In a nod to the evolving threat landscape that comes with cloud computing and AI and the growing supply chain threats, Microsoft is broadening its bug bounty program to reward researchers who uncover threats to its users that come from third-party code, like commercial and open source software,

The post Microsoft Expands its Bug Bounty Program to Include Third-Party Code appeared first on Security Boulevard.

As they work to fend off the rapidly expanding number of attempts by threat actors to exploit the dangerous React2Shell vulnerability, security teams are learning of two new flaws in React Server Components that could lead to denial-of-service attacks or the exposure of source code.

The post React Fixes Two New RSC Flaws as Security Teams Deal with React2Shell appeared first on Security Boulevard.

Cybersecurity startup Aisle discovered a subtle but dangerous coding error in a Firefox WebAssembly implementation sat undetected for six months despite being shipped with a regression testing capability created by Mozilla to find such a problem.

The post Undetected Firefox WebAssembly Flaw Put 180 Million Users at Risk appeared first on Security Boulevard.

A new iteration of the Shai-Hulud malware that ran through npm repositories in September is faster, more dangerous, and more destructive, creating huge numbers of malicious repositories, compromised scripts, and GitHub users attacked, creating one of the most significant supply chain attacks this year.

The post The Latest Shai-Hulud Malware is Faster and More Dangerous appeared first on Security Boulevard.

Discover what’s changed in the OWASP 2025 Top 10 and how GitGuardian helps you mitigate risks like broken access control and software supply chain failures.

The post OWASP Top 10 2025 Updates: Supply Chain, Secrets, And Misconfigurations Take Center Stage appeared first on Security Boulevard.

Learn how to implement risk-based authorization for enhanced security in identity and access management. Protect your applications from unauthorized access and data breaches.

The post Comprehensive Guide to Risk-Based Authorization for Identity and Access Management appeared first on Security Boulevard.

Explore qualified digital certificates, their role in authentication, and how they bolster security in software development. Understand the technical and legal aspects.

The post An Overview of Qualified Digital Certificates appeared first on Security Boulevard.

Open source components form the backbone of innovation, but they also introduce significant security risks.

The post Stop Open Source Malware at the Gate with Repository Firewall appeared first on Security Boulevard.

As AI agents become integral to cloud native applications, the Model Context Protocol (MCP) has emerged as a leading standard for enabling these agents to interact with external tools and data sources. But with this new architectural pattern comes a critical security challenge: MCP-based systems require protection at three distinct layers, not just one. The..

The post Defense in Depth for AI: The MCP Security Architecture You’re Missing appeared first on Security Boulevard.

Twilio acquiring Stytch signals a major shift in developer CIAM. I've analyzed 20+ platforms—from Descope to Keyclock—to show you which deliver on Auth0's promise without the lock-in. OpenID standards, AI agent auth, and what actually matters when choosing your identity platform.

The post The Twilio-Stytch Acquisition: A Watershed Moment for Developer-First CIAM appeared first on Security Boulevard.

So long and thanks for all the fish: Peter Williams admits to selling unpatched iPhone bugs to a shady Russian broker.

The post US Defense Contractor Boss Sold Zero Days to Russia — Cops a Plea appeared first on Security Boulevard.

AdaptixC2, a legitimate and open red team tool used to assess an organization's security, is being repurposed by threat actors for use in their malicious campaigns. Threat researchers with Silent Push have linked the abuse of the technology back to a Russian-speaking bad actor who calls himself "RalfHacker."

The post Threat Actors Weaponizing Open Source AdaptixC2 Tied to Russian Underworld appeared first on Security Boulevard.

Learn how AI-powered SOC operations process 1M+ alerts daily, investigate 100% of threats, and shrink Time to Close from hours to minutes.

The post How MSSPs Achieve Exponential SOC Performance With Morpheus AI appeared first on D3 Security.

The post How MSSPs Achieve Exponential SOC Performance With Morpheus AI appeared first on Security Boulevard.