Security Boulevard

Semantic Operations

The post Making Sense of Complex Operations With Semantic Data appeared first on Security Boulevard.

A self-harm prevention kit is becoming an essential part of school safety planning as student mental health challenges continue to rise across the United States. Schools are increasingly responsible for supporting the emotional well-being of their students and creating safe environments that reduce the risk of self-harming behavior, suicide attempts, or harmful coping patterns. The ...

The post Self-Harm Prevention Kit Guide for Schools: Identifying Risks and Protecting Students appeared first on ManagedMethods Cybersecurity, Safety & Compliance for K-12.

The post Self-Harm Prevention Kit Guide for Schools: Identifying Risks and Protecting Students appeared first on Security Boulevard.

Resiliency has been top of mind in 2025, and recent high-profile CVEs serve as holiday reminders that adversaries aren't slowing down. But what changed this year was how the federal community responded. Increasingly, exploitability drove the clock: when vulnerabilities surfaced as actively exploited, agencies leaned on a more operational posture where "Are we exposed?" and "How fast can we fix it?" mattered as much as "How severe is it?" In that environment, 2025 was defined by a single, powerful transition: the shift from planning modernization to executing it at scale. For years, agencies have discussed digital transformation, zero trust, and the promise of AI. This year, those themes moved from strategy decks into day-to-day delivery.

The post 2025 Federal Retrospective: The Year of Resilient Innovation appeared first on Security Boulevard.

What is SSL/TLS? SSL and TLS are protocols used on the transport layer, which is used to provide a secure connection between two nodes in a computer network. The first widely used protocol that was aimed to secure the Internet connections was SSL, which was created by Netscape in mid 1995. It uses both publicRead More

The post SSH vs SSL/TLS: Definitions & Differences of Communication Protocols appeared first on EncryptedFence by Certera - Web & Cyber Security Blog.

The post SSH vs SSL/TLS: Definitions & Differences of Communication Protocols appeared first on Security Boulevard.

The Biggest Cyber Stories of the Year: What 2025 Taught Us
madhav
Thu, 12/18/2025 - 10:30

2025 didn’t just test cybersecurity; it redefined it.

From supply chains and healthcare networks to manufacturing floors and data centers, the digital world was reminded of a simple truth: everything is connected, and everything is at risk.

Data Security Identity & Access Management Compliance Cloud Security Encryption Key Management Healthcare Regulation and compliance Security Intelligence

Thales | Security for What Matters Most
More About This Author >

2025 didn’t just test cybersecurity; it redefined it.

From supply chains and healthcare networks to manufacturing floors and data centers, the digital world was reminded of a simple truth: everything is connected, and everything is at risk.

The year’s biggest incidents weren’t just technical failures. They were human, systemic, and operational. They showed how cyber now touches every layer of modern life: our health, our homes, our industries, and the trust that binds them.

Here’s a look at the top five cyber stories that shaped 2025, and what they tell us about the future we need to build.

1. Healthcare’s Wake-Up Call

There were several high-profile healthcare breaches in 2025, some of them among the largest healthcare data exposures we’ve ever seen. Many millions of individuals were affected, including patients, providers, and insurers. Personal details, medical histories, and treatment data, were all swept up in breaches that often started with a third-party partner.

The scale has been breathtaking, as has the impact. Hospitals faced operational paralysis. Claims systems went dark. Patients waited weeks for reimbursements or prescriptions to clear.

It’s also not hard to see why healthcare continues to make headlines. Almost half of the data these entities store in the cloud is sensitive, yet the basics still lag behind. The Thales 2025 Data Threat Report: Healthcare and Life Sciences Edition revealed that over a quarter admit they don’t even know exactly where all their data lives, and only 4% have encrypted more than 80% of their sensitive information.

It’s this gap between awareness and action that makes this sector so vulnerable. Security controls need to match the sensitivity of the data, or every connection becomes a potential point of exposure. It’s not enough to protect your own walls if your partners’ gates are open. Healthcare’s growing dependence on third-party data processors has become its soft underbelly.

