Government security leaders are struggling. Cyber investments are lagging. Resources are being cut. The problem is getting worse. Let’s explore solutions.
The post Cybersecurity’s New Business Case: Fraud appeared first on Security Boulevard.
How Can Non-Human Identities Enhance AI Security? What are the key challenges faced by organizations in managing cybersecurity for machine identities? With digital systems continue to evolve, cybersecurity professionals are increasingly focusing on the protection and management of Non-Human Identities (NHIs). These machine identities play a pivotal role in ensuring robust AI security and better […]
The post How is AI security evolving for better protection? appeared first on Entro.
The post How is AI security evolving for better protection? appeared first on Security Boulevard.
How Does Non-Human Identities (NHI) Impact Digital Secrets Management? Is your organization adequately prepared to manage non-human identities (NHIs) and protect your digital secrets? That’s a critical question. With cyber threats become more sophisticated, the role of NHIs in digital secrets management becomes increasingly vital. These machine identities are crucial in secure networks, especially in […]
The post Can you trust AI with your digital secrets management? appeared first on Entro.
The post Can you trust AI with your digital secrets management? appeared first on Security Boulevard.
Is Your Organization Missing Out on the Value of Non-Human Identities in Digital Security? The rapid expansion of cloud environments has ushered in a powerful yet complex challenge: managing digital identities that aren’t tied to any one person. These Non-Human Identities (NHIs), which often take the form of machine identities, are integral to a secure […]
The post How do NHIs deliver value in digital security landscapes? appeared first on Entro.
The post How do NHIs deliver value in digital security landscapes? appeared first on Security Boulevard.
The Strategic Role of Non-Human Identities in AI-Powered Cybersecurity Operations What is the role of Non-Human Identities (NHIs) in achieving seamless security for your organization? With digital continues to expand, cybersecurity professionals face the challenges of managing complex systems and ensuring secure operations. NHIs, which are essentially machine identities, play a pivotal role, acting as […]
The post How does AI ensure calm in cybersecurity operations? appeared first on Entro.
The post How does AI ensure calm in cybersecurity operations? appeared first on Security Boulevard.
Session 10A: Confidential Computing 2
Authors, Creators & Presenters: Byeongwook Kim (Seoul National University), Jaewon Hur (Seoul National University), Adil Ahmad (Arizona State University), Byoungyoung Lee (Seoul National University)
PAPER
Secure Data Analytics in Apache Spark with Fine-grained Policy Enforcement and Isolated Execution
Cloud based Spark platform is a tempting approach for sharing data, as it allows data users to easily analyze the data while the owners to efficiently share the large volume of data. However, the absence of a robust policy enforcement mechanism on Spark hinders the data owners from sharing their data due to the risk of private data breach. In this respect, we found that malicious data users and cloud managers can easily leak the data by constructing a policy violating physical plan, compromising the Spark libraries, or even compromising the Spark cluster itself. Nonetheless, current approaches fail to securely and generally enforce the policies on Spark, as they do not check the policies on physical plan level, and they do not protect the integrity of data analysis pipeline. This paper presents Laputa, a secure policy enforcement framework on Spark. Specifically, Laputa designs a pattern matching based policy checking on the physical plans, which is generally applicable to Spark applications with more fine-grained policies. Then, Laputa compartmentalizes Spark applications based on confidential computing, by which the entire data analysis pipeline is protected from the malicious data users and cloud managers. Meanwhile, Laputa preserves the usability as the data users can run their Spark applications on Laputa with minimal modification. We implemented Laputa, and evaluated its security and performance aspects on TPC-H, Big Data benchmarks, and real world applications using ML models. The evaluation results demonstrated that Laputa correctly blocks malicious Spark applications while imposing moderate performance overheads.
ABOUT NDSS
The Network and Distributed System Security Symposium (NDSS) fosters information exchange among researchers and practitioners of network and distributed system security. The target audience includes those interested in practical aspects of network and distributed system security, with a focus on actual system design and implementation. A major goal is to encourage and enable the Internet community to apply, deploy, and advance the state of available security technologies.
Our thanks to the Network and Distributed System Security (NDSS) Symposium for publishing their Creators, Authors and Presenter’s superb NDSS Symposium 2025 Conference content on the Organizations' YouTube Channel.
The post NDSS 2025 – Secure Data Analytics appeared first on Security Boulevard.
Security teams are under constant pressure to do more with the same resources. Manual processes, fragmented tools, and inefficient workflows can slow teams down and pull focus away from what matters most.
