Security Boulevard

via the cosmic humor & dry-as-interstellar-space wit of Randall Munroe, creator of XKCD

Permalink

The post Randall Munroe’s XKCD ‘’Planetary Rings” appeared first on Security Boulevard.

Spektrum Labs is providing early access to a platform that enables cybersecurity and IT teams to mathematically prove they have achieved cyber resilience. Company CEO J.J. Thompson said the Spektrum Fusion platform makes use of cryptographic proofs to validate whether statements made about resilience are indeed true. The output from those mathematical algorithms provides the..

The post Spektrum Labs Previews Cryptographic Platform for Proving Cyber Resilience appeared first on Security Boulevard.

The enterprise migration to the cloud has created a security paradox. While digital transformation and multi-cloud architectures promise agility, they have also delivered unprecedented complexity. This complexity is the modern CISO’s greatest enemy. For every new cloud environment, SaaS application, or remote workforce, a new, siloed security tool has usually been procured. The result is..

The post Fortinet’s Fabric-Based Approach to Cloud Security appeared first on Security Boulevard.

Technical details The problem comes from weak authentication in two different CCX components. CVE-2025-20354 targets the Java RMI service. CCX exposes this service to accept remote data, but it does not properly check who is sending it. That means an attacker can upload a specially crafted file and run commands on the underlying operating system.…

The post Cisco Unified CCX Remote Code Execution Vulnerabilities (CVE-2025-20354, CVE-2025-20358) appeared first on Sentrium Security.

The post Cisco Unified CCX Remote Code Execution Vulnerabilities (CVE-2025-20354, CVE-2025-20358) appeared first on Security Boulevard.

In 2025, stolen credentials remain the most common and fastest path into an organization’s systems. Nearly half of breaches begin with compromised logins. The 2025 Verizon Data Breach Investigations Report puts it bluntly: “Hackers don’t break in anymore, they log in.” Web application attacks have followed suit, with 88% now using stolen credentials as the..

The post Stop Paying the Password Tax: A CFO’s Guide to Affordable Zero-Trust Access appeared first on Security Boulevard.

SESSION
Session 2B: Web Security

Authors, Creators & Presenters: Aleksei Stafeev (CISPA Helmholtz Center for Information Security), Tim Recktenwald (CISPA Helmholtz Center for Information Security), Gianluca De Stefano (CISPA Helmholtz Center for Information Security), Soheil Khodayari (CISPA Helmholtz Center for Information Security), Glancarlo Pellegrino (CISPA Helmholtz Center for Information Security)

PAPER
YuraScanner: Leveraging LLMs for Task-driven Web App Scanning
Web application scanners are popular and effective black-box testing tools, automating the detection of vulnerabilities by exploring and interacting with user interfaces. Despite their effectiveness, these scanners struggle with discovering deeper states in modern web applications due to their limited understanding of workflows. This study addresses this limitation by introducing YuraScanner, a task-driven web application scanner that leverages large-language models (LLMs) to autonomously execute tasks and workflows.
YuraScanner operates as a goal-based agent, suggesting actions to achieve predefined objectives by processing webpages to extract semantic information. Unlike traditional methods that rely on user-provided traces, YuraScanner uses LLMs to bridge the semantic gap, making it web application-agnostic. Using the XSS engine of Black Widow, YuraScanner tests discovered input points for vulnerabilities, enhancing the scanning process's comprehensiveness and accuracy.
We evaluated YuraScanner on 20 diverse web applications, focusing on task extraction, execution accuracy, and vulnerability detection. The results
demonstrate YuraScanner's superiority in discovering new attack surfaces and deeper states, significantly improving vulnerability detection. Notably,
YuraScanner identified 12 unique zero-day XSS vulnerabilities, compared to three by Black Widow. This study highlights YuraScanner's potential to
revolutionize web application scanning with its automated, task-driven approach.

Our thanks to the Network and Distributed System Security (NDSS) Symposium for publishing their Creators, Authors and Presenter’s superb NDSS Symposium 2025 Conference content on the organization’s’ YouTube channel.

Permalink

The post NDSS 2025 – YuraScanner: Leveraging LLMs For Task-driven Web App Scanning4+ appeared first on Security Boulevard.

Most cyber breaches begin quietly, with a simple mistake. A misconfigured cloud bucket, a phishing email that looks just real enough, or an employee who forgets to revoke access when leaving the company. The ColorTokens Threat Advisory team highlighted how these small cracks turn into serious breaches. There were insider threats in the financial sector, […]

The post Inside the Adversary’s Playbook: Credential Abuse, Cloud Intrusions, and Lateral Movement appeared first on ColorTokens.