For security teams and their leaders, this is a time to reassess how we segment systems, encrypt data, and protect the multitude of identities that interact with every healthcare entity. Because when information flows across hundreds of connected platforms, security cannot be left in its wake; it has to move with the data, wherever it goes.

That’s where the CipherTrust Data Security Platform comes in, tokenizing, encrypting, and monitoring information across hybrid networks, ensuring that privacy and compliance follow the data wherever it flows.

2. The Data Sovereignty Reckoning

Europe made headlines this spring when regulators handed down one of the largest privacy fines to date, this time for cross-border data transfers that failed to meet adequacy standards.

This ruling wasn’t about one platform or one company, because while laws evolve, trust remains fragile. This became clear in the 2025 Thales Consumer Digital Trust Index: No sector earned a “high trust” score above 50%, not even banking or healthcare.

That says a lot. Regulation on its own doesn’t build trust; real security does. In fact, 64% of consumers say they would trust brands more if they used advanced privacy tech, and a staggering 86% now expect multi-factor authentication.

It all comes down to controlling your and your customers’ data. It’s about data sovereignty.

People want data stored locally, protected by familiar laws, and secured with intelligent authentication that works quietly in the background. For businesses, trust won’t come from promises, but from proof through encryption, strong key management, and privacy-first design.

That’s why we have seen a growing interest in sovereign cloud solutions and tools like Thales Key Management - technologies that let organizations host and encrypt data locally while maintaining full operational flexibility.

The lesson is that regulatory landscapes will continue to evolve. Your controls must evolve faster.

3. Manufacturing and Retail: The New Front Lines

Spring and summer brought a double whammy to the UK economy. First, a wave of retail attacks, then a massive incident in manufacturing that saw production grind to a halt for weeks.

Factories stood still. Shops lost trading days. Suppliers faced cascading delays. The ripple effects stretched across Europe.

For years, manufacturing and retail were seen as less obvious targets, until they weren’t.

Earlier this year, several household names were hit by coordinated cyberattacks that impaired e-commerce sites, froze payment systems, and left customers unable to shop online or in-store. Over just 10 days, three of the UK’s biggest retail brands experienced outages that had a huge impact on their critical services, including digital checkouts and loyalty platforms.

Operational technology (OT) networks, which were once isolated from the internet, are now digitally intertwined with IT systems, cloud services, and customer platforms. Attackers know this. They’ve shifted focus from stealing data to stopping operations.

The result was that every connected conveyor belt, every smart logistics chain, every digital POS terminal became a potential entry point.

The industry response has been a new wave of OT-IT convergence security: integrating endpoint protection, real-time monitoring, and identity controls. Fundamentally, building resilience is achieved through tools like SafeNet Trusted Access, with a zero-trust architecture that verifies everything, segments everything, and assumes nothing is inherently safe.

4. Supply Chain Shock

Around the middle of 2025, a critical zero-day vulnerability in a widely used collaboration platform exposed tens of thousands of servers in both the private and public sectors globally. The exploit allowed cyber criminals to impersonate trusted users, move laterally across networks, and access sensitive repositories before patches were available.

It was the kind of digital domino effect that keeps CISOs awake at night. This wasn’t just a story about patching; it was about preparedness.

Organizations that practiced strong vulnerability management, application isolation, zero trust, and rapid incident response weathered the storm. Those without such playbooks faced weeks of uncertainty.

The broader takeaway is that in a hyperconnected economy, supply chain risk is a daily reality. Security today means protecting not just your environment, but every application, touchpoint, and partner your business depends on.

Supply chains are only as strong as the identities that connect them, and that’s where Thales IAM solutions are proving highly effective.

5. The Luxury of Data

In September, several high-profile luxury retailers disclosed breaches affecting millions of customers worldwide. The attackers didn’t target products or profits; they went after trust. Names, emails, contact numbers, and purchase histories. For affluent consumers, that information is identity itself.