In this live webinar, experienced security practitioners share how they’ve escaped the constraints of limited
The post [Webinar] Doing More With Less: How Security Teams Escape Manual Work with Efficient Workflows appeared first on Security Boulevard.
Learn about the key differences between DAST and pentesting, the emerging role of AI pentesting, their roles in security testing, and which is right for your business.
The post DAST vs Penetration Testing: Key Differences in 2026 appeared first on Security Boulevard.
ISO 27001 is an internationally recognized standard that defines the requirements for establishing, implementing, maintaining, and continuously improving an Information Security Management System (ISMS) within an organization. First introduced in 1999, the standard has evolved through multiple revisions to address changing security needs. The most recent update, ISO 27001:2022, was released on October 25, 2022, […]
The post ISO 27001:2013 vs 2022 – A Quick Comparison Guide appeared first on Kratikal Blogs.
The post ISO 27001:2013 vs 2022 – A Quick Comparison Guide appeared first on Security Boulevard.
The digital landscape is evolving at a rapid pace, and so are the threats that target organizations. With cyberattacks becoming more sophisticated and diverse, traditional security solutions often struggle to keep up. Businesses today need a more unified, proactive, and intelligent approach to detect and respond to threats. This is where Extended Detection and Response
The post Extended Detection and Response (XDR): A New Era in Cybersecurity appeared first on Seceon Inc.
The post Extended Detection and Response (XDR): A New Era in Cybersecurity appeared first on Security Boulevard.
Artificial intelligence (AI) systems rarely fail in obvious ways. No red error screen. No crashed service. No broken button. They fail quietly. Outputs look confident...Read More
The post Shift Left QA for AI Systems. Catching Model Risk Before Production appeared first on ISHIR | Custom AI Software Development Dallas Fort-Worth Texas.
The post Shift Left QA for AI Systems. Catching Model Risk Before Production appeared first on Security Boulevard.
How Do Organizations Secure Machine Identities Effectively? Have you ever considered how machine identities, or Non-Human Identities (NHIs), impact cybersecurity in cloud environments? NHIs act as the digital passports for machines, governing how they interact with systems and data. With organizations increasingly relying on automated systems and cloud-based services, effective NHI management is more crucial […]
The post How do NHIs empower agile cybersecurity strategies? appeared first on Entro.
The post How do NHIs empower agile cybersecurity strategies? appeared first on Security Boulevard.
How Can AI Revolutionize Compliance Management? Are you leveraging AI technologies to optimize compliance management in your organization? Where compliance requirements continue to grow more complex across industries, the integration of Artificial Intelligence (AI) into compliance management is becoming increasingly essential. The call for efficient compliance management resonates especially with organizations operating in sectors such […]
The post Can AI manage compliance requirements efficiently? appeared first on Entro.
The post Can AI manage compliance requirements efficiently? appeared first on Security Boulevard.
The Crucial Intersection: Non-Human Identities and AI in Cybersecurity What role do Non-Human Identities (NHIs) play in cybersecurity? Traditional human-centric security measures are no longer sufficient. The emergence of NHIs, or machine identities, is reshaping how organizations approach security threats, particularly when integrated with Proactive Agentic AI for threat detection. Understanding Non-Human Identities: A New […]
The post How proactive can Agentic AI be in threat detection? appeared first on Entro.
The post How proactive can Agentic AI be in threat detection? appeared first on Security Boulevard.
How Do Non-Human Identities (NHIs) Shape the Future of Cybersecurity? Have you ever considered the risks associated with the identities of machines in your network? With cybersecurity professionals continue to confront increasingly complex threats, a crucial, often overlooked area is the management of Non-Human Identities (NHIs) and their associated secrets. Integrating NHI management into an […]
The post Can managing NHIs keep companies ahead in cybersecurity? appeared first on Entro.
The post Can managing NHIs keep companies ahead in cybersecurity? appeared first on Security Boulevard.
Session 10A: Confidential Computing 2
Authors, Creators & Presenters: Weili Wang (Southern University of Science and Technology), Honghan Ji (ByteDance Inc.), Peixuan He (ByteDance Inc.), Yao Zhang (ByteDance Inc.), Ye Wu (ByteDance Inc.), Yinqian Zhang (Southern University of Science and Technology)
PAPER
WAVEN: WebAssembly Memory Virtualization for Enclaves
The advancement of trusted execution environments (TEEs) has enabled the confidential computing paradigm and created new application scenarios for WebAssembly (Wasm). "Wasm+TEE" designs achieve in-enclave multi-tenancy with strong isolation, facilitating concurrent execution of untrusted code instances from multiple users. However, the linear memory model of Wasm lacks efficient cross-module data sharing and fine-grained memory access control, significantly restricting its applications in certain confidential computing scenarios where secure data sharing is essential (e.g., confidential stateful FaaS and data marketplaces). In this paper, we propose WAVEN (WebAssembly Memory Virtualization for ENclaves), a novel WebAssembly memory virtualization scheme, to enable memory sharing among Wasm modules and page-level access control. We implement WAVEN atop WAMR, a popular Wasm runtime for TEEs, and empirically demonstrate its efficiency and effectiveness. To the best of our knowledge, our work represents the first approach that enables cross-module memory sharing with fine-grained memory access control in Wasm.
