Cary, North Carolina, USA, 18th December 2025, CyberNewsWire

The post INE Security Expands Across Middle East and Asia to Accelerate Cybersecurity Upskilling appeared first on Security Boulevard.

Session 6C: Sensor Attacks

Authors, Creators & Presenters: Zizhi Jin (Zhejiang University), Qinhong Jiang (Zhejiang University), Xuancun Lu (Zhejiang University), Chen Yan (Zhejiang University), Xiaoyu Ji (Zhejiang University), Wenyuan Xu (Zhejiang University)

PAPER
PhantomLiDAR: Cross-Modality Signal Injection Attacks Against LiDAR

LiDAR is a pivotal sensor for autonomous driving, offering precise 3D spatial information. Previous signal attacks against LiDAR systems mainly exploit laser signals. In this paper, we investigate the possibility of cross-modality signal injection attacks, i.e., injecting intentional electromagnetic interference (IEMI) to manipulate LiDAR output. Our insight is that the internal modules of a LiDAR, i.e., the laser receiving circuit, the monitoring sensors, and the beam-steering modules, even with strict electromagnetic compatibility (EMC) testing, can still couple with the IEMI attack signals and result in the malfunction of LiDAR systems. Based on the above attack surfaces, we propose the alias attack, which manipulates LiDAR output in terms of Points Interference, Points Injection, Points Removal, and even LiDAR Power-Off. We evaluate and demonstrate the effectiveness of alias with both simulated and real-world experiments on five COTS LiDAR systems. We also conduct feasibility experiments in real-world moving scenarios. We provide potential defense measures that can be implemented at both the sensor level and the vehicle system level to mitigate the risks associated with IEMI attacks.

ABOUT NDSS
The Network and Distributed System Security Symposium (NDSS) fosters information exchange among researchers and practitioners of network and distributed system security. The target audience includes those interested in practical aspects of network and distributed system security, with a focus on actual system design and implementation. A major goal is to encourage and enable the Internet community to apply, deploy, and advance the state of available security technologies.

Our thanks to the Network and Distributed System Security (NDSS) Symposium for publishing their Creators, Authors and Presenter’s superb NDSS Symposium 2025 Conference content on the Organizations' YouTube Channel.

Permalink

The post NDSS 2025 – PhantomLiDAR: Cross-Modality Signal Injection Attacks Against LiDAR appeared first on Security Boulevard.

Struggling with MCP authentication? The November 2025 spec just changed everything. CIMD replaces DCR's complexity with a simple URL-based approach—no registration endpoints, no client ID sprawl, built-in identity verification. Here's your complete implementation guide with production code.

The post Client ID Metadata Documents (CIMD): The Future of MCP Authentication appeared first on Security Boulevard.

The recent TruffleNet campaign, first documented by Fortinet, highlights a familiar and uncomfortable truth for security leaders: some of the most damaging cloud attacks aren’t exploiting zero-day vulnerabilities. They’re exploiting identity models that were never designed for the scale and automation of modern cloud environments. Nothing about this attack was novel. That’s precisely the problem. …

The post TruffleNet and Cloud Abuse at Scale: An Identity Architecture Failure appeared first on Security Boulevard.

See how Mend.io’s ServiceNow integration unifies application, network, and operational risk.

The post Why AppSec and Network Risk Management Must Be Unified in the Modern Enterprise appeared first on Security Boulevard.

Session 6B: Confidential Computing 1

Authors, Creators & Presenters: Martin Unterguggenberger (Graz University of Technology), Lukas Lamster (Graz University of Technology), David Schrammel (Graz University of Technology), Martin Schwarzl (Cloudflare, Inc.), Stefan Mangard (Graz University of Technology)

PAPER
TME-Box: Scalable In-Process Isolation through Intel TME-MK Memory Encryption

Efficient cloud computing relies on in-process isolation to optimize performance by running workloads within a single process. Without heavy-weight process isolation, memory safety errors pose a significant security threat by allowing an adversary to extract or corrupt the private data of other co-located tenants. Existing in-process isolation mechanisms are not suitable for modern cloud requirements, e.g., MPK's 16 protection domains are insufficient to isolate thousands of cloud workers per process. Consequently, cloud service providers have a strong need for lightweight in-process isolation on commodity x86 machines. This paper presents TME-Box, a novel isolation technique that enables fine-grained and scalable sandboxing on commodity x86 CPUs. By repurposing Intel TME-MK, which is intended for the encryption of virtual machines, TME-Box offers lightweight and efficient in-process isolation. TME-Box enforces that sandboxes use their designated encryption keys for memory interactions through compiler instrumentation. This cryptographic isolation enables fine-grained access control, from single cache lines to full pages, and supports flexible data relocation. In addition, the design of TME-Box allows the efficient isolation of up to 32K concurrent sandboxes. We present a performance-optimized TME-Box prototype, utilizing x86 segment-based addressing, that showcases geomean (geometric mean) performance overheads of 5.2 % for data isolation and 9.7 % for code and data isolation, evaluated with the SPEC CPU2017 benchmark suite.

ABOUT NDSS
The Network and Distributed System Security Symposium (NDSS) fosters information exchange among researchers and practitioners of network and distributed system security. The target audience includes those interested in practical aspects of network and distributed system security, with a focus on actual system design and implementation. A major goal is to encourage and enable the Internet community to apply, deploy, and advance the state of available security technologies.

Our thanks to the Network and Distributed System Security (NDSS) Symposium for publishing their Creators, Authors and Presenter’s superb NDSS Symposium 2025 Conference content on the Organizations' YouTube Channel.

Permalink

The post NDSS 2025 – TME-Box: Scalable In-Process Isolation Through Intel TME-MK Memory Encryption appeared first on Security Boulevard.

6 min readSecuring MCP requires a fundamentally different approach than traditional API security.

The post MCP vs. Traditional API Security: Key Differences appeared first on Aembit.

The post MCP vs. Traditional API Security: Key Differences appeared first on Security Boulevard.

5 min readTrue zero trust requires verified identity at every request and eliminating static credentials entirely.

The post Identity Over Network: Why 2026 Zero Trust Is About Who/What, Not Where appeared first on Aembit.

The post Identity Over Network: Why 2026 Zero Trust Is About Who/What, Not Where appeared first on Security Boulevard.

Our dependence on digital infrastructure has grown exponentially amid unprecedented technological advancements. With this reliance comes an increasingly threatening landscape and expanding attack surfaces. As cyberthreats become more sophisticated, so must our defensive strategies. Enter large language models (LLMs) and domain-specific language models, potent weapons in the fight against threats.  LLMs have gained prominence due to..

The post The Power of Large Language Models for Cybersecurity  appeared first on Security Boulevard.

A recent OpenAI-related breach via third-party provider Mixpanel exposes how AI supply chain vulnerabilities enable phishing, impersonation, and regulatory risk—even without direct system compromise.

The post What the Latest OpenAI Security Breach Reveals About the State of AI Protection  appeared first on Security Boulevard.

Semantic Operations

The post Making Sense of Complex Operations With Semantic Data appeared first on Security Boulevard.

A self-harm prevention kit is becoming an essential part of school safety planning as student mental health challenges continue to rise across the United States. Schools are increasingly responsible for supporting the emotional well-being of their students and creating safe environments that reduce the risk of self-harming behavior, suicide attempts, or harmful coping patterns. The ...

