Security Boulevard

Last updated 7:00 p.m. ET on September 16, 2025

The post Ongoing npm Software Supply Chain Attack Exposes New Risks appeared first on Security Boulevard.

The raw attack surface isn’t just growing. It’s fragmenting. Logs from SaaS apps, cloud workloads, and third-party services flood security stacks already straining to keep up. Security teams are buried in alerts they can’t triage fast enough. Meanwhile, adversaries probe … (more…)

The post FIRESIDE CHAT: The case for AI-Native SOCs built to take action, not just observe and alert first appeared on The Last Watchdog.

The post FIRESIDE CHAT: The case for AI-Native SOCs built to take action, not just observe and alert appeared first on Security Boulevard.

Newark, NJ, Sept. 16, 2025, CyberNewswire — The OpenSSL Conference 2025 will take place on October 7 – 9 in Prague.

The program will bring together lawyers, regulators, developers, and entrepreneurs to discuss security and privacy in a global context.… (more…)

The post News alert: OpenSSL 2025 kicks off in 3 weeks, global leaders to chart the future of cryptography first appeared on The Last Watchdog.

The post News alert: OpenSSL 2025 kicks off in 3 weeks, global leaders to chart the future of cryptography appeared first on Security Boulevard.

Las Vegas, Sept. 16, 2025, CyberNewswire —Seraphic today announced at Fal.Con 2025 that its Secure Enterprise Browser (SEB) solution is now available for purchase in the CrowdStrike Marketplace, a one-stop destination for the world-class ecosystem of CrowdStrike-compatible security … (more…)

The post News alert: Seraphic integrates with CrowdStrike Marketplace, extends SIEM protection to browsers first appeared on The Last Watchdog.

The post News alert: Seraphic integrates with CrowdStrike Marketplace, extends SIEM protection to browsers appeared first on Security Boulevard.

Villager is being pitched as a legitimate AI-powered pentest tool for red teams, but the platform, made by Chinese company Cyberspike, has been loaded almost 11,000 times on PyPI in two months, raising concerns that it is on the same path as Cobalt Strike, another red team tool that became a favorite of malicious actors.

The post Chinese-Made Villager AI Pentest Tool Raises Cobalt Strike-Like Concerns appeared first on Security Boulevard.

A global survey of 1,025 IT and security professionals finds that while organizations experienced an average of 2.17 cloud breaches over the past 18 months, only 8% were categorized as severe. At the same time, however, with the rise of artificial intelligence (AI) there may be more significant challenges ahead. More than half of respondents..

The post Survey Surfaces Rising Number of AI Security Incidents appeared first on Security Boulevard.

Our sincere appreciation to DEF CON, and the Creators/Presenters/Authors for publishing their timely DEF CON 33 outstanding content. Originating from the conference's events located at the Las Vegas Convention Center; and via the organizations YouTube channel.

Permalink

The post DEF CON 33: Illumicon appeared first on Security Boulevard.

Newark, New Jersey, United States, 16th September 2025, CyberNewsWire

The post 3 Weeks Left Until the Start of the OpenSSL Conference 2025 appeared first on Security Boulevard.

On September 15, a new supply chain attack was identified that targeted the @ctrl/tinycolor and 150 other NPM packages. The attack scenario was similar to the one used in the s1ngularity and GhostActions campaigns. The threat actors combined a local environment secrets extraction with a malicious GitHub actions workflow

The post Shai-Hulud: A Persistent Secret Leaking Campaign appeared first on Security Boulevard.

CrowdStrike at its Fal.Con event today expanded its effort to embed artificial intelligence (AI) agents into security operations center (SOC) workflows and while simultaneously extending its ability to secure AI applications by acquiring Pangea for $260 million. Additionally, CrowdStrike also revealed the Fall 2025 update to its core platform adds a graph capability to track..

The post CrowdStrike Extends AI Security Ambitions Beyond Operations to Include Workloads appeared first on Security Boulevard.

JLR vs. SLH: Jaguar Land Rover woes worse than previously thought.

The post Jaguar Land Rover Admits to Longer Shutdown as Childish Hackers Troll Carmaker appeared first on Security Boulevard.

Artificial Intelligence (AI) and Machine Learning (ML) continue to reshape software development at an unprecedented pace. Platforms like Hugging Face make millions of pre-trained models easily accessible, enabling faster innovation and powerful new applications.

The post Managing AI Risks in the Modern Software Supply Chain appeared first on Security Boulevard.

Creators, Authors and Presenters: d3dbot, DDoS Community

Our sincere appreciation to DEF CON, and the Creators/Presenters/Authors for publishing their timely DEF CON 33 outstanding content. Originating from the conference's events located at the Las Vegas Convention Center; and via the organizations YouTube channel.

The post DEF CON 33: DDOS Community appeared first on Security Boulevard.

