How can we describe the past year in cybersecurity? No doubt, AI was front and center in so many conversations, and now thereβs no going back. Hereβs why.
The post 2025: The Year Cybersecurity Crossed the AI Rubicon appeared first on Security Boulevard.
What is the LGPD (Brazil)? The Lei Geral de Proteção de Dados Pessoais (LGPD), or General Data Protection Law (Law No. 13.709/2018), is Brazilβs comprehensive data protection framework, inspired by the European Unionβs GDPR. It regulates the collection, use, storage, and sharing of personal data, applying to both public and private entities, regardless of industry, [β¦]
The post LGPD (Brazil) appeared first on Centraleyes.
The post LGPD (Brazil) appeared first on Security Boulevard.
Will the perception of security completely overturn with the exponential growth of AI in todayβs technology-driven world? As we approach 2026, attackers upgrading to AI cyberattacks is no longer a possibility but a known fact. Let us examine the emerging trends in AI-driven cyberattacks and see how businesses of all sizes can strengthen their defenses [β¦]
The post 2026 Will Be the Year of AI-based Cyberattacks β How Can Organizations Prepare? appeared first on Kratikal Blogs.
The post 2026 Will Be the Year of AI-based Cyberattacks β How Can Organizations Prepare? appeared first on Security Boulevard.
What Makes AI-Driven Security Solutions Crucial in Modern Cloud Environments? How can organizations navigate the complexities of cybersecurity to ensure robust protection, particularly when dealing with Non-Human Identities (NHIs) in cloud environments? The answer lies in leveraging AI-driven security solutions, offering remarkable freedom of choice and adaptability for cybersecurity professionals. Understanding Non-Human Identities: The Backbone [β¦]
The post Why are companies free to choose their own AI-driven security solutions? appeared first on Entro.
The post Why are companies free to choose their own AI-driven security solutions? appeared first on Security Boulevard.
How Are Non-Human Identities Transforming Cybersecurity Practices? Are you aware of the increasing importance of Non-Human Identities (NHIs)? Where organizations transition towards more automated and cloud-based environments, managing NHIs and secrets security becomes vital. These machine identities serve as the backbone for securing sensitive operations across industries like financial services, healthcare, and DevOps environments. Understanding [β¦]
The post Can Agentic AI provide solutions that make stakeholders feel assured? appeared first on Entro.
The post Can Agentic AI provide solutions that make stakeholders feel assured? appeared first on Security Boulevard.
How Can Organizations Enhance Their Cloud Security Through Non-Human Identities? Have you ever wondered about the unseen challenges within your cybersecurity framework? Managing Non-Human Identities (NHIs) and their associated secrets has emerged as a vital component in establishing a robust security posture. For organizations operating in the cloud, neglecting to secure machine identities can result [β¦]
The post How are secrets scanning technologies getting better? appeared first on Entro.
The post How are secrets scanning technologies getting better? appeared first on Security Boulevard.
What Are Non-Human Identities and Why Are They Essential for Cybersecurity? Have you ever pondered the complexity of cybersecurity beyond human interactions? Non-Human Identities (NHIs) are becoming a cornerstone in securing digital environments. With the guardians of machine identities, NHIs are pivotal in addressing the security gaps prevalent between research and development teams and security [β¦]
The post How does NHI support the implementation of least privilege? appeared first on Entro.
The post How does NHI support the implementation of least privilege? appeared first on Security Boulevard.
One thing is certain: every year, the cybersecurity threat environment will evolve. AI tools, advances in computing, the growth of high-powered data centers that can be weaponized, compromised IoT networks, and all of the traditional vectors grow and change. As such, the tools and frameworks we use to resist these attacks will also need to [β¦]
The post What New Changes Are Coming to FedRAMP in 2026? appeared first on Security Boulevard.
