Researchers with Cyata and BlueRock uncovered vulnerabilities in MCP servers from Anthropic and Microsoft, feeding ongoing security worries about MCP and other agentic AI tools and their dual natures as both key parts of the evolving AI world and easy targets for threat actors.

The post Anthropic, Microsoft MCP Server Flaws Shine a Light on AI Security Risks appeared first on Security Boulevard.

The crypto industry is preparing for a potential security challenge with the anticipated arrival of quantum computing. In response to this potential threat, Coinbase (COIN) has announced the formation of an advisory board composed of external experts. 

Coinbase Chief Security Officer’s Warning 

According to a report from Fortune, the newly established board includes academics from Stanford, Harvard, and the University of California, specializing in fields like computer science, cryptography, and fintech. 

Officially titled the Coinbase Independent Advisory Board on Quantum Computing and Blockchain, the group also features experts from the Ethereum Foundation, the decentralized finance (DeFi) platform EigenLayer, and Coinbase itself.

Jeff Lunglhofer, Coinbase’s Chief Information Security Officer, elaborated on the potential impact of quantum computing on current encryption methods. 

He explained that the encryption protecting wallets and private keys of Bitcoin (BTC) holders relies on complex mathematical problems that would take conventional computers thousands of years to solve. 

However, with the computational power that quantum computers promise—potentially a million times greater—these problems could be solved much more swiftly, Lunglhofer asserted.

Although the security implications of quantum computing are genuine, Lunglhofer reassured that they are not expected to become an immediate concern for at least a decade. The purpose of the new advisory board is to examine the upcoming challenges posed by quantum computing in a measured manner. 

This involves fostering initiatives within the blockchain industry that are reportedly already underway to enhance the resilience of Bitcoin and other networks against quantum attacks.

Blockchain Networks Expected To Implement Larger Keys

At present, Bitcoin secures its wallets through private keys, which consist of long strings of random characters. These keys are accessible to their owners but can only be estimated through extensive trial-and-error computations. 

The advent of quantum computing, however, would make it feasible to deduce private keys using trial-and-error methods in a fraction of the time. 

In response to this looming threat, Fortune disclosed that blockchain experts speculate that networks will implement larger keys and add “noise” to obscure their locations, making them more difficult to detect. Implementing these defensive upgrades across blockchain networks is said to take several years. 

In the meantime, the newly formed Coinbase Advisory Board is gearing up to publish research papers and issue position statements aimed at helping the cryptocurrency industry brace for the impacts of quantum computing. 

Their first paper, which will address quantum’s influence on the consensus and transaction layers of blockchain, is expected to be released within the next couple of months.

At the time of writing, Coinbase’s stock, which trades under the ticker symbol COIN on the Nasdaq, is trading at $225.10. This represents a slight drop of 1.2% over the last 24 hours. 

Featured image from OpenArt, chart from TradingView.com 

It's now been a full calendar year since the European Union's Digital Operational Resilience Act (DORA) became enforceable in January 2025, marking a clear shift in how regulators expect organizations to manage digital risk.

The post What a Year of DORA Reveals About Cyber Resilience appeared first on Security Boulevard.

Welcome back, aspiring forensics investigators.

In the previous article, we lifted the curtain on tracking technologies and showed how much information the internet collects from you. Many people still believe that privacy tools such as VPNs completely protect them, but as you are now learning, the story goes much deeper than that. Today we will explore what else is hiding behind the code. You will discover that even more information can be extracted from your device without your knowledge. And of course, we will also walk through ways to reduce these risks, because predictability creates patterns. Patterns can be tracked. And tracking means exposure.

Beyond Visuals

Most people assume fingerprinting is only about what you see on the screen. However, browser fingerprinting reaches far beyond the visual world. It also includes non visual methods that silently measure the way your device processes audio or stores small website assets. These methods do not rely on cookies or user logins. They do not require permission prompts. They simply observe tiny differences in system behavior and convert them into unique identifiers.

