Recent Posts
Deals•Jan 28, 2026
Radware Acquires Pynt to Bolster API Security Testing
Radware announced this week that it has acquired Pynt, a provider of API security testing tools. The acquisition will expand Radware's API security platform with design and testing capabilities, enhancing its offering for cybersecurity teams.
Security Boulevard
Deals•Jan 18, 2026
Merge Labs Raises $252M to Link Brains and Computers
Merge Labs, a brain‑computer interface startup co‑founded by AI entrepreneur Sam Altman, announced a $252 million fundraising round to develop devices that connect human brains to computers. The capital will be used to advance medical applications before expanding to consumer products.
Security Boulevard
Deals•Jan 18, 2026
ICE Acquires Tangles Social‑Media Monitoring Tool to Boost Surveillance
U.S. Immigration and Customs Enforcement (ICE) has recently acquired the social‑media monitoring tool Tangles, expanding its surveillance capabilities. The acquisition, highlighted in a recent report, complements ICE's existing system that includes the Webloc tool. Deal terms and value were not...
Security Boulevard
News•Jan 14, 2026
From Bot Noise to Real Insights: How Jobrapido Achieved True Marketing ROI
Jobrapido, a global recruitment‑marketing platform, partnered with DataDome to combat bot‑driven traffic that was inflating costs and skewing performance metrics. The AI‑powered solution filtered out roughly 15% of invalid visits, giving the company a clean, real‑time view of genuine user...
By Security Boulevard
News•Jan 14, 2026
AppOmni Surfaces BodySnatcher AI Agent Security Flaw Affecting ServiceNow Apps
AppOmni, a SaaS security platform vendor, has disclosed a critical vulnerability in ServiceNow identified as CVE‑2025‑12420, nicknamed BodySnatcher. The flaw enables an unauthenticated attacker to impersonate any ServiceNow user and spawn a malicious AI agent within the platform. Because ServiceNow...
By Security Boulevard
News•Jan 14, 2026
EasyDMARC Expands Executive Team with Armen Najarian as Chief Commercial Officer
EasyDMARC announced the appointment of Armen Najarian as its new Chief Commercial Officer. Najarian brings over 25 years of experience in email security, fraud prevention, and AI‑driven analytics, previously leading go‑to‑market roles at ThreatMetrix, Agari, Outseer and Sift. He will...
By Security Boulevard
News•Jan 14, 2026
AI in Manufacturing: The Growing Risk and Reward Dilemma Escalating Data Security
AI adoption in U.S. manufacturing is accelerating, with 55% of firms already using generative AI and many planning further expansion. Meanwhile, ransomware attacks on the sector surged 87% in 2024, making manufacturing the most targeted industry. Without enterprise‑grade security—especially through...
By Security Boulevard
News•Jan 14, 2026
AI Scraping in Mobile Apps: How It Works and How to Stop It
Scraping has migrated from web sites to mobile apps as AI‑driven bots target richer, structured API data. Attackers decompile Android APKs, extract endpoints and credentials, then replay authenticated requests without using the UI. Traditional defenses—rate limits, CAPTCHAs, and token‑based authentication—fail...
By Security Boulevard
News•Jan 13, 2026
NDSS 2025 – A Comprehensive Memory Safety Analysis Of Bootloaders
Researchers at NDSS 2025 presented the first systematic memory‑safety study of bootloaders, revealing a growing attack surface as these low‑level programs add features. By surveying prior vulnerabilities and building a dedicated fuzzing framework, the team examined nine popular bootloaders and...
By Security Boulevard
News•Jan 13, 2026
Identity Under Siege: What the Salt Typhoon Campaign Reveals About Trusted Access Risks
The Salt Typhoon espionage campaign compromised email accounts of U.S. congressional staff by exploiting stolen credentials rather than deploying malware. Attackers blended into normal email and cloud traffic, maintaining persistent, low‑noise access to sensitive communications. The breach underscores that identity systems...
