In a nod to the evolving threat landscape that comes with cloud computing and AI and the growing supply chain threats, Microsoft is broadening its bug bounty program to reward researchers who uncover threats to its users that come from third-party code, like commercial and open source software,

The post Microsoft Expands its Bug Bounty Program to Include Third-Party Code appeared first on Security Boulevard.

As they work to fend off the rapidly expanding number of attempts by threat actors to exploit the dangerous React2Shell vulnerability, security teams are learning of two new flaws in React Server Components that could lead to denial-of-service attacks or the exposure of source code.

The post React Fixes Two New RSC Flaws as Security Teams Deal with React2Shell appeared first on Security Boulevard.

Bad actors that include nation-state groups to financially-motivated cybercriminals from across the globe are targeting the maximum-severity but easily exploitable React2Shell flaw, with threat researchers see everything from probes and backdoors to botnets and cryptominers.

The post Attackers Worldwide are Zeroing In on React2Shell Vulnerability appeared first on Security Boulevard.

Alan breaks down why Israeli cybersecurity isn’t just booming—it’s entering a full-blown renaissance, with record funding, world-class talent, and breakout companies redefining the global cyber landscape.

The post An Inside Look at the Israeli Cyber Scene appeared first on Security Boulevard.

HP’s latest threat report reveals rising use of sophisticated social engineering, SVG-based attacks, fake software updates, and AI-enhanced malware as cybercriminals escalate tactics to evade detection.

The post Report Surfaces Multiple Novel Social Engineering Tactics and Techniques appeared first on Security Boulevard.

The U.S. National Institute of Standards and Technology (NIST) is building a taxonomy of attack and mitigations for securing artificial intelligence (AI) agents. Speaking at the AI Summit New York conference, Apostol Vassilev, a research team supervisor for NIST, told attendees that the arm of the U.S. Department of Commerce is working with industry partners..

The post NIST Plans to Build Threat and Mitigation Taxonomy for AI Agents appeared first on Security Boulevard.

The cybersecurity world loves a simple solution to a complex problem, and Gartner delivered exactly that with its recent advisory: “Block all AI browsers for the foreseeable future.” The esteemed analyst firm warns that agentic browsers—tools like Perplexity’s Comet and OpenAI’s ChatGPT Atlas—pose too much risk for corporate use. While their caution makes sense given..

The post Gartner’s AI Browser Ban: Rearranging Deck Chairs on the Titanic appeared first on Security Boulevard.

OWASP unveils its GenAI Top 10 threats for agentic AI, plus new security and governance guides, risk maps, and a FinBot CTF tool to help organizations secure emerging AI agents.

The post OWASP Project Publishes List of Top Ten AI Agent Threats appeared first on Security Boulevard.

Noma Security today revealed it has discovered a vulnerability in the enterprise edition of Google Gemini that can be used to inject a malicious prompt that instructs an artificial intelligence (AI) application or agent to exfiltrate data. Dubbed GeminiJack, cybercriminals can use this vulnerability to embed a malicious prompt in, for example, a Google Doc..

The post Indirect Malicious Prompt Technique Targets Google Gemini Enterprise appeared first on Security Boulevard.

The exploitation efforts by China-nexus groups and other bad actors against the critical and easily abused React2Shell flaw in the popular React and Next.js software accelerated over the weekend, with threats ranging from stolen credentials and initial access to downloaders, crypto-mining, and the NoodleRat backdoor being executed.

The post Exploitation Efforts Against Critical React2Shell Flaw Accelerate appeared first on Security Boulevard.

TransUnion today added an ability to create digital fingerprints without relying on cookies that identify, in real time, risky devices and other hidden anomalies to its Device Risk service for combatting fraud. Clint Lowry, vice president of global fraud solutions at TransUnion, said these capabilities extend a service that makes use of machine learning models..

The post TransUnion Extends Ability to Detect Fraudulent Usage of Devices appeared first on Security Boulevard.

Nudge Security today extended the scope of its namesake security and governance platform to monitor sensitive data shared via uploads and integrations with an artificial intelligence (AI) service, in addition to now being able to identify individuals sharing that data by department or the specific tools used. In addition, Nudge Security is now making it..

The post Nudge Security Extends Ability to Secure Data in the AI Era appeared first on Security Boulevard.

The Washington Post last month reported it was among a list of data breach victims of the Oracle EBS-related vulnerabilities, with a threat actor compromising the data of more than 9,700 former and current employees and contractors. Now, a former worker is launching a class-action lawsuit against the Post, claiming inadequate security.

The post Ex-Employee Sues Washington Post Over Oracle EBS-Related Data Breach appeared first on Security Boulevard.

