Security Boulevard

The once popular Outlook add-in AgreeTo was turned into a powerful phishing kit after the developer abandoned the project.

The post Outlook add-in goes rogue and steals 4,000 credentials and payment data appeared first on Security Boulevard.

“Tenable’s asset and attack surface coverage, its application of AI and its reputation for vulnerability assessment makes it the front-runner in AI-powered exposure assessment,” Gartner writes in “AI Vendor Race: Tenable Is the Company to Beat for AI-Powered Exposure Assessment.”

Key Takeaways from Tenable:

1. This is the latest among a recent string of recognitions Tenable One has received from independent analyst firms for being one of the leading exposure management platforms.
2. Tenable One’s advanced and comprehensive use of AI allows it to automate complex attack path analysis, prioritization, and remediation workflows.
3. The new Tenable One AI Exposure enables organizations to discover, govern, and secure AI assets across hybrid environments within a single unified platform.

To protect today’s expanding attack surface, organizations need to adopt an exposure management platform that holistically and proactively secures all types of assets everywhere: cloud workloads, on-prem servers, operational technology (OT) systems, IoT devices, artificial intelligence tools, and more.

And in order to continuously detect, correlate, and analyze all of these assets’ exposures – including vulnerabilities, misconfigurations, identity flaws, and unprotected data – your exposure management platform must have robust AI capabilities.

That’s exactly how we’ve built the Tenable One exposure management platform. Today, we’re proud to share the latest recognition for Tenable One.

In its recent publication “AI Vendor Race: Tenable Is the Company to Beat for AI-Powered Exposure Management” (accessible to Gartner clients only), Gartner had this to say about Tenable’s standing in the exposure assessment platform (EAP) space:

“Tenable achieved its front-runner status in EAP by not only leveraging its long-standing dominance in vulnerability assessment but also combining its strong asset and attack surface discovery capabilities, support for third-party telemetry ingestion and AI. Tenable ingests asset and exposure data across the attack surface for cross-domain context beyond vulnerabilities and applies AI to enhance prioritization, analyze attack paths and enable greater automation.”

Gartner further wrote:

“Tenable One is a well-integrated platform that spans traditional IT, identity, cloud, cyber-physical systems (CPS) and container environments. Tenable’s expanded product suite, strengthened by a series of strategic acquisitions, distinguishes itself through extensibility across both traditional and nontraditional domains. This broad coverage delivers unmatched reach for onboarding and securing unmanaged assets, ensuring comprehensive visibility across the entire digital landscape.”

How Tenable One uses AI to supercharge exposure management

At Tenable, we believe that an AI-driven exposure management platform lets you preemptively and comprehensively discover, prioritize, and remediate your greatest cyber risks, protecting you against increasingly aggressive and sophisticated cyber attacks.

That’s why AI capabilities are part of the DNA of Tenable One, and we feel this is making it the one clear leader in exposure management and helping security teams to move from reactive firefighting to proactive risk management. Here’s a snapshot of just a few key ways in which Tenable One leverages AI to leave competitors in the rearview mirror:

• Illuminates attack paths: We use AI to contextualize threats and identify likely attack routes based on asset criticality, severity, business impact, and exploitation likelihood.
• Automates fixes: The platform also utilizes AI to drive workflow automation, identifying the correct asset owners, populating tailored remediation guidance, and even auto-creating tickets in third-party systems. It automates aspects of patch management entirely, handling deployment and post-patch verification.
• Sees the whole picture: By ingesting third-party telemetry and combining it with its own scanned data, Tenable One creates cross-domain context that fuels its AI capabilities, resulting in sharper prioritization and more comprehensive risk assessments.

In short, thanks to its extensive and sophisticated use of AI for cybersecurity, Tenable One provides a cohesive, integrated view of your entire hybrid environment and protects your sprawling and complex attack surface.

How Tenable One secures your AI assets

Tenable One uses AI for security to fuel your entire exposure management program, and that includes protecting the AI tools your organization uses to optimize your operations, including human resources, finance, sales, product development and marketing.

As organizations rush to leverage generative AI and autonomous agents, they often introduce significant vulnerabilities – ranging from shadow AI usage to misconfigured models – that bypass standard security controls. This lack of visibility creates dangerous blind spots, making the ability to accurately assess and prioritize AI-related exposures a top priority. 

At Tenable, we call this the AI exposure management gap. This gap, which traditional security tools are ill-equipped to handle, stems from the pervasive and often invisible nature of AI adoption, leading to three critical risks:

• Unknown footprint: Security teams often lack visibility into shadow AI, forgotten deployments and other AI assets that expand the attack surface beyond managed perimeters.
• Hidden attack paths: AI workloads create complex webs of interconnected apps, APIs, and identities. Misconfigurations and overprivileged access within these networks create high-impact attack vectors that standard tools cannot detect.
• Data exposure: Continuous interactions—such as prompts and uploads—can inadvertently leak sensitive intellectual property or customer data.

