Security Boulevard

3 min readLegal AI solutions provider LexisNexis has confirmed a massive breach of its AWS environment  According to reports, initial access was gained by exploiting the “React2Shell” vulnerability in an unpatched React frontend application – a flaw the company had reportedly left unaddressed for months.  Among the details reportedly posted by the attacker is the claim that, […]

The post How a Single Overprivileged Service Turned the LexisNexis Breach Into a Keys-to-the-Kingdom Moment appeared first on Aembit.

The post How a Single Overprivileged Service Turned the LexisNexis Breach Into a Keys-to-the-Kingdom Moment appeared first on Security Boulevard.

Your SOC can't triage every alert — the math proves it. See why 75% of alerts go uninvestigated and how AI-autonomous triage closes the gap.

The post 6 Minutes and a Prayer: The Math Your SOC Doesn’t Want You to See appeared first on D3 Security.

The post 6 Minutes and a Prayer: The Math Your SOC Doesn’t Want You to See appeared first on Security Boulevard.

Session 14D: Autonomous Vehicles

Authors, Creators & Presenters: Ningfei Wang (University of California, Irvine), Shaoyuan Xie (University of California, Irvine), Takami Sato (University of California, Irvine), Yunpeng Luo (University of California, Irvine), Kaidi Xu (Drexel University), Qi Alfred Chen (University of California, Irvine)

PAPER
Revisiting Physical-World Adversarial Attack On Traffic Sign Recognition: A Commercial Systems Perspective

Traffic Sign Recognition (TSR) is crucial for safe and correct driving automation. Recent works revealed a general vulnerability of TSR models to physical-world adversarial attacks, which can be low-cost, highly deployable, and capable of causing severe attack effects such as hiding a critical traffic sign or spoofing a fake one. However, so far existing works generally only considered evaluating the attack effects on academic TSR models, leaving the impacts of such attacks on real-world commercial TSR systems largely unclear. In this paper, we conduct the first large-scale measurement of physical-world adversarial attacks against commercial TSR systems. Our testing results reveal that it is possible for existing attack works from academia to have highly reliable (100%) attack success against certain commercial TSR system functionality, but such attack capabilities are not generalizable, leading to much lower-than-expected attack success rates overall. We find that one potential major factor is a spatial memorization design that commonly exists in today's commercial TSR systems. We design new attack success metrics that can mathematically model the impacts of such design on the TSR system-level attack success, and use them to revisit existing attacks. Through these efforts, we uncover 7 novel observations, some of which directly challenge the observations or claims in prior works due to the introduction of the new metrics.

ABOUT NDSS
The Network and Distributed System Security Symposium (NDSS) fosters information exchange among researchers and practitioners of network and distributed system security. The target audience includes those interested in practical aspects of network and distributed system security, with a focus on actual system design and implementation. A major goal is to encourage and enable the Internet community to apply, deploy, and advance the state of available security technologies.

Our thanks to the Network and Distributed System Security (NDSS) Symposium for publishing their Creators, Authors and Presenter’s superb NDSS Symposium 2025 Conference content on the Organizations' YouTube Channel.

Permalink

The post NDSS 2025 – On The Realism Of LiDAR Spoofing Attacks Against Autonomous Driving Vehicle appeared first on Security Boulevard.

The software that moves money, processes trades, and manages accounts is among the most scrutinized code on earth. Yet even in highly regulated financial environments, a vulnerability persists that traditional perimeter security cannot address: the integrity of the code itself between development and deployment. Jamshir Qureshi, a Vice President at Mitsubishi UFJ Financial Group, USA,..

The post The Verification Imperative: How One Framework Is Reshaping Trust in Financial Code appeared first on Security Boulevard.

Shadow AI leaks data to uncontrolled external systems and spreads virally across organizations, requiring user training and compliant alternatives rather than prohibition. 

The post Shadow AI: When Everyone Becomes a Data Leak Waiting to Happen  appeared first on Security Boulevard.