Brand prestige, once built on exclusivity, now depends equally on data integrity.

These incidents shone a light on how consumer-facing industries remain among the most targeted. Because where data meets desire, attackers see value.

Encryption, both at rest and in use, combined with strong identity and access management, can make the difference between a contained event and a crisis that erodes reputation overnight.

For retail and luxury brands, the takeaway was sobering but actionable: protect customer data as fiercely as you protect your brand.

A Year of Lessons, Not Just Losses

Despite the number of high-profile breaches that plagued companies in 2025, the year was not one of defeat, but of definition. Every attack, every disruption, every hefty regulatory fine pointed toward a shared truth: resilience has become the new metric of success.

Cybersecurity is no longer just about defending against attacks, but about ensuring continuity, compliance, and confidence in a world that never stands still.

Entities that invested in encryption, key management, identity verification, and zero-trust principles minimized their losses, and they built trust in the process.

This is important because the ultimate goal isn’t just to be secure, it’s to be trusted.

Building a Future We Can All Trust

From healthcare and retail to manufacturing and government, the story of 2025 has been one of transformation through challenge.

As digital ecosystems expand and threats evolve, the path forward is clear: Encrypt what matters. Control who accesses it. Monitor every connection.

Above all, design security not as a barrier, but as an enabler of progress. At Thales, we call that building a future we can all trust.

Schema {
"@context": "https://schema.org",
"@type": "BlogPosting",
"headline": "The Biggest Cyber Stories of the Year: What 2025 Taught Us",
"description": "From healthcare breaches to supply chain vulnerabilities, this year’s cyber incidents taught us that resilience is the new benchmark for trust. Here’s what 2025 revealed about the future of cybersecurity.",
"image": "https://cpl.thalesgroup.com/sites/default/files/content/footer/thaleslogo-white.png",
"author": {
"@type": "Organization",
"name": "Thales Group",
"url": "https://cpl.thalesgroup.com"
},
"publisher": {
"@type": "Organization",
"name": "Thales Group",
"description": "The world relies on Thales to protect and secure access to your most sensitive data and software wherever it is created, shared, or stored. Whether building an encryption strategy, licensing software, providing trusted access to the cloud, or meeting compliance mandates, you can rely on Thales to secure your digital transformation.",
"url": "https://cpl.thalesgroup.com",
"logo": {
"@type": "ImageObject",
"url": "https://cpl.thalesgroup.com/sites/default/files/content/footer/thaleslogo-white.png"
},
"sameAs": [
"https://www.x.com/ThalesCyberSec",
"https://www.linkedin.com/company/thalescloudsec",
"https://www.youtube.com/ThalesCloudSec"
]
},
"mainEntityOfPage": {
"@type": "WebPage",
"@id": "https://cpl.thalesgroup.com/blog/cybersecurity/biggest-cyber-stories-2025"
},
"datePublished": "2025-12-18",
"dateModified": "2025-12-18"
} studio THALES BLOG The Biggest Cyber Stories of the Year: What 2025 Taught Us

December 18, 2025

The post The Biggest Cyber Stories of the Year: What 2025 Taught Us appeared first on Security Boulevard.

CISOs are often blamed after ransomware attacks, yet most breaches stem from organizational gaps, budget tradeoffs, and staffing shortages. This analysis explores why known risks remain unfixed and how security leaders can break the cycle.

The post How CISOs Can Beat the Ransomware Blame Game  appeared first on Security Boulevard.

Ransomware has become a systemic risk to healthcare, where downtime equals patient harm. From Change Healthcare to Ascension, this analysis explains why hospitals are targeted, what HIPAA really requires, and how resilience—not checklists—must drive security strategy.

The post Hospital Ransomware Really is The Pitt appeared first on Security Boulevard.