Ultimately, without proper guardrails and visibility, everyday AI usage transforms into a significant, unmanaged security liability.

Tenable believes that you must stop treating AI risk like a separate cybersecurity problem. That’s why we recently launched Tenable One AI Exposure, which gives you a unified view to see, secure, and manage AI-related exposures alongside IT, cloud, identity, and OT.

Tenable One AI Exposure is built on three pillars:

• Discovery of AI assets
• Protection of AI workloads and agents
• AI usage governance

With Tenable One AI Exposure, you get a complete, risk-aware view of where AI exists, how it is connected, and where exposure begins. By providing unified visibility, contextualized signals, clear exposure communication, and fast, actionable outcomes, Tenable One lets you embrace AI confidently. 

New to Tenable? Request a Tenable One AI Exposure demo today. Existing customer? Reach out to your account team to expand your Tenable One coverage to include AI Exposure.

Source: Gartner, AI Vendor Race: Tenable Is the Company to Beat for AI-Powered Exposure Management(Accessible to Gartner Subscribers), by Elizabeth Kim, et al, December 8, 2025 

Gartner is a trademark of Gartner, Inc. and/or its affiliates. Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.

The post Gartner® Names Tenable as the Current Company to Beat for AI-Powered Exposure Assessment in a 2025 Report appeared first on Security Boulevard.

Discover the best enterprise SSO providers for EdTech and Education SaaS in 2026, comparing security, scalability, compliance, and integrations.

The post Best Enterprise SSO Providers for EdTech/Education SaaS in 2026 appeared first on Security Boulevard.

Landmark trials now underway allege Meta failed to protect children from sexual exploitation, grooming, and addiction-driven design.

The post Child exploitation, grooming, and social media addiction claims put Meta on trial appeared first on Security Boulevard.

Apple issued security updates for all devices which include a patch for an actively exploited zero-day—tracked as CVE-2026-20700.

The post Apple patches zero-day flaw that could let attackers take control of devices appeared first on Security Boulevard.

More than 25 million individuals are now tied to the Conduent Business Services breach as investigations continue to expand its scope. In Canada, approximately 750,000 investors were affected in the CIRO data breach. During roughly the same period, 2,451 vulnerabilities specific to industrial control systems were disclosed by 152 vendors. The latest ColorTokens Threat Advisory […]

The post Healthcare Networks, Financial Regulators, and Industrial Systems on the Same Target List appeared first on ColorTokens.

The post Healthcare Networks, Financial Regulators, and Industrial Systems on the Same Target List appeared first on Security Boulevard.

SSL certificates are now expiring faster than avocados. Yes… avocados. You buy them green, blink twice, and suddenly they’re brown and useless. That’s exactly what’s happening to SSL/TLS certificates. Not long ago, certificates lasted years. Then the rules changed, and we got 13-month validity. And now? We’re heading into a world where certificates will liveRead More

The post 47‑Day SSL/TLS Mandates: A Step Towards Transitioning to Automation appeared first on EncryptedFence by Certera - Web & Cyber Security Blog.

The post 47‑Day SSL/TLS Mandates: A Step Towards Transitioning to Automation appeared first on Security Boulevard.

AI is revolutionizing cybersecurity, raising the stakes for CISOs who must balance innovation with risk management. As adversaries leverage AI to enhance attacks, effective cybersecurity requires visibility, adaptive strategies, and leadership alignment at the board level.

The post AI is Rewriting the Rules of Risk: Three Ways CISOs Can Lead the Next Chapter  appeared first on Security Boulevard.

The Nancy Guthrie case reveals data retention issues in cloud technology, as investigators recovered footage from a Google Nest camera that should have been deleted, emphasizing the need for stronger cybersecurity measures for IoT devices

The post The FBI Recovered “Deleted” Nest Cam Footage — Here’s Why Every CISO Should Panic appeared first on Security Boulevard.

Explore how passwordless authentication and eKYC simplify cross-border banking onboarding by enhancing security, compliance, and user experience.

The post The Significance of Passwordless Authentication and eKYC in Simplifying Cross-Border Banking Onboarding appeared first on Security Boulevard.

Signing code is a critical process for maintaining software integrity and developer trust. On a Windows-based system, Authenticode signing provides assurance after a program or driver has been posted that it has not been modified. Using Microsoft SignTool and a Key Storage Provider (KSP) service such as DigiCert® KeyLocker, executed software, DLLs, and installers can… Read More How to Sign Authenticode Files with SignTool using KSP Library?