ABOUT NDSS
The Network and Distributed System Security Symposium (NDSS) fosters information exchange among researchers and practitioners of network and distributed system security. The target audience includes those interested in practical aspects of network and distributed system security, with a focus on actual system design and implementation. A major goal is to encourage and enable the Internet community to apply, deploy, and advance the state of available security technologies.
Our thanks to the Network and Distributed System Security (NDSS) Symposium for publishing their Creators, Authors and Presenter’s superb NDSS Symposium 2025 Conference content on the Organizations' YouTube Channel.
The post NDSS 2025 – WAVEN: WebAssembly Memory Virtualization For Enclaves appeared first on Security Boulevard.
Written by Vivek Ramachandran, SquareX Founder, for Forbes Technology Council. This article originally appeared here.
If you lived through the 1990s, you’ll remember the first of the “ browser wars,” where Netscape and Internet Explorer fiercely competed for market dominance. Then Google launched Chromium in 2008, and this battle effectively ended. The past 17 years have been relatively quiet in the browser space-most new challengers, including Edge, are built on Chromium, and Chrome has slowly grown to own over 70% of the market. Until now.
This is the year of AI browsers. Following the release of Perplexity’s Comet and OpenAI’s ChatGPT Atlas, Atlassian made a deal to acquire The Browser Company. Even incumbents like Chrome, Edge and Firefox have released their own AI features for their consumer browsers. So, what’s driving this sudden browser renaissance?
Thanks to hyperscalers and the pandemic, the past decade has seen a major shift in the modern way of working. Most enterprise applications are now SaaS apps, and, in 2022, around 62% of enterprise data was stored in the cloud (with that number expected to be much higher today)-both of which are accessed through browsers. Effectively, the browser has become the new endpoint.
In other words, by owning the browser space, one owns an essential infrastructure layer-the single point of access to every application, workflow and data that users interact with online. This is partly why the U.S. Department of Justice attempted to force Google to divest Chrome, and why the proposition of owning the browser space is so compelling to many technology companies.
Since ChatGPT’s launch in November 2022, generative AI (GenAI) has evolved through three distinct generations, each expanding AI’s scope of action and potential impact. The first generation introduced LLM-powered AI chatbots such as ChatGPT and Claude, as well as specialized API wrappers like Grammarly and GitHub Copilot. However, it wasn’t until January 2025 that OpenAI released Operator, the first true browser AI agent that can autonomously act on the user’s behalf, performing tasks like booking flight tickets and scheduling meetings. This served as the foundation for AI browsers.
For many technology companies, AI browsers became an unprecedented strategic opportunity to enter the browser race-a market that had been virtually impenetrable for over a decade due to Google’s dominance. With the release of agentic AI, it’s now possible to build AI browsers capable of autonomous reasoning, decision making and executing complex multistep tasks. New entrants can now offer value by changing the way people fundamentally browse the internet, making the AI browser a more compelling differentiator from incumbent consumer browsers than any browser innovation we’ve seen in recent years.
Yet, one major security implication of AI browsers is that security teams are now dealing with autonomous agents that complete tasks on the user’s behalf without the security awareness of an employee. Already, we’ve been seeing attacks on AI browsers that lead to these AI agents exfiltrating data, downloading malware and providing unauthorized access to enterprise apps without the user knowing. These AI browsers have the same privilege level as users, allowing them to access every enterprise app and sensitive information that the user can access.
Unfortunately, traditional security solutions like SASE/SSEs have no way to differentiate between tasks performed by a user and those performed by the AI browser, as the network traffic originates from the same browser. As AI agents and AI browsers become the new “weakest link,” this calls for the security industry to rethink the way enterprise security infrastructure is built, taking into account agentic identity, agentic data loss prevention (DLP) and attacks on agentic workflows.