Introduction Safety protocols in the virtual domain are perhaps more important than ever in the current world. There can be no denying that PKI management is one of the most crucial aspects of protecting our increasingly digital world. It is the element of most, if not all, secure transfers such as emails and monetary transactions.Read More

The post Impact of Poor PKI Management: Real-World Consequences and Solutions appeared first on EncryptedFence by Certera - Web & Cyber Security Blog.

The post Impact of Poor PKI Management: Real-World Consequences and Solutions appeared first on Security Boulevard.

2026 marks a critical turning point for cybersecurity leaders as AI-driven threats, data sovereignty mandates, and hybrid infrastructure risks reshape the CISO agenda. Discover the strategic priorities that will define tomorrow’s security posture.

The post 2026 Cyber Predictions: Accelerating AI, Data Sovereignty, and Architecture Rationalization  appeared first on Security Boulevard.

Introduction Security has become a primary focus in today’s world, which is dominated by computers and technology. Businesses are always on a quest to find better ways how secure their information and messages. Another important component in the field of ‘cyber security’ is the understanding and management of certification. These are generally in the formRead More

The post Private Certificate Authority 101: From Setup to Management appeared first on EncryptedFence by Certera - Web & Cyber Security Blog.

The post Private Certificate Authority 101: From Setup to Management appeared first on Security Boulevard.