This article was originally published in Cyber Defense Magazine on 02/09/26 by Charlie Sander. The Illuminate incident serves as a crucial reminder to edtech vendors of the potential backlash that can occur when privacy promises are not upheld In a recent complaint, the FTC addresses Illuminate Education’s need to strengthen its data security after a breach ...

The post Cyber Defense Magazine | A New Bell Rings For K-12 Cloud Security After the Illuminate Settlement appeared first on ManagedMethods Cybersecurity, Safety & Compliance for K-12.

The post Cyber Defense Magazine | A New Bell Rings For K-12 Cloud Security After the Illuminate Settlement appeared first on Security Boulevard.

Mar 04, 2026 - - Quick Facts: Shadow AI vs. Managed AIShadow AI is a visibility gap: It refers to any AI tool used by employees that the IT department doesn’t know about. Most companies have 10x more AI tools in use than they realize.Managed AI is a "Paved Path": It uses approved, secure versions of AI where the company not the AI provider owns the data.The biggest risk is data leakage: Shadow AI tools often "learn" from your data, meaning your company secrets could show up in someone else's chat results.Productivity is the driver: This is about getting work done, not breaking rules. Most employees aren't trying to cause trouble; they turn to these unapproved tools simply because they make their daily tasks faster and easier.FireTail bridges the gap: FireTail provides the "eyes" for the security team, identifying hidden AI and putting safety rails around it so businesses can innovate safely.For decades, IT teams have dealt with "Shadow IT." This happened when employees downloaded their own apps or used personal cloud storage because the official company tools were too slow.Today, we are seeing a much faster version of this problem: Shadow AI.As we move through 2026, the gap between companies that control their AI and those that are "hoping for the best" is widening. For a CISO (Chief Information Security Officer), understanding the difference between Shadow AI vs Managed AI is the first step toward securing the enterprise.What is Shadow AI?Shadow AI is any artificial intelligence tool used inside a company without the official "okay" from the IT or security team.Think about a junior analyst facing a tight 5:00 PM deadline to summarize a massive, 50-page legal contract. To save time, they might grab a "free AI PDF Reader" they found on Google, upload the file, and get a summary back in a heartbeat.The Hidden Breach: That "free" tool now has a copy of a confidential contract. Because it’s Shadow AI, the company has no contract with the tool provider. That provider might store the data on an unsecure server or use the text to train their next public model. The company's "secret sauce" is now part of the public internet's brain.What is Managed AI?Managed AI is an intentional strategy. It means the company has chosen specific AI tools, signed security agreements with the providers, and set up "guardrails" to watch what goes in and what comes out.In a Managed AI environment, that same analyst would use an enterprise-grade version of an LLM (Large Language Model). The security team has already checked this tool to ensure that:Data is private: The AI provider is legally blocked from using the company's data to train its models.Access is logged: The company knows who is using the tool and for what purpose.Safety is active: If the analyst tries to upload something they shouldn't (like a customer's credit card number), a security layer blocks it instantly.Why Employees Choose "Shadow" Over "Managed"To fix the problem, we have to understand why it happens. Employees don't wake up wanting to cause a data breach. They use Shadow AI because:Friction: The official company AI might be "too safe," making it slow or hard to use.Speed: It takes two minutes to sign up for a free AI tool and two months to get a tool approved by procurement.Education: Many workers don't realize that "talking" to an AI is the same as "publishing" data to a third party.For a CISO, the goal shouldn't be to "ban" AI. Banning AI just drives it further underground. The goal is to make Managed AI so easy and useful that employees no longer want to use Shadow AI.The 3 Biggest Unmanaged AI Risks for EnterprisesIf you allow Shadow AI to grow, you are opening three specific doors for trouble:1. The "Invisible" Data LeakTraditional security tools (like old firewalls) look for viruses. They don't always recognize a "prompt" as a data leak. If an engineer pastes 1,000 lines of proprietary code into a Shadow AI to find a bug, that code is now "leaked," even though no "hack" took place.2. The Liability TrapIf a Shadow AI chatbot gives a customer wrong advice or makes a promise that breaks the law, the company is still responsible. Without management, you have no way to "fact-check" what the AI is telling the world.3. Intellectual Property LossIf your team uses AI to design a new product or write a patent application on an unmanaged tool, your ownership of that idea could be legally challenged. If the AI "helped" write it on a public platform, who really owns the result?How to Move from Shadow AI to Managed AITransitioning your company doesn't have to be a painful process. It follows a simple three-step path:Step 1: Shadow AI Discovery and VisibilityIt’s impossible to secure a tool if you don’t even know it’s being used on your network. You need a technical way to scan your network and see which AI websites and APIs your employees are visiting.Step 2: Build a "Paved Path" for Your TeamPick a high-quality AI tool and make it available to everyone. If employees have an "official" version of ChatGPT or Claude that is easy to access, they will stop looking for "free" (and dangerous) alternatives.Step 3: Add a Security LayerManaged AI still needs a "security guard." This is a piece of software that sits between the user and the AI. It scans every message for "PII" (Personal Identifiable Information) or secrets and redacts them before the AI ever sees them.