Security Boulevard

On December 12, 2025, the MongoDB Security Engineering team disclosed a high-severity vulnerability in MongoDB that allows unauthenticated memory disclosure. The issue is tracked as CVE-2025-14847 and has a CVSS score of 8.7 and was quickly nicknamed MongoBleed in the security community due to the way it exposes server memory. Technical Details MongoDB uses a…

The post MongoBleed: unauthenticated memory disclosure in MongoDB (CVE-2025-14847) appeared first on Sentrium Security.

The post MongoBleed: unauthenticated memory disclosure in MongoDB (CVE-2025-14847) appeared first on Security Boulevard.

Artificial intelligence is transforming business models and competitive advantage. Leadership teams agree AI matters, but far fewer know how to turn AI potential into real,...Read More

The post What the CEO and C-Suite Must Ask Before Building an AI Enabled Enterprise appeared first on ISHIR | Custom AI Software Development Dallas Fort-Worth Texas.

The post What the CEO and C-Suite Must Ask Before Building an AI Enabled Enterprise appeared first on Security Boulevard.

AWS CISO Amy Herzog urges security leaders to invest in visibility and automation to counter increasingly AI-driven cyberattacks in real time.

The post AWS CISO: Need for Continuous Observability is Now Critical appeared first on Security Boulevard.

The encryption protecting billions of dollars, which experts once called unbreakable, no longer works. Hackers don’t need passwords. They don’t brute-force keys. They simply walk through digital vaults that were supposed to last for decades. This is the future quantum computing is pulling toward us quietly, steadily, and faster than most organizations realize. Quantum computersRead More

The post Quantum Computing Stats, Trends & Future 2026: Crucial Year for Quantum Security appeared first on EncryptedFence by Certera - Web & Cyber Security Blog.

The post Quantum Computing Stats, Trends & Future 2026: Crucial Year for Quantum Security appeared first on Security Boulevard.

New research reveals how ransomware groups like LockBit and Black Basta exploit visibility gaps, leaving security teams struggling to keep pace.

The post Inside 2025’s Top Threat Groups: Why Familiar Actors Still Have the Upper Hand  appeared first on Security Boulevard.

Silent authentication strengthens security while reducing friction for customers and employees, protecting accounts without disrupting the user experience.

The post Silent Authentication: Redefining Security, Flexibility and Customer Engagement  appeared first on Security Boulevard.

Agentic AI is transforming cybersecurity with autonomous reasoning and action—but it also expands the attack surface. Learn how it reshapes enterprise security.

The post Will Agentic AI Hurt or Help Your Security Posture? appeared first on Security Boulevard.

California's DROP Program Changes Everything

The post California’s DROP Program Changes Everything: How B2C Companies Can Eliminate Authentication Liabilities and Meet Global Privacy Compliance with MojoAuth appeared first on Security Boulevard.

A very happy New Year 2026 to you. Those of you who are familiar with my work know that I preach breach readiness, cyber resilience, and building practical capabilities to remain “unaffected” by cyberattacks. A lot of what I have written in 2025 came from how great wars were fought. There is still a lot to learn about modern cyber resilience from them. […]

The post 2026 Is the Year to Be Breach Ready: Augment Cyber Resilience with Operational Excellence appeared first on ColorTokens.

The post 2026 Is the Year to Be Breach Ready: Augment Cyber Resilience with Operational Excellence appeared first on Security Boulevard.

How California's groundbreaking data deletion law signals a fundamental shift in enterprise identity lifecycle management—and why your SSO infrastructure matters more than ever

The post California’s DROP Platform Launches: What Enterprise B2B SaaS Companies Need to Know About Data Deletion Compliance appeared first on Security Boulevard.

