Security Boulevard

AttackIQ has released a new emulation that compiles the Tactics, Techniques, and Procedures (TTPs) associated with the exploitation of the CVE-2025-49704, CVE-2025-49706, CVE-2025-53770, and CVE-2025-53771 vulnerabilities, which affect on-premises Microsoft SharePoint servers.

The post Response to CISA Alert: Microsoft Releases Guidance on Exploitation of SharePoint Vulnerabilities appeared first on AttackIQ.

The post Response to CISA Alert: Microsoft Releases Guidance on Exploitation of SharePoint Vulnerabilities appeared first on Security Boulevard.

Enterprise Kubernetes management is the cornerstone of modern cloud-native operations, enabling organizations to orchestrate, secure, and scale containerized workloads across hybrid and multi-cloud environments. Kubernetes celebrated a decade of innovation last year, yet its complexity, and that of its surrounding ecosystem, often remains a significant challenge for in-house teams. This complexity increases the need for enterprise K8s management solutions that address governance, security, automation, and cost optimization.

The post Enterprise Kubernetes Management: What Is It & Do You Have It? appeared first on Security Boulevard.

Creator/Author/Presenter: Ross Haleliuk

Our deep appreciation to Security BSides - San Francisco and the Creators/Authors/Presenters for publishing their BSidesSF 2025 video content on YouTube. Originating from the conference’s events held at the lauded CityView / AMC Metreon - certainly a venue like no other; and via the organization's YouTube channel.

Additionally, the organization is welcoming volunteers for the BSidesSF Volunteer Force, as well as their Program Team & Operations roles. See their succinct BSidesSF 'Work With Us' page, in which, the appropriate information is to be had!

Permalink

The post BSidesSF 2025: Not Every Groundbreaking Idea Needs To Become A Billion-Dollar Startup appeared first on Security Boulevard.

via the comic artistry and dry wit of Randall Munroe, creator of XKCD

Permalink

The post Randall Munroe’s XKCD ‘Replication Crisis’ appeared first on Security Boulevard.

This is my completely informal, uncertified, unreviewed and otherwise completely unofficial blog inspired by my reading of our next Threat Horizons Report, #12 (full version) that we just released (the official blog for #1 report, my unofficial blogs for #2, #3, #4, #5, #6, #7, #8, #9, #10 and #11).

My favorite quotes from the report follow below:

• “Google Cloud’s latest research highlights that common hygiene gaps like credential issues and misconfigurations are persistently exploited by threat actors to gain entry into cloud environments. During the first half of 2025, weak or absent credentials were the predominant threat, accounting for 47.1% of incidents. Misconfigurations (29.4%) and API/UI compromises (11.8%) followed as the next most frequently observed initial access vectors.“

THR 12 cloud compromise visual

• “Notably, compared to H2 2024, we observed a 4.9% decrease in misconfiguration-based access and a 5.3% decrease in API/UI compromises (i.e., when an unauthorized entity gains access to, or manipulates a system or data through an application’s user-facing screen or its programmatic connections). This shift appears to be partly absorbed by the rise of leaked credentials representing 2.9% of initial access in H1 2025. ” [A.C. — It gently suggests that while we’re making some progress on configurations, the attackers are moving to where the fruit is even more low-hanging: already leaked credentials.]
• “Foundational security remains the strongest defense: Google Cloud research indicates that credential compromise and misconfiguration remain the primary entry points for threat actors into cloud environments, emphasizing the critical need for robust identity and access management and proactive vulnerability management.” [A.C. — it won’t be the magical AI that saves you, it would be not given admin to employees]
• “Financially motivated threat groups are increasingly targeting backup systems as part of their primary objective, challenging traditional disaster recovery, and underscoring the need for resilient solutions like Cloud Isolated Recovery Environments (CIRE) to ensure business continuity.” [A.C. — if your key defense against ransomware is still backups, well, we got some “news” got you…]
• “Advanced threat actors are leveraging social engineering to steal credentials and session cookies, bypassing MFA to compromise cloud environments for financial theft, often targeting high-value assets.” [A.C. — this is NOT an anti-MFA stance, this is a reminder that MFA helps a whole lot, yet if yours can be bypassed, then its value diminishes]
• “Threat actors are increasingly co-opting trusted cloud storage services as a key component in their initial attack chains, deceptively using these platforms to host seemingly benign decoy files, often PDFs.“ and “threat actors used .desktop files to infect systems by downloading decoy PDFs from legitimate cloud storage services from multiple providers, a tactic that deceives victims while additional malicious payloads are downloaded in the background” [A.C. — a nice example of thinking about how the defender will respond by the attacker here]
• “more traditional disaster recovery approaches, focused primarily on technical restoration, often fall short in addressing the complexities of recovering from a cyber event, particularly the need to re-establish trust with third parties.” [A.C. — The technical recovery is only half the battle. This speaks to the human element of incident response, and the broader impact of a breach.]

Now, go and read the THR 12 report!