Session 5D: Side Channels 1
Authors, Creators & Presenters: Fabian Rauscher (Graz University of Technology), Carina Fiedler (Graz University of Technology), Andreas Kogler (Graz University of Technology), Daniel Gruss (Graz University of Technology)
PAPER
A Systematic Evaluation Of Novel And Existing Cache Side Channels
CPU caches are among the most widely studied side-channel targets, with Prime+Probe and Flush+Reload being the most prominent techniques. These generic cache attack techniques can leak cryptographic keys, user input, and are a building block of many microarchitectural attacks. In this paper, we present the first systematic evaluation using 9 characteristics of the 4 most relevant cache attacks, Flush+Reload, Flush+Flush, Evict+Reload, and Prime+Probe, as well as three new attacks that we introduce: Demote+Reload, Demote+Demote, and DemoteContention. We evaluate hit-miss margins, temporal precision, spatial precision, topological scope, attack time, blind spot length, channel capacity, noise resilience, and detectability on recent Intel microarchitectures. Demote+Reload and Demote+Demote perform similar to previous attacks and slightly better in some cases, e.g., Demote+Reload has a 60.7 % smaller blind spot than Flush+Reload. With 15.48 Mbit/s, Demote+Reload has a 64.3 % higher channel capacity than Flush+Reload. We also compare all attacks in an AES T-table attack and compare Demote+Reload and Flush+Reload in an inter-keystroke timing attack. Beyond the scope of the prior attack techniques, we demonstrate a KASLR break with Demote+Demote and the amplification of power side-channel leakage with Demote+Reload. Finally, Sapphire Rapids and Emerald Rapids CPUs use a non-inclusive L3 cache, effectively limiting eviction-based cross-core attacks, e.g., Prime+Probe and Evict+Reload, to rare cases where the victim's activity reaches the L3 cache. Hence, we show that in a cross-core attack, DemoteContention can be used as a reliable alternative to Prime+Probe and Evict+Reload that does not require reverse-engineering of addressing functions and cache replacement policy.
ABOUT NDSS
The Network and Distributed System Security Symposium (NDSS) fosters information exchange among researchers and practitioners of network and distributed system security. The target audience includes those interested in practical aspects of network and distributed system security, with a focus on actual system design and implementation. A major goal is to encourage and enable the Internet community to apply, deploy, and advance the state of available security technologies.
Our thanks to the Network and Distributed System Security (NDSS) Symposium for publishing their Creators, Authors and Presenterβs superb NDSS Symposium 2025 Conference content on the Organizations' YouTube Channel.
The post NDSS 2025 β A Systematic Evaluation Of Novel And Existing Cache Side Channels appeared first on Security Boulevard.
How Critical is Managing Non-Human Identities for Cloud Security? Are you familiar with the virtual tourists navigating your digital right now? These tourists, known as Non-Human Identities (NHIs), are machine identities pivotal in computer security, especially within cloud environments. These NHIs are akin to digital travelers carrying passports and visasβwhere the passport represents an encrypted [β¦]
The post How do secrets rotations drive innovations in security? appeared first on Entro.
The post How do secrets rotations drive innovations in security? appeared first on Security Boulevard.
Are Non-Human Identities Key to an Optimal Cybersecurity Budget? Have you ever pondered over the hidden costs of cybersecurity that might be draining your resources without your knowledge? Non-Human Identities (NHIs) and Secrets Security Management are essential components of a cost-effective cybersecurity strategy, especially when organizations increasingly operate in cloud environments. Understanding Non-Human Identities (NHIs) [β¦]
The post How can effective NHIs fit your cybersecurity budget? appeared first on Entro.
The post How can effective NHIs fit your cybersecurity budget? appeared first on Security Boulevard.
Are Non-Human Identities the Key to Strengthening Agentic AI Security? Where increasingly dominated by Agentic AI, organizations are pivoting toward more advanced security paradigms to protect their digital. Non-Human Identities (NHI) and Secrets Security Management have emerged with pivotal elements to fortify this quest for heightened cybersecurity. But why should this trend be generating excitement [β¦]
The post What aspects of Agentic AI security should get you excited? appeared first on Entro.
The post What aspects of Agentic AI security should get you excited? appeared first on Security Boulevard.
How Can Organizations Safeguard Non-Human Identities in the Cloud? Are your organizationβs machine identities as secure as they should be? With digital evolves, the protection of Non-Human Identities (NHIs) becomes crucial for maintaining robust cybersecurity postures. NHIs represent machine identities like encrypted passwords, tokens, and keys, which are pivotal in ensuring effective cloud security control. [β¦]
The post What are the best practices for ensuring NHIs are protected? appeared first on Entro.