‍Mapping Shadow AI Risks to Industry FrameworksTo truly secure AI, CISOs must look beyond simple "usage" and look at specific attack vectors. This is where the OWASP Top 10 for LLM Applications and MITRE ATLAS become essential.Addressing the OWASP Top 10 for LLMsShadow AI is a breeding ground for vulnerabilities identified by OWASP. Without a managed framework, you are exposed to:LLM01: Prompt Injection: In Shadow AI, there is no filter to prevent users (or malicious inputs) from "tricking" the model into revealing backend secrets.LLM02: Sensitive Information Disclosure: This is the primary risk of Shadow AI. Without AI visibility, proprietary data, PII, and credentials are sent to third-party LLMs in plain text.LLM06: Excessive Agency: Unmanaged tools often "over-share" in their outputs. Managed AI allows you to filter these outputs before they reach the user.Utilizing the MITRE ATLAS FrameworkThe MITRE ATLAS (Adversarial Threat Landscape for Artificial-intelligence Systems) framework helps security teams understand how attackers target AI. Shadow AI creates massive gaps in the ATLAS matrix:Reconnaissance: Attackers can identify which unmanaged AI tools your employees use to craft targeted phishing or injection attacks.Exfiltration: Shadow AI provides a "clean" way for data to leave your network. Since the traffic looks like a standard HTTPS request to an AI site, traditional tools may miss the exfiltration of gigabytes of data.ML Model Corruption: If employees use unmanaged tools to build company models, those models could be "poisoned" by untrusted datasets.‍How FireTail Secures the AI JourneyThe difference between Shadow AI and Managed AI is often just a matter of having the right tools. FireTail was built to give CISOs the control they need without slowing down the business.We Find Hidden AI: FireTail automatically identifies every AI model and tool being used across your organization. We turn "Shadow" into "Visible."We Protect Your Data: Our platform sits "inline." This means we see a prompt, check it for sensitive data (like passwords or customer names), and block that data from leaving your network.We Stop Attacks: We look for "Prompt Injections" tricks where people try to "hack" the AI into giving up secrets and stop them instantly.We Make Audits Easy: If a regulator asks, "How are you securing AI?", FireTail provides the logs and proof that your AI is managed and safe.Moving to Managed AI isn't just about security; it's about giving your company the confidence to lead in the age of Artificial Intelligence.Is your company's "secret sauce" being used to train public AI?Don't stay in the dark. Get a FireTail Demo today and see how to bring your Shadow AI into a secure, managed environment.FAQs: Shadow AI vs. Managed AIWhat is the most common example of Shadow AI?The most common example is an employee using a personal ChatGPT account or a free online "AI writing assistant" to handle company documents. FireTail helps you find these tools and bring them under company control.Why is Shadow AI more dangerous than regular Shadow IT?Regular Shadow IT just stores data, but Shadow AI "learns" from it and can repeat it to other users. FireTail prevents this by blocking sensitive data before it reaches the AI's training bank.Can I just ban AI to solve the Shadow AI problem?Banning AI usually fails because employees will use it on their personal phones or home computers to get work done. FireTail provides a better way by making AI safe to use so you don't have to ban it.Does Managed AI protect me from legal issues?Managed AI helps significantly because it provides a "paper trail" of what the AI said and what data it used. FireTail adds an extra layer of protection by monitoring AI outputs for policy violations.How does FireTail discover Shadow AI?FireTail monitors your API traffic and network connections to identify calls to known AI providers. This gives you a real-time map of every AI tool being used in your company.What is "Prompt Redaction" in Managed AI?Prompt Redaction is the process of automatically "blacking out" sensitive info like names or API keys before they are sent to the AI. FireTail does this automatically, so your employees can use AI without accidentally leaking secrets.How fast can you switch from Shadow AI to a Managed system?If you use the right monitoring tools, you can usually spot your biggest security gaps in just a few days. FireTail helps speed this up by providing instant visibility into your current AI landscape.‍

