Researchers with Cyata and BlueRock uncovered vulnerabilities in MCP servers from Anthropic and Microsoft, feeding ongoing security worries about MCP and other agentic AI tools and their dual natures as both key parts of the evolving AI world and easy targets for threat actors.

The post Anthropic, Microsoft MCP Server Flaws Shine a Light on AI Security Risks appeared first on Security Boulevard.

After an Instagram impersonation, Alan Shimel reveals how Meta’s AI moderation dismissed a clear security threat—showing why identity protection is broken.

The post Someone Is Impersonating Me on Instagram — and Meta Doesn’t Give a Sh*t appeared first on Security Boulevard.

Obsidian Security today announced that it has extended the reach of its platform for protecting software-as-a-service (SaaS) applications to include any integrations. Additionally, the company is now making it possible to limit which specific end users of a SaaS application are allowed to grant and authorize new SaaS integrations by enforcing least privilege policies. Finally,..

The post Obsidian Security Extends Reach to SaaS Application Integrations appeared first on Security Boulevard.

I’ve seen this movie before. That’s why a recent LinkedIn post by Ilya Kabanov stopped me mid-doomscroll. Kabanov described how frontier AI companies are quietly but decisively shifting into cybersecurity. They are not joining as partners or tacking on features. They are stepping up as product makers, targeting the core of the enterprise security budget...

The post We’ve Reached the “Customers Want Security” Stage, and AI Is Listening appeared first on Security Boulevard.

ZEST Security introduces AI Sweeper Agents that identify which vulnerabilities are truly exploitable, helping security teams cut patch backlogs and focus on real risk.

The post ZEST Security Adds AI Agents to Identify Vulnerabilities That Pose No Actual Risk appeared first on Security Boulevard.

Check Point dug into the details of VoidLink and found a sophisticated and quickly developed malware that was mostly generated using AI and putting a spotlight on what the future of cyber threats looks like.

The post VoidLink Represents the Future of AI-Developed Malware: Check Point appeared first on Security Boulevard.

The privacy rights group Fight for the Future was one of 44 organizations that sent a letter to lawmakers urging them to pull back on funding for ICE, noting the growing threats to U.S. citizens and others as the agency spends millions of dollars on its growing surveillance capabilities.

The post Fight for the Future, EFF, Others Push Back Against Growing ICE Surveillance appeared first on Security Boulevard.

Researchers with security firm Miggo used an indirect prompt injection technique to manipulate Google's Gemini AI assistant to access and leak private data in Google Calendar events, highlighting the challenges AI presents that traditional security measures can't address.

The post Exploiting Google Gemini to Abuse Calendar Invites Illustrates AI Threats appeared first on Security Boulevard.

Kimwolf botnet exploits smart gadgets for DDoS attacks, highlighting security lapses in device protection and supply chains.

The post What’s On the Tube Or Rather in the Tube: Kimwolf Targets Android-based TVs and Streaming Devices  appeared first on Security Boulevard.

Nicholas Moore, a 24-year-old Tennessee man, pleaded guilty to using stolen credentials of authorized users to hack into computer systems of the Supreme Court, VA, and AmeriCorps, obtaining sensitive information and then posting it online to his Instagram account.

The post Hacker Pleads Guilty to Access Supreme Court, AmeriCorps, VA Systems appeared first on Security Boulevard.

ICE protests surveillance yet uses tech to track citizens' devices, possibly violating privacy laws and the Fourth Amendment, revealed through ICE's data tools.

The post Who’s Stalking Whom? ICE Uses Social Media and Phone Surveillance System to Track Protesters appeared first on Security Boulevard.

JFrog this week published an analysis of a vulnerability in Redis databases that may be more serious than initially thought following the discovery of a remote code execution (RCE) exploit. Researchers found that a stack buffer overflow vulnerability in Redis (CVE-2025-62507) can be used to run the XACKDEL command with multiple IDs to trigger a..

The post JFrog Researchers Uncover RCE Exploit for Existing Redis Database Vulnerability appeared first on Security Boulevard.

PromptArmor threat researchers uncovered a vulnerability in Anthropic's new Cowork that already was detected in the AI company's Claude Code developer tool, and which allows a threat actor to trick the agent into uploading a victim's sensitive files to their own Anthropic account.

The post Vulnerability in Anthropic’s Claude Code Shows Up in Cowork appeared first on Security Boulevard.

In a report a week before its Davos conference, the World Economic Foundation said 64% world business leaders are most worried about cyber fraud, replacing ransomware at their top concern. AI vulnerabilities also ranked high, as did threats fueled by geopolitics. The group argued that a coordinated approach to cybersecurity is needed.

The post Cyber Fraud, Not Ransomware, is Now Businesses’ Top Security Concern appeared first on Security Boulevard.

RSAC just made a power move. With Jen Easterly stepping in as CEO, the cybersecurity industry’s front porch gets real leadership, real credibility, and real intent—writes Alan.

The post RSAC Stands Tall Appointing a True Leader, Jen Easterly as CEO appeared first on Security Boulevard.

The recently disclosed ServiceNow vulnerability should terrify every CISO in America. CVE-2025-12420, dubbed “BodySnatcher,” represents everything wrong with how we’re deploying AI in the enterprise today. An unauthenticated attacker—someone who has never logged into your system, sitting anywhere in the world—can impersonate your administrators using nothing more than an email address. They bypass your multi-factor..

The post We’re Moving Too Fast: Why AI’s Race to Market Is a Security Disaster appeared first on Security Boulevard.

A new Harmonic Security report reveals a sharp rise in sensitive data shared with generative AI tools like ChatGPT, increasing the risk of security breaches, compliance violations, and data exposure across global organizations.

The post Report: Massive Amounts of Sensitive Data Being Shared with GenAI Tools appeared first on Security Boulevard.

Delinea announces the acquisition of StrongDM to enhance its privileged access management platform, offering just-in-time access for IT infrastructure and improving cybersecurity for human and non-human identities.

The post Delinea Acquires StrongDM to Secure Access to IT Infrastructure appeared first on Security Boulevard.

A new Arcjet SDK lets Python teams embed bot protection, rate limiting, and abuse prevention directly into application code.

The post Arcjet Python SDK Sinks Teeth Into Application-Layer Security  appeared first on Security Boulevard.

Microsoft and law enforcement agencies in Europe disrupted the operations of RedVDS, a global cybercrime service that sold cheap and disposable dedicated virtual servers to threat actors that used them to run BEC, phishing, and other fraud campaigns. The vendor now wants to shut down its payment networks and find the operators behind it.

The post Microsoft, Law Enforcement Disrupt RedVDS Global Cybercrime Service appeared first on Security Boulevard.