A major example is AudioContext fingerprinting. This technique creates and analyzes audio signals that you never actually hear. Instead, the browser processes the sound internally using the Web Audio API. Meanwhile favicon based tracking abuses the way browsers cache the small icons you see in your tab bar. Together, these methods help trackers identify users even if visual fingerprints are blocked or randomized. These non visual fingerprints work extremely well alongside visual ones such as Canvas and WebGL. One type of fingerprint reveals how your graphics hardware behaves. Another reveals how your audio pipeline behaves. A third records caching behavior. When all of this is combined, the tracking system becomes far more resilient. It becomes very difficult to hide, because turning off one fingerprinting technology still leaves several others running in the background.

Everything occurs invisibly behind the web page. Meanwhile your device is revealing small but deeply personal technical traits about itself. 

AudioContext Fingerprinting

AudioContext fingerprinting is built on the Web Audio API. This is a feature that exists in modern browsers to support sound generation and manipulation. Developers normally use it to create music, sound effects, and audio visualizations. Trackers, however, discovered that it can also be used to uniquely identify devices.

Here is what happens behind the scenes. A website creates an AudioContext object. Inside this context, it often generates a simple sine wave using an OscillatorNode. The signal is then passed through a DynamicsCompressorNode. This compressor highlights tiny variations in how the audio is processed. Finally, the processed audio data is read, converted into numerical form, and hashed into an identifier.

The interesting part is where the uniqueness comes from. Audio hardware varies greatly. Different manufacturers like Realtek or Intel design chips differently. Audio drivers introduce their own behavior. Operating systems handle floating point math in slightly different ways. All of these variations influence the resulting signal, even when the exact same code is used. Two computers will nearly always produce slightly different waveform results.

Only specific privacy protections can interfere with this process. Some browsers randomize or block Web Audio output to prevent fingerprinting. Others standardize the audio result across users so that everyone looks the same. But if these protections are not in place, your system will keep producing the same recognizable audio fingerprint again and again.

You can actually test this yourself. There are demo websites that implement AudioContext fingerprinting.

Favicon Supercookie Tracking

Favicons are the small images you see in your browser tabs. They appear completely harmless. However, the way browsers cache them can be abused to create a tracking mechanism. The basic idea is simple. A server assigns a unique identifier to a user and encodes that identifier into a specific pattern of favicon requests. Because favicons are cached separately from normal website data, they can act as a form of persistent storage. When the user later returns, the server instructs the browser to request a large set of possible favicons. Icons that are already present in the cache do not trigger network requests, while missing icons do. By observing which requests occur and which do not, the server can reconstruct the original identifier.

This is clever because favicon caches have traditionally been treated differently from normal browser data. Clearing cookies or browsing history often does not remove favicon cache entries. In some older browser versions, favicon cache persistence even extended across incognito sessions. 

There are limits. Trackers must maintain multiple unique icon routes, which requires server side management. Modern browsers have also taken steps to partition or isolate favicon caches per website, reducing the effectiveness of the method. Still, many legacy systems remain exposed, and clever implementations continue to find ways to abuse caching behavior.

Other Methods of Identification

Fingerprinting does not stop with visuals and audio. There are many additional identifiers that leak information about your device. Screen fingerprinting gathers details such as your screen resolution, usable workspace, color depth, pixel density, and zoom levels. These factors vary across laptops, desktops, tablets, and external monitors.

Font enumeration checks which fonts are installed on your system. This can be done by drawing hidden text elements and measuring their size. If the size changes, the font exists. The final list of available fonts can be surprisingly unique.

Speech synthesis fingerprinting queries the Web Speech API to discover which text to speech voices exist on your device. These are tied to language packs and operating system features.

The Battery Status API can reveal information about your battery capacity, charge state, and discharge behavior. This information itself is not very useful, but it helps illustrate how deep browser fingerprinting can go.

The website may also detect which Chrome plugins you use, making your anonymous identity even more traceable.

And this is still only part of the story. Browsers evolve quickly. New features create new opportunities for fingerprinting. So awareness is critical here.

Combined Threats and Defenses

When audio fingerprinting, favicon identifiers, Canvas, WebGL, and other methods are combined, they form what is often called a super fingerprint. This is a multi-layered identity constructed from many small technical signals. It becomes extremely difficult to change without replacing your entire hardware and software environment. This capability can be used for both legitimate analytics and harmful surveillance. Advertisers may track behavior across websites. Data brokers may build profiles over time. More dangerous actors may attempt to unmask users who believe they are anonymous.