Chinese-sponsored groups are using the popular Brickstorm backdoor to access and gain persistence in government and tech firm networks, part of the ongoing effort by the PRC to establish long-term footholds in agency and critical infrastructure IT environments, according to a report by U.S. and Canadian security offices.

The post China Hackers Using Brickstorm Backdoor to Target Government, IT Entities appeared first on Security Boulevard.

CrowdStrike deepens its AWS partnership with automated Falcon SIEM configuration, AI security capabilities, EventBridge integrations and new MSSP-focused advancements.

The post CrowdStrike Extends Scope of AWS Cybersecurity Alliance appeared first on Security Boulevard.

Security and developer teams are scrambling to address a highly critical security flaw in frameworks tied to the popular React JavaScript library. Not only is the vulnerability, which also is in the Next.js framework, easy to exploit, but React is widely used, including in 39% of cloud environments.

The post Dangerous RCE Flaw in React, Next.js Threatens Cloud Environments, Apps appeared first on Security Boulevard.

Amazon Web Services (AWS) this week made an AWS Security Hub for analyzing cybersecurity data in near real time generally available, while at the same time extending the GuardDuty threat detection capabilities it provides to the Amazon Elastic Compute Cloud (Amazon EC2) and Amazon Elastic Container Service (Amazon ECS). Announced at the AWS re:Invent 2025..

The post AWS Adds Bevy of Tools and Capilities to Improve Cloud Security appeared first on Security Boulevard.

A threat group dubbed ShadyPanda exploited traditional extension processes in browser marketplaces by uploading legitimate extensions and then quietly weaponization them with malicious updates, infecting 4.3 million Chrome and Edge users with RCE malware and spyware.

The post ShadyPanda’s Years-Long Browser Hack Infected 4.3 Million Users appeared first on Security Boulevard.

Cybersecurity startup Aisle discovered a subtle but dangerous coding error in a Firefox WebAssembly implementation sat undetected for six months despite being shipped with a regression testing capability created by Mozilla to find such a problem.

The post Undetected Firefox WebAssembly Flaw Put 180 Million Users at Risk appeared first on Security Boulevard.

ServiceNow Inc. announced on Tuesday plans to acquire Veza in a move aimed at fortifying security for identity and access management. The acquisition will integrate Veza’s technology into ServiceNow’s Security and Risk portfolios, helping organizations monitor and control access to critical data, applications, systems, and artificial intelligence (AI) tools. The deal comes as businesses increasingly..

The post ServiceNow to Acquire Identity Security Firm Veza appeared first on Security Boulevard.

Organizations are racing to implement autonomous artificial intelligence (AI) agents across their operations, but a sweeping new study reveals they’re doing so without adequate security frameworks, creating what researchers call “the unsecured frontier of autonomous operations.” The research, released Tuesday by Enterprise Management Associates (EMA), surveyed 271 IT, security, and identity and access management (IAM)..

The post Security Gap Widens as Organizations Rush to Deploy AI Agents Without Proper Identity Controls appeared first on Security Boulevard.

The Cybersecurity Coalition, an industry group of almost a dozen vendors, is urging the Trump Administration and Congress now that the government shutdown is over to take a number of steps to strengthen the country's cybersecurity posture as China, Russia, and other foreign adversaries accelerate their attacks.

The post Cybersecurity Coalition to Government: Shutdown is Over, Get to Work appeared first on Security Boulevard.

The FBI says that account takeover scams this year have resulted in 5,100-plus complaints in the U.S. and $262 million in money stolen, and Bitdefender says the combination of the growing number of ATO incidents and risky consumer behavior is creating an increasingly dangerous environment that will let such fraud expand.

The post FBI: Account Takeover Scammers Stole $262 Million this Year appeared first on Security Boulevard.

The Russian state-sponsored group behind the RomCom malware family used the SocGholish loader for the first time to launch an attack on a U.S.-based civil engineering firm, continuing its targeting of organizations that offer support to Ukraine in its ongoing war with its larger neighbor.

The post Russian-Backed Threat Group Uses SocGholish to Target U.S. Company appeared first on Security Boulevard.

Alan reflects on a turbulent year in DevSecOps, highlighting the rise of AI-driven security, the maturing of hybrid work culture, the growing influence of platform engineering, and the incredible strength of the DevSecOps community — while calling out the talent crunch, tool sprawl and security theater the industry must still overcome.

The post What I’m Thankful for in DevSecOps This Year: Living Through Interesting Times appeared first on Security Boulevard.

A new iteration of the Shai-Hulud malware that ran through npm repositories in September is faster, more dangerous, and more destructive, creating huge numbers of malicious repositories, compromised scripts, and GitHub users attacked, creating one of the most significant supply chain attacks this year.