The post Shadow AI vs Managed AI: What’s the Difference? – FireTail Blog appeared first on Security Boulevard.

Attackers have accelerated their use of automation and AI, increasing pressure on technicians already managing growing workloads. Hyperproductivity offers a path forward. People, processes and platforms work together to drive hyperproductivity. Instead of adding more tools or more people, MSPs can redesign their operations around automation, standardized workflows and unified platforms.

The post 3 pillars of hyperproductivity for MSPs appeared first on Security Boulevard.

Secure Authentication Architecture for Ecommerce and Retail Platforms

The post Secure Authentication Architecture for Ecommerce and Retail Platforms appeared first on Security Boulevard.

Retail platforms face rising identity-based attacks like credential stuffing and ATO. Learn how to secure authentication and protect customer accounts from fraud. Act now!

The post Retail Authentication Security: Preventing Credential Stuffing, Account Takeover, and Bot Attacks appeared first on Security Boulevard.

Explore how advancements in surveillance infrastructure and the democratization of intelligence have transformed espionage.

The post The Worm Turns – When the Hunter Becomes the Hunted Mass Surveillance and the Weaponization of the Data We Voluntarily Create appeared first on Security Boulevard.

Overview On February 11, 2026, NSFOCUS CERT monitored Microsoft’s release of its February security update patches, addressing 59 security issues across widely used products such as Windows, Azure, Microsoft Office, and Visual Studio Code. These vulnerabilities include privilege escalation, remote code execution, and other high-risk vulnerabilities. In this monthly update, 5 vulnerabilities are rated as […]

The post Microsoft’s February Security Update of High-Risk Vulnerability Notice for Multiple Products appeared first on NSFOCUS, Inc., a global network and cyber security leader, protects enterprises and carriers from advanced cyber attacks..

The post Microsoft’s February Security Update of High-Risk Vulnerability Notice for Multiple Products appeared first on Security Boulevard.

TL;DR Attackers sent a convincing DocuSign notification with a "Review & Sign" button that chained through Google Maps redirects to an Amazon S3-hosted credential harvesting page. The redirect chain defeated URL scanners, and real law-firm footers added legitimacy. IRONSCALES Adaptive AI flagged the behavioral mismatch between sender infrastructure and brand identity before the first click. Severity: High
Credential Harvesting
Brand Impersonation
MITRE: T1566.002
MITRE: T1598.003

The "Review & Sign" button looked exactly like every DocuSign notification you've ever received. Same blue branding, same layout, same urgency. But the button didn't point to DocuSign. It pointed to Google Maps > then to Amazon S3 > then to a credential harvesting page that looked close enough to a Microsoft login to fool anyone moving fast.

A Redirect Chain Built to Dodge Scanners

The email arrived at a mid-size financial services firm on a Monday morning, formatted as a forwarded legal document awaiting signature. The body included realistic law-firm footers, a bank reference, and multiple legitimate links — all designed to make the one malicious link blend in.

That malicious link: a maps[.]google[.]be redirect that resolved to a public S3 bucket hosting an HTML page at bucket-secure-cdn-cdn-media-static[.]s3[.]us-east-1[.]amazonaws[.]com/about[.]html. The page mimicked a Microsoft 365 login.