The post Self-Harm Prevention Kit Guide for Schools: Identifying Risks and Protecting Students appeared first on ManagedMethods Cybersecurity, Safety & Compliance for K-12.

The post Self-Harm Prevention Kit Guide for Schools: Identifying Risks and Protecting Students appeared first on Security Boulevard.

Resiliency has been top of mind in 2025, and recent high-profile CVEs serve as holiday reminders that adversaries aren't slowing down. But what changed this year was how the federal community responded. Increasingly, exploitability drove the clock: when vulnerabilities surfaced as actively exploited, agencies leaned on a more operational posture where "Are we exposed?" and "How fast can we fix it?" mattered as much as "How severe is it?" In that environment, 2025 was defined by a single, powerful transition: the shift from planning modernization to executing it at scale. For years, agencies have discussed digital transformation, zero trust, and the promise of AI. This year, those themes moved from strategy decks into day-to-day delivery.

The post 2025 Federal Retrospective: The Year of Resilient Innovation appeared first on Security Boulevard.

What is SSL/TLS? SSL and TLS are protocols used on the transport layer, which is used to provide a secure connection between two nodes in a computer network. The first widely used protocol that was aimed to secure the Internet connections was SSL, which was created by Netscape in mid 1995. It uses both publicRead More

The post SSH vs SSL/TLS: Definitions & Differences of Communication Protocols appeared first on EncryptedFence by Certera - Web & Cyber Security Blog.

The post SSH vs SSL/TLS: Definitions & Differences of Communication Protocols appeared first on Security Boulevard.

The Biggest Cyber Stories of the Year: What 2025 Taught Us
madhav
Thu, 12/18/2025 - 10:30

Thales | Security for What Matters Most
More About This Author >

THALES BLOG

The Biggest Cyber Stories of the Year: What 2025 Taught Us

December 18, 2025

The post The Biggest Cyber Stories of the Year: What 2025 Taught Us appeared first on Security Boulevard.

Introduction Safety protocols in the virtual domain are perhaps more important than ever in the current world. There can be no denying that PKI management is one of the most crucial aspects of protecting our increasingly digital world. It is the element of most, if not all, secure transfers such as emails and monetary transactions.Read More

The post Impact of Poor PKI Management: Real-World Consequences and Solutions appeared first on EncryptedFence by Certera - Web & Cyber Security Blog.

The post Impact of Poor PKI Management: Real-World Consequences and Solutions appeared first on Security Boulevard.

CISOs are often blamed after ransomware attacks, yet most breaches stem from organizational gaps, budget tradeoffs, and staffing shortages. This analysis explores why known risks remain unfixed and how security leaders can break the cycle.

The post How CISOs Can Beat the Ransomware Blame Game  appeared first on Security Boulevard.

Ransomware has become a systemic risk to healthcare, where downtime equals patient harm. From Change Healthcare to Ascension, this analysis explains why hospitals are targeted, what HIPAA really requires, and how resilience—not checklists—must drive security strategy.

The post Hospital Ransomware Really is The Pitt appeared first on Security Boulevard.

2026 marks a critical turning point for cybersecurity leaders as AI-driven threats, data sovereignty mandates, and hybrid infrastructure risks reshape the CISO agenda. Discover the strategic priorities that will define tomorrow’s security posture.

The post 2026 Cyber Predictions: Accelerating AI, Data Sovereignty, and Architecture Rationalization  appeared first on Security Boulevard.

Introduction Security has become a primary focus in today’s world, which is dominated by computers and technology. Businesses are always on a quest to find better ways how secure their information and messages. Another important component in the field of ‘cyber security’ is the understanding and management of certification. These are generally in the formRead More

The post Private Certificate Authority 101: From Setup to Management appeared first on EncryptedFence by Certera - Web & Cyber Security Blog.

The post Private Certificate Authority 101: From Setup to Management appeared first on Security Boulevard.

As 2025 comes to a close, artificial intelligence (AI) is a clear throughline across enterprise organizations. Many teams are still in the thick of implementing AI or deciding where and how to use it. Keeping up with usage trends and developments on top of that has become increasingly difficult. AI innovation moves fast and LLMs permeate core workflows across research, communication, development, finance, and operations. Security teams are left chasing risks that shift as quickly as the technology.Zscaler ThreatLabz publishes annual research to help enterprises make sense of the fast-evolving AI foundation model landscape. The upcoming ThreatLabz 2026 AI Security Report will provide visibility into organizational AI usage, from the most-used LLMs and applications to regional and industry-specific patterns and risk mitigation strategies. What follows is a sneak peek into some of this year’s preliminary findings through November 2025. The full 2026 AI Security Report, including December 2025 data and deeper analysis, will be available next month. The data and categories shared in this preview reflect the current state of our research findings and are subject to be updated, added to, excluded, or recategorized in the final report.OpenAI dominates enterprise AI traffic in 2025Figure 1. Top LLM vendors by AI/ML transactions (January 2025–November 2025) OpenAI has held the top position among LLM vendors by an overwhelming margin to date in 2025, accounting for 113.6 billion AI/ML transactions, more than three times the transaction volume of its nearest competitor. GPT-5’s August release set a new performance bar across coding assistance, multimodal reasoning, and other capabilities that integrate into business functions. Just as importantly, OpenAI’s expanded Enterprise API portfolio (including stricter privacy controls and model-isolation options) has solidified OpenAI and GPT-powered capabilities as the “default engine” behind countless enterprise AI workflows. Everything from internal copilots to automated research agents now lean heavily on OpenAI’s stack, keeping it far ahead of the rest of the field.OpenAI’s dominance carries important implications for enterprise leaders, which will be explored in greater detail in the upcoming report:How vendor concentration impacts risk: The heavy reliance on OpenAI underscores growing vendor dependency within many organizations; transaction flow data shows that businesses may be relying on OpenAI even more than they realize.Hidden AI uses across workflows: Transaction categories reveal that LLM interaction is no longer limited to visible tools like ChatGPT. AI underpins everything from automated meeting summaries in productivity suites to behind-the-scenes copilots in common SaaS platforms.Codeium (Windsurf as of April 2025) emerged as the second-largest source of enterprise LLM traffic in 2025, with strong adoption of its proprietary coding-focused models. As enterprises increased their use of AI in software development, Codeium’s models are a go-to option for engineering teams, especially in secure development environments.Perplexity rose to the #3 position. Not only an AI-powered search assistant, Perplexity is also an LLM provider offering proprietary large language models that power its answer engine.Anthropic and Google currently round out the top five LLM vendors by transaction volume. Despite generating only a fraction of OpenAI’s activity, both LLMs played meaningful and differentiated roles in the 2025 enterprise AI landscape. Anthropic saw expanding adoption of its Claude 3 and 3.5 models over the past year, along with a July launch of Claude for Financial Services that further strengthened its position in compliance-heavy environments. Google also accelerated enterprise adoption through major enhancements to Gemini, including improved multimodal capabilities and security and access controls tailored for corporate deployments. It will be interesting to see how the adoption changes as we head into 2026.Engineering leads AI usage among core enterprise departmentsThreatLabz also mapped AI/ML traffic to a select set of common enterprise departments. Only applications with at least one million transactions and primarily associated with a specific department were included in the following analysis, and percentages reflect usage relative to these departments only, not total enterprise traffic.Distribution of AI usage across these core departments offers a directional view into enterprise AI adoption:Suggesting where AI has become operational, not just experimental.Indicating which business functions generate the highest volume of unique AI activity, signaling deeper integration into day-to-day operations.Highlighting potential areas of risk, as sensitive functions in R&D, engineering, legal, and finance increasingly depend on AI applications and LLM-driven workflows.Within this scoped view, Engineering accounts for 47.6% of transactions to date, making it the largest driver of enterprise AI activity among the departments analyzed by ThreatLabz. IT follows at 33.1%. Usage among these teams adds up quickly; everyday tasks like coding, testing, configuration, and system analysis lend themselves to repeated AI interactions. Engineering teams in particular integrate AI into daily build cycles, where even small efficiency gains compound quickly across releases. Marketing ranks third in AI usage among core enterprise departments, with Customer Support, HR, Legal, Sales, and Finance collectively accounting for the remaining share. Regardless of the variance, AI now clearly spans the entire enterprise, driving new efficiencies in workflows and productivity—even as it introduces new security requirements. High-volume applications demand the highest security attention2025 has been another year marked by the push-and-pull between rapid AI adoption and the need for more deliberate oversight. Accordingly, the rise in AI transactions has not translated neatly into unrestricted use. In many case, the applications responsible for the growth in LLM activity are also the ones triggering the most blocks by enterprises.This trend has played out across many categories of applications, including popular general AI tools like Grammarly and more specialized function-specific tools like GitHub Copilot. These are just two examples of applications appearing at the top of both transaction volume and block lists. Their proximity to sensitive content (whether business communications or proprietary source code) make them natural flashpoints for security controls.The upcoming ThreatLabz 2026 AI Security Report will feature further analysis on blocking trends.AI threats and vulnerabilities evolve alongside enterprise adoptionAs enterprises expand their use of GenAI applications and security teams block more AI traffic, the threat landscape is moving just as quickly. ThreatLabz continues to analyze how AI-driven threats are scaling alongside enterprise adoption. In addition to amplifying familiar techniques like social engineering and malvertising, attackers are beginning to operationalize agentic AI and autonomous attack workflows and exploit weaknesses in the AI model supply chain itself. The upcoming report will cover AI threats and risks in more detail, along with actionable guidance for enterprise leaders on how to effectively secure usage and stop AI-powered threats.Coming soon: ThreatLabz 2026 AI Security Report The findings shared here are just the start. The full ThreatLabz 2026 AI Security Report will be released in late January and offer comprehensive analysis of the enterprise AI landscape, including: AI data transfer trendsDLP violations and sensitive data exposureIndustry and regional adoption patternsBest practices for securing AIAI is now a fundamental aspect of how almost every business operates. ThreatLabz remains committed to helping enterprises innovate securely and stay ahead of emerging risks. Join us next month for the full report release and get the insights needed to secure your AI-driven future. 