Session 7D: ML Security

Authors, Creators & Presenters: Tianpei Lu (The State Key Laboratory of Blockchain and Data Security, Zhejiang University), Bingsheng Zhang (The State Key Laboratory of Blockchain and Data Security, Zhejiang University), Xiaoyuan Zhang (The State Key Laboratory of Blockchain and Data Security, Zhejiang University), Kui Ren (The State Key Laboratory of Blockchain and Data Security, Zhejiang University)

PAPER
A New PPML Paradigm For Quantized Models

Model quantization has become a common practice in machine learning (ML) to improve efficiency and reduce computational/communicational overhead. However, adopting quantization in privacy-preserving machine learning (PPML) remains challenging due to the complex internal structure of quantized operators, which leads to inefficient protocols under the existing PPML frameworks. In this work, we propose a new PPML paradigm that is tailor-made for and can benefit from quantized models. Our main observation is that look-up tables can ignore the complex internal constructs of any functions which can be used to simplify the quantized operator evaluation. We view the model inference process as a sequence of quantized operators, and each operator is implemented by a look-up table. We then develop an efficient private look-up table evaluation protocol, and its online communication cost is only log n, where $n$ is the size of the look-up table. On a single CPU core, our protocol can evaluate 2^{26} tables with 8-bit input and 8-bit output per second. The resulting PPML framework for quantized models offers extremely fast online performance. The experimental results demonstrate that our quantization strategy achieves substantial speedups over SOTA PPML solutions, improving the online performance by 40sim 60 times w.r.t. convolutional neural network (CNN) models, such as AlexNet, VGG16, and ResNet18, and by 10sim 25 times w.r.t. large language models (LLMs), such as GPT-2, GPT-Neo, and Llama2.

ABOUT NDSS
The Network and Distributed System Security Symposium (NDSS) fosters information exchange among researchers and practitioners of network and distributed system security. The target audience includes those interested in practical aspects of network and distributed system security, with a focus on actual system design and implementation. A major goal is to encourage and enable the Internet community to apply, deploy, and advance the state of available security technologies.

Our thanks to the Network and Distributed System Security (NDSS) Symposium for publishing their Creators, Authors and Presenter’s superb NDSS Symposium 2025 Conference content on the Organizations' YouTube Channel.

Permalink

The post NDSS 2025 – A New PPML Paradigm For Quantized Models appeared first on Security Boulevard.

How Can Non-Human Identities Transform Cybersecurity Strategies? Have you ever wondered how Non-Human Identities (NHIs) are becoming a cornerstone in building robust cybersecurity frameworks? With industries increasingly migrate to cloud environments, the concept of NHIs emerges as an essential component in safeguarding organizational assets. But what exactly are NHIs, and how do they fit into […]

The post Can companies truly be free from cybersecurity threats with AI appeared first on Entro.

The post Can companies truly be free from cybersecurity threats with AI appeared first on Security Boulevard.

What Are Non-Human Identities in Cybersecurity? Non-Human Identities (NHIs) might sound like a concept from a science fiction novel, but they are a crucial component. These unique “machine identities” are not physical individuals but rather consist of machine-to-machine communication identifiers like encrypted passwords, tokens, or keys, which provide unique access credentials. Picture NHIs as tourists […]

The post How independent can AI systems be in managing NHIs appeared first on Entro.

The post How independent can AI systems be in managing NHIs appeared first on Security Boulevard.

What Are Non-Human Identities and Why Are They Crucial for Enterprise Security? How can organizations safeguard their digital assets? This question underlines the increasing importance of managing Non-Human Identities (NHIs), especially within industries like financial services, healthcare, and travel. NHIs are machine identities in cybersecurity, created through a unique combination of encrypted passwords, tokens, or […]

The post Can Agentic AI truly handle the complex needs of modern enterprises appeared first on Entro.

The post Can Agentic AI truly handle the complex needs of modern enterprises appeared first on Security Boulevard.

The post <b>Data Privacy vs Cybersecurity Solutions: Key Differences</b> appeared first on Sovy.

The post Data Privacy vs Cybersecurity Solutions: Key Differences appeared first on Security Boulevard.