By Security Boulevard
News•Jan 13, 2026
GitGuardian Closes 2025 with Strong Enterprise Momentum, Protecting Millions of Developers Worldwide
GitGuardian reported record ARR growth in 2025, fueled by rapid enterprise adoption across North America and Europe. The platform now safeguards over 115,000 developers, monitors more than 610,000 repositories and 210,000 collaboration‑tool sources, a seven‑fold increase from the prior year....
By Security Boulevard
News•Jan 13, 2026
When the Marketing Graph Becomes the Target Map
A Wired investigation uncovered that Google’s ad service hosted audience segments tied to highly sensitive groups, allowing marketers and potential adversaries to target mobile devices linked to government employees and executives. The article warns that modern ad‑tech pipelines collect granular...
By Security Boulevard
News•Jan 13, 2026
Can You Afford the Total Cost of Free Java?
Running Java on a free, unsupported JVM carries hidden risks as exploit timelines have accelerated dramatically. In 2023, attackers began leveraging newly disclosed Java flaws within five days, and some incidents occurred in under an hour. Without commercial support, organizations...
By Security Boulevard
News•Jan 13, 2026
BodySnatcher (CVE-2025-12420): A Broken Authentication and Agentic Hijacking Vulnerability in ServiceNow
ServiceNow’s Virtual Agent API and Now Assist AI Agents contain a critical broken‑authentication flaw (CVE‑2025‑12420) that lets unauthenticated attackers impersonate any user using only an email address. The vulnerability exploits a static provider secret and email‑only auto‑linking to bypass MFA...
By Security Boulevard
News•Jan 13, 2026
ColorTokens Achieves FedRAMP® Moderate ATO for Xshield™
ColorTokens announced that its Xshield Enterprise Microsegmentation Platform has received a FedRAMP® Moderate Authority to Operate, confirming compliance with hundreds of NIST SP 800‑53 controls. The authorization, validated by an accredited third‑party assessment organization, allows the solution to handle Controlled Unclassified Information...
By Security Boulevard
News•Jan 13, 2026
Key Learnings From the Latest CyRC Wi-Fi Vulnerabilities
Black Duck Cybersecurity Research Center (CyRC) disclosed high‑risk Wi‑Fi vulnerabilities in ASUS and TP‑Link routers that allow network disruption with a single malformed frame. The flaws were identified through Defensics fuzz testing and bypass WPA2/WPA3 encryption, highlighting protocol‑level weaknesses. Vendors...
By Security Boulevard
News•Jan 13, 2026
CyRC Advisory: Vulnerability in Broadcom Chipset Causes Network Disruption and Client Disconnection on Wireless Routers
The Black Duck Cybersecurity Research Center identified a high‑severity vulnerability in Broadcom’s wireless chipset used in ASUS RT‑BE86U routers. A single over‑the‑air frame can render the 5 GHz Wi‑Fi network unresponsive, forcing a manual router reset and potentially corrupting ongoing data...
By Security Boulevard
News•Jan 13, 2026
Email Is Not Legacy. It’s Infrastructure.
Email remains the backbone of modern business, not a relic, because it operates as an open protocol that connects vendors, customers, and internal teams. A recent survey shows 82 % of IT leaders consider it the most important channel for external...
By Security Boulevard
News•Jan 13, 2026
Russia’s Crackdown on Probiv Data Leaks May Have Fed the Beast Instead
Russia’s crackdown on the illegal probiv data‑leak market, spurred by a personal fraud incident involving President Putin’s associate, led to the arrest of Solaris platform founders but may have unintentionally strengthened the underground ecosystem. The probiv market, originally a convenient...
By Security Boulevard
News•Jan 13, 2026
Apache Struts External Entity (XXE) Injection Vulnerability S2-069 (CVE-2025-68493)
Apache Struts has been disclosed with a critical external entity injection flaw, S2‑069 (CVE‑2025‑68493), scoring 9.8 on the CVSS scale. The vulnerability resides in the XWork XML parser, enabling attackers to read files, perform SSRF, or launch DoS attacks. Affected...