An Internal Developer Platform (IDP) is a foundational concept in modern software engineering. It acts as a bridge between developers and the underlying infrastructure, tools, and processes needed to build, deploy, and manage software efficiently.

The post What is an Internal Developer Platform (IDP)? appeared first on Security Boulevard.

Discover how passwordless authentication protects patient data, boosts compliance, and streamlines workflows in modern healthcare systems.

The post Passwordless Authentication in Healthcare: Protecting Patient Data appeared first on Security Boulevard.

Google’s search engine results pages now require JavaScript, effectively “hiding” the listings from organic rank trackers, artificial intelligence models, and o

The post The Impact of Google’s JavaScript SERPs and AI Search on eCommerce Businesses appeared first on Security Boulevard.

Improve Your Cyber Resilience with Data Security Platformization
madhav
Tue, 09/16/2025 - 05:14

Data Security

Lynne Murray | Director of Product Marketing for Data Security
More About This Author >

Today’s organizations are drowning in the growth of many different cybersecurity tools—an unintended consequence of trying to keep up with an evolving threat landscape. Security tool sprawl has become the norm, when separate tools for each type of security task are cobbled together over time in an attempt to defend expanding networks. But now, could this fragmented approach be doing more harm than good?

According to a recent study conducted by IBM Institute of Business Value, organizations juggle an average of 83 different security solutions from 29 vendors. It’s unnecessary convolution and risk. More tools equal more threats; every integration is a potential point of entry for bad actors.

Source: IBM Institute of Business Value

A patchwork of disconnected point solutions creates dangerous vulnerabilities—many of them complete blind spots. In these environments, it’s not a matter of “if” a cyber event will happen, but "when." This creates a ripe environment for bad actors and Gen AI attacks to leapfrog existing defense systems.

What Does this Mean for Data-centric Security?

For these reasons, Omdia’s 2024 Decision Maker Survey shows that 82% of respondents changed their overall approach to data security in the past 12 months. Omdia’s research reveals that these changes involve addressing siloed tools and vendor consolidation.

Organizations using different tools throughout the organization to detect and contain threats are much less effective due to:

• Longer detection and response times
• Increased costs and operational strain
• Inconsistent policies and enforcement
• Greater potential for error and misconfiguration
• Poor audit and compliance readiness

As attacks grow faster and more sophisticated, relying on siloed, overlapping tools only increases risk. The operational burden is skyrocketing for organizations managing dozens of disparate interfaces, alerts, and reports.

Data Security Platformization: A Smarter Strategy

“Organizations are recognizing that relying exclusively on native cloud-based or legacy on-premises data protection systems, which are often siloed and lack the integration needed for rapid workflow processing is inadequate for defending against today’s advanced threat landscape,” according to Adam Strange, Principal Analyst, Omdia Research.

Instead, organizations can resolve the risk associated with tool sprawl with a data security platform. By consolidating fragmented tools into a single, unified ecosystem, a data security platform simplifies operations, strengthens protection, and improves visibility.

Per the Omdia report, the top reasons for moving towards a data security platform are:

• The need for scalability and flexibility (43%)
• Improvements in the total cost of ownership (40%)
• Better-centralized management (40%)
• The need to reduce complexity (37%)

Simplify, Clarify, and Strengthen

Fundamentally, security tool sprawl creates complexity, making it difficult to integrate and manage a multitude of tools effectively. In turn, this hinders cyber threat detection and mitigation, weakening an organization’s defenses.

In contrast, data security platformization embodies a “less is more” approach, establishing a streamlined, efficient platform using fewer components and providing centralized management and unified visibility across different attack vectors.

In data security, simplicity provides clarity. By reducing complexity, a data security platform creates a more defensible and more resilient cyber posture.

Easing the Security Talent Crunch

Complexity also impacts security teams. The gap in the global cybersecurity workforce is massive and growing, estimated in 2024 at 4 million professionals and increasing 19% year-over-year. Security tool sprawl increases the strain on these resources.

While executives are looking at specific spending areas of cybersecurity, Omdia’s research shows data security as one of the leading areas for investment in 2025. 73% of executives are expecting an estimated 15% increase in available budgets to fund new projects, a large proportion of which will be involving larger-scale platforms or integrated, multi-functional propositions.

A data security platform provides much-needed relief to overburdened security personnel who are in short supply, requiring fewer resources and less time for security operations and compliance controls.

Built for Scale: Flexibility and Agility

The data security landscape is constantly evolving, mandating a robust, future-forward solution. As such, the need for scalability and flexibility is the top reason for organizations’ adopting a data security platform.

Data protection must be scalable and future-ready, and fragmented controls cannot meet the needs of modern, hybrid infrastructure. An estimated 94% of all companies worldwide use cloud computing in their operations, making hybrid infrastructures the new and pervasive reality.