The post What’s Powering Enterprise AI in 2025: ThreatLabz Report Sneak Peek appeared first on Security Boulevard.

Dec 17, 2025 - Lina Romero - The OWASP Top 10 for LLMs was released this year to help security teams understand and mitigate the rising risks to LLMs. In previous blogs, we’ve explored risks 1-9, and today we’ll finally be deep diving LLM10: Unbounded Consumption. Unbounded Consumption occurs when LLMs allow users to conduct excessive prompt submissions, or submission of overly complex, large or verbose prompts, leading to resource depletion, potential Denial of Service (DoS) attacks, and more. An inference is the process that an AI model uses to generate an output based on its training. When a user feeds an LLM a prompt, the LLM generates inferences in response. Follow-up questions trigger more inferences, because each additional interaction builds upon all the inferences, and potentially also previously submitted prompts, required for the previous interactions. Rate limiting controls the amount of requests an LLM can receive. When an LLM does not have the adequate rate limiting, it can effectively become overwhelmed with inferences and either begin to malfunction, or reach a cap on utilization and stop responding. A part of the LLM application could become unavailable. In AI security, we often refer to the “CIA,” which stands for Confidentiality, Integrity and Availability. Unbounded Consumption can cause an LLM to fail at the “Availability” part of this equation, which in turn can affect the LLM’s Confidentiality and Integrity. Another way in which Unbounded Consumption can negatively impact an LLM is through Denial of Wallet (DOW). Effectively, attackers will hit the LLM with request upon request, which can run up the bill if rate limiting is not in place. Eventually, these attacks can cause the LLM to reject requests due to the high volume of abnormal activity, which will stop it from working entirely.
Mitigation Methods
Some ways to reduce the risk of Unbounded Consumption include: Input Validation- ensure that inputs do not exceed reasonable size limits
Rate Limiting- apply user quotas and limits to restrict requests per user
Limit Exposure of Logits and Logprobs- obfuscate the exposure of API responses, provide only necessary information to users
Resource Allocation Management- monitor resource utilization to prevent any single user from exceeding a reasonable limit
Timeouts and Throttling- set time limits and throttle processing for resource intense operations to prevent prolonged resource consumption
Sandbox Techniques- restrict the LLMs access to network resources to limit what information it can expose
Monitoring and Logging- get alerts and continually monitor usage for unusual patterns Unbounded Consumption poses a critical risk to LLMs as it can cause DoS or DoW, however, with proper security measures and training, teams can minimize the risk of Unbounded Consumption in their AI applications. For more information on the rest of the OWASP Top 10 for LLMs, head over to the LLM series on our blog page. And for general information on how to take charge of your own AI security posture, schedule a demo today!

The post LLM10: Unbounded Consumption – FireTail Blog appeared first on Security Boulevard.

Explore homomorphic encryption for privacy-preserving analytics in Model Context Protocol (MCP) deployments, addressing post-quantum security challenges. Learn how to secure your AI infrastructure with Gopher Security.

The post Homomorphic Encryption for Privacy-Preserving MCP Analytics in a Post-Quantum World appeared first on Security Boulevard.

A zero-day vulnerability in SonicWall’s Secure Mobile Access (SMA) 1000 was reportedly exploited in the wild in a chained attack with CVE-2025-23006.

Background

On December 17, SonicWall published a security advisory (SNWLID-2025-0019) for a newly disclosed vulnerability in its Secure Mobile Access (SMA) 1000 product, a remote access solution.

Analysis

CVE-2025-40602 is a local privilege escalation vulnerability in the appliance management console (AMC) of the SonicWall SMA 1000 appliance. An authenticated, remote attacker could exploit this vulnerability to escalate privileges on an affected device. While on its own, this flaw would require authentication in order to exploit, the advisory from SonicWall states that CVE-2025-40602 has been exploited in a chained attack with CVE-2025-23006, a deserialization of untrusted data vulnerability patched in January. The combination of these two vulnerabilities would allow an unauthenticated attacker to execute arbitrary code with root privileges.

According to SonicWall, “SonicWall Firewall products are not affected by this vulnerability.”

Historical exploitation of SonicWall vulnerabilities

SonicWall products have been a frequent target for attackers over the years. Specifically, the SMA product line has been targeted in the past by ransomware groups, as well as being featured in the Top Routinely Exploited Vulnerabilities list co-authored by multiple United States and International Agencies.

Earlier this year, an increase in ransomware activity tied to SonicWall Gen 7 Firewalls was observed. While initially it was believed that a new zero-day may have been the root cause, SonicWall later provided a statement noting that exploitation activity was in relation to CVE-2024-40766, an improper access control vulnerability which had been observed to have been exploited in the wild. More information on this can be found on our blog.