The post What are the best practices for ensuring NHIs are protected? appeared first on Security Boulevard.
Turn XDR volume into revenue. Morpheus investigates 100% of alerts and triages 95% in under 2 minutes, letting MSSPs scale without adding headcount.
The post The Autonomous MSSP: How to Turn XDR Volume into a Competitive Advantage appeared first on D3 Security.
The post The Autonomous MSSP: How to Turn XDR Volume into a Competitive Advantage appeared first on Security Boulevard.
I have no context for this videoβitβs from Redditβbut one of the commenters adds some context:
Hey everyone, squid biologist here! Wanted to add some stuff you might find interesting.
With so many people carrying around cameras, weβre getting more videos of giant squid at the surface than in previous decades. Weβre also starting to notice a pattern, that around this time of year (peaking in January) we see a bunch of giant squid around Japan. We donβt know why this is happening. Maybe they gather around there to mate or something? who knows! but since so many people have cameras, those one-off monster-story encounters are now caught on video, like this one (which, btw, rips. This squid looks so healthy, itβs awesome)...
The post Friday Squid Blogging: Giant Squid Eating a Diamondback Squid appeared first on Security Boulevard.
Session 5D: Side Channels 1
Authors, Creators & Presenters: Lukas Maar (Graz University of Technology), Jonas Juffinger (Graz University of Technology), Thomas Steinbauer (Graz University of Technology), Daniel Gruss (Graz University of Technology), Stefan Mangard (Graz University of Technology)
PAPER
KernelSnitch: Side Channel-Attacks On Kernel Data Structures
The sharing of hardware elements, such as caches, is known to introduce microarchitectural side-channel leakage. One approach to eliminate this leakage is to not share hardware elements across security domains. However, even under the assumption of leakage-free hardware, it is unclear whether other critical system components, like the operating system, introduce software-caused side-channel leakage. In this paper, we present a novel generic software side-channel attack, KernelSnitch, targeting kernel data structures such as hash tables and trees. These structures are commonly used to store both kernel and user information, e.g., metadata for userspace locks. KernelSnitch exploits that these data structures are variable in size, ranging from an empty state to a theoretically arbitrary amount of elements. Accessing these structures requires a variable amount of time depending on the number of elements, i.e., the occupancy level. This variance constitutes a timing side channel, observable from user space by an unprivileged, isolated attacker. While the timing differences are very low compared to the syscall runtime, we demonstrate and evaluate methods to amplify these timing differences reliably. In three case studies, we show that KernelSnitch allows unprivileged and isolated attackers to leak sensitive information from the kernel and activities in other processes. First, we demonstrate covert channels with transmission rates up to 580 kbit/s. Second, we perform a kernel heap pointer leak in less than 65 s by exploiting the specific indexing that Linux is using in hash tables. Third, we demonstrate a website fingerprinting attack, achieving an F1 score of more than 89 %, showing that activity in other user programs can be observed using KernelSnitch. Finally, we discuss mitigations for our hardware-agnostic attacks.
ABOUT NDSS
The Network and Distributed System Security Symposium (NDSS) fosters information exchange among researchers and practitioners of network and distributed system security. The target audience includes those interested in practical aspects of network and distributed system security, with a focus on actual system design and implementation. A major goal is to encourage and enable the Internet community to apply, deploy, and advance the state of available security technologies.
Our thanks to the Network and Distributed System Security (NDSS) Symposium for publishing their Creators, Authors and Presenterβs superb NDSS Symposium 2025 Conference content on the Organizations' YouTube Channel.
The post NDSS 2025 β KernelSnitch: Side Channel-Attacks On Kernel Data Structures appeared first on Security Boulevard.
Regulators made their move in 2025.
Disclosure deadlines arrived. AI rules took shape. Liability rose up the chain of command. But for security teams on the ground, the distance between policy and practice only grew wider.
Part two of a β¦ (moreβ¦)
The post LW ROUNDTABLE Part 2: Mandates surge, guardrails lag β intel from the messy middle first appeared on The Last Watchdog.
The post LW ROUNDTABLE Part 2: Mandates surge, guardrails lag β intel from the messy middle appeared first on Security Boulevard.
