Learn how to secure MCP node clusters using post-quantum decentralized policy enforcement points. Protect AI infrastructure from quantum threats and tool poisoning.
The post Post-Quantum Decentralized Policy Enforcement Points in MCP Node Clusters appeared first on Security Boulevard.
87% of enterprises are deploying passkeys. This complete playbook covers architecture decisions, enrollment UX, recovery design, and the deployment strategies that drove eBay's 102% adoption increase and HubSpot's 4x faster logins.
The post Passkeys at Scale: The Complete Enterprise Deployment Playbook 2026 appeared first on Security Boulevard.
Are You Confident in Your Enterprise’s Secrets Vaulting Strategy? Emerging threats and cybersecurity challenges have spurred organizations to reconsider their approach to managing machine identities, especially those categorized where Non-Human Identities (NHIs). By examining the lifecycle management of NHIs and their secrets, enterprises can establish a robust security framework that addresses the needs of various […]
The post Why should enterprises be certain about secrets vaulting appeared first on Entro.
The post Why should enterprises be certain about secrets vaulting appeared first on Security Boulevard.
How Can DevOps Teams Enhance Security with Automated Configurations? What are some of the biggest security challenges facing DevOps teams? When organizations shift towards cloud-native environments, the role of machine identities, particularly Non-Human Identities (NHIs), becomes increasingly critical in securing sensitive data. With the proliferation of automated systems, managing these identities is not just an […]
The post Are DevOps teams supported by automated configurations appeared first on Entro.
The post Are DevOps teams supported by automated configurations appeared first on Security Boulevard.
How Can Non-Human Identities (NHIs) Foster Stable and Secure Cloud Environments? Are your cloud environments as secure as they should be, or are unseen vulnerabilities putting your organization at risk? Where digital threats are more sophisticated than ever, managing Non-Human Identities (NHIs) and Secrets Security is vital for maintaining robust security postures. NHIs are pivotal […]
The post How stable are AI-driven workflows in high-stress environments appeared first on Entro.
The post How stable are AI-driven workflows in high-stress environments appeared first on Security Boulevard.
A newly disclosed critical vulnerability in the widely used pac4j authentication framework is drawing attention across the open source community. Tracked as CVE-2026-29000, the flaw affects the pac4j-jwt library, which is commonly pulled in as a dependency by many popular Java authentication stacks, and could allow attackers to bypass authentication controls in affected Java applications.
The post pac4j CVE-2026-29000: Sonatype Finds 18 Additional Packages appeared first on Security Boulevard.
In the wake of Operation Epic Fury, digital attacks have shifted from quiet espionage to a loud, coordinated campaign of economic and physical retaliation. In response, the Tenable Research Special Operations (RSO) team is examining the latest threats and cyber operations linked to Iranian threat actors.
Key takeaways:Following the February 28 military operations conducted by the United States and Israel known as Operation Epic Fury, Tenable’s RSO team released a blog post examining Iranian-linked threat actors and their operational focus. As ongoing kinetic strikes have continued to target Iranian leadership and infrastructure, Iranian threat actor activity has surged into a coordinated, hybrid offensive targeting Western, Israeli and regional economic and critical infrastructure.
AnalysisRecently Ministry of Intelligence and Security (MOIS) affiliated groups have significantly escalated their operations, shifting from espionage to disruptive and destructive campaigns. MuddyWater and the Void Manticore persona known as Handala are two groups which have seen an increased level of malicious activity surrounding the recent military operations in Iran.
From silt to strike: How MuddyWater weaponized pre-positioned access
MuddyWater, also known as Seedworm and additional aliases, is a MOIS affiliated actor known for targeting telecommunications and government organizations. The group is well known for gaining initial access to victim networks, often acting as an initial-access broker. Recent reporting indicates that the group infiltrated U.S. and Israeli infrastructure weeks prior to the military operations conducted as part of Operation Epic Fury. According to Symantec, a U.S bank, software company, airport and non-government organizations in both the U.S. and Canada were targeted. These attacks uncovered a previously unknown backdoor known as Dindoor, and a Python backdoor known as Fakeset.
Additional targeting by MuddyWater includes a campaign tracked by Group-IB known as Operation Olalampo. The campaign observed in late January included targeting across the Middle East and North Africa (MENA) region, where multiple malware variants attributed to MuddyWater were identified. This included the use of a Telegram bot used as a command and control (C2) channel.
The Handala hand-off: From silent espionage to wiping the slate clean
The Void Manticore persona known as Handala specializes in destructive attacks, often wiping data from compromised hosts. They frequently collaborate with initial access brokers (IAB) in a tag-team approach, taking control of victim networks to deploy custom wipers like the BiBi Wiper and Cl Wiper after the IAB group has exfiltrated data from the victim.