Fortunately, there are tools that help reduce these risks. No defense is perfect. But layered protections can improve your privacy. For example, Tor standardizes many outputs, including audio behaviors and cache storage. But not everything, which means some things can expose you. Firefox includes settings such as privacy.resistFingerprinting that limit API details. Brave Browser randomizes or blocks fingerprinting attempts by default. Extensions such as CanvasBlocker and uBlock Origin also help reduce exposure, although they must be configured with care.

We encourage you to test your own exposure, experiment with privacy tools, and make conscious decisions about how and where you browse.

Conclusion

The key takeaway is not paranoia. Privacy tools do not eliminate fingerprinting, but defenses such as Tor, Brave, Firefox fingerprint-resistance, and well-configured extensions do reduce exposure. Understanding how non-visual fingerprints work allows you to make informed decisions instead of relying on assumptions. In modern browsing, privacy is not about hiding perfectly. It is about minimizing consistency and breaking long-term patterns.

Awareness matters. When you understand how you are being tracked, you’re far better equipped to protect your privacy.

PromptArmor threat researchers uncovered a vulnerability in Anthropic's new Cowork that already was detected in the AI company's Claude Code developer tool, and which allows a threat actor to trick the agent into uploading a victim's sensitive files to their own Anthropic account.

The post Vulnerability in Anthropic’s Claude Code Shows Up in Cowork appeared first on Security Boulevard.

A new Harmonic Security report reveals a sharp rise in sensitive data shared with generative AI tools like ChatGPT, increasing the risk of security breaches, compliance violations, and data exposure across global organizations.

The post Report: Massive Amounts of Sensitive Data Being Shared with GenAI Tools appeared first on Security Boulevard.

Insider threats are very real and make up the majority of cybersecurity attacks on enterprises. Yet, many businesses still spend most of their time safeguarding their systems against outsider threats. The worst with insider threats is that they often have a human element, which is usually used to bypass software protection. So even with all […]

The post Most Important Consideration To Prevent Insider Cyber Security Threats In Your Organization appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Welcome back, aspiring forensic investigators!

Today we are going to explore a topic that quietly shapes modern online privacy, yet most people barely think about it. When many users hear the word anonymity, they immediately think of VPN services or the Tor Browser. Once those tools are turned on, they often relax and assume they are safely hidden. Some even feel confident enough to behave recklessly online. Others, especially people in high-risk environments, place absolute trust in these tools to protect them from powerful adversaries. The problem is that this confidence is not always justified. A false sense of privacy can be more dangerous than having no privacy at all.

Master OTW has warned about this for years. Tor is an extraordinary privacy technology. It routes your traffic through multiple encrypted nodes so the websites you visit cannot easily see your real IP address. When it is used correctly and especially when accessing .onion resources, it truly can offer you some anonymity. But don’t let the mystery of Tor mislead you into thinking it guarantees absolute privacy. In the end, your traffic still has to pass through Tor nodes, and whoever controls the exit node can potentially observe unencrypted activity. That means privacy is only as strong as the path your traffic takes. A good example of this idea is the way Elliot in Mr. Robot uncovered what the owner of Ron’s Coffee was really involved in by monitoring traffic at the exit point.

Besides, determined adversaries can perform advanced statistical correlation attacks. Browsers can be fingerprinted by examining the small technical details that make your device unique. Exit nodes may also expose you when you browse the regular internet. The most important lesson is that absolute anonymity does not exist. And one of the biggest threats to that anonymity is browser fingerprinting.

What is Browser Fingerprinting?

Browser fingerprinting is a method websites use to identify you based on the unique characteristics of your device and software. Instead of relying on cookies or IP addresses, which can be deleted or hidden, fingerprinting quietly collects technical details about your system. When all of these little details are combined, they form something almost as unique as a real fingerprint.