As 2025 comes to a close, artificial intelligence (AI) is a clear throughline across enterprise organizations. Many teams are still in the thick of implementing AI or deciding where and how to use it. Keeping up with usage trends and developments on top of that has become increasingly difficult. AI innovation moves fast and LLMs permeate core workflows across research, communication, development, finance, and operations. Security teams are left chasing risks that shift as quickly as the technology.Zscaler ThreatLabz publishes annual research to help enterprises make sense of the fast-evolving AI foundation model landscape. The upcoming ThreatLabz 2026 AI Security Report will provide visibility into organizational AI usage, from the most-used LLMs and applications to regional and industry-specific patterns and risk mitigation strategies. What follows is a sneak peek into some of this year’s preliminary findings through November 2025. The full 2026 AI Security Report, including December 2025 data and deeper analysis, will be available next month. The data and categories shared in this preview reflect the current state of our research findings and are subject to be updated, added to, excluded, or recategorized in the final report.OpenAI dominates enterprise AI traffic in 2025Figure 1. Top LLM vendors by AI/ML transactions (January 2025–November 2025) OpenAI has held the top position among LLM vendors by an overwhelming margin to date in 2025, accounting for 113.6 billion AI/ML transactions, more than three times the transaction volume of its nearest competitor. GPT-5’s August release set a new performance bar across coding assistance, multimodal reasoning, and other capabilities that integrate into business functions. Just as importantly, OpenAI’s expanded Enterprise API portfolio (including stricter privacy controls and model-isolation options) has solidified OpenAI and GPT-powered capabilities as the “default engine” behind countless enterprise AI workflows. Everything from internal copilots to automated research agents now lean heavily on OpenAI’s stack, keeping it far ahead of the rest of the field.OpenAI’s dominance carries important implications for enterprise leaders, which will be explored in greater detail in the upcoming report:How vendor concentration impacts risk: The heavy reliance on OpenAI underscores growing vendor dependency within many organizations; transaction flow data shows that businesses may be relying on OpenAI even more than they realize.Hidden AI uses across workflows: Transaction categories reveal that LLM interaction is no longer limited to visible tools like ChatGPT. AI underpins everything from automated meeting summaries in productivity suites to behind-the-scenes copilots in common SaaS platforms.Codeium (Windsurf as of April 2025) emerged as the second-largest source of enterprise LLM traffic in 2025, with strong adoption of its proprietary coding-focused models. As enterprises increased their use of AI in software development, Codeium’s models are a go-to option for engineering teams, especially in secure development environments.Perplexity rose to the #3 position. Not only an AI-powered search assistant, Perplexity is also an LLM provider offering proprietary large language models that power its answer engine.Anthropic and Google currently round out the top five LLM vendors by transaction volume. Despite generating only a fraction of OpenAI’s activity, both LLMs played meaningful and differentiated roles in the 2025 enterprise AI landscape. Anthropic saw expanding adoption of its Claude 3 and 3.5 models over the past year, along with a July launch of Claude for Financial Services that further strengthened its position in compliance-heavy environments. Google also accelerated enterprise adoption through major enhancements to Gemini, including improved multimodal capabilities and security and access controls tailored for corporate deployments. It will be interesting to see how the adoption changes as we head into 2026.Engineering leads AI usage among core enterprise departmentsThreatLabz also mapped AI/ML traffic to a select set of common enterprise departments. Only applications with at least one million transactions and primarily associated with a specific department were included in the following analysis, and percentages reflect usage relative to these departments only, not total enterprise traffic.Distribution of AI usage across these core departments offers a directional view into enterprise AI adoption:Suggesting where AI has become operational, not just experimental.Indicating which business functions generate the highest volume of unique AI activity, signaling deeper integration into day-to-day operations.Highlighting potential areas of risk, as sensitive functions in R&D, engineering, legal, and finance increasingly depend on AI applications and LLM-driven workflows.Within this scoped view, Engineering accounts for 47.6% of transactions to date, making it the largest driver of enterprise AI activity among the departments analyzed by ThreatLabz. IT follows at 33.1%. Usage among these teams adds up quickly; everyday tasks like coding, testing, configuration, and system analysis lend themselves to repeated AI interactions. Engineering teams in particular integrate AI into daily build cycles, where even small efficiency gains compound quickly across releases. Marketing ranks third in AI usage among core enterprise departments, with Customer Support, HR, Legal, Sales, and Finance collectively accounting for the remaining share. Regardless of the variance, AI now clearly spans the entire enterprise, driving new efficiencies in workflows and productivity—even as it introduces new security requirements. High-volume applications demand the highest security attention2025 has been another year marked by the push-and-pull between rapid AI adoption and the need for more deliberate oversight. Accordingly, the rise in AI transactions has not translated neatly into unrestricted use. In many case, the applications responsible for the growth in LLM activity are also the ones triggering the most blocks by enterprises.This trend has played out across many categories of applications, including popular general AI tools like Grammarly and more specialized function-specific tools like GitHub Copilot. These are just two examples of applications appearing at the top of both transaction volume and block lists. Their proximity to sensitive content (whether business communications or proprietary source code) make them natural flashpoints for security controls.The upcoming ThreatLabz 2026 AI Security Report will feature further analysis on blocking trends.AI threats and vulnerabilities evolve alongside enterprise adoptionAs enterprises expand their use of GenAI applications and security teams block more AI traffic, the threat landscape is moving just as quickly. ThreatLabz continues to analyze how AI-driven threats are scaling alongside enterprise adoption. In addition to amplifying familiar techniques like social engineering and malvertising, attackers are beginning to operationalize agentic AI and autonomous attack workflows and exploit weaknesses in the AI model supply chain itself. The upcoming report will cover AI threats and risks in more detail, along with actionable guidance for enterprise leaders on how to effectively secure usage and stop AI-powered threats.Coming soon: ThreatLabz 2026 AI Security Report The findings shared here are just the start. The full ThreatLabz 2026 AI Security Report will be released in late January and offer comprehensive analysis of the enterprise AI landscape, including: AI data transfer trendsDLP violations and sensitive data exposureIndustry and regional adoption patternsBest practices for securing AIAI is now a fundamental aspect of how almost every business operates. ThreatLabz remains committed to helping enterprises innovate securely and stay ahead of emerging risks. Join us next month for the full report release and get the insights needed to secure your AI-driven future. 

The post What’s Powering Enterprise AI in 2025: ThreatLabz Report Sneak Peek appeared first on Security Boulevard.

