Session 13D: Software Security: Code and Compiler Authors, Creators & Presenters: Nicolas Badoux (EPFL), Flavio Toffalini (Ruhr-Universität Bochum, EPFL), Yuseok Jeon (UNIST), Mathias Payer (EPFL) PAPER type++: Prohibiting Type Confusion with Inline Type Information Type confusion, or bad casting, is…
Category: Security Boulevard
CVE-2026-20127: Cisco Catalyst SD-WAN Controller/Manager Zero-Day Authentication Bypass Vulnerability Exploited in the Wild
Exploitation of a maximum severity authentication bypass zero-day vulnerability affecting Cisco Catalyst SD-WAN Controller and Manager has been reported. Immediate patching is recommended to thwart ongoing attacks. Key takeaways: CVE-2026-20127 is an Authentication Bypass Vulnerability affecting Cisco Catalyst SD-WAN Controller…
Emulating the Mutative BlackByte Ransomware
AttackIQ has released a new attack graph that emulates the behaviors exhibited by BlackByte ransomware, a strain operated under the Ransomware-as-a-Service (RaaS) model that emerged in July 2021. Since its emergence, BlackByte has targeted organizations worldwide, including entities within U.S.…
Beyond the Perimeter: Anti Data Exfiltration is the New Cybersecurity Standard
We all know the old “castle and moat” approach to network security is failing. BlackFog CEO Darren Williams sat down with Alan Shimel to talk about why traditional data loss prevention (DLP) struggles in today’s hybrid environments. The reality is…
AI-Powered CVE Research: Winning the Race Against Emerging Vulnerabilities
The Vulnerability Time Gap When CISA adds a new CVE to the Known Exploited Vulnerabilities catalog, a clock starts ticking. Security teams must understand the vulnerability, determine if they are exposed, and deploy detection mechanisms before adversaries weaponize the flaw.…
Modern Vulnerability Management in the Age of AI
Vulnerability management today is not failing because teams stopped scanning. It’s failing because the ground underneath it shifted. The approach we’ve relied on — complete advisory data, upstream fixes on demand, and fast upgrades — no longer holds up. The…
News alert: One Identity fills CFO-COO role to strengthen operating discipline amid expansion
ALISA VIEJO, Calif., Feb. 25, 2026, CyberNewswire—One Identity, a trusted leader in identity security, today announced the appointment of Michael Henricks as Chief Financial and Operating Officer. This decision reflects the continued growth of the business and a … (more…) The post News alert:…
NDSS 2025 – On Borrowed Time – Preventing Static Side-Channel Analysis
Session 13C: Side Channels 2 Authors, Creators & Presenters: Robert Dumitru (Ruhr University Bochum and The University of Adelaide), Thorben Moos (UCLouvain), Andrew Wabnitz (Defence Science and Technology Group), Yuval Yarom (Ruhr University Bochum) PAPER On Borrowed Time — Preventing…
Survey Surfaces Increased Cybersecurity Risks Following AI Adoption
A global survey of 2,000 IT decision makers published today shows cybersecurity risks are rising as more organizations embrace artificial intelligence (AI) applications. Conducted by Sapio Research on behalf of Fastly, the survey finds that cybersecurity incidents impacting organizations that…
The Real Initial Access Vector: Compromised Active Directory Credentials
Compromised Active Directory credentials allow attackers to log in without exploits, driving modern authentication-based initial access. The post The Real Initial Access Vector: Compromised Active Directory Credentials appeared first on Security Boulevard. This article has been indexed from Security Boulevard…
How Small Security Teams Scale and Optimize Workflows in Decentralized Environments
Practical lessons from security practitioners at Visma and Schibsted on building efficient workflows, empowering engineering teams, and staying sane when you’re outnumbered. The post How Small Security Teams Scale and Optimize Workflows in Decentralized Environments appeared first on Security Boulevard.…
Querying the free DNSBLs via Oracle? Move to Spamhaus Technology’s free Data Query Service
If you’re using the free DNS Blocklists (DNSBLs) through the Public Mirrors while running on Oracle’s network, you’ll need to make a few small adjustments to your email setup. These changes are simple to apply, but if you don’t take…
How Relevant Is the Chief AI Officer? CAIO as Change Agent Orchestrating AI Across Strategy, Operations, and Culture
How Relevant Is the Chief AI Officer in the AI Era? Over the past few years, artificial intelligence has shifted from isolated experimentation to a…Read More The post How Relevant Is the Chief AI Officer? CAIO as Change Agent Orchestrating…
Starkiller Phishing Framework Bypasses Defenses with Reverse Proxies, Takes an SaaS Approach
Starkiller is a new SaaS-style phishing framework that runs real brand websites inside headless Chrome containers, acting as a live reverse proxy to steal credentials, session tokens, and MFA-protected accounts while evading traditional detection. The post Starkiller Phishing Framework Bypasses Defenses…
That Time a Software Engineer Had Dominion Over 7000 Robot Vacuums
Cleaning house may be onerous, but vulnerable robot vacuums around the world could be marshalled into a surveillance network, one software engineer discovered. The post That Time a Software Engineer Had Dominion Over 7000 Robot Vacuums appeared first on Security…
IBM X-Force Report Surfaces Increased Exploitation of Public-Facing Apps
An analysis of cybersecurity attacks published today by the X-Force arm of IBM finds there was a 44% increase in the exploitation of public-facing applications in 2025. More troubling still, out of the 40,000 vulnerabilities tracked by IBM X-Force, more…
Granular Policy Enforcement for Decentralized MCP Resource Access
Master granular policy enforcement for decentralized MCP resource access using post-quantum cryptography and 4D security frameworks to protect ai infrastructure. The post Granular Policy Enforcement for Decentralized MCP Resource Access appeared first on Security Boulevard. This article has been indexed…
How free are industries to implement Agentic AI for identity security
What Are Non-Human Identities and Why Are They Crucial for Identity Security? A pressing question is: how does one secure machine identities to ensure robust identity security across industries? The answer lies in understanding and effectively managing Non-Human Identities (NHIs).…
How adaptable is Agentic AI to evolving compliance regulations
How Can Organizations Manage Non-Human Identities for Enhanced Cloud Security? Is your organization effectively managing the surge in non-human identities (NHIs) within your cybersecurity? Understanding NHIs involves recognizing their pivotal role in safeguarding data security, especially. While industries like financial…
How impenetrable are NHIs in secure cloud environments
How Safe Are Your Machine Identities in a Secure Cloud Environment? Can you confidently say that your organization’s machine identities are impenetrable? Non-Human Identities (NHIs) are at the forefront of conversations about protecting digital assets in secure cloud environments. These…