Guidance for SOC leaders on safely enabling agentic AI execution—require policy-driven guardrails, human-approval gates, blast-radius limits, auditability, and rollback to prevent automation from becoming operational risk.
The post Agentic AI in the SOC: The Governance Layer you Need Before You Let Automation Execute appeared first on Security Boulevard.
What looks like a legit VPN download could be a trap, as SEO poisoning is being used to steal corporate logins.
The post How searching for a VPN could mean handing over your work login details appeared first on Security Boulevard.
A Key storage Provider (KSP) library is important in signing ClickOnce manifest with Visual Studio when you require a greater level of key protection and a state of the art cryptography. I have personally observed a great deal of migrations of teams that were previously using CSP-based certificates to KSP-based certificates due to the support… Read More How to Sign ClickOnce Manifests with Visual Studio using the KSP Library?
The post How to Sign ClickOnce Manifests with Visual Studio using the KSP Library? appeared first on SignMyCode - Resources.
The post How to Sign ClickOnce Manifests with Visual Studio using the KSP Library? appeared first on Security Boulevard.
Analysis of SaaS sprawl amplified by AI integrations arguing for continuous discovery, application-layer visibility, policy enforcement, and real-time remediation to tame shadow IT and API‑level risk.
The post SaaS Sprawl has Become the New Shadow IT: Why Traditional Security Struggles to See (and Stop) It appeared first on Security Boulevard.
Malware has been abusing Android’s accessibility features for years. Google just made that a lot harder.
The post Google cracks down on Android apps abusing accessibility appeared first on Security Boulevard.
Poland officials say the cyberattack late last week appears to have been launched by an Iranian threat group, though they noted that bad actors not associated with any country in the war could have been behind it and used tactics associated with Iranian threat groups to cover their own tracks.
The post Poland Suspects Iranian Actors are Behind Attack on Its Nuclear Power Center appeared first on Security Boulevard.
We found fake “verify you are human” pages on hacked WordPress sites that trick Windows users into installing the Vidar infostealer.
The post Hacked sites deliver Vidar infostealer to Windows users appeared first on Security Boulevard.
via the comic artistry and dry wit of Randall Munroe, creator of XKCD
The post Randall Munroe’s XKCD ‘Bad Map Projection: Zero Declination’ appeared first on Security Boulevard.
Researchers published about the Zombie ZIP vulnerability (or not a vulnerability, that's up for debate) that can bypass a first AV inspection.
The post Zombie ZIP method can fool antivirus during the first scan appeared first on Security Boulevard.
Nisos
DPRK IT Worker Fraud: Hiring an Insider Threat
Here at Nisos, we’ve spent years helping organizations understand and mitigate complex, human risk-related threats, such as insider risk, executive protection and employment fraud...
The post DPRK IT Worker Fraud: Hiring an Insider Threat appeared first on Nisos by Ryan LaSalle, CEO
The post DPRK IT Worker Fraud: Hiring an Insider Threat appeared first on Security Boulevard.
Author, Creator & Presenter: Mike Spicer (@d4rkm4tter)
Our thanks to BSidesCache for publishing their Creators, Authors and Presenter’s outstanding BSidesCache 2025 content on the Organizations' YouTube Channel.
The post BSidesCache 2025 – KEYNOTE: The AI Cyber War: Inside The AI Race Between Attackers And Hunters appeared first on Security Boulevard.
Realm.Security launches Data Enrichments and Privacy Guard — injecting real-time threat context into security pipelines and automating PII redaction to keep SOC teams faster, leaner, and compliance-ready.
The post Realm.Security Rolls Out AI-Ready Security Data for the Modern SOC Ahead of RSA Conference appeared first on Realm.Security.
The post Realm.Security Rolls Out AI-Ready Security Data for the Modern SOC Ahead of RSA Conference appeared first on Security Boulevard.
When you delete a file, it's not really gone. We explain what really happens to deleted files and how File Shredder erases them for good.
The post Delete doesn’t mean gone. Here’s how File Shredder fixes that appeared first on Security Boulevard.
The evolution of cybersecurity challenges and the rapid pace of digital transformation have led security leaders to focus increasingly on robust and adaptive security frameworks. Among them, zero trust identity management has emerged as a cornerstone of modern security strategies. As we look toward 2026, this article provides a detailed roadmap for security leaders to […]
The post What security leaders need to know about zero trust identity management in 2026 first appeared on TrustCloud.