MCP is transforming AI agent connectivity, but authentication is the critical gap. Learn about Shadow IT risks, enterprise requirements, and solutions.
The post What Tech Leaders Need to Know About MCP Authentication in 2025 appeared first on Security Boulevard.
In a nod to the evolving threat landscape that comes with cloud computing and AI and the growing supply chain threats, Microsoft is broadening its bug bounty program to reward researchers who uncover threats to its users that come from third-party code, like commercial and open source software,
The post Microsoft Expands its Bug Bounty Program to Include Third-Party Code appeared first on Security Boulevard.
Israeli cybersecurity firms raised $4.4B in 2025 as funding rounds jumped 46%. Record seed and Series A activity signals a maturing, globally dominant cyber ecosystem.
The post Funding of Israeli Cybersecurity Soars to Record LevelsΒ appeared first on Security Boulevard.
OpenAI warns that frontier AI models could escalate cyber threats, including zero-day exploits. Defense-in-depth, monitoring, and AI security by design are now essential.
The post As Capabilities Advance Quickly OpenAI Warns of High Cybersecurity Risk of Future AI ModelsΒ Β appeared first on Security Boulevard.
CVE-2025-55183, CVE-2025-55184, and CVE-2025-67779 require immediate attention
The post Three New React Vulnerabilities Surface on the Heels of React2Shell appeared first on Security Boulevard.
The NCSC warns prompt injection is fundamentally different from SQL injection. Organizations must shift from prevention to impact reduction and defense-in-depth for LLM security.
The post Prompt Injection Canβt Be Fully Mitigated, NCSC Says Reduce Impact InsteadΒ appeared first on Security Boulevard.
To transform cyber risk into economic advantage,Β leaders must treat cyber as a board-level business riskΒ andΒ rehearse cross-border incidents with partnersΒ toΒ build trust.Β
The post Cyber Risk is Business Risk: Embedding Resilience into Corporate StrategyΒ appeared first on Security Boulevard.
As they work to fend off the rapidly expanding number of attempts by threat actors to exploit the dangerous React2Shell vulnerability, security teams are learning of two new flaws in React Server Components that could lead to denial-of-service attacks or the exposure of source code.
The post React Fixes Two New RSC Flaws as Security Teams Deal with React2Shell appeared first on Security Boulevard.
The promise of personal AI assistants rests on a dangerous assumption: that we can trust systems we havenβt made trustworthy. We canβt. And todayβs versions are failing us in predictable ways: pushing us to do things against our own best interests, gaslighting us with doubt about things we are or that we know, and being unable to distinguish between who we are and who we have been. They struggle with incomplete, inaccurate, and partial context: with no standard way to move toward accuracy, no mechanism to correct sources of error, and no accountability when wrong information leads to bad decisions...
The post Building Trustworthy AI Agents appeared first on Security Boulevard.
For years, compliance has been one of the most resource-intensive responsibilities for cybersecurity teams. Despite growing investments in tools, the day-to-day reality of compliance is still dominated by manual, duplicative tasks. Teams chase down screenshots, review spreadsheets, and cross-check logs, often spending weeks gathering information before an assessment or audit.
The post 3 Compliance Processes to Automate in 2026 appeared first on Security Boulevard.
Understand what PII is, why email puts it at risk, and how your business can strengthen security to better protect sensitive information.
The post PII in email: Explanation, risks, & protection appeared first on Security Boulevard.
Discover how AI strengthens cybersecurity by detecting anomalies, stopping zero-day and fileless attacks, and enhancing human analysts through automation.
The post AI Threat Detection: How Machines Spot What Humans Miss appeared first on Security Boulevard.
Security incidents donβt fail because of a lack of tools; they fail because of a lack of insight. In an environment where every minute of downtime equals revenue loss, customer impact, and regulatory risk, root cause analysis has become a decisive factor in how effectively organizations execute incident response and stabilize operations. The difference between [β¦]
The post How Root Cause Analysis Improves Incident Response and Reduces Downtime? appeared first on Kratikal Blogs.
The post How Root Cause Analysis Improves Incident Response and Reduces Downtime? appeared first on Security Boulevard.
