Security Boulevard

Learn how AI-generated code can lead to fake package installs and attacks.

The post The Hallucinated Package Attack: Slopsquatting appeared first on Security Boulevard.

The post How to Migrate from SOAR to Future-Proof AI Automation appeared first on AI Security Automation.

The post How to Migrate from SOAR to Future-Proof AI Automation appeared first on Security Boulevard.

Creator, Author and Presenter: Harshal Shah

Our deep appreciation to Security BSides - San Francisco and the Creators, Authors and Presenters for publishing their BSidesSF 2025 video content on YouTube. Originating from the conference’s events held at the lauded CityView / AMC Metreon - certainly a venue like no other; and via the organization's YouTube channel.

Additionally, the organization is welcoming volunteers for the BSidesSF Volunteer Force, as well as their Program Team & Operations roles. See their succinct BSidesSF 'Work With Us' page, in which, the appropriate information is to be had!

Permalink

The post BSidesSF 2025: Intro To Privacy-Enhancing Technologies (PETs) appeared first on Security Boulevard.

Discover how Xcel Energy uses CRQ and Axio's proven methodologies to enhance cyber decision-making and turn risks into actionable insights.

Read More

The post Axio and Excel – Elevating Risk Management with CRQ appeared first on Axio.

The post Axio and Excel – Elevating Risk Management with CRQ appeared first on Security Boulevard.

An analysis of telemetry data published by Red Canary, a unit of Zscaler, finds only 16% of the tens of thousands of phishing emails reported by end users in the first half of 2025 proved to be actual threats. At the same time, however, the report also noted that cybercriminals are employing increasingly sophisticated techniques,..

The post Analysis Sees Limited End User Ability to Accurately Identify Phishing Attacks appeared first on Security Boulevard.

Today, cybersecurity programs must go beyond deploying tools. They need to seamlessly integrate threat intelligence into every stage of defensive security for immediate operational impact. Tidal Cyber's Threat-Led Defense Platform includes a deep well of Cyber Threat Intelligence (CTI), all aligned with MITRE ATT&CK® TTPs, enabling you to determine whether your organization can defend against the latest threats. This is bolstered through a strategic integration with ThreatConnect RQ, which provides cyber risk quantification, to expand the knowledge base of threats visible to Tidal Cyber users.

The post Accelerating Threat-Led Defense with Tidal Cyber + ThreatConnect appeared first on Security Boulevard.

Discover insights from The Elephant in AppSec episode with Kevan Bard.

The post Security Wins Only When Institutionalized – Here’s Why! ⎥ Kevan Bard appeared first on Security Boulevard.

Your firewall can't protect data from rogue admins or compromised systems. TEEs create hardware-secured "safe rooms" inside processors - protecting your most sensitive information even when everything else fails. Here's why every business needs to understand this game-changing technology.

The post How Trusted Execution Environments Keep Your Digital Life Under Lock and Key appeared first on Security Boulevard.

Norway's top security and intelligence agencies are accusing pro-Russian hacktivists with a cyberattack in April in which hackers took control of a dam's controls and opened an outflow valve, part of a larger effort by Russia to disrupt operations and sow fear in Western countries.

The post Norway Blames Pro-Russian Group for Hack of Water Dam appeared first on Security Boulevard.

A day after OpenAI and Microsoft trumpeted the arrival of the GPT-5 generative AI model and its improved reasoning and other capabilities, two AI cybersecurity startups showed in separate reports that it is still vulnerable to jailbreaking and other techniques.

The post It Took a Day for SPLX, NeuralTrust to Jailbreak OpenAI’s GPT-5 appeared first on Security Boulevard.

Earlier this year we warned that trust was cracking inside the inbox. Since then your inbox learned a new trick: acting. GenAI no longer just writes the lure; it manufactures the sender. With a few seconds of audio or a handful of images, attackers clone familiar voices and faces and insert them into everyday workflows: email threads, calendar invites, voicemails, quick chat notes. It looks routine because it comes through the tools you already trust. The objective is the same as classic BEC: move money, steal access, exfiltrate data. The difference is the level of social proof.

The post Deepfake Detection: What is Phishing 3.0 and How Can You Prepare? appeared first on Security Boulevard.

Learn how adaptive authentication defends against deepfakes, credential attacks, and AI threats to keep your business secure.

The post AI Threats & Adaptive Authentication: How to Be Protected Against Deepfakes and Credential Attacks appeared first on Security Boulevard.

SquareX at Black Hat and DEF CON: Bringing Our Browser Security Research to the World Team SquareX Takes on Hacker Summer Camp in 2025

With the twin events of Black Hat USA and DEF CON 33, Las Vegas transformed into the cybersecurity capital of the world once again this August, and SquareX was there in full force. After an incredible “hacker summer camp” last year, we were back with ambitious plans: sharing groundbreaking browser security research, live demonstrations of our Browser Detection and Response (BDR) platform, multiple talks, workshops and even new open-source tools for the security community.

