Kevin Leach, a Science of Security Virtual Institute Principal Investigator, and James Weimer, both researchers from Vanderbilt University, have been awarded a $2 million contract from the Advanced Research Projects Agency for Health (ARPA-H). Their project, “BALAM-D: Binary Analysis Lodestar for Assuring Medical Devices,” focuses on improving software security in medical devices like insulin pumps and pacemakers.

Arizona State University’s Center for Cybersecurity and Trusted Foundations (CTF), led by NSA Science of Security Virtual Institute Principal Investigator Yan Shoshitaishvili, has been awarded a $4.5 million DARPA grant to establish the American Cybersecurity Education (ACE) Institute. The institute will create a national hub for cybersecurity education, including a master’s program focused on AI applications for security. Inspired by the idea that “it takes a great thief to catch one,” the program will teach students to think like cybercriminals to better defend critical infrastructure.

Researchers at Georgia Tech's Scheller College of Business, in collaboration with colleagues at the University of the District of Columbia, developed a chatbot to conduct sentiment analysis on popular social media sites such as X (formerly known as Twitter), with the goal of identifying cyber threats. Sentiment analysis was performed on human responses to the chatbot's tweets, gauging users' feelings, attitudes, and moods.

We are pleased to share the release of Cybersecurity in Context, a comprehensive introduction to the essential themes shaping the field of cybersecurity. Authored by Chris J. Hoofnagle and Golden G. Richard III, this resource is designed for students and professionals seeking a solid foundation in the technology and policy that influence cybersecurity today.

The National Institute of Standards and Technology (NIST) has finalized its principal encryption algorithms that can withstand the cyberattack of a quantum computer. Researchers worldwide are racing to develop quantum computers that could break the encryption used today to provide security and privacy for nearly all online activities. The announced algorithms are specified in the first completed standards from NIST's post-quantum cryptography standardization project, and are ready for use.

Samy Kamkar, a renowned hacker, has his own version of a laser microphone. He can point an invisible laser at a distant laptop through a window and detect its vibrations to reconstruct almost every character typed on it. The method, which uses the subtle acoustics created by tapping different keys on a computer, works even without a keyboard view if the hacker has a line-of-sight view of a relatively reflective part of the target laptop. This article continues to discuss Kamkar's keystroke eavesdropping technique.

Security researchers Dennis Giese and "Braelynn" found that hackers can take control of Ecovacs vacuum and lawn mower robots to spy on owners using the devices' cameras and microphones. After analyzing several Ecovacs products, the researchers found several vulnerabilities that could be exploited to hack the robots via Bluetooth and remotely turn on microphones and cameras. The main issue is a vulnerability that enables anyone with a phone to connect to and hijack an Ecovacs robot via Bluetooth from as far away as 450 feet.

Cybersecurity professionals are testing their skills against a new online voting platform called Secure Internet Voting (SIV) to explore potential security vulnerabilities in the next generation of election systems. It allows people to vote using their phones or computers and is already being used in small pilot programs across the US. However, it faces significant barriers to wider adoption as most states prohibit widespread use of online voting due to security concerns, preferring auditable paper ballots. This article continues to discuss SIV and hackers' exploration of it.

Security researchers at Barracuda Networks have discovered a new sophisticated phishing attack featuring a stealthy infostealer malware that exfiltrates a wide range of sensitive data.  The researchers noted that the infostealer is engineered to collect comprehensive browser information and files. It extracts MasterKeys from browsers such as Chrome, Edge, Yandex, and Brave and captures session cookies, saved passwords, credit card information, and browser histories.