The redirect chain is the whole game here. URL scanners check the first domain, Google, and stop. The S3 destination isn't evaluated until someone clicks, and by then, the scanner has already marked it safe.

Attack Flow DocuSign Lure Email
→
Google Maps Redirect
→
Amazon S3 HTML Page
→
Credential Harvest

See Your Risk: Calculate how many threats like this your gateway is missing

Why the Gateway Gave It a Pass

Email authentication didn't help. SPF passed, the sending server was legitimately authorized by the envelope domain, a small Japanese web services company with no connection to DocuSign. No DKIM signature. DMARC returned a best-guess pass.

So the email arrived with clean authentication, a trusted redirect domain (Google), and a hosting provider (AWS) that no blocklist is going to flag broadly. The attacker's infrastructure looked legitimate at every checkpoint.

Check Result Why It Didn't Help SPF Pass ✓ Sending server was authorized - by the wrong domain DKIM None No signature to validate DMARC Best-guess Pass No DMARC record  - receiver inferred "pass" URL Scan Safe ✓ Only scanned first hop (Google domain)

IRONSCALES Adaptive AI caught what the static checks missed: the behavioral mismatch between the sender's domain infrastructure (a Japanese web hosting provider) and the claimed identity (DocuSign). Combined with community-reported patterns matching the same S3 bucket across three other organizations, the platform quarantined the message within 90 seconds of delivery, before any recipient clicked.

Your Takeaway

If your email security relies on URL reputation at the first hop, redirect-chain attacks will sail through. Ask your security team: does our scanning follow redirects to the final destination? If the answer is "sometimes" or "I'm not sure" - that's the gap attackers are counting on.

Get a Demo: See how IRONSCALES detects redirect-chain phishing in real time

 

 

The post The DocuSign Email That Wasn’t – A Three-Redirect Credential Harvest appeared first on Security Boulevard.

Learn how to implement post-quantum cryptographic agility for distributed AI inference and MCP servers. Protect AI infrastructure from quantum threats with modular security.

The post Post-Quantum Cryptographic Agility for Distributed AI Inference Architectures appeared first on Security Boulevard.

Executive Summary We identified a security weakness in n8n’s credential management layer that could have completely compromised the application’s security. This finding highlights the core risks of centralized authentication in workflow automation platforms. As n8n serves as the central hub connecting critical systems and orchestrating business processes across teams, any gap in credential handling can […]

The post N8N: Shared Credentials and Account Takeover appeared first on Blog.

The post N8N: Shared Credentials and Account Takeover appeared first on Security Boulevard.

How Do Non-Human Identities Influence AI Security? Have you ever wondered how the intricate dance between machine identities and cybersecurity shapes AI security? The advent of advanced AI systems has introduced an array of complex security challenges. Non-Human Identities (NHIs) have become paramount in securing these systems, especially when organizations shift to cloud-based environments. Understanding […]

The post How is AI security getting better over the years appeared first on Entro.

The post How is AI security getting better over the years appeared first on Security Boulevard.

Are Non-Human Identities the Key to Robust Cybersecurity? Safeguarding digital assets goes beyond securing human credentials. Increasingly, organizations are realizing the need to extend this protection to Non-Human Identities (NHIs), machine-driven identities integral to modern IT. These NHIs combine encrypted secrets—such as passwords, tokens, or keys—and the permissions they have on destination servers. Managed effectively, […]

The post Can advanced AI security solutions help you feel more relaxed appeared first on Entro.

The post Can advanced AI security solutions help you feel more relaxed appeared first on Security Boulevard.

Can Your Organization Truly Trust Machine Identities? Managing Non-Human Identities (NHIs) has become critical for organizations seeking to bolster cybersecurity measures, especially in cloud environments. These identities, representing machine-generated credentials, act as gatekeepers of sensitive data across various systems. But how independent can your AI operate securely without compromising these machine identities? The concept of […]

The post How independent can your AI operate securely appeared first on Entro.