The post Inside the Adversary’s Playbook: Credential Abuse, Cloud Intrusions, and Lateral Movement appeared first on Security Boulevard.

AI-Driven Security Threats: Moving Beyond the Hype Security does a great job of sensationalizing attacks. This trend was set from a perspective of awareness and edge cases which the industry deals with as attacks and realized perspectives. While this approach leads to discussions around AI-driven cybersecurity threats the risks are hard to comprehend but certain..

The post Securing the AI-Enabled Enterprise appeared first on Security Boulevard.

Next week our founder Simon Moffatt will be hosting two panels at the Future Identity Festival in London. The two day event hosted an array of stages focused on financial services and fraud, identity and access management and fintech solutions – with a broad array of sponsors and suppliers too. Simon will be hosting two […]

The post Meet us at Future Identity Festival London 2025 appeared first on The Cyber Hut.

The post Meet us at Future Identity Festival London 2025 appeared first on Security Boulevard.

Learn why Google expects AI to transform cyber defense and offense next year, and explore MITRE's major update to the ATT&CK knowledge base. We also cover a new McKinsey playbook for agentic AI security, along with the latest on Microsoft Exchange protection and the CIS Benchmarks.

Key takeaways

1. Google is forecasting that AI will kick off a new era for the cybersecurity world, as the use of AI tools becomes the new normal for both attackers and defenders.
    
2. A new version of the MITRE ATT&CK framework includes intel on threats against Kubernetes, CI/CD pipelines, and cloud databases – and more.
    
3. McKinsey advises orgs to treat agentic AI tools as privileged "digital insiders" and implement a three-phase security strategy to manage their unique cyber risks.

Here are five things you need to know for the week ending November 7.

1 - Google: In 2026, AI tools will become mainstream for cyber attackers and cyber defenders

By next year, AI tools won’t be novel. They’ll be standard issue for threat actors and for cyber teams, as the AI arms race irreversibly transforms the cybersecurity landscape.

That’s one of the main insights from Google’s “Cybersecurity Forecast 2026” report, published this week. “2026 will usher in a new era of AI and security, both for adversaries and defenders,” the report reads.

“While threat actors will leverage AI to escalate the speed, scope, and effectiveness of attacks, defenders will also harness AI agents to supercharge security operations and enhance analyst capabilities,” it adds.

In other words, get ready for a new level of sophistication and stealth across all type of attacks, including social engineering campaigns. For example, fraudsters will craft hyperrealistic vishing messages using AI-driven voice cloning to impersonate executives or IT staff.

In addition to using AI technology, attackers will also seek to compromise and leverage victims’ AI systems, particularly via prompt injection attacks, which tamper with an AI system to bypass its own security protocols. 
 

“We anticipate a rise in targeted attacks on enterprise AI systems in 2026, as attackers move from proof-of-concept exploits to large-scale data exfiltration and sabotage campaigns,” the report reads.

Hackers will also adopt agentic AI systems, which act autonomously, to automate and scale up attacks across the entire attack lifecycle. They’ll also hunt “shadow” agentic AI tools used by employees without their organizations’ knowledge, and compromise them to steal confidential business data. 

However, cyber defenders will also augment their use of AI. Google envisions the emergence of agentic SOCs where security analysts increasingly deploy AI agents to correlate data and summarize incidents.

This shift will require organizations to adopt a new "agentic identity management" framework so that the privileges, access and permissions granted to AI agents aren’t excessive and comply with least-privilege principles and with just-in-time access controls.

To meet the challenge, Google recommends that cybersecurity teams adopt proactive, multi-layered cyber defenses, beef up their AI governance, and continuously adapt their security tactics as threats evolve.

The report also covers trends in cybercrime and in nation-state cyber threats.

For more information about AI security, check out these Tenable Research blogs:

• “Frequently Asked Questions About DeepSeek Large Language Model (LLM)”
• “Frequently Asked Questions About Model Context Protocol (MCP) and Integrating with AI for Agentic Applications”
• “Frequently Asked Questions About Vibe Coding”
• “AI Security: Web Flaws Resurface in Rush to Use MCP Servers”
• “CVE-2025-54135, CVE-2025-54136: Frequently Asked Questions About Vulnerabilities in Cursor IDE (CurXecute and MCPoison)”

2 - MITRE ATT&CK update tackles Kubernetes security, CI/CD threats and more

MITRE has released the latest version of its widely used ATT&CK framework, adding and deepening coverage of threats against Kubernetes clusters, CI/CD pipelines, and cloud databases.