On March 11, Handala posted to Telegram, claiming an attack on the global medical technology company Stryker. The group claims to have erased data on more than 200,000 systems, including mobile devices. While a root-cause is unknown, reports suggest that the wipe attack on the mobile devices may have been the result of compromising Stryker’s Microsoft Intune instance. Handala also claims to have stolen 50 terabytes of data and defaced Microsoft Entra login pages with their logo as part of their attack on Stryker.
Despite widespread internet blackouts at the onset of the initial strikes in February, Handala has been observed using Starlink IP ranges in order to bypass Iran's internet blackout and allowing them to maintain C2 infrastructure.
State intent, criminal consent: Analyzing the MOIS-Cyber crime alliances
Recent reporting from Check Point points to Iran-linked actors engaging with and operating under the veil of other cyber criminals. In one instance, MuddyWater was likely using the infrastructure provided by Qilin, the well known ransomware-as-a-service (RaaS) operator, in order to conduct attacks targeting Israeli hospitals. Using cyber crime and hacktivism as cover for destructive activity gives the attackers a layer of cover and plausible deniability. Attribution of attacks has always been tricky to pinpoint, but these tactics and reliance on criminal infrastructure make attribution even more difficult, providing greater chances of anonymity in their attacks.
Industries targeted and likely to be targeted
Following a missile strike on Bank Sepah, one of the largest public banks in Iran, an Iranian spokesperson warned that U.S. and Israeli financial institutions would be targeted in response. While it’s unclear whether these will be kinetic or digital attacks, the financial sector is just one of many industries that are likely to see targeting. Industries known to have been targeted or likely to be at elevated risk include:
While warnings of attacks targeting critical infrastructure and attacks against supervisory control and data acquisition (SCADA) and industrial control systems (ICS) systems are of great concern to Western countries, it’s unclear what pre-positioning or successful attacks can be attributed to Iranian-nexus actors.
Recently, the pro-Russia hacktivist group Z-Pentest claimed to have compromised several SCADA and ICS systems of U.S. based organizations as well as CCTV networks. However, these claims have not been verified. Despite this, collaboration or hacktivism in support of Iran by threat actors is a concern.
With the threat of increased cyberattacks from Iranian state-sponsored actors, hacktivists and cybercriminal groups targeting critical infrastructure, the Information Technology-Information Sharing and Analysis Center (IT-SAC) published a joint advisory outlining various groups, their operations and recommendations for defensives measures. We recommend reviewing this advisory and taking proactive steps to reduce your threat from these actors.
Focusing on flaws: The surge in Hikvision and Dahua exploitation
In connection with the ongoing military campaign, Check Point has identified an increase in IP camera targeting, including devices from Hikvision and Dahua. The attack infrastructure was assessed to be linked to Iran-nexus actors and activity appears to have increased during various geopolitical events. While it’s unclear if the camera targeting is to observe targets for kinetic attacks or to make observations after a strike, the timing and compromise of these devices should be of concern to any organization who may be affected by the following vulnerabilities:
CVE Description CVSSv3 VPR* CVE-2017-7921 Hikvision IP Camera Improper Authentication Vulnerability 10 9.2 CVE-2021-33044 Dahua Authentication Bypass Vulnerability 9.8 7.4 CVE-2021-36260 Hikvision IP Camera Command Injection Vulnerability 9.8 9.7 CVE-2023-6895 Hikvision Intercom Broadcasting System Command Injection Vulnerability 9.8 6.7 CVE-2025-34067 Hikvision Integrated Security Management Platform Command Execution Vulnerability 9.8 6.7*Please note: Tenable’s Vulnerability Priority Rating (VPR) scores are calculated nightly. This blog post was published on March 11, 2026 and reflects VPR at that time.
Of these five vulnerabilities, three of them have been added to the Cybersecurity and Infrastructure Security Agency (CISA) Known Exploited Vulnerabilities (KEV) Catalog. At the time this blog was published, CVE-2023-6895 and CVE-2025-34067 were not yet part of the KEV.
Additional CVEs that have been widely exploited and have also been attributed to Iranian-nexus threat actors include:
CVE Description CVSSv3 VPR* CVE-2017-11882 Microsoft Office Memory Corruption Vulnerability 7.8 9.8 CVE-2020-0688 Microsoft Exchange Server Validation Key Remote Code Execution Vulnerability 8.8 9.5
Additionally, you can review our previous blog posts on Iranian threat actors for other CVEs that have been attributed to Iran-nexus threat actors:
A list of Tenable plugins for this vulnerability can be found on the individual CVE pages for CVE-2017-11882, CVE-2017-7921, CVE-2020-0688, CVE-2021-33044, CVE-2021-36260, CVE-2023-6895 and CVE-2025-34067 as they’re released. This link will display all available plugins for these vulnerabilities, including upcoming plugins in our Plugins Pipeline.
Get more informationJoin Tenable's Research Special Operations (RSO) Team on Tenable Connect for further discussions on the latest cyber threats.