The post How independent can your AI operate securely appeared first on Security Boulevard.

How Can Non-Human Identities Revolutionize AI Security? Have you ever considered the role machine identities play in AI security? Where artificial intelligence is becoming integral to numerous sectors, securing these non-human identities (NHIs) is critical. NHIs, essentially machine identities, form the backbone of AI security, representing encrypted passwords, tokens, or keys that act as unique […]

The post Can effective AI security make IT teams feel relieved appeared first on Entro.

The post Can effective AI security make IT teams feel relieved appeared first on Security Boulevard.

Geopolitical conflict rarely stays confined to physical battlefields. Increasingly, it spills into the digital domain. The latest escalation of tensions in the Middle East has prompted the UK’s National Cyber Security Centre (NCSC) to issue a warning to organisations to review their cyber security posture and prepare for possible cyber activity linked to Iran.

While the NCSC has stressed that there is currently no confirmed significant increase in direct cyber threats to the UK, it has warned that the situation is fast-moving and organisations should remain alert.

Rising Tensions and Cyber Spillover
The warning follows a sharp escalation in the regional conflict involving Iran, the United States and Israel. Military developments have been accompanied by cyber activity targeting digital infrastructure and online services in the region, highlighting how modern conflicts now run across both physical and digital fronts.

In response, the NCSC has advised UK organisations to review their cyber defences and ensure they are prepared for possible disruption. The agency noted that while the direct cyber threat level to the UK has not significantly changed, there is “almost certainly a heightened risk of indirect cyber threat” for organisations with operations, assets or supply chains in the Middle East.

This includes potential activity from Iranian state actors as well as Iran-aligned hacktivist groups.

Iran’s established Cyber Capabilities
Iran has long viewed cyber operations as a strategic tool that allows it to project influence asymmetrically against more technologically advanced adversaries. Over the past decade, Iranian cyber groups have targeted sectors such as energy, finance, transportation and government networks.

Previous campaigns linked to Iranian actors have included destructive malware operations, espionage campaigns and disruptive attacks against critical infrastructure. For example, the widely documented Operation Cleaver campaign targeted energy and transportation organisations globally.

Although Iranian cyber capabilities are generally considered less sophisticated than those of Russia or China, they have demonstrated a willingness to conduct disruptive and politically motivated attacks.

What the NCSC is advising Organisations to do

The NCSC’s guidance is not calling for panic, but it does emphasise the importance of cyber resilience during periods of geopolitical instability.
Organisations are advised to:

• Review their external attack surface and internet-exposed services
• Increase monitoring for suspicious activity
• Prepare for common threat tactics such as phishing and distributed denial-of-service (DDoS) attacks
• Ensure patching and vulnerability management processes are up to date
• Review incident response plans and escalation procedures

The NCSC has also encouraged organisations to sign up to its Early Warning service, which provides alerts about potential security issues affecting UK networks.

The Risk of Opportunistic Cyber Activity
One important point highlighted in the advisory is that not all cyber activity during geopolitical crises comes directly from state actors.

• Periods of international tension often attract:
• politically motivated hacktivists
• cybercriminal groups seeking to exploit confusion
• proxy actors aligned with nation-state interests

These groups may launch attacks intended to disrupt services, deface websites or leak stolen data for political impact.
A Reminder for Boards and Security Teams
Events like this are a reminder that cyber risk does not exist in isolation from geopolitical developments. Organisations operating globally, particularly those with supply chains or business interests in politically sensitive regions, must assume that digital infrastructure could become collateral damage during international conflicts.

For security teams, the key takeaway is not that a wave of attacks is imminent, but that situational awareness and operational readiness matter.
Cyber resilience is most effective when organisations treat security posture reviews as routine practice rather than emergency reactions.

Sources:
• National Cyber Security Centre alert: https://www.ncsc.gov.uk/news/ncsc-advises-uk-organisations-take-action-following-conflict-in-the-middle-east

The post NCSC Warns UK Organisations to Prepare for Potential Iran-Linked Cyber Activity appeared first on Security Boulevard.