MITRE ATT&CK version 18 also has enhanced guidance for protecting software supply chains, cloud identities, and edge and virtualization systems.

Also new in this popular knowledge base of adversary tactics, techniques and procedures: A new approach for attack detections via a more structured, behavior-focused model. 

“We’ve spent the last six months focused on making ATT&CK more usable and actionable for defenders,” reads a MITRE blog about the framework’s update.
 

Here’s just a small sampling of new framework components:

• Technique 1059.013: Command and Scripting Interpreter: Container CLI/API addresses how attackers execute commands, pull images, spin up pods, and steal cloud credentials using the Docker command line interface (CLI), Kubernetes application programming interfaces (APIs), and container software development kits (SDKs).
• Technique 1677: Poisoned Pipeline Execution outlines how attackers poison CI/CD pipelines by altering configuration files, corrupting build scripts, and creating malicious pull requests that leak secrets and inject compromised components.
• Technique 1636.005: Protected User Data: Accounts details how adversaries collect account data from compromised mobile devices. For example, on Android, they abuse the AccountManager API to list accounts; while on iOS, they leverage Keychain services.
• Three new asset types expand ATT&CK’s industrial control system (ICS) equipment coverage:
  • Asset 0017: Distributed Control System (DCS) Controller, representing microprocessor units that manage large-scale, continuous industrial processes, and that operate within coordinated networks of controllers, software and operator stations.
  • Asset 0016: Firewall, representing gateways that enforce network access policies and that are critical in ICS environments for segmenting ICS from business networks, restricting ingress and egress, and defining security zones to limit attacker movement.
  • A0015: Switch, representing network devices that connect endpoints, including workstations, servers, human-machine interfaces (HMIs), and programmable logic controllers (PLCs), and forward traffic at the Open Systems Interconnection (OSI) Layer 2 or 3 using MAC or IP addresses. 

In addition, MITRE ATT&CK now also features information about multiple new threat groups, software tools, and campaigns.

To get more details, read:

• The blog “ATT&CK v18: The Detection Overhaul You’ve Been Waiting For”
• The changelog detailing what’s new in MITRE ATT&CK version 18
• The release notes for MITRE ATT&CK version 18

3 - McKinsey's playbook: Treat Agentic AI like a "digital insider"

Is your organization spinning up autonomous AI agents? Then it’s time for the IT and cybersecurity teams to learn how to mitigate their significant cyber risks.

To that end, McKinsey recently published a playbook for technology leaders tasked with securing agentic AI tools, stressing that, unlike other tools, these ones act as “digital insiders” operating with various degrees of privilege and authority.

“Just like their human counterparts, these digital insiders can cause harm unintentionally, through poor alignment, or deliberately if they become compromised,” reads the document titled “Deploying agentic AI with safety and security: A playbook for technology leaders.”

(Image created by Tenable using Google Gemini)

Unlike traditional systems, these AI agents can make decisions and interact with systems and other agents, creating novel vulnerabilities and new risk drivers, including: 

• Chained vulnerabilities, where a flaw in one agent cascades to others
• Cross-agent task escalation, where malicious agents exploit trust to gain unauthorized privileges
• Synthetic-identity risk, where adversaries impersonate agent identities
• Untraceable data leakage from autonomous agent-to-agent communication
• Data corruption propagation, where flawed data silently undermines decision-making across multiple agents

So how can technology and security leaders, including CIOs and CISOs, mitigate these severe risks? McKinsey recommends a three-phase playbook:

• Prior to deployment: Organizations must update their core AI policy, risk management frameworks, and governance structures to specifically address the risks of autonomous agents. This includes defining roles, access management, and accountability.
• Prior to launching a use case: Leaders must establish a central AI portfolio management system for oversight and ensure the organization has the necessary security skills and resources to manage agentic systems.
• During deployment: This phase requires implementing technical and procedural controls, including:
  • securing agent-to-agent communications
  • applying robust identity and access management (IAM) to agents
  • ensuring complete traceability by logging all agent actions and decisions for audits
  • creating contingency plans with sandbox environments to isolate agents that fail or behave unexpectedly

In short, McKinsey cautions against making agentic AI security an afterthought, and urges security and technology leaders to start assessing the current adoption of these tools in their organizations and begin planning how to secure them.