In an increasingly agentic future, the browser won’t only act as a window to the web but as the primary workspace for autonomous agents and human-AI collaboration. This shift will make browsers more powerful, intelligent and deeply personalized, but also heighten the urgency for advanced browser security, as more sensitive actions and data flow through them than ever before.
SquareX’s browser extension turns any browser on any device into an enterprise-grade secure browser. SquareX’s industry-first Browser Detection and Response (BDR) solution empowers organizations to proactively defend against browser-native threats including rogue AI agents, Last Mile Reassembly Attacks, malicious extensions and identity attacks. Unlike dedicated enterprise browsers, SquareX seamlessly integrates with users’ existing consumer browsers, delivering security without compromising user experience.
Visit sqrx.com to learn more or sign up for an enterprise pilot.
Browser Wars, Continued: Why Everyone Is Building Their Own AI Browser was originally published in SquareX Labs on Medium, where people are continuing the conversation by highlighting and responding to this story.
The post Browser Wars, Continued: Why Everyone Is Building Their Own AI Browser appeared first on Security Boulevard.
via the comic artistry and dry wit of Randall Munroe, creator of XKCD
The post Randall Munroe’s XKCD ‘Truly Universal Outlet’ appeared first on Security Boulevard.
Session 9D: Github + OSN Security
Authors, Creators & Presenters: Jan-Ulrich Holtgrave (CISPA Helmholtz Center for Information Security), Kay Friedrich (CISPA Helmholtz Center for Information Security), Fabian Fischer (CISPA Helmholtz Center for Information Security), Nicolas Huaman (Leibniz University Hannover), Niklas Busch (CISPA Helmholtz Center for Information Security), Jan H. Klemmer (CISPA Helmholtz Center for Information Security), Marcel Fourné (Paderborn University), Oliver Wiese (CISPA Helmholtz Center for Information Security), Dominik Wermke (North Carolina State University), Sascha Fahl (CISPA Helmholtz Center for Information Security)
PAPER
Attributing Open-Source Contributions is Critical but Difficult: A Systematic Analysis of GitHub Practices and Their Impact on Software Supply Chain Security
Critical open-source projects form the basis of many large software systems. They provide trusted and extensible implementations of important functionality for cryptography, compatibility, and security. Verifying commit authorship authenticity in open-source projects is essential and challenging. Git users can freely configure author details such as names and email addresses. Platforms like GitHub use such information to generate profile links to user accounts. We demonstrate three attack scenarios malicious actors can use to manipulate projects and profiles on GitHub to appear trustworthy. We designed a mixed-research study to assess the effect on critical open-source software projects and evaluated countermeasures. First, we conducted a large-scale measurement among 50,328 critical open-source projects on GitHub and demonstrated that contribution workflows can be abused in 85.9% of the projects. We identified 573,043 email addresses that a malicious actor can claim to hijack historic contributions and improve the trustworthiness of their accounts. When looking at commit signing as a countermeasure, we found that the majority of users (95.4%) never signed a commit, and for the majority of projects (72.1%), no commit was ever signed. In contrast, only 2.0% of the users signed all their commits, and for 0.2% of the projects all commits were signed. Commit signing is not associated with projects' programming languages, topics, or other security measures. Second, we analyzed online security advice to explore the awareness of contributor spoofing and identify recommended countermeasures. Most documents exhibit awareness of the simple spoofing technique via Git commits but no awareness of problems with GitHub's handling of email addresses.
ABOUT NDSS
The Network and Distributed System Security Symposium (NDSS) fosters information exchange among researchers and practitioners of network and distributed system security. The target audience includes those interested in practical aspects of network and distributed system security, with a focus on actual system design and implementation. A major goal is to encourage and enable the Internet community to apply, deploy, and advance the state of available security technologies.
Our thanks to the Network and Distributed System Security (NDSS) Symposium for publishing their Creators, Authors and Presenter’s superb NDSS Symposium 2025 Conference content on the Organizations' YouTube Channel.
The post NDSS 2025 – Attributing Open-Source Contributions Is Critical But Difficult appeared first on Security Boulevard.
Corr-Serve, a South African value-added distributor of cybersecurity solutions, has strengthened its long-standing partnership with Seceon, a global provider of advanced cybersecurity technology, expanding local access to AI-driven threat detection and response capabilities. The enhanced agreement builds on more than seven years of collaboration between the two companies in Southern Africa and positions Corr-Serve as Seceon’s
The post Corr-Serve strengthens South Africa’s cybersecurity market through expanded Seceon partnership appeared first on Seceon Inc.
The post Corr-Serve strengthens South Africa’s cybersecurity market through expanded Seceon partnership appeared first on Security Boulevard.
Login