Black Hat USA: Showcasing how SquareX Secures Any Browser, Any Device

Walking into the Mandalay Bay Convention Center, the energy was palpable. Our team set up shop at Booth #6825 in Startup City, ready to showcase how BDR secures any browser and device. With 85% of employee work happening in browsers today, traditional SASE/SSE/EDR approaches simply aren’t cutting it anymore, and our booth was filled with interested conferencegoers eager to find out how they could bridge this security gap.

A definite highlight was our Founder Vivek Ramachandran’s presentation Browser-Native Security in a Browser First World, where he challenged the audience to rethink their security stack, demonstrating why EDRs, SASE/SSE solutions, and endpoint DLP tools fall short against modern browser-based threats. The talk discussed bleeding-edge attack techniques targeting employees directly in their browsers and covered how AI-powered browsers (and agents, as we recently disclosed) are a security liability.

Audrey Adeline from our Founder’s office also hosted a fireside chat — The Trailblazer’s Guide to Cybersecurity, which struck a different chord. Together with Jen Winters, the COO of Pacific Hackers Association, they had a candid sharing about their cybersecurity journeys and the challenges facing first-generation tech professionals.

On stage with Jen Winters for “The Trailblazer’s Guide to Cybersecurity”

The last day of Black Hat also saw a signing event for our latest book, The Browser Security Field Manual. Written in collaboration with Fortune 500 CISOs, this practical guide dissects the techniques adversaries use to compromise organizations through employee browsers. The blend of technical depth, real attack chains, and code snippets resonated with security practitioners hungry for actionable intelligence on browser threats — as shown by the constant stream of people looking to get their autographed copy.

Smiles all around at our book signing event

Overall, Black Hat was a whirlwind of activity. The days were packed with productive meetings and insightful conversations with CISOs who are grappling with the same browser security challenges we’re solving. Between sessions, we caught up with old friends from across the industry, whilst forging new connections. Each evening, the team gathered for dinner — great food, shared stories from the day, and the kind of bonding that only happens when you’re all passionate about the same mission.

The energy was infectious, spirits were high, and every conversation was meaningful. Truly an experience to remember — and before we knew it, it was time for DEF CON.

DEF CON 33: Pushing the Boundaries of Browser Security Research

If Black Hat was about enterprise solutions, DEF CON was our playground for bleeding-edge research. We kicked things off at Demo Labs by showcasing two new open-source toolkits: Angry Magpie, which simulates sophisticated data splicing attacks that bypass traditional DLP solutions, and Copycat, a browser extension-based identity attacks simulator. Created by SquareX team members Jeswin Mathai, Pankaj Sharma, Xian Xiang Chang, Dakshitaa Babu, Tejeswar S Reddy, and Albin Antony, these toolkits address the testing and detection deficit in browser security — red teams lack tools to properly simulate browser-based attacks, while blue teams struggle to detect and respond to threats their monitoring systems can’t see.

The response from red and blue teamers was immediate and enthusiastic. Finally, tools that help them test and defend the browser attack surface properly!

The team also delivered two intensive workshops that went deep into emerging threats. Our Head of Cybersecurity Research, Nishant Sharma, conducted Serverless but Not Defenseless: A Security Deep Dive into Cloud Run at Cloud Village, equipping attendees with hands-on skills for securing Google Cloud Run deployments using DevSecOps principles and GCP-native tools.

Nishant also collabrated with our Principal Software Engineer Shourya Pratap Singh on the Recon Village Talk Plug and Prey: Scanning and Scoring Browser Extensions. The talk introduced ExtHuntr, an open-source scanner that gives enterprises visibility into the unmonitored threat surface of browser extensions across their fleet— even assigning each extension a risk score.

The crescendo came on the final day with our main stage presentation: Passkeys Pwned: Turning WebAuthn Against Itself. Team members Shourya Pratap Singh, Jonathan Lin, and Daniel Seetoh took to the stage to demonstrate how attackers can proxy WebAuthn API calls to forge passkey authentication responses — a sobering reality check for organizations banking on passkeys as their password replacement strategy. The live demonstration showed this attack succeeding against sites that don’t enforce attestation or metadata checks — a common scenario among vendors today — and was even covered by publications such as SecurityWeek.

Beyond the talks and demonstrations, DEF CON is about community. We spent time catching up with old friends from the security world, swapping stories and sharing insights.

Another memorable stop was at the Hackers with Disabilities (HDA) village, for which our Senior SOC Lead, Frank Clark, was the lead. Besides learning about accessibility in cybersecurity, Frank showed our team members how the Hacker Chair works — and yes, it’s exactly as cool as it sounds.