Omdia considers a data security platform critical to gaining visibility and control over data security, particularly in cloud environments. Control capabilities must be unified and strengthened for flexibility, scalability, and agility, seamlessly extending across on-premises and cloud environments.

Consistent Policies and Compliance

Data security platforms also help resources and organizations by unifying protection policies and enforcement across dissimilar controls. As such, platforms safeguard against errors and misconfiguration, making them a critical requirement for effective risk mitigation.

The 2025 Thales Data Threat Report found that policies and compliance matter greatly. A majority, 78%, of enterprises that failed audits had a breach history, versus just 21% of those that passed compliance.

Additionally, data security platforms serve organizations using hundreds of data stores and cloud repositories to reduce data breaches, data risks, and compliance incidents.

Why Data Security Platformization is a Strategic Imperative

Data security platforms secure data end-to-end across both on-premises and cloud-based data repositories. In data security, there is little room for error, misalignment, and misconfiguration--characteristics inherent in disparate security tools. A unified data security platform offers comprehensive insights into the “who, what, when, where, how, and should” aspects of data security, closing gaps that attackers exploit.

A data security platform combines critical functions such as data discovery and classification, policy definition and enforcement, key management, encryption, and tokenization and masking. This enables the aggregation of data protection requirements of an organization into a single solution and addresses gaps in both traditional data security approaches left by perimeter security and native data security approaches.

Future data protection lies in platformization, and real-world use cases consistently demonstrate its significant advantage over the prevalent alternative, security tool sprawl. It’s time. Organizations must adopt a unified, consistent, and wider-reaching approach to data security, ultimately enhancing organizational well-being.

Related Resources

Read the white paper: Future Proofing Your Data Security

Get your copy: Thales 2025 Data Threat Report

Learn more about: Thales Data Security Platform

Schema {
"@context": "https://schema.org",
"@type": "BlogPosting",
"mainEntityOfPage": {
"@type": "WebPage",
"@id": "https://cpl.thalesgroup.com/blog/data-security/data-security-platformization-cyber-resilience"
},
"headline": "Strengthen Cyber Resilience with Data Security Platformization",
"description": "Learn how data security platformization reduces tool sprawl, strengthens cyber defenses, simplifies compliance, and builds resilience across hybrid environments.",
"image": "",
"author": {
"@type": "Person",
"name": "Lynne Murray",
"url": "https://cpl.thalesgroup.com/blog/author/lmurray"
},
"publisher": {
"@type": "Organization",
"name": "Thales Group",
"description": "The world relies on Thales to protect and secure access to your most sensitive data and software wherever it is created, shared, or stored. Whether building an encryption strategy, licensing software, providing trusted access to the cloud, or meeting compliance mandates, you can rely on Thales to secure your digital transformation.",
"url": "https://cpl.thalesgroup.com",
"logo": "https://cpl.thalesgroup.com/sites/default/files/content/footer/thaleslogo-white.png",
"sameAs": [
"https://www.twitter.com/ThalesCloudSec",
"https://www.linkedin.com/company/thalescloudsec",
"https://www.youtube.com/ThalesCloudSec"
]
},
"datePublished": "2025-09-15",
"dateModified": "2025-09-15"
} studio THALES BLOG Improve Your Cyber Resilience with Data Security Platformization

How platformization transforms fragmented security tools into a strategic strength

The post Improve Your Cyber Resilience with Data Security Platformization appeared first on Security Boulevard.

In conversations about operating system security, “compliance” tends to dominate. But for those of us responsible for keeping infrastructure secure—whether facing STIG implementations, CIS benchmark requirements, or FedRAMP assessments—we know the truth: compliance is the baseline, not the goal. Throughout my career, I have been involved in the security space—serving on governing boards for OSS..

The post Why Security-Minded Teams Are Turning to Hardened Linux Distributions appeared first on Security Boulevard.

Are You Leveraging the Power of Enhanced NHIDR in Your Operations? You are undoubtedly aware of the critical role that advanced data protection methodologies play in fortifying our digital operations. But have you harnessed the full potential of Enhanced Non-Human Identity Discovery and Remediation (NHIDR) in your operations? It’s easy to overlook the importance of […]

The post Empower Your Operations with Enhanced NHIDR appeared first on Entro.

The post Empower Your Operations with Enhanced NHIDR appeared first on Security Boulevard.

Are Cost-Effective NHI Solutions a Reality? Cybersecurity constantly presents new challenges, particularly to organizations operating in a cloud environment. With companies grapple with managing Non-Human Identities (NHIs) and their associated secrets, the cost implication remains a significant concern. It begs the question: are there cost-effective NHI solutions that can realistically fit into various budget restrictions? […]

The post Cost-Effective NHI Solutions That Fit Your Budget appeared first on Entro.

The post Cost-Effective NHI Solutions That Fit Your Budget appeared first on Security Boulevard.