Security Boulevard

via the comic artistry and dry wit of Randall Munroe, creator of XKCD

Permalink

The post Randall Munroe’s XKCD ‘’Continents” appeared first on Security Boulevard.

Unlock new revenue streams from AI agents. Learn how DataDome + Skyfire’s KYA+Pay model turns verified agent traffic into secure, monetized interactions.

The post Beyond Pay-Per-Crawl: How to Turn AI Agent Traffic Into Revenue appeared first on Security Boulevard.

-----------

SESSION
Session 3C: Mobile Security

-----------

-----------

Authors, Creators & Presenters: Yizhe Shi (Fudan University), Zhemin Yang (Fudan University), Kangwei Zhong (Fudan University), Guangliang Yang (Fudan University), Yifan Yang (Fudan University), Xiaohan Zhang (Fudan University), Min Yang (Fudan University)

PAPER
The Skeleton Keys: A Large Scale Analysis of Credential Leakage in Mini-apps
In recent years, the app-in-app paradigm, involving super-app and mini-app, has been becoming increasingly popular in the mobile ecosystem. Super-app platforms offer mini-app servers access to a suite of powerful and sensitive services, including payment processing and mini-app analytics. This access empowers mini-app servers to enhance their offerings with robust and practical functionalities and better serve their mini-apps. To safeguard these essential services, a credential-based authentication system has been implemented, facilitating secure access between super-app platforms and mini-app servers. However, the design and workflow of the crucial credential mechanism still remain unclear. More importantly, its security has not been comprehensively understood or explored to date. In this paper, we conduct the first systematic study of the credential system in the app-in-app paradigm and draw the security landscape of credential leakage risks. Consequently, our study shows that 21 popular super-app platforms delegate sensitive services to mini-app servers with seven types of credentials. Unfortunately, these credentials may suffer from leakage threats caused by malicious mini-app users, posing serious security threats to both super-app platforms and mini-app servers. Then, we design and implement a novel credential security verification tool, called KeyMagnet, that can effectively assess the security implications of credential leakage. To tackle unstructured and dynamically retrieved credentials in the app-in-app paradigm, KeyMagnet extracts and understands the semantics of credential-use in mini-apps and verifies their security. Last, by applying KeyMagnet on 413,775 real-world mini-apps of 6 super-app platforms, 84,491 credential leaks are detected, spanning over 54,728 mini-apps. We confirm credential leakage can cause serious security hazards, such as hijacking the accounts of all mini-app users and stealing users' sensitive data. In response, we have engaged in responsible vulnerability disclosure with the corresponding developers and are actively helping them resolve these issues. At the time of writing, 89 reported issues have been assigned with CVE IDs.

-----------

ABOUT NDSS
The Network and Distributed System Security Symposium (NDSS) fosters information exchange among researchers and practitioners of network and distributed system security. The target audience includes those interested in practical aspects of network and distributed system security, with a focus on actual system design and implementation. A major goal is to encourage and enable the Internet community to apply, deploy, and advance the state of available security technologies.

-----------

Our thanks to the **[Network and Distributed System Security (NDSS) Symposium][1]** for publishing their Creators, Authors and Presenter’s superb **[NDSS Symposium 2025 Conference][2]** content on the **[organization’s’][1]** **[YouTube][3]** channel.

The post NDSS 2025 – The Skeleton Keys: A Large Scale Analysis Of Credential Leakage In Mini-Apps appeared first on Security Boulevard.

Tel Aviv, Israel, 19th November 2025, CyberNewsWire

The post Seraphic Becomes the First and Only Secure Enterprise Browser Solution to Protect Electron-Based Applications appeared first on Security Boulevard.

“The attackers are not waiting for you to make the decision. Attackers will continue to attack. And just because you are not able to see it doesn’t mean the attack has not happened.” That’s the reality ColorTokens CEO and co-founder Rajesh Khazanchi lays out in this conversation with Karissa A. Breen, founder of KBI Media and host of KBKast: The Voice of Cyber. Rajesh breaks […]

The post How Microsegmentation Powers Breach Readiness and Cyber Resilience appeared first on ColorTokens.

The post How Microsegmentation Powers Breach Readiness and Cyber Resilience appeared first on Security Boulevard.

