Security Boulevard

Learn how to create and automate an AI BOM.

The post What is an AI Bill of Materials (AI BOM)? appeared first on Security Boulevard.

ManagedMethods recently hosted a webinar on one of the most pressing issues in K–12 cybersecurity: phishing. While schools have been targets for years, 2025 feels different. Attackers are evolving faster than ever, and traditional email security filters are falling behind. The upside? AI-powered defenses are emerging to give districts a fighting chance. Here’s a recap ...

The post Phishing in 2025: Smarter Threats, Smarter Defense appeared first on ManagedMethods Cybersecurity, Safety & Compliance for K-12.

The post Phishing in 2025: Smarter Threats, Smarter Defense appeared first on Security Boulevard.

There’s never been more data available about people and organizations. Yet, paradoxically, the overwhelming volume of that data can obscure the very truths security professionals are trying to uncover. In a landscape shaped by automation, AI, and surface-level scans, the need for human-powered due diligence hasn’t diminished; it’s grown. While automated tools are invaluable for..

The post Your Digital Shadow: Why Human-Powered Due Diligence Still Matters in the Age of Data Overload appeared first on Security Boulevard.

Creator, Author and Presenter: Simon Wijckmans

Our deep appreciation to Security BSides - San Francisco and the Creators, Authors and Presenters for publishing their BSidesSF 2025 video content on YouTube. Originating from the conference’s events held at the lauded CityView / AMC Metreon - certainly a venue like no other; and via the organization's YouTube channel.

Additionally, the organization is welcoming volunteers for the BSidesSF Volunteer Force, as well as their Program Team & Operations roles. See their succinct BSidesSF 'Work With Us' page, in which, the appropriate information is to be had!

Permalink

The post BSidesSF 2025: How To Pull Off A Near Undetectable DDoS Attack (And How To Stop It) appeared first on Security Boulevard.

In cybersecurity, timing is everything. Threats don’t wait for quarterly analyst updates, and adversaries don’t schedule their attacks to match publication calendars. We live in a world where zero-days drop overnight, AI-powered phishing campaigns spin up in hours, and ransomware operators pivot their tactics daily. In this kind of environment, static analyst reports are less..

The post Futurum Signal is Live: Real-Time Intelligence for Cyber Defenders appeared first on Security Boulevard.

via the cosmic humor & dry-as-the-desert wit of Randall Munroe, creator of XKCD

Permalink

The post Randall Munroe’s XKCD ‘Snake-In-The-Box Problem’ appeared first on Security Boulevard.

AuthZed today unfurled a self-service edition of its platform for managing infrastructure authorizations that can be deployed in a cloud computing environment. Company CEO Jake Moshenko said this AuthZed Cloud option will make it simpler for some organizations to comply with various data sovereignty requirements that may require them to deploy an edition of AuthZed..

The post AuthZed Adds Cloud Edition of Infrastructure Authorization Platform appeared first on Security Boulevard.

As agentic AI blends into malicious traffic, Authenticating AI Agents with cryptographic signatures is becoming the only scalable way to separate trusted bots from imposters.

The post Signed, Sealed, and Delivered: The Case for Authenticating AI Agents appeared first on Security Boulevard.

Frankfurt am Main, Germany, 20th August 2025, CyberNewsWire

The post Link11 Highlights Growing Cybersecurity Risks and Introduces Integrated WAAP Protection Platform appeared first on Security Boulevard.

Creator, Author and Presenter: Breanne Boland

Our deep appreciation to Security BSides - San Francisco and the Creators, Authors and Presenters for publishing their BSidesSF 2025 video content on YouTube. Originating from the conference’s events held at the lauded CityView / AMC Metreon - certainly a venue like no other; and via the organization's YouTube channel.

Additionally, the organization is welcoming volunteers for the BSidesSF Volunteer Force, as well as their Program Team & Operations roles. See their succinct BSidesSF 'Work With Us' page, in which, the appropriate information is to be had!

Permalink

The post BSidesSF 2025: Threat Modeling Meets Model Training: Web App Security Skills For AI appeared first on Security Boulevard.

Discover insights from The Elephant in AppSec episode with Jyoti Raval

The post The Future of Pentesting: Can AI Replace Human Expertise? ⎥ Jyoti Raval appeared first on Security Boulevard.

Security researchers have confirmed that a recent wave of cyberattacks is exploiting a critical vulnerability in Apache ActiveMQ, allowing attackers to compromise Linux servers and install long-term persistence tools. The attackers are not only gaining access through a known remote code execution flaw but are also patching the vulnerability afterward to cover their tracks. The […]

The post Apache ActiveMQ Breach Reveals Unusual Attacker Behavior appeared first on Centraleyes.

The post Apache ActiveMQ Breach Reveals Unusual Attacker Behavior appeared first on Security Boulevard.

A survey of 370 IT and cybersecurity decision makers in organizations with at least 100 employees published today finds, on average, enterprise IT organizations are spending 11 person-hours investigating and remediating each critical identity-related security alert. Conducted by Enterprise Strategy Group (ESG) on behalf of Teleport, a provider of a platform for securing access to..

The post Survey: Enterprise IT Teams Spend 11 Hours Investigating Identity Incidents appeared first on Security Boulevard.

The post Medusa Ransomware: How to Break the Kill Chain Before It Starts appeared first on Votiro.