Related posts:

• EP112 Threat Horizons — How Google Does Threat Intelligence podcast
• Google Cloud Security Threat Horizons Report #11 Is Out!
• Google Cloud Security Threat Horizons Report #10 Is Out!
• Google Cybersecurity Action Team Threat Horizons Report #9 Is Out!
• Google Cybersecurity Action Team Threat Horizons Report #8 Is Out!
• Google Cybersecurity Action Team Threat Horizons Report #7 Is Out!
• Google Cybersecurity Action Team Threat Horizons Report #6 Is Out!
• Google Cybersecurity Action Team Threat Horizons Report #5 Is Out!
• Google Cybersecurity Action Team Threat Horizons Report #4 Is Out!
• Google Cybersecurity Action Team Threat Horizons Report #3 Is Out!
• Google Cybersecurity Action Team Threat Horizons Report #2 Is Out!
• Illicit coin mining, ransomware, APTs target cloud users in first Google
• Cybersecurity Action Team Threat Horizons report

The post Google Cloud Security Threat Horizons Report #12 Is Out! appeared first on Security Boulevard.

TEST SB

The post TEST SB appeared first on Security Boulevard.

I’ve spent my career building solutions to protect the API fabric that powers modern businesses. I founded Salt because I saw that traditional security tools such as WAFs, gateways, and CDNs weren’t designed to see or secure APIs. That gap led to breaches, blind spots, and billions in risk.

Today, we’re facing a new wave of risk that’s even bigger than the last. The rise of Agentic AI has brought us to a true inflection point.

Agentic AI isn’t just another software layer. It’s a fundamentally new computing paradigm. These autonomous agents reason, remember, and take real-time actions across environments. They trigger workflows, access sensitive data, and update systems without a human in the loop.

They are powerful and dangerous.

And they’re all powered by APIs.

The Hard Truth: You Can’t Secure AI Without Securing APIs

Every AI agent is API-connected. Whether it’s pulling data from internal systems, issuing commands to third-party platforms, or coordinating with other agents via the Model Context Protocol (MCP), which acts as an API broker, APIs are the control plane.

But here's the problem: most security teams still treat APIs as just another line item in the stack. Or worse, they assume their existing tools are already covering them.

They’re not.

Agentic AI magnifies every weakness in your API strategy. If you’re not seeing all the API traffic, if you’re not identifying sensitive endpoints, if you’re not understanding behavioral context, you’re flying blind while AI agents operate with full system access.

That’s not just a technical risk. It’s a life safety issue. If an AI-powered agent makes a healthcare decision based on incomplete or manipulated data, the stakes aren’t abstract. They’re personal. My own grandmother’s health relies on systems like these being secure, reliable, and trusted. I won’t accept anything less.

Why Today’s Tools Fall Short

Traditional tools were never built to handle this. They inspect traffic at the edge. They filter payloads based on static rules. But they can’t tell you:

• Which AI agents are active
• What those agents are doing
• Whether they’re acting inside or outside policy
• If rogue agents or shadow APIs are being abused
• If internal APIs are leaking sensitive context

The rise of Agentic AI means we need API security that’s real-time, behavioral, and deeply integrated into how AI agents think and act.

Our Vision: Secure the API Fabric of the Future

At Salt, we believe Agentic AI marks the beginning of a new era of software—and that era must be secured differently.

Here’s our vision:

1. ‍See the entire API fabric, instantly: AI agents operate across thousands of APIs, including internal, partner, shadow, and deprecated ones. Salt provides a complete, continuously updated map without requiring traffic or agents to start.
2. ‍Understand behavior, not just traffic: Salt goes beyond logging API calls. We understand intent, sequence, and context so we can spot anomalies that signal abuse, drift, or misalignment between agent policy and behavior.
3. ‍Secure the Model Context Protocol (MCP): MCP is becoming the lingua franca of AI agents. It defines what agents know, what actions they can take, and how they think. Salt is building the industry’s first purpose-built security for MCP traffic and agent coordination.
4. Prevent the next-generation of AI attacks: From prompt injection to API abuse, Salt detects and stops attacks that slip past traditional defenses. And we provide the intelligence you need to adapt policy in real time before incidents escalate.
5. Enable responsible AI adoption: Security can’t slow innovation. Salt is designed for speed and ease of deployment. We integrate directly with cloud environments, such as AWS, providing teams with instant visibility without disrupting operations.

The Road Ahead

We’ve entered a world where software can think and act. That’s thrilling. But it also demands a radical shift in how we think about security.

At Salt, we’re committed to leading the way. We’ll secure the AI agents reshaping how businesses operate. We’ll protect the APIs that make those agents possible. And we’ll keep building toward a future where innovation and trust go hand in hand.

Because this isn’t just about digital systems, it’s about the real-world impact they have on customers, partners, and employees.

‍

Roey Eliyahu, ‍Co-founder & CEO, Salt Security

The post Securing the Next Era: Why Agentic AI Demands a New Approach to API Security appeared first on Security Boulevard.