As the clock ticks down to the full enforcement of Hong Kongβs Protection of Critical Infrastructures (Computer Systems) Ordinance on January 1, 2026, designated operators of Critical Infrastructures (CI) and Critical Computer Systems (CCS) must act decisively. This landmark law mandates robust cybersecurity measures for Critical Computer Systems (CCS) to prevent disruptions, with non-compliance risking [β¦]
The post Hong Kongβs New Critical Infrastructure Ordinance will be effective by 1 January 2026 β What CIOs Need to Know appeared first on NSFOCUS, Inc., a global network and cyber security leader, protects enterprises and carriers from advanced cyber attacks..
The post Hong Kongβs New Critical Infrastructure Ordinance will be effective by 1 January 2026 β What CIOs Need to Know appeared first on Security Boulevard.
Discover the latest changes in online account management, focusing on Enterprise SSO, CIAM, and enhanced security. Learn how these updates streamline login processes and improve user experience.
The post Learn about changes to your online account management appeared first on Security Boulevard.
Explore behavioral analysis techniques for securing AI models against post-quantum threats. Learn how to identify anomalies and protect your AI infrastructure with quantum-resistant cryptography.
The post Behavioral Analysis of AI Models Under Post-Quantum Threat Scenarios. appeared first on Security Boulevard.
Explore if facial recognition meets the criteria to be classified as a passkey. Understand the security, usability, and standards implications for passwordless authentication.
The post Is Facial Recognition Classified as a Passkey? appeared first on Security Boulevard.
CARY, N.C., Dec. 11, 2025, CyberNewswire β With 90% of organizations facing critical skills gaps (ISC2) and AI reshaping job roles across cybersecurity, cloud, and IT operations, enterprises are rapidly reallocating L&D budgets toward hands-on training that delivers measurable, real-world β¦ (moreβ¦)
The post News alert: INE sees surge in Q4 budget shifts as enterprises embrace hands-on training for AI roles first appeared on The Last Watchdog.
The post News alert: INE sees surge in Q4 budget shifts as enterprises embrace hands-on training for AI roles appeared first on Security Boulevard.
How Does NHIDR Influence Your Cybersecurity Strategy? What role do Non-Human Identity and Secrets Security Management (NHIDR) play in safeguarding your organizationβs digital assets? The management of NHIsβmachine identities created through encrypted passwords, tokens, and keysβhas become pivotal. For organizations operating in the cloud, leveraging NHIDR can significantly enhance security frameworks by addressing the often-overlooked [β¦]
The post How does staying ahead with NHIDR impact your business? appeared first on Entro.
The post How does staying ahead with NHIDR impact your business? appeared first on Security Boulevard.
Are You Managing Non-Human Identities Effectively in Your Cloud Environment? One question that often lingers in professionals is whether their current strategies for managing Non-Human Identities (NHIs) provide adequate security. These NHIs are crucial machine identities that consist of secretsβencrypted passwords, tokens, or keysβand the permissions granted to them by destination servers. When organizations increasingly [β¦]
The post How can cloud compliance make you feel relieved? appeared first on Entro.
The post How can cloud compliance make you feel relieved? appeared first on Security Boulevard.
How Secure Are Your Non-Human Identities? Are your cybersecurity needs truly satisfied by your current approach to Non-Human Identities (NHIs) and Secrets Security Management? With more organizations migrate to cloud platforms, the challenge of securing machine identities is more significant than ever. NHIs, or machine identities, are pivotal in safeguarding sensitive data and ensuring seamless [β¦]
The post Are your cybersecurity needs satisfied with current NHIs? appeared first on Entro.
The post Are your cybersecurity needs satisfied with current NHIs? appeared first on Security Boulevard.
How Can Organizations Securely Manage Non-Human Identities in Cloud Environments? Have you ever wondered how the rapid growth in machine identities impacts data security across various industries? With technology continues to advance, the proliferation of Non-Human Identities (NHIs) challenges even the most seasoned IT professionals. These machine identities have become an integral part of our [β¦]
The post Can secrets vaulting bring calm to your data security panic? appeared first on Entro.
The post Can secrets vaulting bring calm to your data security panic? appeared first on Security Boulevard.