Learn more about Tenable One, the Exposure Management Platform for the modern attack surface.
The post Cyber Retaliation: Analyzing Iranian Cyber Activity Following Operation Epic Fury appeared first on Security Boulevard.
How A Mississippi School District Saves Time Securing Google Workspace Without Hiring Another IT Staff Member When Adam Hamilton stepped into the role of Technology Director at Marshall County School District in Holly Springs, Mississippi, he inherited a fast-growing technology environment with limited margin for error. Serving roughly 2,750 students across a geographically large district, ...
The post Marshall County School District Reduces Google Security Risk with Cloud Monitor appeared first on ManagedMethods Cybersecurity, Safety & Compliance for K-12.
The post Marshall County School District Reduces Google Security Risk with Cloud Monitor appeared first on Security Boulevard.
PARIS, March 10, 2026 — Qevlar AI, a leader in AI for transforming security operations centres (SOCs), has raised $30 million in funding for its autonomous AI SOC platform.
The funding will support development of technology designed to turn … (more…)
The post News alert: Qevlar AI raises $30M to turn security alerts into actionable defense insights across SOCs first appeared on The Last Watchdog.
The post News alert: Qevlar AI raises $30M to turn security alerts into actionable defense insights across SOCs appeared first on Security Boulevard.
AI coding assistants can hallucinate package names, creating phantom dependencies that don't exist in official repositories. Attackers exploit this predictable behavior through slopsquatting, which involves registering malicious packages with names that AI models commonly suggest. This emerging supply chain attack requires new detection approaches focused on behavioral analysis to complement existing security tools.
The post Slopsquatting: How Attackers Exploit AI-Generated Package Names appeared first on Security Boulevard.
Russian threat actors for more than a year have targeted HR and recruiting operations in a sophisticated phishing and infostealing campaign that includes a component, dubbed BlackSanta, that can shut down antivirus tools and EDR protections before deploying the malware that exfiltrates data, Aryaka researchers say.
The post BlackSanta Malware Shuts Down Protections, Targets HR and Recruiting Operations appeared first on Security Boulevard.
via the comic artistry and dry wit of Randall Munroe, creator of XKCD
The post Randall Munroe’s XKCD ‘Carbon Dating’ appeared first on Security Boulevard.
A hacktivist group with links to Iran's intelligence agencies is claiming responsibility for a data-wiping attack against Stryker, a global medical technology company based in Michigan. News reports out of Ireland, Stryker's largest hub outside of the United States, said the company sent home more than 5,000 workers there today. Meanwhile, a voicemail message at Stryker's main U.S. headquarters says the company is currently experiencing a building emergency.
The post Iran-Backed Hackers Claim Wiper Attack on Medtech Firm Stryker appeared first on Security Boulevard.
How Cybersecurity Became the Defining Challenge for European Banks
The post A Cyber Resilience Agenda: Inside the European Central Bank’s 2026–2028 Priorities appeared first on Security Boulevard.
The post How AI is Transforming Integrated Security appeared first on AI Security Automation.
The post How AI is Transforming Integrated Security appeared first on Security Boulevard.
Author, Creator & Presenter: Kendra Albert, Albert Sellars LLP
Our thanks to USENIX Security '25 (Enigma Track) (USENIX '25 for publishing their Creators, Authors and Presenter’s tremendous USENIX Security '25 (Enigma Track) content on the Organizations' YouTube Channel.
The post USENIX Security ’25 (Enigma Track) – Everything Old Is New Again: Legal Restrictions On Vulnerability Disclosure On Bug Bounty Platforms appeared first on Security Boulevard.
“You pervert, I recorded you!” sextortion emails include real passwords harvested from public temporary email inboxes.
The post Sextortion “I recorded you” emails reuse passwords found in disposable inboxes appeared first on Security Boulevard.
Cybersecurity teams today face a relentless wave of cyber threats. Organizations must defend their networks, endpoints, cloud systems, and data from sophisticated attacks such as ransomware, phishing campaigns, insider threats, and advanced persistent threats. However, modern IT environments are highly complex, and security teams are often overwhelmed by thousands of alerts generated by different security
The post SOAR Cybersecurity appeared first on Seceon Inc.
The post SOAR Cybersecurity appeared first on Security Boulevard.
From ransomware and insider threats to advanced persistent attacks, the complexity and scale of cyber risks are growing faster than traditional security operations can handle. Security teams are overwhelmed by millions of alerts, fragmented tools, and limited human resources. This is where a cybersecurity automation platform becomes essential. A cybersecurity automation platform uses artificial intelligence,
The post Cybersecurity Automation Platform appeared first on Seceon Inc.
The post Cybersecurity Automation Platform appeared first on Security Boulevard.
Scammers are targeting Americans with robocalls during tax season. Here’s how to spot the scam.
The post Watch out for tax-season robocalls pushing fake “relief programs” appeared first on Security Boulevard.
