest more comprehensive analysis techniques would improve the threat intel supply chain.

Another finding is that some security researchers have hosted infrastructure at the same IP addresses for years, which helps adversarial actors to evade sandboxes.

The researchers therefore propose a system that securely encodes data about the provenance of threat intelligence, so stakeholders feel more confident sharing it.

Kuerbis thinks the technique described in the paper suggests it will become possible for network operators to “use or filter policy-compliant threat intelligence without necessarily relying on the country of origin.”

If he’s right, that could mean China has nothing to fear from foreign sources of threat intelligence – and perhaps the rest of us could get along with the likes of Kaspersky.

“What’s needed now are governance structures that allow operators, vendors, and researchers to continue cooperating globally while adhering to various governments’ incompatible notions of jurisdictionally-bound identity, sovereignty, and compliance,” he wrote.

“Chinese, American, and other participants (both public and private) will have incentives to use the same provenance system, not out of altruism, but because exclusion from the verifiable pool of TI is operationally costly in a threat environment that remains stubbornly global,” he wrote, before noting that the real challenge is institutional, not technical.

“Secure provenance requires transnational governance structure(s) perceived as legitimate by participants operating under conflicting state mandates – without which threat intelligence risks becoming a zero-sum geopolitical competition.” ®