Given the past exploitation of SonicWall devices, we put together the following list of known SMA vulnerabilities that have been exploited in the wild:

Proof of concept

At the time this blog was published, no proof-of-concept (PoC) code had been published for CVE-2025-40602. If and when a public PoC exploit becomes available for CVE-2025-40602, we anticipate a variety of attackers will attempt to leverage this flaw as part of their attacks.

Solution

SonicWall has released patches to address this vulnerability as outlined in the table below:

The advisory also provides a workaround to reduce potential impact. This involves restricting access to the AMC to trusted sources. We recommend reviewing the advisory for the most up to date information on patches and workaround steps.

Identifying affected systems

A list of Tenable plugins for this vulnerability can be found on the individual CVE page for CVE-2025-40602 as they’re released. This link will display all available plugins for this vulnerability, including upcoming plugins in our Plugins Pipeline. In addition, product coverage for CVE-2025-23006 can be found here.

Tenable Attack Surface Management customers are able to identify these assets using a filtered search for SonicWall devices:

Get more information

• SonicWall SNWLID-2025-0019 Security Advisory
• Tenable Blog: CVE-2025-23006: SonicWall Secure Mobile Access (SMA) 1000 Zero-Day Reportedly Exploited

Join Tenable's Research Special Operations (RSO) Team on Tenable Connect and engage with us in the Threat Roundtable group for further discussions on the latest cyber threats.

Learn more about Tenable One, the Exposure Management Platform for the modern attack surface.

The post CVE-2025-40602: SonicWall Secure Mobile Access (SMA) 1000 Zero-Day Exploited appeared first on Security Boulevard.

Session 6B: Confidential Computing 1

Authors, Creators & Presenters: Caihua Li (Yale University), Seung-seob Lee (Yale University), Lin Zhong (Yale University)

PAPER
Blindfold: Confidential Memory Management by Untrusted Operating System

Confidential Computing (CC) has received increasing attention in recent years as a mechanism to protect user data from untrusted operating systems (OSes). Existing CC solutions hide confidential memory from the OS and/or encrypt it to achieve confidentiality. In doing so, they render OS memory optimization unusable or complicate the trusted computing base (TCB) required for optimization. This paper presents our results toward overcoming these limitations, synthesized in a CC design named Blindfold. Like many other CC solutions, Blindfold relies on a small trusted software component running at a higher privilege level than the kernel, called Guardian. It features three techniques that can enhance existing CC solutions. First, instead of nesting page tables, Blindfold's Guardian mediates how the OS accesses memory and handles exceptions by switching page and interrupt tables. Second, Blindfold employs a lightweight capability system to regulate the OS's semantic access to user memory, unifying case-by-case approaches in previous work. Finally, Blindfold provides carefully designed secure ABI for confidential memory management without encryption. We report an implementation of Blindfold that works on ARMv8-A/Linux. Using Blindfold's prototype, we are able to evaluate the cost of enabling confidential memory management by the untrusted Linux kernel. We show Blindfold has a smaller runtime TCB than related systems and enjoys competitive performance. More importantly, we show that the Linux kernel, including all of its memory optimizations except memory compression, can function properly for confidential memory. This requires only about 400 lines of kernel modifications.

ABOUT NDSS
The Network and Distributed System Security Symposium (NDSS) fosters information exchange among researchers and practitioners of network and distributed system security. The target audience includes those interested in practical aspects of network and distributed system security, with a focus on actual system design and implementation. A major goal is to encourage and enable the Internet community to apply, deploy, and advance the state of available security technologies.

Our thanks to the Network and Distributed System Security (NDSS) Symposium for publishing their Creators, Authors and Presenter’s superb NDSS Symposium 2025 Conference content on the Organizations' YouTube Channel.

Permalink

The post NDSS 2025 – Blindfold: Confidential Memory Management By Untrusted Operating System appeared first on Security Boulevard.

DataDome details how it aligns with CISA’s Secure by Design Pledge, outlining strong authentication, secure defaults, supply chain security, logging, and transparency.

The post DataDome’s Commitment to the CISA Secure by Design Pledge appeared first on Security Boulevard.

Permalink

The post Randall Munroe’s XKCD ‘Geologic Core Sample’ appeared first on Security Boulevard.

Session 6B: Confidential Computing 1

Authors, Creators & Presenters: Caihua Li (Yale University), Seung-seob Lee (Yale University), Lin Zhong (Yale University)

PAPER
Blindfold: Confidential Memory Management by Untrusted Operating System

Confidential Computing (CC) has received increasing attention in recent years as a mechanism to protect user data from untrusted operating systems (OSes). Existing CC solutions hide confidential memory from the OS and/or encrypt it to achieve confidentiality. In doing so, they render OS memory optimization unusable or complicate the trusted computing base (TCB) required for optimization. This paper presents our results toward overcoming these limitations, synthesized in a CC design named Blindfold. Like many other CC solutions, Blindfold relies on a small trusted software component running at a higher privilege level than the kernel, called Guardian. It features three techniques that can enhance existing CC solutions. First, instead of nesting page tables, Blindfold's Guardian mediates how the OS accesses memory and handles exceptions by switching page and interrupt tables. Second, Blindfold employs a lightweight capability system to regulate the OS's semantic access to user memory, unifying case-by-case approaches in previous work. Finally, Blindfold provides carefully designed secure ABI for confidential memory management without encryption. We report an implementation of Blindfold that works on ARMv8-A/Linux. Using Blindfold's prototype, we are able to evaluate the cost of enabling confidential memory management by the untrusted Linux kernel. We show Blindfold has a smaller runtime TCB than related systems and enjoys competitive performance. More importantly, we show that the Linux kernel, including all of its memory optimizations except memory compression, can function properly for confidential memory. This requires only about 400 lines of kernel modifications.

ABOUT NDSS
The Network and Distributed System Security Symposium (NDSS) fosters information exchange among researchers and practitioners of network and distributed system security. The target audience includes those interested in practical aspects of network and distributed system security, with a focus on actual system design and implementation. A major goal is to encourage and enable the Internet community to apply, deploy, and advance the state of available security technologies.

Our thanks to the Network and Distributed System Security (NDSS) Symposium for publishing their Creators, Authors and Presenter’s superb NDSS Symposium 2025 Conference content on the Organizations' YouTube Channel.

Permalink

The post NDSS 2025 – Blindfold: Confidential Memory Management By Untrusted Operating System appeared first on Security Boulevard.

And why most of the arguments do not hold up under scrutiny Over the past 18 to 24 months, venture capital has flowed into a fresh wave of SIEM challengers including Vega (which raised $65M in seed and Series A at a ~$400M valuation), Perpetual Systems, RunReveal, Iceguard, Sekoia, Cybersift, Ziggiz, and Abstract Security, all […]

The post Why Venture Capital Is Betting Against Traditional SIEMs first appeared on Future of Tech and Security: Strategy & Innovation with Raffy.

The post Why Venture Capital Is Betting Against Traditional SIEMs appeared first on Security Boulevard.

Learn why running AI agents on every SOC alert can spike cloud costs. See how bounded workflows make agentic triage reliable and predictable.

The post The Hidden Cost of “AI on Every Alert” (And How to Fix It) appeared first on D3 Security.

The post The Hidden Cost of “AI on Every Alert” (And How to Fix It) appeared first on Security Boulevard.