Dec 17, 2025 - Lina Romero - The OWASP Top 10 for LLMs was released this year to help security teams understand and mitigate the rising risks to LLMs. In previous blogs, we’ve explored risks 1-9, and today we’ll finally be deep diving LLM10: Unbounded Consumption. Unbounded Consumption occurs when LLMs allow users to conduct excessive prompt submissions, or submission of overly complex, large or verbose prompts, leading to resource depletion, potential Denial of Service (DoS) attacks, and more. An inference is the process that an AI model uses to generate an output based on its training. When a user feeds an LLM a prompt, the LLM generates inferences in response. Follow-up questions trigger more inferences, because each additional interaction builds upon all the inferences, and potentially also previously submitted prompts, required for the previous interactions. Rate limiting controls the amount of requests an LLM can receive. When an LLM does not have the adequate rate limiting, it can effectively become overwhelmed with inferences and either begin to malfunction, or reach a cap on utilization and stop responding. A part of the LLM application could become unavailable. In AI security, we often refer to the “CIA,” which stands for Confidentiality, Integrity and Availability. Unbounded Consumption can cause an LLM to fail at the “Availability” part of this equation, which in turn can affect the LLM’s Confidentiality and Integrity. Another way in which Unbounded Consumption can negatively impact an LLM is through Denial of Wallet (DOW). Effectively, attackers will hit the LLM with request upon request, which can run up the bill if rate limiting is not in place. Eventually, these attacks can cause the LLM to reject requests due to the high volume of abnormal activity, which will stop it from working entirely.
Mitigation Methods
Some ways to reduce the risk of Unbounded Consumption include: Input Validation- ensure that inputs do not exceed reasonable size limits
Rate Limiting- apply user quotas and limits to restrict requests per user
Limit Exposure of Logits and Logprobs- obfuscate the exposure of API responses, provide only necessary information to users
Resource Allocation Management- monitor resource utilization to prevent any single user from exceeding a reasonable limit
Timeouts and Throttling- set time limits and throttle processing for resource intense operations to prevent prolonged resource consumption
Sandbox Techniques- restrict the LLMs access to network resources to limit what information it can expose
Monitoring and Logging- get alerts and continually monitor usage for unusual patterns Unbounded Consumption poses a critical risk to LLMs as it can cause DoS or DoW, however, with proper security measures and training, teams can minimize the risk of Unbounded Consumption in their AI applications. For more information on the rest of the OWASP Top 10 for LLMs, head over to the LLM series on our blog page. And for general information on how to take charge of your own AI security posture, schedule a demo today!

The post LLM10: Unbounded Consumption – FireTail Blog appeared first on Security Boulevard.

Explore homomorphic encryption for privacy-preserving analytics in Model Context Protocol (MCP) deployments, addressing post-quantum security challenges. Learn how to secure your AI infrastructure with Gopher Security.

The post Homomorphic Encryption for Privacy-Preserving MCP Analytics in a Post-Quantum World appeared first on Security Boulevard.

And why most of the arguments do not hold up under scrutiny Over the past 18 to 24 months, venture capital has flowed into a fresh wave of SIEM challengers including Vega (which raised $65M in seed and Series A at a ~$400M valuation), Perpetual Systems, RunReveal, Iceguard, Sekoia, Cybersift, Ziggiz, and Abstract Security, all […]

The post Why Venture Capital Is Betting Against Traditional SIEMs first appeared on Future of Tech and Security: Strategy & Innovation with Raffy.

The post Why Venture Capital Is Betting Against Traditional SIEMs appeared first on Security Boulevard.

A zero-day vulnerability in SonicWall’s Secure Mobile Access (SMA) 1000 was reportedly exploited in the wild in a chained attack with CVE-2025-23006.

Key takeaways:

1. CVE-2025-40602 is a local privilege escalation vulnerability in the appliance management console (AMC) of the SonicWall SMA 1000 appliance.
    
2. CVE-2025-40602 has been exploited in a chained attack with CVE-2025-23006, a deserialization of untrusted data vulnerability patched in January.
    
