Chinese-sponsored groups are using the popular Brickstorm backdoor to access and gain persistence in government and tech firm networks, part of the ongoing effort by the PRC to establish long-term footholds in agency and critical infrastructure IT environments, according to a report by U.S. and Canadian security offices.

The post China Hackers Using Brickstorm Backdoor to Target Government, IT Entities appeared first on Security Boulevard.

ShadyPanda spent seven years uploading trusted Chrome and Edge extensions, later weaponizing them for tracking, hijacking, and remote code execution. Learn how the campaign unfolded.

The post ShadyPanda Takes its Time to Weaponize Legitimate Extensions  appeared first on Security Boulevard.

AI browsers introduce reasoning-based risks. Learn how cross-origin AI agents dismantle web security and what defenses are needed.

The post Convenience or Catastrophe? The Dangers of AI Browsers No One is Talking About  appeared first on Security Boulevard.

Security headlines distract, but the threats keeping CISOs awake are fundamental gaps and software supply chain risks. Learn why basics and visibility matter most.

The post Sleepless in Security: What’s Actually Keeping CISOs Up at Night  appeared first on Security Boulevard.

The Cybersecurity Coalition, an industry group of almost a dozen vendors, is urging the Trump Administration and Congress now that the government shutdown is over to take a number of steps to strengthen the country's cybersecurity posture as China, Russia, and other foreign adversaries accelerate their attacks.

The post Cybersecurity Coalition to Government: Shutdown is Over, Get to Work appeared first on Security Boulevard.

3 min readAs AI platforms grow more complex and interdependent, small failures can cast long shadows. That’s what happened inside the open-source CrewAI platform, where a vulnerability in its error-handling logic surfaced during a provisioning failure. The resulting “exception response” – the message a service returns when it encounters an unhandled error during a request – contained […]

The post CrewAI GitHub Token Exposure Highlights the Growing Risk of Static Credentials in AI Systems appeared first on Aembit.

The post CrewAI GitHub Token Exposure Highlights the Growing Risk of Static Credentials in AI Systems appeared first on Security Boulevard.

AI-powered cyberattacks are rising fast, and AI firewalls offer predictive, adaptive defense—but their cost, complexity and ROI must be carefully justified as organizations weigh upgrades.

The post Are AI Firewalls Worth the Investment?  appeared first on Security Boulevard.

The 183M credentials came from infostealer logs. Learn why continuous password monitoring is essential for modern defense.

The post 183 Million Credentials Misreported as a Gmail Breach appeared first on Security Boulevard.

A new iteration of the Shai-Hulud malware that ran through npm repositories in September is faster, more dangerous, and more destructive, creating huge numbers of malicious repositories, compromised scripts, and GitHub users attacked, creating one of the most significant supply chain attacks this year.

The post The Latest Shai-Hulud Malware is Faster and More Dangerous appeared first on Security Boulevard.

SitusAMC, a services provider with clients like JP MorganChase and Citi, said its systems were hacked and the data of clients and their customers possibly compromised, sending banks and other firms scrambling. The data breach illustrates the growth in the number of such attacks on third-party providers in the financial services sector.

The post Hack of SitusAMC Puts Data of Financial Services Firms at Risk appeared first on Security Boulevard.

Security is reaching a breaking point as growing technical complexity becomes a major risk vector. Learn why modern systems amplify threats—and how to stay ahead.

The post Security is at a Tipping Point: Why Complexity is the New Risk Vector  appeared first on Security Boulevard.

Agencies with the US and other countries have gone hard after bulletproof hosting services providers this month, including Media Land, Hypercore, and associated companies and individuals, while the FiveEyes threat intelligence alliance published BPH mitigation guidelines for ISPs, cloud providers, and network defenders.

The post U.S., International Partners Target Bulletproof Hosting Services appeared first on Security Boulevard.

An attack on the app of CRM platform-provider Gainsight led to the data of hundreds of Salesforce customers being compromised, highlighting the ongoing threats posed by third-party software in SaaS environments and illustrating how one data breach can lead to others, cybersecurity pros say.

The post Salesforce: Some Customer Data Accessed via Gainsight Breach appeared first on Security Boulevard.

The SEC dismissed the remain charges in the lawsuit filed in 2023 against software maker SolarWinds and CISO Timothy Brown in the wake of the massive Sunburst supply chain attack, in which a Russian nation-state group installed a malicious update into SolarWInds software that then compromised the systems of some customers.

The post SEC Dismisses Remains of Lawsuit Against SolarWinds and Its CISO appeared first on Security Boulevard.

From Anthropic:

In mid-September 2025, we detected suspicious activity that later investigation determined to be a highly sophisticated espionage campaign. The attackers used AI’s “agentic” capabilities to an unprecedented degree­—using AI not just as an advisor, but to execute the cyberattacks themselves.

The threat actor—­whom we assess with high confidence was a Chinese state-sponsored group—­manipulated our Claude Code tool into attempting infiltration into roughly thirty global targets and succeeded in a small number of cases. The operation targeted large tech companies, financial institutions, chemical manufacturing companies, and government agencies. We believe this is the first documented case of a large-scale cyberattack executed without substantial human intervention...

The post AI as Cyberattacker appeared first on Security Boulevard.

Deepfake-powered fraud is exploding as attackers weaponize AI to impersonate executives and bypass trust. Learn why detection alone fails and how AI-driven verification restores security.

The post AI vs. AI: Why Deepfake Detection Alone Won’t Protect Your Enterprise appeared first on Security Boulevard.

Akira ransomware is exploiting MFA push-spam, weak VPN security and identity gaps. Learn why these attacks succeed and the counter-playbook defenders must deploy now.

The post The Akira Playbook: How Ransomware Groups Are Weaponizing MFA Fatigue  appeared first on Security Boulevard.