Session 7D: ML Security

Authors, Creators & Presenters: Jaewon Hur (Seoul National University), Juheon Yi (Nokia Bell Labs, Cambridge, UK), Cheolwoo Myung (Seoul National University), Sangyun Kim (Seoul National University), Youngki Lee (Seoul National University), Byoungyoung Lee (Seoul National University)

PAPER
DLBox: New Model Training Framework For Protecting Training Data

Sharing training data for deep learning raises critical concerns about data leakage, as third-party AI developers take full control over the data once it is handed over to them. The problem becomes even worse if the model trained using the data should be returned to the third-party AI developers - e.g., healthcare startup training its own model using the medical data rented from a hospital. In this case, the malicious developers can easily leak the training data through the model as he can construct an arbitrary data flow between them - e.g., directly encoding raw training data into the model, or stealthily biasing the model to resemble the training data. However, current model training frameworks do not provide any protection to prevent such training data leakage, allowing the untrusted AI developers to leak the data without any restriction. This paper proposes DLBox, a new model training framework to minimize the attack vectors raised by untrusted AI developers. Since it is infeasible to completely prevent data leakage through the model, the goal of DLBox is to allow only a benign model training such that the data leakage through invalid paths are minimized. The key insight of DLBox is that the model training is a statistical process of learning common patterns from a dataset. Based on it, DLBox defines DGM-Rules, which determine whether a model training code from a developer is benign or not. Then, DLBox leverages confidential computing to redesign current model training framework, enforcing only DGM-Rules-based training. Therefore, untrusted AI developers are strictly limited to obtain only the benignly trained model, prohibited from intentionally leaking the data. We implemented the prototype of DLBox on PyTorch with AMD SEV-SNP, and demonstrated that DLBox eliminates large attack vectors by preventing previous attacks (e.g., data encoding, and gradient inversion) while imposing minimal performance overhead.

ABOUT NDSS
The Network and Distributed System Security Symposium (NDSS) fosters information exchange among researchers and practitioners of network and distributed system security. The target audience includes those interested in practical aspects of network and distributed system security, with a focus on actual system design and implementation. A major goal is to encourage and enable the Internet community to apply, deploy, and advance the state of available security technologies.

Our thanks to the Network and Distributed System Security (NDSS) Symposium for publishing their Creators, Authors and Presenter’s superb NDSS Symposium 2025 Conference content on the Organizations' YouTube Channel.

Permalink

The post NDSS 2025 – DLBox: New Model Training Framework For Protecting Training Data appeared first on Security Boulevard.

Authentication requirements block 75-80% of enterprise deals, costing B2B SaaS companies millions annually. After scaling identity to 1B+ users while supporting hundreds of enterprise customers, here's why most companies get SSO and RBAC catastrophically wrong—and the framework that actually works.

The post What is Enterprise Identity — And Why Most Companies Get SSO & RBAC Catastrophically Wrong appeared first on Security Boulevard.

Across the ecosystem of federal contractors, a majority of deployments tend to be relatively standard. 80% of them will be FedRAMP impact level Moderate, for example, and most will have a standard set of considerations and concerns, such that a lot of security controls can be automated. It’s those outliers that make FedRAMP challenging. When […]

The post Single-Tenant vs Multi-Tenant FedRAMP Deployments appeared first on Security Boulevard.

Are Machine Identities the Key to Strengthening AI Governance? How do organizations effectively manage the security of their infrastructure while fostering innovation through artificial intelligence? One answer lies in the management of Non-Human Identities (NHIs)—the machine identities that play a pivotal role in securing AI systems. With IT leaders increasingly optimistic about the potential of […]

The post Why are IT leaders optimistic about future AI governance appeared first on Entro.

The post Why are IT leaders optimistic about future AI governance appeared first on Security Boulevard.

The Role of Non-Human Identities in Real-Time Operations What role do Non-Human Identities (NHIs) play in optimizing real-time operations across various industries? Where Agentic AI and similar technologies are reshaping operational, understanding the intricate dance between machine identities and secure operations is crucial. At the heart of this synergy lies the strategic management of NHIs—a […]

The post How do Agentic AI systems deliver value in real-time operations appeared first on Entro.

The post How do Agentic AI systems deliver value in real-time operations appeared first on Security Boulevard.