3. A list of Tenable plugins for this vulnerability can be found on the individual CVE pages for CVE-2025-40602 and CVE-2025-23006.

Background

On December 17, SonicWall published a security advisory (SNWLID-2025-0019) for a newly disclosed vulnerability in its Secure Mobile Access (SMA) 1000 product, a remote access solution.

CVE Description CVSSv3 CVE-2025-40602 SonicWall SMA 1000 Privilege Escalation Vulnerability 6.6 Analysis

CVE-2025-40602 is a local privilege escalation vulnerability in the appliance management console (AMC) of the SonicWall SMA 1000 appliance. An authenticated, remote attacker could exploit this vulnerability to escalate privileges on an affected device. While on its own, this flaw would require authentication in order to exploit, the advisory from SonicWall states that CVE-2025-40602 has been exploited in a chained attack with CVE-2025-23006, a deserialization of untrusted data vulnerability patched in January. The combination of these two vulnerabilities would allow an unauthenticated attacker to execute arbitrary code with root privileges.

According to SonicWall, “SonicWall Firewall products are not affected by this vulnerability.”

Historical exploitation of SonicWall vulnerabilities

SonicWall products have been a frequent target for attackers over the years. Specifically, the SMA product line has been targeted in the past by ransomware groups, as well as being featured in the Top Routinely Exploited Vulnerabilities list co-authored by multiple United States and International Agencies.

Earlier this year, an increase in ransomware activity tied to SonicWall Gen 7 Firewalls was observed. While initially it was believed that a new zero-day may have been the root cause, SonicWall later provided a statement noting that exploitation activity was in relation to CVE-2024-40766, an improper access control vulnerability which had been observed to have been exploited in the wild. More information on this can be found on our blog.

Given the past exploitation of SonicWall devices, we put together the following list of known SMA vulnerabilities that have been exploited in the wild:

CVE Description Tenable Blog Links Year CVE-2019-7481 SonicWall SMA100 SQL Injection Vulnerability 1 2019 CVE-2019-7483 SonicWall SMA100 Directory Traversal Vulnerability - 2019 CVE-2021-20016 SonicWall SSLVPN SMA100 SQL Injection Vulnerability 1, 2, 3, 4, 5 2021 CVE-2021-20038 SonicWall SMA100 Stack-based Buffer Overflow Vulnerability 1, 2, 3 2021 CVE-2025-23006 SonicWall SMA 1000 Deserialization of Untrusted Data Vulnerability 1 2025 CVE-2024-40766 SonicWall SonicOS Improper Access Control Vulnerability 1 2025 Proof of concept

At the time this blog was published, no proof-of-concept (PoC) code had been published for CVE-2025-40602. If and when a public PoC exploit becomes available for CVE-2025-40602, we anticipate a variety of attackers will attempt to leverage this flaw as part of their attacks.

Solution

SonicWall has released patches to address this vulnerability as outlined in the table below:

Affected Version Fixed Version 12.4.3-03093 and earlier 12.4.3-03245 12.5.0-02002 and earlier 12.5.0-02283

The advisory also provides a workaround to reduce potential impact. This involves restricting access to the AMC to trusted sources. We recommend reviewing the advisory for the most up to date information on patches and workaround steps.

Identifying affected systems

A list of Tenable plugins for this vulnerability can be found on the individual CVE page for CVE-2025-40602 as they’re released. This link will display all available plugins for this vulnerability, including upcoming plugins in our Plugins Pipeline. In addition, product coverage for CVE-2025-23006 can be found here.

Tenable Attack Surface Management customers are able to identify these assets using a filtered search for SonicWall devices:

  Get more information

• SonicWall SNWLID-2025-0019 Security Advisory
• Tenable Blog: CVE-2025-23006: SonicWall Secure Mobile Access (SMA) 1000 Zero-Day Reportedly Exploited

Join Tenable's Research Special Operations (RSO) Team on Tenable Connect and engage with us in the Threat Roundtable group for further discussions on the latest cyber threats.