The post The Latest Shai-Hulud Malware is Faster and More Dangerous appeared first on Security Boulevard.

Radware has developed a firewall for large language models (LLMs) that ensures governance and security policies are enforced in real time. Provided as an add-on to the company’s Cloud Application Protection Services, Radware LLM Firewall addresses the top 10 risks and mitigations for LLMs and generative artificial intelligence (AI) applications defined by the OWASP GenAI..

The post Radware Adds Firewall for LLMs to Security Portfolio appeared first on Security Boulevard.

Huntress threat researchers are tracking a ClickFix campaign that includes a variant of the scheme in which the malicious code is hidden in the fake image of a Windows Update and, if inadvertently downloaded by victims, will deploy the info-stealing malware LummaC2 and Rhadamanthys.

The post Attackers are Using Fake Windows Updates in ClickFix Scams appeared first on Security Boulevard.

Tycoon 2FA proves that the old promises of “strong MFA” came with fine print all along: when an attacker sits invisibly in the middle, your codes, pushes, and one-time passwords become their codes, pushes, and one-time passwords too. Tycoon 2FA: Industrial-Scale Phishing Comes of Age Tycoon 2FA delivers a phishing-as-a-service kit that hands even modestly..

The post The Death of Legacy MFA and What Must Rise in Its Place appeared first on Security Boulevard.

SitusAMC, a services provider with clients like JP MorganChase and Citi, said its systems were hacked and the data of clients and their customers possibly compromised, sending banks and other firms scrambling. The data breach illustrates the growth in the number of such attacks on third-party providers in the financial services sector.

The post Hack of SitusAMC Puts Data of Financial Services Firms at Risk appeared first on Security Boulevard.

Agencies with the US and other countries have gone hard after bulletproof hosting services providers this month, including Media Land, Hypercore, and associated companies and individuals, while the FiveEyes threat intelligence alliance published BPH mitigation guidelines for ISPs, cloud providers, and network defenders.

The post U.S., International Partners Target Bulletproof Hosting Services appeared first on Security Boulevard.

An attack on the app of CRM platform-provider Gainsight led to the data of hundreds of Salesforce customers being compromised, highlighting the ongoing threats posed by third-party software in SaaS environments and illustrating how one data breach can lead to others, cybersecurity pros say.

The post Salesforce: Some Customer Data Accessed via Gainsight Breach appeared first on Security Boulevard.

The SEC dismissed the remain charges in the lawsuit filed in 2023 against software maker SolarWinds and CISO Timothy Brown in the wake of the massive Sunburst supply chain attack, in which a Russian nation-state group installed a malicious update into SolarWInds software that then compromised the systems of some customers.

The post SEC Dismisses Remains of Lawsuit Against SolarWinds and Its CISO appeared first on Security Boulevard.

Inaugural awards celebrate the pioneers turning quantum’s promise into real-world impact, bridging theory and practice in the next era of secure computing  Boca Raton, FL, November 20, 2025 — Techstrong Group, in collaboration with DigiCert, today announced the launch of Quantum Security 25, a new awards program recognizing the top 25 most influential people in..

The post Techstrong Group and DigiCert Unveil the “Quantum Security 25” to Spotlight Leaders Shaping the Future of Quantum Security appeared first on Security Boulevard.

Palo Alto Networks Inc. announced Wednesday it will acquire Chronosphere, a next-generation observability platform designed for artificial intelligence (AI) workloads, in a $3.35 billion deal combining cash and replacement equity awards. The acquisition, pending regulatory approval, is expected to close in the second half of Palo Alto Networks’ fiscal 2026. The move represents the cybersecurity..

The post Palo Alto Networks to Acquire AI Observability Platform Chronosphere for $3.35 Billion appeared first on Security Boulevard.

Four U.S. citizens and a Ukrainian national pleaded guilty to their roles in a North Korean IT worker scam that victimized more than 135 U.S. companies and netted more than $2.2 million for the DPRK regime and is military and weapons programs.

The post 4 U.S. Citizens, Ukrainian Plead Guilty in N. Korea IT Worker Scheme appeared first on Security Boulevard.

Microsoft mitigated what it called a record-breaking DDoS attack by bad actor using the Aisuru botnet, a collection of about 300,000 infected IoT devices. The size of the attack and the botnet used in it is the latest example of a DDoS environment that continues to scale in pace with the internet.

The post Microsoft Fends Off Massive DDoS Attack by Aisuru Botnet Operators appeared first on Security Boulevard.

Unlike conventional IT systems—with bounded entry points, predictable patch cycles, and known vulnerabilities—large language models (LLMs) and next-generation AI agents create an attack surface so broad, dynamic, and interconnected that comprehensively mapping or policing it becomes nearly impossible. Every new integration, plugin, RAG pipeline, or deployment scenario multiplies exposure: AI systems undergo constant updates and..