28 apps secured. 37 orgs monitored. 14,600 issues resolved. See how a global airline strengthened SaaS security with AppOmni.

The post Inside the Global Airline that Eliminated 14,600 SaaS Security Issues with AppOmni appeared first on AppOmni.

The post Inside the Global Airline that Eliminated 14,600 SaaS Security Issues with AppOmni appeared first on Security Boulevard.

For years, artificial intelligence sat at the edges of cybersecurity conversations. It appeared in product roadmaps, marketing claims, and isolated detection use cases, but rarely altered the fundamental dynamics between attackers and defenders. That changed in 2025. This year marked a clear inflection point where AI became operational on both sides of the threat landscape.

The post Cybersecurity Crossed the AI Rubicon: Why 2025 Marked a Point of No Return appeared first on Seceon Inc.

The post Cybersecurity Crossed the AI Rubicon: Why 2025 Marked a Point of No Return appeared first on Security Boulevard.

A series of actively exploited zero-day vulnerabilities affecting Windows, Google Chrome, and Apple platforms was disclosed in mid-December, according to The Hacker News, reinforcing a persistent reality for defenders: attackers no longer wait for exposure windows to close. They exploit them immediately. Unlike large-scale volumetric attacks that announce themselves through disruption, zero-day exploitation operates quietly.

The post When Zero-Days Go Active: What Ongoing Windows, Chrome, and Apple Exploits Reveal About Modern Intrusion Risk appeared first on Seceon Inc.

The post When Zero-Days Go Active: What Ongoing Windows, Chrome, and Apple Exploits Reveal About Modern Intrusion Risk appeared first on Security Boulevard.

The Monetary Authority of Singapore’s cloud advisory, part of its 2021 Technology Risk Management Guidelines, advises financial institutions to move beyond siloed monitoring to adopt a continuous, enterprise-wide approach. These firms must undergo annual audits. Here’s how Tenable can help.

Complying with government cybersecurity regulations can lull organizations into a false sense of security and lead to an over-reliance on point-in-time assessments conducted at irregular intervals. While such compliance efforts are essential to pass audits, they may do very little to actually reduce an organization’s risk. On the other hand, government efforts like the robust framework provided by the Monetary Authority of Singapore (MAS), Singapore’s central bank and integrated financial regulator, offer valuable guidance for organizations worldwide to consider as they look to reduce cyber risk. 

The MAS framework is designed to safeguard the integrity of the country's financial systems. The framework is anchored by the MAS Technology Risk Management (TRM) Guidelines, published in January 2021, which covers a wide spectrum of risk management concerns, including IT governance, cyber resilience, incident response, and third-party risk. The TRM guidelines were supplemented by the June 2021 Advisory On Addressing The Technology And Cyber Security Risks Associated With Public Cloud Adoption.

The cloud advisory highlights key risks and control measures that Singapore’s financial institutions should consider before adopting public cloud services, including:

• Developing a public cloud risk management strategy that takes into consideration the unique characteristics of public cloud services
• Implementing strong controls in areas such as identity and access management (IAM), cybersecurity, data protection, and cryptographic key management
• Expanding cybersecurity operations to include the security of public cloud workloads
• Managing cloud resilience, outsourcing, vendor lock-in, and concentration risks
• Ensuring the financial institution’s staff have the adequate skillsets to manage public cloud workloads and their risks.

The advisory recommends avoiding a siloed approach when performing security monitoring of on-premises apps or infrastructure and public cloud workloads. Instead, it advises financial institutions to “feed cyber-related information on public cloud workloads into their respective enterprise-wide IT security monitoring services to facilitate continuous monitoring and analysis of cyber events.” 

Who must comply with MAS TRM and the cloud advisory?

While the MAS TRM guidelines and cloud advisory do not specifically state penalties for compliance failures, they are legally binding. They apply to all financial institutions operating under the authority’s regulation in Singapore, including banks, insurers, fintech firms, payment service providers, and venture capital managers. A financial institution in Singapore that leverages the services of a firm based outside the country must ensure that its service providers also meet the TRM requirements. MAS also factors adherence to the framework into its overall risk assessment of an organization; failure to comply can damage an organization's standing and reputation.

In short, the scope of accountability to the MAS TRM guidelines and cloud advisory is broad.

Complying with the MAS cloud advisory: How Tenable can help

We evaluated how the Tenable One Exposure Management Platform with Tenable Cloud Security can assist organizations in achieving and maintaining compliance with the MAS cloud advisory. Read on to understand two of the cloud advisory’s key focus areas and how to address them effectively with Tenable One — preventing dangerous attack path vectors from compromising sensitive cloud assets.

1. Identity and access management: Enforcing least privilege access

The MAS cloud advisory calls for financial institutions to “enforce the principle of least privilege stringently” when granting access to assets in the public cloud. It further advises firms to consider adopting zero trust principles in the architecture design of applications, where “access to public cloud services and resources is evaluated and granted on a per-request and need-to basis.”

At Tenable, we believe applying least privilege in Identity Access Management (IAM) is the cornerstone for effective cloud security. In the cloud, excessive permissions on accounts that can access sensitive data are a direct route to a breach.

How Tenable can help: CIEM and sensitive data protection

The Tenable Cloud Security domain within Tenable One offers integrated cloud infrastructure entitlement management (CIEM) that enforces strict least privilege across human and machine identities in Amazon Web Services (AWS), Google Cloud Platform (GCP), Microsoft Azure, Oracle Cloud Infrastructure (OCI), and Kubernetes environments.

• Eliminate lateral movement: CIEM analyzes policies to identify privilege escalation risks and lateral movement paths, effectively closing dangerous attack vectors.
• Data-driven prioritization: Tenable provides automated data classification and correlates sensitive data exposure with overly permissive identities. This ensures remediation focuses on the exposures that threaten your most critical regulated data.
• Mandatory controls: The platform automatically monitors for privileged users who lack multi-factor authentication (MFA) and checks for regular access key rotation.

Here’s a detailed look at how Tenable can help with three of the cloud advisory’s IAM provisions:

Source: Tenable, December 2025

2. Securing applications in the public cloud: Minimizing risk exposure

For financial institutions using microservices and containers, the MAS cloud advisory advises that, to reduce the attack surface, each container includes only the core software components needed by the application. The cloud advisory also notes that security tools made for traditional on-premises IT infrastructure (e.g. vulnerability scanners) may not run effectively on containers, and advises financial institutions to adopt container-specific security solutions for preventing, detecting, and responding to container-specific threats. For firms using IaC to provision or manage public cloud workloads, it further calls for implementing controls to minimize the risk of misconfigurations.

At Tenable, we believe this explicit mandate for specialized cloud and container security solutions underscores the need for continuous, accurate risk assessment. Tenable Cloud Security is purpose-built to meet these requirements with full Cloud Security Posture Management (CSPM) and Cloud Workload Protection (CWP) capabilities across your cloud footprint. This ability to see and protect every cloud asset — from code to container — is crucial for enabling contextual prioritization of risk. We also believe that relying solely on static vulnerability scoring systems, like the Common Vulnerability Scoring System (CVSS) is insufficient because it fails to reflect real-world exploitability. To ensure financial institutions focus remediation efforts where they matter most, Tenable Exposure Management, including Tenable Cloud Security, incorporates the Tenable Vulnerability Priority Rating (VPR) — dynamic, predictive risk scoring that allows teams to address the most immediate and exploitable threats first.