The post What security leaders need to know about zero trust identity management in 2026 appeared first on Security Boulevard.
As DMARC adoption accelerates across EMEA, organisations are increasingly implementing and managing DMARC to strengthen their email security posture. We’ve worked with people across Europe to protect their domains from spoofing and phishing.
The post How dmarcian Supports DMARC Adoption across EMEA appeared first on Security Boulevard.
Asset discovery tells you what IT exists in your environment. Exposure management tells you what will get you breached. If your platform can't connect vulnerabilities, identities, misconfigurations, and AI systems into real attack paths, you don't have exposure management. You have inventory.
Key takeawaysUnsurprisingly, the list of vendors claiming to offer exposure management platforms grows by the day. The reason? Everyone now agrees with what Tenable has known for years: An exposure management program is critical to successfully prevent and fend off modern cyber attacks, especially now, in the AI era.
Recently, vendors of cyber asset attack surface management (CAASM) and other “discovery-first” tools — which passively scan your network to build voluminous asset inventory lists — have been jumping on the exposure management bandwagon.
These vendors tend to offer broad visibility through passive network monitoring and third-party API integrations. Their approach prioritizes breadth over depth. But in cybersecurity, comprehensive visibility is table stakes. What’s crucial is pinpointing the threats that you need to fix now.
When evaluating offerings from these vendors, ask yourself: Are you looking to build a better asset inventory, or are you trying to proactively close exposures and prevent attacks?
In this blog, we’ll explain in detail how vendors of IT asset inventory software and CAASM tools fall short of delivering the invaluable benefits of an integrated exposure management platform like Tenable One. In addition to inventorying all of your IT, OT, and cloud assets across your attack surface, Tenable One also assesses them for vulnerabilities, misconfigurations, and excess permissions, maps these exposures into attack paths, then prioritizes them for remediation based on exploitability and impact.
1. Authoritative data vs. incomplete assumptionsKnowing a device exists is just the beginning. Visibility alone isn’t security.
Vendors of IT asset-inventory software often rely only or primarily on passive network monitoring and on third-party data collected via APIs. And they make this weakness sound appealing: no agents to manage and no need to “touch” the devices — just listening to traffic.
However, passive monitoring has a fundamental flaw: It relies on devices “talking” to be detected. If a device is silent or “talks” infrequently, it stays in the shadows of your network.
In addition, the data collected through passive monitoring is often superficial, especially if network traffic is encrypted and if the monitoring tool is not capturing full network packets. It might show you that a laptop exists, but it can’t tell you what software is running on it or what security issues put it at risk?
Passive discovery also misses entire categories of vulnerabilities, like outdated dynamic link libraries (DLLs), compromised registry keys, and risky misconfigurations that only an active scanner or agent can find.
Moreover, passive monitoring tools are often victims of the data provided by third-party APIs. If the source data is truncated or inaccurate, these tools just give you noise: a high quantity of low-quality data.
Tenable One doesn’t “guess” based on network traffic or metadata. It uses a combination of methods for collecting rich asset and exposure data: agents, active scanners, passive listening, API integrations and insights from our world-class security research team to give you a 360-degree view of your assets and of their security weaknesses — on prem and in the cloud. Our robust exposure data fabric maps relationships across 1.5 billion assets, 150 billion threat artifacts, and 1.4 billion security configurations.
In short, we don’t just aggregate comprehensive first-party and third-party data. We normalize, correlate, analyze, contextualize, and prioritize this data, turning it into a continuously updated, single source of truth for your risk exposure.
2. The frontier of risk: Securing the AI attack surfaceAs organizations race to adopt AI, security teams are finding that their traditional security tools fall short at managing and monitoring AI security risks, including data leaks and new vulnerabilities, and detecting new types of threats, like direct and indirect prompt injection.
In particular, Cyber Asset Attack Surface Management (CAASM) tools generally do not detect the presence of AI tools, AI agents, or AI plugins natively, and instead rely entirely on third-party integrations - such as AI-SPM findings from another vendor — to surface this visibility.