The post How to Sign Authenticode Files with SignTool using KSP Library? appeared first on SignMyCode - Resources.

The post How to Sign Authenticode Files with SignTool using KSP Library? appeared first on Security Boulevard.

Darktrace researchers caught a sample of malware that was created by AI and LLMs to exploit the high-profiled React2Shell vulnerability, putting defenders on notice that the technology lets even lesser-skilled hackers create malicious code and build complex exploit frameworks.

The post Hackers Use LLM to Create React2Shell Malware, the Latest Example of AI-Generated Threat appeared first on Security Boulevard.

Are Organizations Equipped to Handle Agentic AI Security? Where artificial intelligence and machine learning have become integral parts of various industries, securing these advanced technologies is paramount. One crucial aspect that often gets overlooked is the management of Non-Human Identities (NHIs) and their associated secrets—a key factor in ensuring robust Agentic AI security and fitting […]

The post How to ensure Agentic AI security fits your budget appeared first on Entro.

The post How to ensure Agentic AI security fits your budget appeared first on Security Boulevard.

How Can Organizations Achieve Stability Through NHI Lifecycle Management? How can organizations secure their digital infrastructures effectively? Managing Non-Human Identities (NHIs) presents a formidable challenge, when they necessitate a nuanced approach that addresses every stage of their lifecycle. With technology advances, these machine identities become critical components in safeguarding sensitive data and maintaining robust cybersecurity […]

The post What elements ensure stability in NHI Lifecycle Management appeared first on Entro.

The post What elements ensure stability in NHI Lifecycle Management appeared first on Security Boulevard.

How Can Smart Algorithms Revolutionize Secrets Rotation Practices? How are professionals adapting to safeguard machine identities effectively? The advent of smart algorithms is transforming how organizations manage Secrets Rotation, a fundamental aspect of cybersecurity that encompasses the management of Non-Human Identities (NHIs) and their associated secrets. This transformation is reshaping industries, from finance and healthcare […]

The post How are smart algorithms transforming Secrets Rotation practices appeared first on Entro.

The post How are smart algorithms transforming Secrets Rotation practices appeared first on Security Boulevard.

Are Non-Human Identities the Key to Enhancing AI Security Technologies? Digital has become an intricate web of connections, powered not only by human users but also by a myriad of machine identities, commonly known as Non-Human Identities (NHIs). These mysterious yet vital components are rapidly becoming central to AI security technologies, sparking optimism among experts […]

The post Why are experts optimistic about future AI security technologies appeared first on Entro.

The post Why are experts optimistic about future AI security technologies appeared first on Security Boulevard.

Cloud adoption didn’t just change where workloads run. It fundamentally changed how security and compliance must be managed. Enterprises are moving faster than ever across AWS, Azure, GCP, and hybrid...

The post Cloud Security and Compliance: What It Is and Why It Matters for Your Business appeared first on Security Boulevard.

Over the last few weeks I published a post on the architectural and operational gaps that created the new wave of SIEM and AI SOC vendors. A bunch of people asked the same follow-up question: “Ok, but how do I evaluate vendors consistently without falling back into feature checklists and marketing claims?” So I turned […]

The post The SIEM Maturity Framework Workbook (v1.0): A Practical Scoring Tool for Security Analytics Platforms first appeared on Future of Tech and Security: Strategy & Innovation with Raffy.

The post The SIEM Maturity Framework Workbook (v1.0): A Practical Scoring Tool for Security Analytics Platforms appeared first on Security Boulevard.

Vishing as the Front Door to MFA Bypass

Threat reporting tied to ShinyHunters and Scattered Spider-linked activity shows voice phishing (vishing) being operationalized as a coordinated access vector against enterprise identity systems.

Rather than relying solely on email-based phishing, attackers now call employees directly, impersonating IT support, security teams, or identity administrators. These calls are not random — they are tightly coupled with live phishing infrastructure and identity workflows.

The goal is not to “steal a password”; it is to walk the victim through a legitimate authentication event while the attacker intercepts the outcome.

This is why legacy MFA continues to “work,” yet organizations are still getting breached.

The post How to Prevent Vishing Attacks Targeting Okta and other IDPs appeared first on Security Boulevard.

A global survey of 1,813 IT and cybersecurity professionals finds that despite the rise of artificial intelligence (AI) and automation, cybersecurity teams still spend on average 44% of their time on manual or repetitive work. Conducted by Sapio Research on behalf of Tines, a provider of an automation platform, the survey also notes that as..

The post Survey: Widespread Adoption of AI Hasn’t Yet Reduced Cybersecurity Burnout appeared first on Security Boulevard.