Category: Security Boulevard

When flights get delayed, passengers want answers fast: rebooking, hotel vouchers, refund options. Human agents can’t scale to meet this surge, but AI agents can. The challenge? Identity. The post Airline Disruption Recovery — How Agentic Identity Keeps Travel on…

Read more →

In my first article on Bedrock AgentCore Code Interpreters, I demonstrated that custom code interpreters can be coerced into performing AWS control plane actions by non-agentic identities. This presented a novel path to privilege escalation, whereby any user with access…

Read more →

The best software developers I’ve had the privilege to work with live by the principle that they have ultimate responsibility for the code we introduce. They take ownership of what they write, review, and ship. They ask questions when they…

Read more →

Creator, Author and Presenter: Parker Shelton Our deep appreciation to Security BSides – San Francisco and the Creators, Authors and Presenters for publishing their BSidesSF 2025 video content on YouTube. Originating from the conference’s events held at the lauded CityView…

Read more →

Overprivileged non-human identities expose enterprises to massive risk. Enforcing least privilege with automation and visibility is critical for security. The post Why the Principle of Least Privilege Is Critical for Non-Human Identities appeared first on Security Boulevard. This article has…

Read more →

Scientists at NYU developed a ransomware prototype that uses LLMs to autonomously to plan, adapt, and execute ransomware attacks. ESET researchers, not knowing about the NYU project, apparently detected the ransomware, saying it appeared to be a proof-of-concept and a…

Read more →

By Ivan Novikov and Stepan Ilyin When we started Wallarm, we focused on the APIs that power modern apps. We built an API-first platform, used AI from day one, and secured early patents in behavior-based detection and automated policy creation.…

Read more →

Most B2B companies build cybersecurity programs backwards – starting with compliance instead of real security. Learn why this approach fails and how fractional CISO services can help you build effective security that actually prevents breaches while achieving compliance. The post…

Read more →

Overview Recently, NSFOCUS CERT detected that H2O-3 released a security update to fix the H2O-3 JDBC deserialization vulnerability (CVE-2025-6507); This vulnerability is a bypass of CVE-2024-45758 and CVE-2024-10553. Due to the deserialization flaw in the system’s JDBC connection processing logic,…

Read more →

Understanding the Significance of NHIs in Cybersecurity Why are Non-Human Identities (NHIs) so crucial in cybersecurity? These machine identities consist of Secrets (encrypted tokens, keys, or passwords) and permissions that are akin to a passport-visa system. NHIs and their Secrets…

Read more →

How Can Non-Human Identities (NHIs) Enhance Cloud Security? Is your organization leveraging the power of Non-Human Identities (NHIs) and Secrets Security Management to fortify cloud security? If not, you could be leaving yourself vulnerable to potential cyber threats. The management…

Read more →

Scaling Kubernetes isn’t just about launching containers—it’s about choosing support models that truly let developers innovate instead of drowning in operational noise. Recently, I read Kathie Clark’s excellent blog, “What I Got Wrong About Cloud Managed Services (And Why It…

Read more →

Cloudflare, Palo Alto Networks, and Zscaler are the latest among hundreds of victims of an expanding data-stealing attack by the UNC6395 threat group that is exploiting compromised OAuth tokens associated with Salesloft’s Drift app to access organizations’ Salesforce tenants and…

Read more →

The Salesloft Drift breach is expanding fast. Learn what’s at risk and the 7 critical steps security teams should take to protect their SaaS ecosystem. The post Salesloft Drift Breach: 7 Steps to Protect Your Organization appeared first on Security…

Read more →

A survey of 264 professionals that maintain websites based on the WordPress content management system (CMS) finds 96% have been impacted by at least one security incident/event, with just under two-thirds of those respondents (64%) having suffered a full breach.…

Read more →

Creator, Author and Presenter: Marisa Fagan Our deep appreciation to Security BSides – San Francisco and the Creators, Authors and Presenters for publishing their BSidesSF 2025 video content on YouTube. Originating from the conference’s events held at the lauded CityView…

Read more →

The Salesloft Drift breach affected hundreds of organizations through Salesforce, including Cloudflare, Palo Alto Networks, and Zscaler. Google now explicitly recommends running secrets scanning tools across Salesforce data—here’s your complete guide. The post When Google Says “Scan for Secrets”: A…

Read more →

Credential Integrity Must Be Ongoing Trust used to be something you gave once. A user would log in, pass a password check or multi-factor prompt, and from that point forward, they were considered safe. Unfortunately, that assumption no longer holds.…

Read more →

The combined Synack/Tenable solution reduces alert noise for overloaded security teams, isolating the most exploitable threats so they can proactively close security gaps faster. Vulnerability Assessment 🤝 Penetration Testing Vulnerability assessment, including automated scanning, is a great first step in…

Read more →

Remote work fuels Shadow IT risks. Learn how to manage USBs and portable storage with encryption, EDR, and policies that balance security with usability. The post How Strong Device Policies Can Help Solve Your Shadow IT Problem appeared first on…

Read more →