The post Medusa Ransomware: How to Break the Kill Chain Before It Starts appeared first on Security Boulevard.

The release of a new KuppingerCole Leadership Compass is always a significant event for the cybersecurity industry, offering a vendor-neutral view of the market's current state. The 2025 edition, focusing on API Security and Management, is critical as it arrives at a pivotal moment for technology. It clearly presents a fact many organizations are just beginning to understand: the crucial connection between the rise of Artificial Intelligence and the necessity for robust API security.

This is the first part of a three-installment blog series highlighting the main findings of this landmark report. In this post, we will emphasize its core theme: the interconnected and vulnerable relationship between AI and APIs.

In the new KuppingerCole report, analyst Alexei Balaganski explains that APIs have evolved far beyond simple technical tools; they now orchestrate business logic and drive automation across the entire enterprise. The rise of artificial intelligence has supercharged this trend. The analysts present a key finding that establishes the modern relationship between these technologies: "APIs are the backbone of Al: Every LLM integration, agentic Al workflow, or autonomous decision system depends on API calls". This fundamental shift means that APIs no longer just support business operations—they now actively define them.

This deep, API-driven integration introduces a significant and high-stakes attack surface. The report issues a stark warning about this new reality, explaining that any effort to secure an AI model itself is ultimately ineffective if its underlying connections are vulnerable. As the analyst puts it, protecting a model "is futile if the APIs that interface with those models are left unguarded". This vulnerability exposes organizations to a new class of AI-related threats, including prompt injection and data exfiltration, which are often executed through sophisticated business logic attacks that exploit an API's intended functionality to bypass traditional defenses.

This challenge is precisely what Salt Security was created to address. Our platform aims to look beyond common vulnerabilities and understand the specific logic and context of each API. KuppingerCole highlights our “patented AI/ML engine”, which it says “differentiates between benign anomalies and actual attacks with a claimed 92% intent accuracy”. This capability is essential for identifying sophisticated, low and slow attacks targeting business logic, which AI-driven threats often exploit.

The report also supports our strategic approach, noting Salt's early efforts in AI security by providing protections against prompt injection and other threats specific to LLMs. As you develop your AI strategy, securing the APIs that connect these advanced models to your vital data is not just recommended; it’s essential.

With an understanding of the AI-driven threat landscape, our next post will explore what it takes to lead in this challenging area and why KuppingerCole recognized Salt Security as a clear Overall Leader.

The insights from the KuppingerCole report provide a clear roadmap for navigating this new, AI-driven threat landscape. To see the full, independent analysis and understand why Salt Security was named an Overall Leader, download your complimentary copy of the report today. And when you’re ready to move from strategy to action, we invite you to take the next step with our free, personalized API Attack Surface Assessment to discover and prioritize the specific risks within your own environment.

The post The New Frontier: Why You Can’t Secure AI Without Securing APIs appeared first on Security Boulevard.

Technology can’t fix the biggest cybersecurity threat — people. Human risk management uses behavioral data, targeted interventions, and measurable outcomes to turn the workforce from weakest link to strongest defense.

The post Apply Human-Centric Cybersecurity to Solve the Unpatchable Threat appeared first on Security Boulevard.

Learn about implementing robust enterprise security controls within cloud workspaces. Cover identity management, data protection, and endpoint security for platforms like Google Workspace.

The post Enterprise Security Controls in Cloud Workspaces appeared first on Security Boulevard.

Learn how to create effective enrollment policies for passwordless authentication, covering user groups, risk assessment, conditional access, and best practices for a secure transition.

The post Enrollment Policies for Passwordless Authentication appeared first on Security Boulevard.

Discover how passwordless authentication enhances payment integration security, reduces fraud risks, and improves customer experience.

The post How Passwordless Authentication Can Fortify Your Payment Integration Services appeared first on Security Boulevard.

The quantum cliff is coming. Q-Day is the point in time when quantum computers become powerful enough to break most data encryption. It is inevitable that legacy algorithms will be undermined and the race is on to proactively migrate to modern tools to protect sensitive data.

In our latest episode of Cybersecurity Insights, I sat down with Michael Fasulo from Commvault to discuss the need and transition to Post-Quantum Cryptography (PQC) standards.

- The universal risks of advancements in quantum computers to undermine current and long-term data security

- Why timing is key to migrate to Post-Quantum Cryptography capabilities before attackers achieve an advantage.

- The challenges that technology and security companies have in successfully migrating to Post-Quantum Cryptography.

- Why organizations should hold vendors responsible for providing secure, user-friendly solutions without additional costs.

- The importance of cryptography agility, allowing organizations to adapt quickly to evolving threats and maintain robust security measures.

Discover how these new algorithms are set to safeguard sensitive data against emerging threats and why crypto agility is essential for future-proofing your security strategy.

Join the conversation and learn how to navigate the complexities of this quantum future.

Sponsored by Commvault

Follow Matthew on LinkedIn: https://www.linkedin.com/in/matthewrosenquist/

Visit Cybersecurity Insights at https://www.cybersecurityinsights.us

Subscribe to the Cybersecurity Insights channel: https://www.youtube.com/CybersecurityInsights

The post Defending Enterprise Data Against Quantum Encryption Attacks appeared first on Security Boulevard.