One of the most important parts of browser fingerprinting is something called visual rendering differences. In simple terms, your computer draws images, text, and graphics in a way that is slightly different from everyone else’s computer. Techniques such as Canvas fingerprinting and WebGL fingerprinting take advantage of these differences. They can make your browser draw shapes or text and the small variations in how your device renders those shapes can be recorded. WebGL takes this even deeper, interacting directly with your graphics hardware to reveal more detailed information. What makes this especially concerning is the persistence. They are generated fresh each time, based on your hardware and software combination. Advertisers love this technology. Intelligence agencies know about it too. And most users never even realize it is happening.

Canvas Fingerprinting Explained

Let us start with Canvas fingerprinting. The HTML5 Canvas API was created so websites could draw graphics. However, it can also quietly draw an invisible image in the background without you ever seeing anything on the screen. This image often contains text, shapes, or even emojis. Once the image is rendered, the website extracts the pixel data and converts it into a cryptographic hash. That hash becomes your Canvas fingerprint.

The reason this fingerprint is unique comes from many small sources. Your graphics card renders shapes slightly differently. Your driver version may handle color smoothing in a unique way. Your installed fonts also affect how letters are shaped and aligned. The operating system you use adds its own rendering behavior. Even a tiny system change, such as a font replacement or a driver update, can modify the resulting fingerprint.

This fingerprinting technique is powerful because it follows you even when you think you are protected. It does not require stored browser data. It also does not care about your IP address. It simply measures how your machine draws a picture. This allows different groups to track and follow you, because your anonymous behavior suddenly becomes linkable.

If you want to see this in action, you can test your own Canvas fingerprint at BrowserLeaks. The same Canvas script will produce different fingerprints on different machines, and usually the same fingerprint on the same device.

WebGL Fingerprinting in Depth

Now let us move a layer deeper. WebGL fingerprinting builds on the same ideas, but it interacts even more closely with the graphics hardware. WebGL allows your browser to render 3D graphics, and through a specific extension named WEBGL_debug_renderer_info, a tracking script can retrieve information about your graphics card. This information can include the GPU vendor, such as NVIDIA, AMD, or Intel. It can also reveal the exact GPU model. In other words, WebGL is not only observing how graphics are drawn, it is asking your system directly what kind of graphics engine it has. This creates a highly identifiable hardware profile.

In environments where most devices use similar hardware, one unusual GPU can make you stand out instantly. Combining WebGL with Canvas makes tracking incredibly precise.

Risks and Persistence

Canvas and WebGL fingerprinting are difficult to escape because they are tied to physical components inside your device. You can delete cookies, reinstall your browser or wipe your entire system. But unless you also change your hardware, your fingerprint will likely remain similar or identical. These fingerprints also become more powerful when combined with other factors such as language settings, time zone, installed plugins, and browsing behavior. Over time, the tracking profile becomes extremely reliable. Even anonymous users become recognizable.

This is not just theory. A retailer might track shoppers across websites, including in private browsing sessions. A government might track dissidents, even when they route traffic through privacy tools. A cyber-criminal might identify high-value targets based on their hardware profile. All of this can happen silently in the background.

Conclusion

Browser fingerprinting through Canvas and WebGL is one of the most persistent and quiet methods of online tracking in use today. As investigators and security professionals, it is important that we understand both its power and its risks. You can begin exploring your own exposure by testing your device on fingerprinting-analysis websites and observing the identifiers they generate. Privacy-focused browsers and hardened settings may reduce the amount of information exposed, but even then the protection is not perfect. Awareness remains the most important defense. When you understand how fingerprinting works, you can better evaluate your privacy decisions, your threat model, and the trust you place in different technologies.

In the next part, we will go even deeper into this topic and see what else can be learned about you through your browser.

The post Digital Forensics: Browser Fingerprinting – Visual Identification Techniques, Part 1 first appeared on Hackers Arise.

Learn how the 2025 Trend Micro Defenders Survey Report helps paint a clear picture of how security teams are looking to work with executive leaders to manage cyber risk.

Learn why hybrid and multi-cloud environments are vital for IT and business success from our 2025 Trend Micro Defenders Survey.

Learn how Trend Micro's 2025 Trend Micro Defenders Survey Report highlights current AI-related cybersecurity priorities and where security professionals use AI to their advantage.