But even when they ingest this data about the presence of AI systems, they stop there. Knowing that an employee is using ChatGPT or that an engineer has deployed a large language model (LLM) is just the first step. It’s critical to understand:
Tenable One provides a unified framework to discover, understand, protect, and govern the entire AI attack surface, making it as effective an AI security tool as it is an exposure management platform. Unlike competitors that treat AI as just another asset in a list, Tenable One pinpoints the unique risks that AI adoption creates.
Tenable One transforms AI from a blind spot into a managed asset through four critical pillars:
Deep contextual understanding - AI risk typically emerges from interactions among systems. For example: An employee uses an approved third-party AI tool that relies on an internal AI agent to access company data. In turn, this agent, which has broad access to sensitive systems, gets exposed by a forgotten endpoint.
Tenable One helps you surface these risky scenarios. It maps AI workflows across cloud platforms, revealing how models, infrastructure, storage, and networking work together. By connecting AI infrastructure with identity and access paths, we show you where exposure is actually created and helps you do something about it.
By integrating AI risks into the Tenable One exposure data fabric, Tenable One correlates them alongside your existing identity, cloud, and vulnerability data so you can see how weaknesses across your attack surface combine to create high-impact attack paths leading to your most sensitive systems and data.
3. Seeing the unseen: Attack path analysisA list of vulnerable devices is just a list. To truly protect your organization, you must understand the relationships among those devices.
Many inventory-focused competitors lack native attack path analysis (APA). They might tell you a web server is vulnerable, but they can’t show you that this specific server has a cached credential that unlocks access to a database where confidential customer data is stored. Tenable One can.
Tenable One maps technical and business relationships across your entire attack surface into attack paths. In other words, it gives you technical context (e.g., whether an asset is exposed to the internet, has an exploitable vulnerability, and isn’t protected with multi-factor authentication) and business context (e.g., the asset supports a critical business process or contains sensitive data). And it shows you how threat actors can combine vulnerabilities, misconfigurations, and identity weaknesses into high-risk attack paths leading to your organization’s most sensitive data and systems.
Another benefit of attack path analysis is that you can focus on addressing a handful of choke points – critical, high-priority nodes creating multiple pathways to sensitive assets – to dramatically scale risk-reduction effectiveness. Prioritizing choke points allows remediation teams to fix one exposure to break numerous potential attack vectors simultaneously by understanding privilege escalation and lateral movement techniques.
4. Compliance is not an “add-on”For organizations in regulated industries, “visibility” isn't enough to satisfy an auditor. If your tool lacks native compliance checks for government regulations and industry mandates, you are left with a massive manual workload.
In particular, many CAASM tools and IT asset-inventory software cannot ingest compliance data or report against specific industry benchmarks and regulatory frameworks.
With Tenable One, the story is much different. You get:
Many IT asset-inventory software tools prioritize “risk” based on one-dimensional criteria and ticket-routing data, and they highlight their mobilization and workflow capabilities. However, these features deliver little value because these vendors lack precise, comprehensive exposure data.
In other words, they can tell you who owns an asset but not whether the asset’s security weaknesses are exploitable. Without deep risk context and precise prioritization, it does you little good to have a streamlined remediation process, because you’ll be fixing exposures that pose minor threats and overlooking those that put your organization at great danger.
By contrast, Tenable’s Vulnerability Priority Rating (VPR) is backed by over a decade of maturity and more than 150 daily data points. It doesn’t just tell you a vulnerability exists; it uses world-class threat intelligence powered by AI to help you focus on the real threats that matter most to your organization and predict future risks. Once you’re clear on the exposures you need to fix right away, Tenable One helps you automate your remediation efforts so you stay ahead of attackers.
Comparison at a glance: Tenable One vs. IT asset-inventory software competitors Feature IT asset-inventory software competitors Tenable One Assessment method Shallow: Primarily passive/API-based Deep: Active scanners, agents, APIs, and passive network listening Vulnerability data Third-party/truncated telemetry Aggregation, correlation and deep analysis of both first-party and third-party asset data Attack path analysis Non-existent or manual mapping Native, automated relationship mapping Identity risk Rarely integrated Core component of the platform Exposure prioritization Aggregated risk findings only Comprehensive context that combines asset criticality, risk severity, identity privileges, toxic risk combinations and attack path analysis to understand true exposure Compliance Tactical findings only Comprehensive, framework-specific coverage Reporting Asset-centric/tactical Board-ready Executive Exposure Cards AI visibility and risk Lists “AI Apps” as inventory items; lacks depth on usage or model security. Full AI security lifecycle: discovery, understanding, protection and governance Get genuine exposure managementFinding an asset and opening a ticket doesn’t translate into proactive and preemptive risk reduction. If your goal is simply to count the number of devices on your network, a discovery tool might suffice.