Continuously improve your SOC through the analysis of security metrics.Β Introduction Metrics are quantifiable measures and assessment results. They empower organizations to describe and measure controls and processes, and make rational decisions driven by data for improved performance. They provide knowledge regarding how well an organization is performing and can help uncover insufficient performance [...]
The post Utilizing Metrics for a Healthy SOC appeared first on Hurricane Labs.
The post Utilizing Metrics for a Healthy SOC appeared first on Security Boulevard.
Session 5C: Federated Learning 1
Authors, Creators & Presenters: Duanyi Yao (Hong Kong University of Science and Technology), Songze Li (Southeast University), Xueluan Gong (Wuhan University), Sizai Hou (Hong Kong University of Science and Technology), Gaoning Pan (Hangzhou Dianzi University)
PAPER
URVFL: Undetectable Data Reconstruction Attack on Vertical Federated Learning
Vertical Federated Learning (VFL) is a collaborative learning paradigm designed for scenarios where multiple clients share disjoint features of the same set of data samples. Albeit a wide range of applications, VFL is faced with privacy leakage from data reconstruction attacks. These attacks generally fall into two categories: honest-but-curious (HBC), where adversaries steal data while adhering to the protocol; and malicious attacks, where adversaries breach the training protocol for significant data leakage. While most research has focused on HBC scenarios, the exploration of malicious attacks remains limited. Launching effective malicious attacks in VFL presents unique challenges: 1) Firstly, given the distributed nature of clients' data features and models, each client rigorously guards its privacy and prohibits direct querying, complicating any attempts to steal data; 2) Existing malicious attacks alter the underlying VFL training task, and are hence easily detected by comparing the received gradients with the ones received in honest training. To overcome these challenges, we develop URVFL, a novel attack strategy that evades current detection mechanisms. The key idea is to integrate a discriminator with auxiliary classifier that takes a full advantage of the label information and generates malicious gradients to the victim clients: on one hand, label information helps to better characterize embeddings of samples from distinct classes, yielding an improved reconstruction performance; on the other hand, computing malicious gradients with label information better mimics the honest training, making the malicious gradients indistinguishable from the honest ones, and the attack much more stealthy. Our comprehensive experiments demonstrate that URVFL significantly outperforms existing attacks, and successfully circumvents SOTA detection methods for malicious attacks. Additional ablation studies and evaluations on defenses further underscore the robustness and effectiveness of URVFL
ABOUT NDSS
The Network and Distributed System Security Symposium (NDSS) fosters information exchange among researchers and practitioners of network and distributed system security. The target audience includes those interested in practical aspects of network and distributed system security, with a focus on actual system design and implementation. A major goal is to encourage and enable the Internet community to apply, deploy, and advance the state of available security technologies.
Our thanks to the Network and Distributed System Security (NDSS) Symposium for publishing their Creators, Authors and Presenterβs superb NDSS Symposium 2025 Conference content on the Organizations' YouTube Channel.
The post NDSS 2025 β URVFL: Undetectable Data Reconstruction Attack On Vertical Federated Learning appeared first on Security Boulevard.
The convergence of physical and digital security is driving a shift toward software-driven, open-architecture edge computing. Access control has typically been treated as a physical domain problem β managing who can open which doors, using specialized systems largely isolated from broader enterprise IT. However, the boundary between physical and digital security is increasingly blurring. With..
The post Rethinking Security as Access Control Moves to the Edge appeared first on Security Boulevard.
OT oversight is an expensive industrial paradox. Itβs hard to believe that an area can be simultaneously underappreciated, underfunded, and under increasing attack. And yet, with ransomware hackers knowing that downtime equals disaster and companies not monitoring in kind, this is an open and glaring hole across many ecosystems. Even a glance at the numbers..
The post Hacks Up, Budgets Down: OT Oversight Must Be An IT Priority appeared first on Security Boulevard.
Modern internet users navigate an increasingly fragmented digital ecosystem dominated by countless applications, services, brands and platforms. Engaging with online offerings often requires selecting and remembering passwords or taking other steps to verify and protect oneβs identity. However, following best practices has become incredibly challenging due to various factors. Identifying Digital Identity Management Problems in..