“I can SSH into my chair.”

Between sessions, we soaked in the unique atmosphere that only DEF CON delivers; the electric energy of thousands of hackers pushing boundaries together. We left Las Vegas feeling not just proud of the work we’d shared, but also imbued with a sense of community.

Closing Thoughts: Browser Security Is No Longer Optional

Looking back at our experience at both Black Hat USA and DEF CON 33 in 2025, we were proud to have presented our browser security research on these internationally renowned stages. From data splicing attacks to passkey vulnerabilities, it’s clear that browser-native security is no longer optional.

It’s natural: the browser is the new endpoint, and traditional security approaches that worked when browsers were mere website renderers don’t scale to today’s reality. Browsers are now full-fledged application platforms handling critical workflows, sensitive data, and identity management — and they demand purpose-built security solutions.

Ever since we presented Last Mile Reassembly Attacks at DEF CON 32 last year, SquareX has grown even more. We’ve delivered seminal talks, released open-source tools for security teams and published market-leading research that’s reshaping how the industry thinks about browser security. Today, SquareX is the most recognized brand in browser security — a testament to our team’s dedication and innovation.

But we’re just getting started. Stay tuned for more novel research, and if you want to learn more about how SquareX can secure any browser on any device for your organization, the best place to start is our website. Till the next conference!

SquareX at Black Hat and DEF CON: Bring Our Browser Security Research to the World was originally published in SquareX Labs on Medium, where people are continuing the conversation by highlighting and responding to this story.

The post SquareX at Black Hat and DEF CON: Bring Our Browser Security Research to the World appeared first on Security Boulevard.

Learn how OTP verification and unified APIs protect your crypto accounts from hackers while keeping login simple and hassle-free.

The post How I Started Securing My Crypto Accounts with OTP Verification appeared first on Security Boulevard.

Thanks to everyone who joined the panel at the BlackHat Innovators & Investors Summit — it was a fast, practical session and full of real, repeatable advice. Below I’ve distilled the conversation into the speakers and the most actionable takeaways founders, investors and channel leaders can use. Who Spoke Top-line Thesis Great product is necessary […]

The post Mastering the Channel Ecosystem — Lessons From our BlackHat Panel first appeared on Cyber Security - Strategy and Innovation.

The post Mastering the Channel Ecosystem — Lessons From our BlackHat Panel appeared first on Security Boulevard.

The New York State Department of Financial Services (NYDFS) has long been a leader in setting cybersecurity standards for the financial services and insurance sectors. Under 23 NYCRR Part 500, regulated entities are required to implement a comprehensive cybersecurity program that addresses governance, access controls, incident response, and ongoing risk management.

The post The Cost of NYDFS Cybersecurity Noncompliance: What You Need to Know in 2025 appeared first on Security Boulevard.

OAuth abuse exposes SaaS data. AppOmni’s threat detection and security posture management shut it down.

The post Post-Incident CRM Forensics: Why Deploying AppOmni Is a Best Practice appeared first on AppOmni.

The post Post-Incident CRM Forensics: Why Deploying AppOmni Is a Best Practice appeared first on Security Boulevard.

Is Your Organization Truly Independent in Terms of Security? A sense of independence can often be elusive for organizations expressing intent to have complete control over their cybersecurity. To achieve this, businesses must consider an oft-overlooked aspect of their network security: Non-human Identities (NHIs) and Secrets security management. My role involves providing insights. Without a […]

The post Boosting Independence with Advanced Secrets Scanning appeared first on Entro.

The post Boosting Independence with Advanced Secrets Scanning appeared first on Security Boulevard.

Are Organizations Truly Prepared for New Cloud Security Challenges? With businesses increasingly shift to cloud-based infrastructures, the question lingers: are organizations genuinely adapting to emerging cloud security challenges? The rise of Non-Human Identities (NHIs) and the growing reliance on Secret Security Management presents a complex landscape requiring robust strategies and innovative solutions. A New Era […]

The post Adapting to New Cloud Security Challenges appeared first on Entro.

The post Adapting to New Cloud Security Challenges appeared first on Security Boulevard.

Creator, Author and Presenter: Patrick O'Doherty

Our deep appreciation to Security BSides - San Francisco and the Creators, Authors and Presenters for publishing their BSidesSF 2025 video content on YouTube. Originating from the conference’s events held at the lauded CityView / AMC Metreon - certainly a venue like no other; and via the organization's YouTube channel.

Additionally, the organization is welcoming volunteers for the BSidesSF Volunteer Force, as well as their Program Team & Operations roles. See their succinct BSidesSF 'Work With Us' page, in which, the appropriate information is to be had!

Permalink

The post BSidesSF 2025: Don’t Trust, Verify! – How I Found A CSRF Bug Hiding In Plain Sight appeared first on Security Boulevard.