Learn more about Tenable One, the Exposure Management Platform for the modern attack surface.

The post CVE-2025-40602: SonicWall Secure Mobile Access (SMA) 1000 Zero-Day Exploited appeared first on Security Boulevard.

Session 6B: Confidential Computing 1

Authors, Creators & Presenters: Caihua Li (Yale University), Seung-seob Lee (Yale University), Lin Zhong (Yale University)

PAPER
Blindfold: Confidential Memory Management by Untrusted Operating System

Confidential Computing (CC) has received increasing attention in recent years as a mechanism to protect user data from untrusted operating systems (OSes). Existing CC solutions hide confidential memory from the OS and/or encrypt it to achieve confidentiality. In doing so, they render OS memory optimization unusable or complicate the trusted computing base (TCB) required for optimization. This paper presents our results toward overcoming these limitations, synthesized in a CC design named Blindfold. Like many other CC solutions, Blindfold relies on a small trusted software component running at a higher privilege level than the kernel, called Guardian. It features three techniques that can enhance existing CC solutions. First, instead of nesting page tables, Blindfold's Guardian mediates how the OS accesses memory and handles exceptions by switching page and interrupt tables. Second, Blindfold employs a lightweight capability system to regulate the OS's semantic access to user memory, unifying case-by-case approaches in previous work. Finally, Blindfold provides carefully designed secure ABI for confidential memory management without encryption. We report an implementation of Blindfold that works on ARMv8-A/Linux. Using Blindfold's prototype, we are able to evaluate the cost of enabling confidential memory management by the untrusted Linux kernel. We show Blindfold has a smaller runtime TCB than related systems and enjoys competitive performance. More importantly, we show that the Linux kernel, including all of its memory optimizations except memory compression, can function properly for confidential memory. This requires only about 400 lines of kernel modifications.

ABOUT NDSS
The Network and Distributed System Security Symposium (NDSS) fosters information exchange among researchers and practitioners of network and distributed system security. The target audience includes those interested in practical aspects of network and distributed system security, with a focus on actual system design and implementation. A major goal is to encourage and enable the Internet community to apply, deploy, and advance the state of available security technologies.

Our thanks to the Network and Distributed System Security (NDSS) Symposium for publishing their Creators, Authors and Presenter’s superb NDSS Symposium 2025 Conference content on the Organizations' YouTube Channel.

Permalink

The post NDSS 2025 – Blindfold: Confidential Memory Management By Untrusted Operating System appeared first on Security Boulevard.

Discover how homomorphic encryption (HE) enhances privacy-preserving model context sharing in AI, ensuring secure data handling and compliance for MCP deployments.

The post Homomorphic Encryption for Privacy-Preserving Model Context Sharing appeared first on Security Boulevard.

Explore the differences between LDAP and Single Sign-On (SSO) for user authentication. Understand their use cases, benefits, and how they fit into your enterprise security strategy.

The post What is the Difference Between LDAP and Single Sign-On? appeared first on Security Boulevard.

Learn how to configure users without OTP login in your applications. This guide covers conditional authentication, account settings, and fallback mechanisms for seamless access.

The post Configuring Users Without OTP Login: A Guide appeared first on Security Boulevard.

FOR IMMEDIATE RELEASE Richmond, VA — December 11, 2025 — Assura is proud to announce that it has been named to the MSSP Alert and CyberRisk Alliance partnership’s prestigious Top 250 MSSPs list for 2025, securing the #94 position among the world’s leading Managed Security Service Providers. “Making The Top 100 is an incredible milestone and testament to the… Continue reading Assura Named to MSSP Alert and Cyber Alliance’s 2025 “Top 250 MSSPs,” Ranking at Number 94

The post Assura Named to MSSP Alert and Cyber Alliance’s 2025 “Top 250 MSSPs,” Ranking at Number 94 appeared first on Security Boulevard.