If you’re reading this, there’s a fair chance the thought has crossed your mind: “Was this written by a human… or by one of those AI models everyone’s talking about?” That’s a fair question, and as someone who has spent years in cybersecurity, I’ll tell you—this isn’t just an academic curiosity. It’s a real, growing […]

The post Cybersecurity in the AI Era – How Do You Know This Article Wasn’t Written by a Machine? appeared first on HolistiCyber.

The post Cybersecurity in the AI Era – How Do You Know This Article Wasn’t Written by a Machine? appeared first on Security Boulevard.

Creator/Author/Presenter: Ben Stav

Our deep appreciation to Security BSides - San Francisco and the Creators/Authors/Presenters for publishing their BSidesSF 2025 video content on YouTube. Originating from the conference’s events held at the lauded CityView / AMC Metreon - certainly a venue like no other; and via the organization's YouTube channel.

Additionally, the organization is welcoming volunteers for the BSidesSF Volunteer Force, as well as their Program Team & Operations roles. See their succinct BSidesSF 'Work With Us' page, in which, the appropriate information is to be had!

Permalink

The post BSidesSF 2025: Trace to Triage: How to Connect Product Vulnerabilities to Security Paths appeared first on Security Boulevard.

The Big News: Palo Alto Networks Moves on CyberArk Palo Alto Networks today announced a landmark agreement to acquire CyberArk Software in a deal valued at approximately $25 billion. Under the terms, CyberArk shareholders will receive $45 in cash plus 2.2005 shares of Palo Alto Networks common stock per share—representing a 26% premium to CyberArk’s unaffected..

The post Palo Alto’s Acquisition of CyberArk Could Set Off a Wave of Consolidation in the Cyber World appeared first on Security Boulevard.

The security breach of the popular women-only safe-dating app Tea widened over the weekend, when a second database storing 1.1 million DMs between members was compromised. News of the exposure came days after an initial investigation found that a database holding older data, including photos, was breached.

The post Tea App Data Breach Deepens, with 1.1 Million User Chats Exposed appeared first on Security Boulevard.

Palo Alto Networks Inc. is in discussions to acquire CyberArk Software for more than $20 billion in one of tech’s biggest deals this year, as vendors scramble to fortify their cybersecurity defenses. Palo Alto Networks could finalize a deal for the identity management software maker — its largest ever — as soon as this week,..

The post Palo Alto Networks In Talks to Acquire CyberArk for $20 Billion: Report appeared first on Security Boulevard.

For years, primarily driven by regulatory compliance mandates, such as the Sarbanes-Oxley Act of 2002, identity and access management has been treated as a regulatory compliance exercise, rather than the security exercise it should be — and simply checking off compliance requirements leaves many organizations with a dangerous and false sense of security. This is..

The post Mapping Mayhem: Security’s Blind Spots in Identity Security appeared first on Security Boulevard.

The current status of AppSec presents a significant challenge for many organizations in improving their application security.

The post Alert Fatigue and Talent Gaps Fuel AppSec Weaknesses appeared first on Security Boulevard.

For decades, network security followed a simple model: the castle and moat design philosophy. We built strong perimeters with firewalls and relied on Network Access Control (NAC) to act as a guardian, checking credentials at the door. Once inside, users and devices were assumed to be trusted. Today, the assumptions have all changed. Thanks to..

The post Nile Gives Your Campus Network More Than Just a Password appeared first on Security Boulevard.

Intruder this week made available an open-source tool that scans application programming interfaces (APIs) for broken authorization vulnerabilities.

The post Intruder Open Sources Tool for Testing API Security appeared first on Security Boulevard.

Christina Marie Chapman, an Arizona resident, was sentenced to 8.5 years in prison for her role in a wide-ranging North Korean IT worker scam that sent $17 million to the outlaw country. Chapman ran a laptop farm from her home, validated stolen U.S. identities for the scammers, and transferred money overseas to the bad actors.

The post U.S. Woman Sentenced to 8.5 Years for Role in North Korean Worker Scam appeared first on Security Boulevard.

Clorox is suing IT giant Cognizant, claiming their help desk handed over employee passwords to hackers — no phishing, no malware… just gave them away.

The post “Bleach Wasn’t Strong Enough: Clorox Sues Cognizant After Help Desk Allegedly Gave Away Passwords to Hackers” appeared first on Security Boulevard.

Chennai, India, 25th July 2025, CyberNewsWire

The post xonPlus Launches Real-Time Breach Alerting Platform for Enterprise Credential Exposure appeared first on Security Boulevard.

Clorox is suing Cognizant for $380 million, saying the IT services provider's service desk put in place to protect the multinational company from cyber risks in 2023 gave hackers password resets and other credentials when asked without verifying the identities of people making the requests.

The post Cognizant Agents Gave Hackers Passwords, Clorox Says in Lawsuit appeared first on Security Boulevard.