But if you want to continuously reduce the probability of a breach, you need an exposure management platform built on three key pillars:
A legitimate platform provides a seamless, end-to-end workflow, integrating advanced vulnerability and exposure intelligence, AI-driven prioritization, patch management, and response validation.
To compile a full inventory of assets and their exposures, the platform must employ multiple detection techniques, including active scanning, passive network monitoring, and agent-based telemetry. Equally important, it must provide multidimensional context on how assets relate to and impact each other.
True risk reduction is only possible when you have a single, unified view of all your assets and their security issues. Then you can reap exposure management’s core value: preemptive risk reduction.
An industry-leading exposure management platform unifies data from across the modern attack surface – vulnerabilities, cloud, web apps, AI systems, OT/IoT devices, identity systems – to reveal the hidden attack paths that threaten your business.
Get a demo of the Tenable One Exposure Management Platform and see the difference for yourself.
The post Don’t confuse asset inventory with exposure management appeared first on Security Boulevard.
DataDome recorded 7.9B AI agent requests in early 2026. A new report reveals widespread spoofing and visibility gaps that leave organizations exposed.
The post DataDome Report Finds Most Organizations Flying Blind as Agentic Traffic Surges appeared first on Security Boulevard.
DataDome recorded 7.9B AI agent requests in early 2026. Get the data on AI traffic volume growth, agent spoofing, and what this means for your site.
The post The AI Traffic Report: High Volume, Low Visibility, and a Growing Risk appeared first on Security Boulevard.
Written by Katie Barnett, Director of Cyber Security at Toro Solutions
Insider risk is still often framed around intent, with the focus placed on malicious employees, disgruntled contractors, or deliberate misuse of access for personal gain.
Those cases exist and they matter, but they are rarely where risk first begins, and they do not reflect how most insider-related incidents actually develop.
In reality, many cases take shape slowly and quietly. They are shaped by pressure, fatigue, disengagement, coercion, manipulation or personal strain rather than hostility. The behaviour that later causes harm is often preceded by long periods of stress, isolation, being influenced or unresolved workplace issues. By the time someone is formally labelled an insider threat,the opportunity for early, proportionate support has usually passed, and the organisation is left with far fewer options.
This is why treating insider risk purely as a disciplinary or compliance issue consistently falls short. In many situations, the underlying issue is one of wellbeing first, with security consequences following later, whether the organisation recognises that link or not.
Insiders are a significant and consistent factor in security incidents. Accenture[1] has reported that a significant proportion of security incidents involve insiders, many of which are linked not to sophisticated intent, but to frustration, opportunism, or poor judgement under pressure.
Research from the Ponemon Institute[2] also shows that many employees who leave an organisation take some form of sensitive data with them, often without seeing it as wrongdoing. These findings do not mean that most people are inherently risky. They show how easily people can justify their actions when they feel unsupported, unheard, or under strain.
Despite this, insider risk is still often pushed aside or handled in isolation. In many organisations it moves between HR, security, and legal teams without a shared understanding of what is really driving behaviour. When this happens, patterns are missed and early warning signs become normal, until a more serious incident finally brings the issue to senior attention.
How insider risk really develops
Insider risk rarely begins with a clear breach of policy. More often we find that it develops incrementally through small changes in behaviour that are easy to explain away, particularly in high-pressure or highly trusted roles.
Someone may start working excessive hours to manage workload, gradually bypassing controls that feel obstructive rather than protective. They may disengage from colleagues, become defensive when challenged, or withdraw from routine interaction. None of this suggests malicious intent in isolation, but it often marks the point at which judgement can begin to erode.
In roles with wide access and limited oversight, these issues can go unnoticed for a long time. As people grow more comfortable with the systems, informal shortcuts start to feel normal, and risk builds in the background. By the time leadership becomes aware, it’s often because something has already gone wrong.