“The agentic workforce is inevitable. As more companies adopt AI agents, new challenges for maintaining the confidentiality and integrity of data and systems will arise,” the document reads.

For more information about AI security, check out these Tenable resources:

• “2025 Cloud AI Risk Report: Helping You Build More Secure AI Models in the Cloud” (on-demand webinar)
• “Cloud & AI Security at the Breaking Point — Understanding the Complexity Challenge” (solution overview)
• “Exposure Management in the realm of AI” (on-demand webinar)
• “Expert Advice for Boosting AI Security” (blog)
• “AI Is Your New Attack Surface” (on-demand webinar)

4 - Alert: Patch your on-prem Exchange servers now

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) and other global cyber agencies are sounding the alarm: Attackers are relentlessly hammering vulnerable on-prem Exchange servers.

If you're running them, stop what you're doing and check the new "Microsoft Exchange Server Security Best Practices" guide.

“Threat activity targeting Exchange continues to persist, and organizations with unprotected or misconfigured Exchange servers remain at high risk of compromise,” CISA said in a statement.
 

The document guide stresses the importance of keeping your servers updated and applying security patches immediately.

The guide also strongly advises organizations to migrate from “end of life” Exchange versions that Microsoft no longer supports nor provides security updates for. 

Other critical steps include ensuring the Emergency Mitigation (EM) service is enabled for automatic fixes; applying security baseline configurations; and using either built-in or third-party antivirus, anti-spam and anti-malware software.

Other key recommendations include:

• Leverage OAuth 2.0 and enable multi-factor authentication (MFA).
• Configure the Extended Protection (EP) feature to mitigate adversary-in-the-middle and authentication relay attacks.
• Restrict access to Exchange administrative environments, such as the Exchange Admin Center (EAC).

“This guidance empowers organizations to proactively mitigate threats, protect enterprise assets, and ensure the resilience of their operations,” Nick Andersen, Executive Assistant Director for the Cybersecurity Division at CISA, said in a statement.

For more information about securing Exchange, SharePoint and other Microsoft products, check out these Tenable resources:

• “CVE-2025-53786: Frequently Asked Questions About Microsoft Exchange Server Hybrid Deployment Elevation of Privilege Vulnerability”
• “Microsoft’s October 2025 Patch Tuesday Addresses 167 CVEs (CVE-2025-24990, CVE-2025-59230)”
• “Microsoft’s September 2025 Patch Tuesday Addresses 80 CVEs (CVE-2025-55234)”
• “CVE-2025-53770: Frequently Asked Questions About Zero-Day SharePoint Vulnerability Exploitation”
• “Service Accounts in Active Directory: These OG NHIs Could Be Your Weakest Link”

5 - CIS Benchmarks get a refresh

Time to harden your software configurations. The Center for Internet Security (CIS) just updated its gold-standard Benchmarks.

The following CIS Benchmarks were updated:

• CIS Google Android Benchmark v1.6.0, which now features updated guidance mirroring the Apple iOS Benchmark
• CIS Microsoft Windows Server 2016 Benchmark v4.0.0, which gained 13 new security settings
• CIS Oracle MySQL 8.0 Enterprise Edition Benchmark v1.5.0, which backports a recommendation for FIPS 140-2 Open_SSL Cryptography

In addition, CIS released these brand new Benchmarks:

• CIS FortiGate 7.4.x Benchmark v1.0.0
• CIS Sophos Firewall v21 Benchmark v1.0.0

Meanwhile, various Linux distributions now have Build Kits, which are tools that automate the CIS Benchmarks’ configuration process:

• CIS Alibaba Cloud Linux 3 Benchmark v2.0.0
• CIS AlmaLinux OS 8 Benchmark v4.0.0
• CIS Oracle Linux 8 Benchmark v4.0.0
• CIS Red Hat Enterprise Linux 8 Benchmark v4.0.0
• CIS Rocky Linux 8 Benchmark v3.0.0

Currently, CIS has 100-plus Benchmarks to harden the configurations of cloud platforms; databases; desktop and server software; mobile devices; operating systems; and more.