The post Identity Management in the Fragmented Digital Ecosystem: Challenges and Frameworks appeared first on Security Boulevard.
Bad actors that include nation-state groups to financially-motivated cybercriminals from across the globe are targeting the maximum-severity but easily exploitable React2Shell flaw, with threat researchers see everything from probes and backdoors to botnets and cryptominers.
The post Attackers Worldwide are Zeroing In on React2Shell Vulnerability appeared first on Security Boulevard.
I have long maintained that smart contracts are a dumb idea: that a human process is actually a security feature.
Hereβs some interesting research on training AIs to automatically exploit smart contracts:
AI models are increasingly good at cyber tasks, as weβve written about before. But what is the economic impact of these capabilities? In a recent MATS and Anthropic Fellows project, our scholars investigated this question by evaluating AI agentsβ ability to exploit smart contracts on Smart CONtracts Exploitation benchmark (SCONE-bench)Βa new benchmark they built comprising 405 contracts that were actually exploited between 2020 and 2025. On contracts exploited after the latest knowledge cutoffs (June 2025 for Opus 4.5 and March 2025 for other models), Claude Opus 4.5, Claude Sonnet 4.5, and GPT-5 developed exploits collectively worth $4.6 million, establishing a concrete lower bound for the economic harm these capabilities could enable. Going beyond retrospective analysis, we evaluated both Sonnet 4.5 and GPT-5 in simulation against 2,849 recently deployed contracts without any known vulnerabilities. Both agents uncovered two novel zero-day vulnerabilities and produced exploits worth $3,694, with GPT-5 doing so at an API cost of $3,476. This demonstrates as a proof-of-concept that profitable, real-world autonomous exploitation is technically feasible, a finding that underscores the need for proactive adoption of AI for defense...
The post AIs Exploiting Smart Contracts appeared first on Security Boulevard.
Guided Redaction blends AI automation with human judgment to help teams finalize sensitive document redactions faster, more accurately, and with full auditability.
The post Guided redaction in Tonic Textual: Human-precision, streamlined by AI appeared first on Security Boulevard.
Session 5C: Federated Learning 1
Authors, Creators & Presenters: Dzung Pham (University of Massachusetts Amherst), Shreyas Kulkarni (University of Massachusetts Amherst), Amir Houmansadr (University of Massachusetts Amherst)
PAPER
RAIFLE: Reconstruction Attacks on Interaction-based Federated Learning with Adversarial Data Manipulation
Federated learning has emerged as a promising privacy-preserving solution for machine learning domains that rely on user interactions, particularly recommender systems and online learning to rank. While there has been substantial research on the privacy of traditional federated learning, little attention has been paid to the privacy properties of these interaction-based settings. In this work, we show that users face an elevated risk of having their private interactions reconstructed by the central server when the server can control the training features of the items that users interact with. We introduce RAIFLE, a novel optimization-based attack framework where the server actively manipulates the features of the items presented to users to increase the success rate of reconstruction. Our experiments with federated recommendation and online learning-to-rank scenarios demonstrate that RAIFLE is significantly more powerful than existing reconstruction attacks like gradient inversion, achieving high performance consistently in most settings. We discuss the pros and cons of several possible countermeasures to defend against RAIFLE in the context of interaction-based federated learning. Our code is open-sourced at https://github.com/dzungvpham/raifle
______________
ABOUT NDSS
The Network and Distributed System Security Symposium (NDSS) fosters information exchange among researchers and practitioners of network and distributed system security. The target audience includes those interested in practical aspects of network and distributed system security, with a focus on actual system design and implementation. A major goal is to encourage and enable the Internet community to apply, deploy, and advance the state of available security technologies.
Our thanks to the Network and Distributed System Security (NDSS) Symposium for publishing their Creators, Authors and Presenterβs superb NDSS Symposium 2025 Conference content on the Organizations' YouTube Channel.
The post NDSS 2025 β RAIFLE: Reconstruction Attacks On Interaction-Based Federated Learning appeared first on Security Boulevard.
The post AI for Tier 1 SOC: NIST-Aligned Incident Response appeared first on AI Security Automation.
The post AI for Tier 1 SOC: NIST-Aligned Incident Response appeared first on Security Boulevard.
Login