In some cases, the influence is external. Individuals may be targeted by criminals, competitors or organised groups who exploit personal vulnerabilities, financial stress or emotional pressure. This does not always look like blackmail or explicit threats. It can begin with flattery, requests for small favours, or appeals to sympathy, and gradually escalate into access, information sharing or rule-bending that feels difficult to refuse.
Coercion does not always come from outside. In some environments it can arise internally through power imbalances, unrealistic expectations, or pressure from senior colleagues that makes it hard to say no without fear of consequences.
Connection without closeness
Modern ways of working have added a new layer of complexity. We are more digitally connected than ever, yet many people now experience their work in relative isolation. Messages replace face to face conversations, context gets lost, and informal check-ins happen far less often.
Judgement does not exist in a vacuum. Stress, fatigue, and emotional strain shape how people interpret information and how carefully they make decisions. When pressure rises and support feels distant, people are more likely to misread situations, take shortcuts, or justify behaviour they would normally question.
This is not just a wellbeing issue. It is a resilience issue. Emotional strain narrows perspective and makes people more open to influence, whether that influence comes from outside the organisation or from their own internal reasoning.
These dynamics are being intensified by wider economic uncertainty. Prolonged cost-of-living pressures, geopolitical instability, and sustained disruption across global markets are all putting strain on individuals’ finances.
Financial pressure affects how people behave. It makes it harder to focus, increases anxiety, and can reduce how seriously people think about consequences. Some may even feel they have little left to lose. This does not mean they intend to do harm, but it does raise risk, especially for those who have access to sensitive systems, information, or assets.
From a security point of view, money stress increases risk. When organisations treat financial wellbeing as separate from security, they overlook an important part of the problem.
Financial strain also increases susceptibility to manipulation. People under pressure are more likely to respond to offers of help, opportunities to “fix” problems quickly, or requests that promise relief from stress. From a security perspective, this creates conditions where coercion becomes easier and more effective, even when individuals have no intention of causing harm.
Why controls alone are not enough
When insider risk is identified, organisations often respond in a technical way by tightening access, increasing monitoring, and reinforcing policies, but while these actions are important, they rarely address the underlying conditions that allowed the risk to develop in the first place.
Controls alone do not reduce burnout. Monitoring does not ease financial pressure, and policy reminders do not restore sound judgement. In some situations, a poorly timed escalation can actually increase feelings of mistrust or isolation, which pushes risk further underground instead of resolving it.
Both research and practical experience show that behavioural warning signs often appear before any technical breach occurs, including changes in performance, disengagement, conflict with management, and financial difficulty, and when organisations wait until behaviour crosses a formal threshold, their options become limited and the consequences are usually far more severe.
Support does not mean ignoring misconduct or lowering standards, but instead means expanding the prevention toolkit so organisations can step in earlier, when the impact is lower and when individuals still have realistic options.
In practice, this often includes:
This approach reflects the direction set out in UK protective security guidance, which emphasises treating insider events as connected, strengthening leadership understanding, and addressing the reasons insider risk is often deprioritised or avoided.
Culture determines whether people speak up
In many insider cases, colleagues notice warning signs but decide not to raise them because they worry about getting someone into trouble, triggering an investigation, or being seen as overreacting.
Where people believe that raising concerns will lead to fair and supportive action, reporting becomes more likely, but where they expect blame or punishment, staying silent feels safer.
This is not a training failure. It is a cultural one.
The most effective insider risk programmes are often the least visible because they are built into everyday management practice, supported by leadership, and grounded in trust, and they recognise that people are both the greatest asset and the most complex part of any security system.
In a world that is increasingly connected but emotionally fragmented, emotional and financial pressures are no longer side issues. They are part of the risk landscape.
For organisations that are serious about resilience, insider risk must be understood not only through controls and compliance, but also through culture, support, and leadership judgement, and this shift does not weaken security. It strengthens it.
The post When insider risk is a wellbeing issue, not just a disciplinary one appeared first on Security Boulevard.
Learn how to implement cryptographic agility in MCP resource servers to protect AI infrastructure from quantum threats using PQC and modular security frameworks.
The post Cryptographic Agility in MCP Resource Server Orchestration appeared first on Security Boulevard.