Based on more than 3,000 responses from cybersecurity professionals in nearly 90 countries, our Trend Micro Defenders Survey Report 2025 shines a bright light on the current state of cyber risk management. From the impact of cloud and AI on IT environments to top technical and human challenges, this year’s findings have a lot to say about the pressures security teams are under and what organizations are doing to tighten their grip on cyber risk.

Enterprise 2025 introduces the first full cloud adversary emulation and expanded multi-platform testing, focusing on two advanced threat areas: Scattered Spider’s cloud-centric attacks and Mustang Panda’s long-term espionage operations.

The integration between Trend Vision One and Security Hub CSPM is exactly that, two powerful platforms enhancing each other to keep your AWS infrastructure protected.

In today's cloud-first world, security teams face an overwhelming flood of alerts, fragmented visibility, and reactive workflows. The complexity of modern cloud environments—spanning multi-cloud deployments, ephemeral assets, and decentralized ownership—demands a new approach to risk management.

Bitcoin Magazine

Italy Launches Review of Crypto Safeguards Due to Rising Risks

Italy’s Economy Ministry has ordered a detailed review of current protections against crypto risks, officials said on Thursday. 

The review will focus on safeguards for both direct and indirect investments in crypto-assets by retail investors, regulators added.

The decision came during a meeting of the Committee for Macroprudential Policies. The committee includes the heads of the Bank of Italy, market watchdog Consob, insurance and pension regulators, and the Treasury’s director general, according to Reuters reporting. 

Committee members warned that risks from crypto-assets could rise. Growing connections between crypto and the wider financial system, along with inconsistent international regulations, could heighten vulnerabilities, they said.

The committee said Italy’s economic and financial conditions remain generally stable. At the same time, global uncertainty continues to pose challenges for financial stability.

The review will examine how existing rules protect investors and the financial system. Officials said they aim to identify gaps and recommend measures to strengthen safeguards, per Reuters. 

Italy has increasingly monitored digital assets in recent years. Authorities have raised concerns over investor protection, market integrity, and potential spillovers into the broader financial system. The new review signals a more cautious approach to crypto adoption in the country.

Italy’s cold-shoulder to crypto

Last year, Italy proposed a steep tax hike on crypto trades, aiming to raise the rate on digital asset gains from 26% to 42% as part of its October budget plan.

The measure was designed to boost public finances but quickly drew criticism from the crypto industry, which warned that such an aggressive increase would damage the country’s competitiveness — especially with the EU preparing to roll out its Markets in Crypto-Assets (MiCA) framework later this year.

The government backed down from its proposal after sharp criticism from Italy’s crypto industry. Under the revised budget plan, the capital-gains tax on digital asset trades is now expected to rise to 33% starting in the 2026 financial year, per reports. 

Last week, Bitizenship launched BTC Italia and The Bitcoin Dolce Visa, a Bitcoin-aligned pathway for obtaining Italy’s Investor Visa through a €250,000 startup investment.

The Milan-based venture operates as an “Innovative Startup” focused on Bitcoin Layer-2 yield generation and treasury management, giving applicants exposure to a Bitcoin-native business while staying within Italy’s regulatory framework.

The initiative comes as Italy posts strong economic performance, including record exports, a €46 billion trade surplus, stabilizing public debt, and a stock market that has doubled since 2020. With capital-market reforms on the horizon and competitive tax incentives, the country has become an increasingly attractive destination for foreign investors.

Under the program, applicants receive visa approval before committing funds. BTC Italia maintains its treasury in Bitcoin, uses non-custodial Layer-2 staking for operations, and offers redemption windows every 24 months.

This post Italy Launches Review of Crypto Safeguards Due to Rising Risks first appeared on Bitcoin Magazine and is written by Micah Zimmerman.

More and more enterprises are opting for cloud-native application protection platforms (CNAPPs) instead of complex and hard-to-manage cloud security point solutions. Find out where your organization is on its CNAPP maturity journey.

Learn to elevate your cloud security strategy & overcome complexity with Vision One™.

In the race to secure cloud infrastructure, intrusion prevention systems (IPS) remain one of the most critical yet complex at the cloud network layer of defense. For many organizations, deploying IPS in the cloud is a balancing act between agility and control.

It’s time to rethink your approach