How Tenable can help: Container security and cloud-to-code traceability

Tenable unifies cloud workload protection (CWP) with cloud security posture management (CSPM) to provide continuous, contextual risk assessment.

• Workload and container security: Tenable provides solutions tailored to your security domain:
  • For the cloud security professional: Tenable offers robust, agentless cloud workload protection capabilities that continuously scan for, detect and visualize critical risks such as vulnerabilities, sensitive data exposure, malware and misconfigurations across virtual machines, containers and serverless environments.
  • For the vulnerability management owner: Tenable offers a streamlined solution with unified visibility for hybrid environments, providing the core capabilities to extend vulnerability management best practices to cloud workloads: Tenable Cloud Vulnerability Management, ensures agentless multi-cloud coverage, scanning containers in registries (shift-left) and runtime to prevent the deployment of vulnerable images and detect drift in production.
• Cloud-to-code traceability: This unique feature links runtime findings (e.g., an exposed workload) directly back to its IaC source code, allowing for rapid remediation and automated pull requests, minimizing misconfiguration risk as mandated by MAS.

Here’s a detailed look at how Tenable can help with two of the cloud advisory’s provisions related to securing applications in the public cloud:

Source: Tenable, December 2025

Gaining the upper hand on MAS compliance through a unified ecosystem view

Tenable One is the market-leading exposure management platform, normalizing, contextualizing, and correlating security signals from all domains, including cloud — across vulnerabilities, misconfigurations, and identities spanning your hybrid estate. Exposure management enables cross-functional alignment between SecOps, DevOps, and governance, risk and compliance (GRC) teams with a shared, unified view of risk.

Tenable Cloud Security, part of the Tenable One Exposure Management platform, supports continuous adherence to the MAS cloud advisory and enables risk-based decision-making by eliminating the toxic combinations that attackers exploit. The platform unifies security insight, transforming the effort to achieve compliance from a necessary burden into a strategic advantage.

Learn more

• View the on-demand webinar:  Mastering your Cloud Security — Navigating Monetary Authority of Singapore (MAS) Cloud Advisory Guidelines
• Read the cloud security use case: Cloud misconfiguration identification and remediation
• Watch the video: Enforce least privilege across cloud identities

The post Complying with the Monetary Authority of Singapore’s Cloud Advisory: How Tenable Can Help appeared first on Security Boulevard.

Raise your hand if you’ve fallen victim to a vendor-led conversation around their latest AI-driven platform over the past calendar year. Keep it up if the pitch leaned on “next-gen,” “market-shaping,” or “best-in-class” while they nudged another product into your stack. If your hand is still up, you are not alone. MSPs are the target because you sit between shrinking budgets and rising risk.

The post MSP Automation Isn’t Optional, But it Isn’t the Answer to Everything appeared first on Security Boulevard.

A Chrome browser extension with 6 million users, as well as seven other Chrome and Edge extensions, for months have been silently collecting data from every AI chatbot conversion, packaging it, and then selling it to third parties like advertisers and data brokers, according to Koi Security.

The post Google Chrome Extension is Intercepting Millions of Users’ AI Chats appeared first on Security Boulevard.

As holiday lights go up and inboxes fill with year-in-review emails, it’s tempting to look back on 2025 as “the year of AI.”

But for security teams, it was something more specific – the year APIs, AI agents, and MCP servers collided across the API fabric, expanding the attack surface faster than most organizations could keep up.

At Salt Security, we spent 2025 focused on one thing: defending the API action layer where AI, applications, and data intersect. And we did it with a steady drumbeat of innovation, a new “gift” for security teams almost every month.

So in the spirit of the season, here’s a look back at Salt’s 12 Months of Innovation – a year-long series of product launches, partnerships, and research milestones designed to help organizations stay ahead of fast-moving threats.

January – The Year Kicks Off with APIs at the Center

We kicked off the year by shining a harsh light on what many teams already suspected:

• APIs now sit at the center of almost every digital initiative.
• Zombie and unmanaged APIs still live in production.
• Software supply chain dependencies are quietly multiplying risk.

Early 2025 research and thought leadership from Salt Labs showed just how dangerous it is to run modern AI and automation on top of APIs you don’t fully understand or control.

Takeaway: January set the tone – defending tomorrow’s API fabric with yesterday’s tools is no longer an option.

February – A Spotlight on API Reality

In February, we went from “we think we have a problem” to “here are the numbers.”

With the latest State of API Security Report and key industry recognitions such as inclusion in top security lists, Salt brought hard data to boardroom and CISO conversations.

The message was clear:

• API traffic is exploding.
• Attackers are targeting APIs at scale.
• Traditional perimeter and app security are missing critical context.

Takeaway: API security is no longer a niche concern. It’s a business risk that demands strategy, budget, and board-level attention.

March – Gold Medals & Rising Shadows

March blended validation and urgency.

On one side, industry bodies recognized Salt’s leadership with awards like a Gold Globee, underscoring the maturity and impact of our platform.

On the other, new blogs and research highlighted reality on the ground:

• Compliance and data privacy pressure are rising.
• AI-driven attacks are accelerating, not slowing.

Takeaway: Excellence in API security isn’t just about winning awards, it’s about staying ahead of adversaries who are constantly adapting.

April – A Season of Partnerships & Paradigm Shifts

In April, collaboration took center stage.

We deepened integrations with leading platforms such as CrowdStrike and expanded support for modern ecosystems, including MCP server–driven architectures.

By weaving Salt API intelligence into tools security teams already rely on, we helped customers:

• Gain richer, real-time context.
• Simplify deployment and operations.
• Extend protections into their existing workflows.

Takeaway: API and AI security are team sports. Partnerships and integrations turn siloed tools into a cohesive defense fabric.

May – The Cloud Era Gets Real

By May, the conversation had shifted from “we’re moving to the cloud” to “our entire business depends on it.”

Salt expanded coverage and governance capabilities for leading cloud environments and partners, helping customers:

• Align API security with cyber insurance and regulatory expectations.
• Build stronger posture governance and risk-management processes.
• Translate technical API risk into board-ready language.

Takeaway: In 2025, API security moved squarely into the boardroom as a core pillar of enterprise risk.

June – Illuminate Everything

June was all about turning on the lights.

We launched Salt Illuminate and expanded Cloud Connect, giving customers the ability to:

• Discover APIs across complex, hybrid, and multi-cloud environments.
• Spot shadow, zombie, and unmanaged APIs in minutes instead of months.
• Build a live inventory that actually stays current.

Takeaway: You can’t protect what you can’t see. Illuminate gave teams the visibility foundation they’ve been missing.

July – CISOs Sound the Alarm

In July, the stakes became very real.

High-profile AI mishaps, including incidents like the McDonald’s chatbot breach, made one thing painfully obvious: conversational AI and digital experiences are only as safe as the APIs behind them.

Salt responded with:

• Deep-dive blogs on AI agent risk and API blind spots.
• The launch of Salt Surface, designed to map and prioritize exposed API risk.

Takeaway: 2025 was the year CISOs started asking not just “What APIs do we have?” but “Which of these are exposed, exploitable, and business-critical?”

August – Autonomous Everything

By August, “autonomous” wasn’t just a buzzword, it was a roadmap theme.

Organizations leaned hard into:

• Autonomous workflows
• AI-driven decisioning
• Automated threat detection and response

Salt’s innovation in this space emphasized a key reality: AI, autonomy, and APIs are inseparable.