By Security Boulevard
News•Jan 12, 2026
NDSS 2025 – LLMPirate: LLMs For Black-Box Hardware IP Piracy
Researchers from Texas A&M unveiled LLMPirate, a novel technique that leverages large language models to generate pirated variations of hardware circuit designs. The system successfully evaded detection by four state‑of‑the‑art IP piracy tools across all tested circuits, achieving 100% evasion....
By Security Boulevard
News•Jan 12, 2026
NDSS 2025 – Mens Sana In Corpore Sano: Sound Firmware Corpora For Vulnerability Research
The NDSS 2025 paper "Mens Sana In Corpore Sano" examines the difficulty of building scientifically sound firmware corpora for vulnerability research. It identifies practical obstacles such as proprietary, encrypted samples and inadequate documentation that hinder replicability. The authors derive a...
By Security Boulevard
News•Jan 12, 2026
Predict 2026: AI, Trust and the Security Reckoning Ahead
Predict 2026 declares AI the defining technology of the year, emphasizing that security leaders must now focus on protecting, governing, and trusting autonomous AI systems. The event highlights how agentic AI reshapes risk, from evolving models to data pipelines that become...
By Security Boulevard
News•Jan 12, 2026
Unlock Remote Work’s GRC Impact: Challenges to Opportunities
Remote work has become a permanent fixture, forcing organizations to overhaul traditional governance, risk, and compliance (GRC) frameworks. Distributed workforces increase cyber‑risk exposure, fragment data environments, and create overlapping regulatory obligations across jurisdictions. Companies are turning to centralized GRC platforms,...
By Security Boulevard
News•Jan 12, 2026
Turkish Security Researcher Gets Nod From NASA Over Vulnerability Discoveries
Turkish researcher Hasan İsmail Gülkaya identified four security flaws in NASA’s systems and reported them through the agency’s Vulnerability Disclosure Program. NASA promptly patched the issues and sent the researcher a formal thank‑you letter, highlighting the success of its responsible‑disclosure framework. Industry...
By Security Boulevard
News•Jan 12, 2026
Operation Cronos Leader Gets Nod From King Charles
British law enforcement officer Gavin Webb received an OBE from King Charles for his leadership of Operation Cronos. The National Crime Agency‑led operation seized LockBit ransomware’s infrastructure, source code and decryption keys, crippling a gang that accounted for roughly 25%...
By Security Boulevard
News•Jan 11, 2026
NDSS 2025 – EMIRIS: Eavesdropping On Iris Information Via Electromagnetic Side Channel
Researchers at Shandong University presented EMIRIS at NDSS 2025, demonstrating that electromagnetic emissions from near‑infrared iris sensors can be captured and used to reconstruct iris patterns. By reverse‑engineering the sensor’s data transmission format and applying a diffusion‑based inverse‑problem solver, the...
By Security Boulevard
News•Jan 11, 2026
Most Popular Cybersecurity Blogs From 2025
Dan Lohrmann’s January 2026 roundup lists the ten most‑viewed cybersecurity blogs of 2025, featuring stories on state bans of human microchip implants, humanoid robots, AI‑driven human verification, federal employee resilience, government cloud security, AI career impacts, and nation‑state threat assessments. The data...
By Security Boulevard
News•Jan 10, 2026
What Is Application Security Testing? Detail Explanation
Application security testing (AST) is a set of processes and tools that identify vulnerabilities throughout the software development lifecycle, enabling organizations to shift security left and remediate issues before deployment. The global AST market now exceeds $33 billion, reflecting the critical...
By Security Boulevard
News•Jan 9, 2026
Top 10 Privileged Access Management Solutions for 2026
Privileged Access Management has shifted from a compliance checkbox to a critical security control as organizations adopt hybrid cloud, SaaS, DevOps pipelines, and AI agents. The 2026 guide evaluates ten leading PAM vendors, highlighting capabilities such as Zero Standing Privileges,...