The post When Machines Attack Machines: The New Reality of AI Security appeared first on Security Boulevard.

Google is suing the Smishing Triad group behind the Lighthouse phishing-as-a-service kit that has been used over the past two years to scam more than 1 million people around the world with fraudulent package delivery or EZ-Pass toll fee messages and stealing millions of credit card numbers. Google also is backing bills in Congress to address the threat.

The post Google Uses Courts, Congress to Counter Massive Smishing Campaign appeared first on Security Boulevard.

The intrusion a year ago into Conduent Business Solutions' systems, likely by the SafePay ransomware group, that affected more than 10.5 individuals will likely cost the company more than $50 million in related expenses and millions more to settle the lawsuits that are piling up.

The post Conduent Faces Financial Hit, Lawsuits from Breach Affecting 10.5 Million appeared first on Security Boulevard.

AI vendor Anthropic says a China-backed threat group used the agentic capabilities in its Claude AI model to automate as much as 90% of the operations in a info-stealing campaign that presages how hackers will used increasingly sophisticated AI capabilities in future cyberattacks.

The post Anthropic Claude AI Used by Chinese-Back Hackers in Spy Campaign appeared first on Security Boulevard.

Commvault today extended the reach and scope of its data protection portfolio as part of an effort to enable IT organizations to achieve and maintain resiliency. Announced at its SHIFT 2025 event, these additions are part of a Commvault Cloud Unity platform that now makes it simpler to backup and recover workloads running in multiple..

The post Commvault Extends AI Ability to Ensure Cyber Resilience appeared first on Security Boulevard.

Intel is suing a former employee who the chipmaker claims downloaded almost 18,000 corporate files days before leaving the company. The software engineer was told he was being let go effective July 31, likely part of Intel's larger effort to shed 15% of its workforce.

The post Intel Sues Ex-Employee It Claims Stole 18,000 Company Files appeared first on Security Boulevard.

The days of human analysts manually sorting through endless security alerts are numbered. By 2028, artificial intelligence (AI) agents will handle 80% of that work in most security operations centers worldwide, according to a new IDC report. But while AI promises to revolutionize defense, it’s also supercharging the attackers. IDC predicts that by 2027, 80%..

The post Your Security Team Is About to Get an AI Co-Pilot — Whether You’re Ready or Not: Report appeared first on Security Boulevard.

AI agents are increasingly being used to search the web, making traditional bot mitigation systems inadequate and opening the door for malicious actors to develop and deploy bots that impersonate legitimate agents from AI vendors to launch account takeover and financial fraud attacks.

The post Radware: Bad Actors Spoofing AI Agents to Bypass Malicious Bot Defenses appeared first on Security Boulevard.

Spektrum Labs is providing early access to a platform that enables cybersecurity and IT teams to mathematically prove they have achieved cyber resilience. Company CEO J.J. Thompson said the Spektrum Fusion platform makes use of cryptographic proofs to validate whether statements made about resilience are indeed true. The output from those mathematical algorithms provides the..

The post Spektrum Labs Previews Cryptographic Platform for Proving Cyber Resilience appeared first on Security Boulevard.

The security research team at JFrog, a provider of a platform for building and deploying software, have discovered a critical vulnerability in a node package manager (NPM) found in tools used by application developers that enable unauthenticated attackers to remotely trigger arbitrary operating system commands by sending a post request to a Metro server used..

The post JFrog Uncovers Severe React Vulnerability Threat to Software Supply Chains appeared first on Security Boulevard.

A global survey of 1,773 C-level executives, security professionals and security and technical directors finds nearly all (95%) are confident in their ability to recover from a ransomware attack. Conducted by OpenText, the survey also notes that 40% of respondents said their organization experienced a ransomware attack in the past year, with nearly half hit..

The post Survey: Organizations Are Too Confident in Their Cyber Resiliency appeared first on Security Boulevard.

A survey of 400 cybersecurity leaders in the U.S. and United Kingdom published today finds all respondents reporting that AI tools are now generating code in their organization’s code base, with just under a third now seeing those tools being used to generate most of the code being created. Commissioned by Cycode, a provider of..

The post Survey: Cybersecurity Leaders Much More Concerned About AI Generated Code appeared first on Security Boulevard.

Two former cybersecurity pros were indicted with conspiring with a third unnamed co-conspirator of using the high-profile BlackCat ransomware to launch attacks in 2023 against five U.S. companies to extort payment in cryptocurrency and then splitting the proceeds.

The post Security Experts Charged with Launching BlackCat Ransomware Attacks appeared first on Security Boulevard.