We advanced protections for autonomous threat hunting and AI-driven security use cases, reinforcing that if APIs are compromised, autonomous systems are too.

Takeaway: You can’t secure autonomous operations if you’re not securing the API action layer that powers them.

September – Securing the AI Agent Revolution

September was a turning point.

Salt introduced the industry’s first solution to secure AI agent actions across APIs and MCP servers, bringing real controls to a problem that had mostly been theoretical.

This meant:

• Protection against prompt injection and misuse.
• Guardrails around what AI agents can access or execute.
• Enforceable policy where it matters: at the API and action level.

Takeaway: The AI agent revolution doesn’t have to be a security nightmare — if you secure the actions, not just the model.

October – The Blind Spots Strike Back

In October, new data from Salt and customer environments revealed how deep the AI + API blind spots really go.

We broke down:

• Misconfigurations in AI-driven workflows.
• Risky patterns in agentic and MCP deployments.
• Common mistakes teams make when bolting AI onto existing architectures.

Through detailed analysis and practical guidance, we helped teams turn confusion into a roadmap for modernizing their security posture.

Takeaway: Education is as important as technology. You can’t fix what you don’t fully understand.

November – Security Starts in Code

November brought a massive step forward in shifting API security left and right at the same time.

We launched:

• GitHub Connect - to scan code repositories for shadow APIs, spec mismatches, and insecure patterns before they ship.
• MCP Finder - to identify risky MCP configurations and AI-integrated workflows early in the development lifecycle.

Combined with runtime intelligence from the Salt platform, customers could now connect:

• What’s being written → What’s being deployed → What’s being exploited

Takeaway: Real API security covers the full lifecycle, from design and code to production traffic and AI-agent actions.

December – Hello, Pepper

We closed the year with a new kind of experience: Ask Pepper AI.

Ask Pepper AI turns Salt’s platform into a conversational partner, letting users:

• Ask natural-language questions about APIs, risks, and threats.
• Accelerate investigation and incident response.
• Bring complex insights to teams who don’t live inside dashboards.

Alongside MCP protection for AWS WAF, December marked the next stage in our vision: API security that’s not just powerful, but accessible and intuitive.

Takeaway: When security teams can simply ask questions and get meaningful, contextual answers, they move faster, and so does the business.

Looking Ahead: Building on a Year of Innovation

If 2025 was the year APIs fully merged with AI agents, automation, and MCP servers, 2026 will be the year organizations either embrace the API action layer or fall behind those that do.

At Salt Security, our focus remains the same:

• See everything - every API, every action, every blind spot.
• Understand the context - who’s calling what, from where, and why.
• Stop attacks - before they turn into outages, data loss, or brand damage.

The 12 Months of Innovation were just the beginning. The threats are evolving, and so are we.

If you want to learn more about Salt and how we can help you, please contact us, schedule a demo, or visit our website. You can also get a free API Attack Surface Assessment from Salt Security's research team and learn what attackers already know.

The post The 12 Months of Innovation: How Salt Security Helped Rewrite API & AI Security in 2025 appeared first on Security Boulevard.

Introduction Let’s be honest — passwords are a pain. They’re either too simple and easy to guess, or so complicated […]

The post How Passkeys Work (Explained Simply) appeared first on Security Boulevard.

It’s not always immediately clear why your IP has been listed or how to fix it. To help, we’ve added a new “troubleshooting” step to the IP & Domain Reputation Checker, specifically for those whose IPs have been listed on the Combined Spam Sources (CSS) Blocklist - IPs associated with low-reputation email. Learn how you can diagnose the issue using this new feature.

The post New Feature | Spamhaus Reputation Checker: Troubleshoot your listing appeared first on Security Boulevard.

In an era marked by escalating cyber threats and evolving risk landscapes, organisations face mounting pressure to strengthen their security posture whilst maintaining seamless user experiences. At Thales, we recognise that robust security must be foundational – embedded into products and services by design, not bolted on as an afterthought. This principle underpins our commitment […]

The post Security by Design: Why Multi-Factor Authentication Matters More Than Ever appeared first on Blog.

The post Security by Design: Why Multi-Factor Authentication Matters More Than Ever appeared first on Security Boulevard.

A seismic shift in digital systems is underway — and most people are missing it.

Related: Edge AI at the chip layer

While generative AI demos and LLM hype steal the spotlight, enterprise infrastructure is being quietly re-architected, not from … (more…)

The post SHARED INTEL Q&A: This is how ‘edge AI’ is forcing a rethink of trust, security and resilience first appeared on The Last Watchdog.

The post SHARED INTEL Q&A: This is how ‘edge AI’ is forcing a rethink of trust, security and resilience appeared first on Security Boulevard.

Originally published at IP Blacklist Check: How to Recover and Prevent Blacklisted IP Addresses by EasyDMARC.

When your emails suddenly stop reaching inboxes, one ...

The post IP Blacklist Check: How to Recover and Prevent Blacklisted IP Addresses appeared first on EasyDMARC.

The post IP Blacklist Check: How to Recover and Prevent Blacklisted IP Addresses appeared first on Security Boulevard.

As Artificial Intelligence technology rapidly advances, Large Language Models (LLMs) are being widely adopted across countless domains. However, with this growth comes a critical challenge: LLM security issues are becoming increasingly prominent, posing a major constraint on further development. Governments and regulatory bodies are responding with policies and regulations to ensure the safety and compliance […]

The post Securing the AI Revolution: NSFOCUS LLM Security Protection Solution appeared first on NSFOCUS, Inc., a global network and cyber security leader, protects enterprises and carriers from advanced cyber attacks..

The post Securing the AI Revolution: NSFOCUS LLM Security Protection Solution appeared first on Security Boulevard.

For a long time, DDoS attacks were easy to recognize. They were loud, messy, and built on raw throughput. Attackers controlled massive botnets and flooded targets until bandwidth or infrastructure collapsed. It was mostly a scale problem, not an engineering one. That era is ending. A quieter and far more refined threat has taken its […]

The post The Rise of Precision Botnets in DDoS appeared first on Security Boulevard.

Discover how homomorphic encryption (HE) enhances privacy-preserving model context sharing in AI, ensuring secure data handling and compliance for MCP deployments.

The post Homomorphic Encryption for Privacy-Preserving Model Context Sharing appeared first on Security Boulevard.

Explore the differences between LDAP and Single Sign-On (SSO) for user authentication. Understand their use cases, benefits, and how they fit into your enterprise security strategy.

The post What is the Difference Between LDAP and Single Sign-On? appeared first on Security Boulevard.

Learn how to configure users without OTP login in your applications. This guide covers conditional authentication, account settings, and fallback mechanisms for seamless access.

The post Configuring Users Without OTP Login: A Guide appeared first on Security Boulevard.

FOR IMMEDIATE RELEASE Richmond, VA — December 11, 2025 — Assura is proud to announce that it has been named to the MSSP Alert and CyberRisk Alliance partnership’s prestigious Top 250 MSSPs list for 2025, securing the #94 position among the world’s leading Managed Security Service Providers. “Making The Top 100 is an incredible milestone and testament to the… Continue reading Assura Named to MSSP Alert and Cyber Alliance’s 2025 “Top 250 MSSPs,” Ranking at Number 94

The post Assura Named to MSSP Alert and Cyber Alliance’s 2025 “Top 250 MSSPs,” Ranking at Number 94 appeared first on Security Boulevard.