By Security Boulevard
News•Jan 9, 2026
Tonic.ai Product Updates: January 2026
Tonic.ai’s January 2026 release adds Guided Redaction in Textual, a beta human‑in‑the‑loop workflow that couples AI detection with manual review for high‑risk data. The platform also expands model‑based custom entity types, letting users train detectors for niche business vocabularies. A...
By Security Boulevard
News•Jan 9, 2026
Use of XMRig Cryptominer by Threat Actors Expanding: Expel
XMRig, an open‑source Monero miner, is increasingly weaponized by threat actors across Windows, Linux, Kubernetes and AWS environments. Recent campaigns have leveraged the high‑severity React2Shell exploit and UPX‑packed binaries to spread the miner via game torrents and commodity malware. Expel’s...
By Security Boulevard
News•Jan 9, 2026
INFORM 2026: MITRE’s Updated Threat-Informed Defense Maturity Model Explained
MITRE’s Center for Threat‑Informed Defense released a major update to its INFORM maturity model, incorporating two years of field feedback and new partner input. The revision introduces revamped assessment questions, a timeliness factor, and an impact‑vs‑complexity recommendation matrix. INFORM now...
By Security Boulevard
![Sectigo New Public Roots and Issuing CAs Hierarchy [2025 Migration Guide]](/cdn-cgi/image/width=1200,quality=75,format=auto,fit=cover/https://certera.com/blog/wp-content/plugins/wp-postratings/images/stars/rating_on.gif)
News•Jan 9, 2026
Sectigo New Public Roots and Issuing CAs Hierarchy [2025 Migration Guide]
Sectigo is retiring its legacy multi‑purpose root and intermediate CAs in favor of single‑purpose public roots, with a hard migration deadline of January 1 2026. Browsers will cease to trust certificates issued under the old chains, causing security warnings, broken HTTPS, and...
By Security Boulevard
News•Jan 9, 2026
CCPA Compliance Checklist for 2026: What You Need to Know
The California Consumer Privacy Act (CCPA) is entering a pivotal phase in 2025‑26 as inflation‑adjusted thresholds raise applicability and new rules target automated decision‑making and cybersecurity governance. Organizations must continuously reassess scope, maintain precise data inventories, and embed repeatable rights‑fulfillment...
By Security Boulevard
News•Jan 8, 2026
How Does Agentic AI Adapt to Changing Security Needs?
Organizations increasingly rely on machine identities, or non‑human identities (NHIs), to authenticate services in cloud environments. Effective NHI management—covering discovery, classification, threat detection, and remediation—delivers risk reduction, compliance, and operational efficiency. Agentic AI platforms enable dynamic policy adaptation, cross‑department collaboration,...
By Security Boulevard
News•Jan 8, 2026
NDSS 2025 – ReThink: Reveal The Threat Of Electromagnetic Interference On Power Inverters
Researchers from Zhejiang University presented at NDSS 2025 a study exposing electromagnetic interference (EMI) threats to photovoltaic (PV) power inverters. They found that current and voltage sensors inside inverters are vulnerable to EMI at frequencies of 1 GHz or higher despite...
By Security Boulevard
News•Jan 8, 2026
135% Surge: Inside the Holiday Bot Attacks of December 2025
In December 2025, malicious bot traffic surged 135% year‑over‑year, turning the holiday season into a cyber‑fraud hotspot. AI‑enhanced bots mimicked human browsing, generated high‑fidelity synthetic identities, and performed adaptive reconnaissance, making detection harder. The spike spanned vulnerability scanning, credential stuffing,...
By Security Boulevard
News•Jan 8, 2026
Securing MCP Servers at Scale: How to Govern AI Agents with an Enterprise Identity Fabric
Enterprises are witnessing a rapid, uncontrolled rollout of Model Context Protocol (MCP) servers, with research showing 15.28% of a 10,000‑person workforce running an average of two servers each. Most deployments use full‑privilege personal access tokens, store credentials in plaintext, and...
By Security Boulevard