To get more details, read the CIS blog “CIS Benchmarks Monthly Update October 2025.” For more information about the CIS Benchmarks list, check out its home page and FAQ, as well as:

• “Getting to Know the CIS Benchmarks” (CIS)
• “Security Via Consensus: Developing the CIS Benchmarks” (Dark Reading)
• “How to Unlock the Security Benefits of the CIS Benchmarks” (Tenable)
• “CIS Benchmarks Communities: Where configurations meet consensus” (Help Net Security)
• “CIS Benchmarks: DevOps Guide to Hardening the Cloud” (DevOps)

The post Cybersecurity Snapshot: AI Will Take Center Stage in Cyber in 2026, Google Says, as MITRE Revamps ATT&CK Framework appeared first on Security Boulevard.

Anchore Enterprise 5.23 adds CycloneDX VEX and VDR support, completing our vulnerability communication capabilities for software publishers who need to share accurate vulnerability context with customers. With OpenVEX support shipped in 5.22 and CycloneDX added now, teams can choose the format that fits their supply chain ecosystem while maintaining consistent vulnerability annotations across both standards. […]

The post Anchore Enterprise 5.23: CycloneDX VEX and VDR Support appeared first on Anchore.

The post Anchore Enterprise 5.23: CycloneDX VEX and VDR Support appeared first on Security Boulevard.

Learn how unblocking AI tools enhances customer support speed, consistency, and reliability while maintaining strong security and compliance standards.

The post Elevating Customer Support with Smarter Access Solutions in an AI-Constrained World appeared first on Security Boulevard.

Discover how free VPNs enhance customer support speed, privacy, and trust by securing user connections and ensuring smooth, safe service interactions.

The post How Fast and Secure Customer Support Relies on Internet Privacy Tools appeared first on Security Boulevard.

Overview Recently, NSFOCUS CERT detected that JumpServer issued a security bulletin to fix the JumpServer connection token improper authentication vulnerability (CVE-2025-62712); Due to improper authentication of JumpServer’s /api/v1/authentication/super-connection-token/hyper-connected endpoint, attackers with low-privilege accounts can obtain the connection tokens of all system users and connect to managed assets as them, thereby achieving unauthorized access and privilege […]

The post JumpServer Connection Token Improper Authentication Vulnerability (CVE-2025-62712) Notice appeared first on NSFOCUS, Inc., a global network and cyber security leader, protects enterprises and carriers from advanced cyber attacks..

The post JumpServer Connection Token Improper Authentication Vulnerability (CVE-2025-62712) Notice appeared first on Security Boulevard.

Explore the idea of a single, secure digital identity for accessing all government services. Learn about the technical challenges, security, and user experience considerations.

The post The public’s one account for government services appeared first on Security Boulevard.

Discover passkeys, the next-generation authentication method replacing passwords. Learn how passkeys work, their security advantages, and how they're shaping software development.

The post What Are Passkeys and How Do They Work? appeared first on Security Boulevard.

The post Closing the Zero Trust Loop: ZTNA + CDR appeared first on Votiro.

The post Closing the Zero Trust Loop: ZTNA + CDR appeared first on Security Boulevard.

How Does Non-Human Identity Management Improve Cybersecurity? Have you ever wondered how managing identities that aren’t human can enhance the security of your organization? The notion of security extends beyond just safeguarding data from unauthorized human access. It encompasses protecting non-human identities (NHIs) that play a crucial role. The Essentials of Non-Human Identities in Cybersecurity […]

The post Getting Better Security: The Critical Role of NHIs appeared first on Entro.

The post Getting Better Security: The Critical Role of NHIs appeared first on Security Boulevard.

How Are Non-Human Identities Redefining Cybersecurity? How do organizations address the intricacies of managing Non-Human Identities (NHIs) to safeguard critical data? While digital becomes more complex, the necessity for robust NHI management grows. In this article, we explore the strategic importance of NHIs and how they offer unparalleled opportunities to enhance security frameworks across various […]

The post How NHIs Deliver Value in Securing Data Assets appeared first on Entro.

The post How NHIs Deliver Value in Securing Data Assets appeared first on Security Boulevard.

What is the Pivotal Role of Non-Human Identities in Cloud Security? How secure is your organization’s cloud infrastructure? It’s a crucial question while more businesses shift to cloud environments and face complex security challenges. One often-overlooked yet vital component of a comprehensive cybersecurity strategy involves the management of Non-Human Identities (NHIs). These machine identities, comprising […]

The post Optimistic About Cloud Security? You Need NHIs appeared first on Entro.

The post Optimistic About Cloud Security? You Need NHIs appeared first on Security Boulevard.