Researchers with Google Threat Intelligence Group have detected five China-nexus threat groups exploiting the maximum-security React2Shell security flaw to drop a number of malicious payloads, from backdoors to downloaders to tunnelers.

The post Google Finds Five China-Nexus Groups Exploiting React2Shell Flaw appeared first on Security Boulevard.

Ambiguity isn't just a challenge. It's a leadership test - and most fail it.

I want to start with something that feels true but gets ignored way too often.

Most of us in leadership roles have a love hate relationship with ambiguity. We say we embrace it... until it shows up for real. Then we freeze, hedge our words, or pretend we have a plan. Cybersecurity teams deal with ambiguity all the time. Its in threat intel you cant quite trust, in stakeholder demands that swing faster than markets, in patch rollouts that go sideways. But ambiguity isnt a bug to be fixed. Its a condition to be led through.

[Image: A leader facing a foggy maze of digital paths - ambiguity as environment.]

Lets break this down the way I see it, without jazz hands or buzzwords.

Ambiguity isn't uncertainty. Its broader.  

Uncertainty is when you lack enough data to decide. Ambiguity is when even the terms of the problem are in dispute. Its not just what we don't know. Its what we cant define yet. In leadership terms, that feels like being handed a puzzle where some pieces aren't even shaped yet. This is classic VUCA territory - volatility, uncertainty, complexity and ambiguity make up the modern landscape leaders sit in every day. 

[Image: The dual nature of ambiguity - logic on one side, uncertainty on the other.]

Here is the blunt truth. Great leaders don't eliminate ambiguity. They engage with it. They treat ambiguity like a partner you've gotta dance with, not a foe to crush.

Ambiguity is a leadership signal  

When a situation is ambiguous, its telling you something. Its saying your models are incomplete, or your language isn't shared, or your team has gaps in context. Stanford researchers and communication experts have been talking about this recently: ambiguity often reflects a gap in the shared mental model across the team. If you're confused, your team probably is too. 

A lot of leadership texts treat ambiguity like an enemy of clarity. But thats backward. Ambiguity is the condition that demands sensemaking. Sensemaking is the real work. Its the pattern of dialogue and iteration that leads to shared understanding amid chaos. That means asking the hard questions out loud, not silently wishing for clarity.

If your team seems paralyzed, unclear, or checked out - it might not be them. It might be you.

Leaders model calm confusion  

Think about that phrase. Calm confusion. Leaders rarely say, "I don't know." Instead they hedge, hide, or overcommit. But leaders who effectively navigate ambiguity do speak up about what they don't know. Not to sound vulnerable in a soft way, but to anchor the discussion in reality. That model gives permission for others to explore unknowns without fear.

I once watched a director hold a 45-minute meeting to "gain alignment" without once stating the problem. Everyone left more confused than when they walked in. That’s not leadership. That's cover.

There is a delicate balance here. You don't turn every ambiguous situation into a therapy session. Instead, you create boundaries around confusion so the team knows where exploration stops and action begins. Good leaders hold this tension.

Move through ambiguity with frameworks, not polish  

Here is a practical bit. One common way to get stuck is treating decisions as if they're singular. But ambiguous situations usually contain clusters of decisions wrapped together. A good framework is to break the big, foggy problem into smaller, more combinable decisions. Clarify what is known, identify the assumptions you are making, and make provisional calls on the rest. Treat them like hypotheses to test, not laws of motion.

In cybersecurity, this looks like mapping your threat intel to scenarios where you know the facts, then isolating the areas of guesswork where your team can experiment or prepare contingencies. Its not clean. But it beats paralysis.

Teams learn differently under ambiguity  

If you have ever noticed that your best team members step up in times of clear crises, but shut down when the goals are vague, you're observing humans responding to ambiguity differently. Some thirst for structure. Others thrive in gray zones. As a leader, you want both. You shape the context so self starters can self start, and then you steward alignment so the whole group isnt pulling in four directions.

Theres a counterintuitive finding in team research: under certain conditions, ambiguity enables better collaborative decision making because the absence of a single voice forces people to share and integrate knowledge more deeply. But this only works when there is a shared understanding of the task and a culture of open exchange. 

Lead ambiguity, don't manage it  

Managing ambiguity sounds like you're trying to tighten it up, reduce it, or push it into a box. Leading ambiguity is different. It's about moving with the uncertainty. Encouraging experiments. Turning unknowns into learning loops. Recognizing iterative decision processes rather than linear ones.

And yes, that approach feels messy. Good. Leadership is messy. The only thing worse than ambiguity is false certainty. I've been in too many rooms where leaders pretended to know the answer, only to cost time, credibility, or talent. You can be confident without being certain. That's leadership.

But there's a flip side no one talks about.

Sometimes leaders use ambiguity as a shield. They stay vague, push decisions down the org, and let someone else take the hit if it goes sideways. I've seen this pattern more than once. Leaders who pass the fog downstream and call it empowerment. Except it's not. It's evasion. And it sets people up to fail.

Real leaders see ambiguity for what it is: a moment to step up and mentor. To frame the unknowns, offer scaffolding, and help others think through it with some air cover. The fog is a chance to teach — not disappear.

But the hard truth? Some leaders can't handle the ambiguity themselves. So they deflect. They repackage their own discomfort as a test of independence, when really they're just dodging responsibility. And sometimes, yeah, it feels intentional. They act like ambiguity builds character... but only because they're too insecure or inexperienced to lead through it.

The result is the same: good people get whiplash. Goals shift. Ownership blurs. Trust erodes. And the fog thickens.

There's research on this, too. It's called role ambiguity — when you're not clear on what's expected, what your job even is, or how success gets measured. People in those situations don't just get frustrated. They burn out. They overcompensate for silence. They stop trusting. And productivity tanks. It's not about needing a five-year plan. It's about needing a shared frame to work from. Leadership sets that tone.

Leading ambiguity means owning the fog, not outsourcing it.

Ambiguity isn't a one-off problem. It's a perpetual condition, especially in cybersecurity and executive realms where signals are weak and stakes are high. The real skill isn't clarity. It's resilience. The real job isn't prediction. It's navigation.

Lead through ambiguity by embracing the fog, not burying it. And definitely not dumping it on someone else.

When the fog rolls in, what kind of leader are you really?

#

Sources / Resources List

• VUCA definition and relevance: https://en.wikipedia.org/wiki/VUCA

• Communicating amid change and ambiguity: https://news.stanford.edu/stories/2025/06/ambiguity-leadership-communication-rob-siegel-think-fast-talk-smart/

• Breaking down decisions amid ambiguity: https://www.conversant.com/resources/leading-in-ambiguity-effective-decision-making-for-leaders/

• Ambiguity and team decision quality: https://pmc.ncbi.nlm.nih.gov/articles/PMC8236615/

• Role ambiguity and stress outcomes: https://pmc.ncbi.nlm.nih.gov/articles/PMC5767326/

• Ambiguity, leadership behavior, and burnout: https://www.mdpi.com/2076-3387/15/11/424

• Leader ambiguity tolerance and follower performance: https://www.researchgate.net/publication/356021331_Leader_Tolerance_of_Ambiguity_Implications_for_Follower_Performance_Outcomes_in_High_and_Low_Ambiguous_Work_Situations

The post Leading Through Ambiguity: Decision-Making in Cybersecurity Leadership appeared first on Security Boulevard.