Category: Security Boulevard

Overview Recently, NSFOCUS CERT detected that H2O-3 released a security update to fix the H2O-3 JDBC deserialization vulnerability (CVE-2025-6507); This vulnerability is a bypass of CVE-2024-45758 and CVE-2024-10553. Due to the deserialization flaw in the system’s JDBC connection processing logic,…

Read more →

Understanding the Significance of NHIs in Cybersecurity Why are Non-Human Identities (NHIs) so crucial in cybersecurity? These machine identities consist of Secrets (encrypted tokens, keys, or passwords) and permissions that are akin to a passport-visa system. NHIs and their Secrets…

Read more →

How Can Non-Human Identities (NHIs) Enhance Cloud Security? Is your organization leveraging the power of Non-Human Identities (NHIs) and Secrets Security Management to fortify cloud security? If not, you could be leaving yourself vulnerable to potential cyber threats. The management…

Read more →

Scaling Kubernetes isn’t just about launching containers—it’s about choosing support models that truly let developers innovate instead of drowning in operational noise. Recently, I read Kathie Clark’s excellent blog, “What I Got Wrong About Cloud Managed Services (And Why It…

Read more →

Cloudflare, Palo Alto Networks, and Zscaler are the latest among hundreds of victims of an expanding data-stealing attack by the UNC6395 threat group that is exploiting compromised OAuth tokens associated with Salesloft’s Drift app to access organizations’ Salesforce tenants and…

Read more →

The Salesloft Drift breach is expanding fast. Learn what’s at risk and the 7 critical steps security teams should take to protect their SaaS ecosystem. The post Salesloft Drift Breach: 7 Steps to Protect Your Organization appeared first on Security…

Read more →

A survey of 264 professionals that maintain websites based on the WordPress content management system (CMS) finds 96% have been impacted by at least one security incident/event, with just under two-thirds of those respondents (64%) having suffered a full breach.…

Read more →

Creator, Author and Presenter: Marisa Fagan Our deep appreciation to Security BSides – San Francisco and the Creators, Authors and Presenters for publishing their BSidesSF 2025 video content on YouTube. Originating from the conference’s events held at the lauded CityView…

Read more →

The Salesloft Drift breach affected hundreds of organizations through Salesforce, including Cloudflare, Palo Alto Networks, and Zscaler. Google now explicitly recommends running secrets scanning tools across Salesforce data—here’s your complete guide. The post When Google Says “Scan for Secrets”: A…

Read more →

Credential Integrity Must Be Ongoing Trust used to be something you gave once. A user would log in, pass a password check or multi-factor prompt, and from that point forward, they were considered safe. Unfortunately, that assumption no longer holds.…

Read more →

The combined Synack/Tenable solution reduces alert noise for overloaded security teams, isolating the most exploitable threats so they can proactively close security gaps faster. Vulnerability Assessment 🤝 Penetration Testing Vulnerability assessment, including automated scanning, is a great first step in…

Read more →

Remote work fuels Shadow IT risks. Learn how to manage USBs and portable storage with encryption, EDR, and policies that balance security with usability. The post How Strong Device Policies Can Help Solve Your Shadow IT Problem appeared first on…

Read more →

Learn about the Minimum Viable Secure Product (MVSP) approach for Enterprise SSO and CIAM. Balance rapid deployment with essential security for your initial product release. The post Understanding the Minimum Viable Secure Product appeared first on Security Boulevard. This article…

Read more →

Running a data center efficiently is no small feat. From managing energy costs to preventing downtime, there’s a lot that can go wrong—and a lot that can be optimized. Discover 10 actionable strategies to enhance your data center operations, including…

Read more →

Implementing Zero Trust is no longer optional. It’s a strategic imperative. But with a flood of solutions and vendors all claiming to be the answer, navigating your options can be overwhelming. Whether you’re just starting your evaluation or finalizing a…

Read more →

Bolting a chatbot onto a legacy SOAR tool doesn’t make it intelligent. Here’s what real autonomous security operations look like — and why they matter. The post Beyond Chatbots: Why Morpheus Leaves SOAR with Bolted-On AI in the Dust appeared…

Read more →

This is a short, gentle two-part introduction to basic cryptographic concepts using text-based crypto examples. The videos illustrate encryption, decryption, ciphers, keys, algorithms, code cracking, cryptanalysis, and letter frequency analysis.  Full disclosure: I produced these videos over a decade ago.…

Read more →

Summary The Defender’s Log episode features John Todd from Quad9, discussing their mission to protect the internet through secure DNS. Quad9, a non-profit launched in 2017 with founding partners Global Cyber Alliance, Packet Clearing House, and IBM, provides a free,…

Read more →

Are We Fully Leveraging the Power of NHI and Secrets Management? Many organizations are waking up to the potential of Non-Human Identity (NHI) management to reinforce their cybersecurity strategies. They are recognizing the potential of NHI – a combination of…

Read more →

Is Comprehensive Protection for Your Digital Assets Achievable on a Budget? One aspect that often goes overlooked is the management of Non-Human Identities (NHIs) and secrets. NHI and secrets management, with its focus on the lifecycle of machine identities and…

Read more →