Palo Alto, California, 19th November 2025, CyberNewsWire

The post Obscure MCP API in Comet Browser Breaches User Trust, Enabling Full Device Control via AI Browsers appeared first on Security Boulevard.

See how AppOmni AgentGuard defends ServiceNow AI agents from prompt injection and access risks, building trust and compliance across platforms.

The post AppOmni Expands AI Security with Agentic AI Security for ServiceNow appeared first on AppOmni.

The post AppOmni Expands AI Security with Agentic AI Security for ServiceNow appeared first on Security Boulevard.

Tenable Research reveals an Active Directory anomaly: intra-forest trusts created under Windows 2000 lack a key identifying flag, even after domain and forest upgrades. Learn how to find this legacy behavior persisting to this day, and use crossRef objects to correctly distinguish these trust types.

Key takeaways:

1. If your organization has an Active Directory environment that originated in the Windows 2000 era, you may have misidentified trusts in your system.
    
2. Active Directory's security-analysis tools rely on an attribute called trustAttributes to determine if a trust is internal to the forest (intra-forest) or external. For trusts created on Windows 2000, the specific flag that identifies them as "within-forest" (the TRUST_ATTRIBUTE_WITHIN_FOREST flag) was never set.
    
3. The Tenable Research team confirmed through lab testing that upgrading both the domain and forest functional levels from Windows 2000 all the way up to Windows 2016 did not retroactively apply the missing "within-forest" flag to the old intra-forest Parent-Child trusts. The solution? CrossRef to the rescue.

We don’t always get to go time traveling in our work here at Tenable Research. But a recent investigation into Active Directory trusts sent us on a trip in the wayback machine to the era of Windows 2000. We discovered that on very old Active Directory trusts created on Windows 2000, intra-forest trusts do not have the TRUST_ATTRIBUTE_WITHIN_FOREST flag enabled. The flag, which was introduced in Windows 2003, was not retroactively applied to existing trusts at the time. Even when the domain is upgraded to more modern versions (like 2016), this old trust attribute never updates automatically. This makes an internal Parent-Child trust look exactly the same as a potentially insecure external trust (one lacking the security setting known as SID Filtering/Quarantine), because both can show an empty or zero value for the trustAttributes.

A bit of Active Directory history

Active Directory trusts are represented by Trusted Domain Objects (TDOs) stored as objects of class trustedDomain. The description of their trustAttributes in the official [MS-ADTS] Active Directory technical specification defines the TRUST_ATTRIBUTE_WITHIN_FOREST value simply as:

If this bit is set, then the trusted domain is within the same forest.

Only evaluated on Windows Server 2003 and later.

One could easily ignore the mention of Windows Server 2003, considering how old it is, and assume it wouldn’t cause a problem nowadays. But, given what we observed in some AD domains, it also means that trusts created with Windows 2000 didn’t have this flag. And we can only assume that it was never retroactively applied (unless the trust was re-created of course), which is an issue.

Unfortunately we didn’t find any official documentation to confirm that theory.

We only found an old personal blog where the author wondered about the same issue, while noting that it concerned a migrated NT4 domain. A more recent blog post mentions a very similar situation, with some tricks to fix it; it isn’t official Microsoft guidance, however, and should be taken with extreme caution.

Finally, we spoke with several seasoned AD experts who confirmed that they have encountered similar situations.

Reproducing the issue

To confirm our hypothesis, we set about reproducing the issue in our lab by creating an Active Directory forest called prehistoric.lan, which comprised two AD domains connected via an intra-forest Parent-Child trust relationship:

• prehistoric.lan (PREHISTORIC short name): the parent
• child.prehistoric.lan (CHILD short name): the child

The setup began with one Windows 2000 domain controller in each domain. Therefore, the forest (FFL) and domain functional levels (DFL) were 2000.

Immediately we observed what we expected: the trustAttributes were equal to 0 in the TDO, in the parent domain, representing the trust with the child domain:

Attributes of the TDO with the child domain (Windows 2000 DFL) as seen from the parent domain (Windows 2000 DFL). Source: Tenable, November 2025

Out of curiosity, we also looked in the opposite direction to see if the TDO in the child domain represented the trust with its parent:

Attributes of the TDO with the parent domain (Windows 2000 DFL) as seen from the child domain (Windows 2000 DFL). Source: Tenable, November 2025

The trustAttributes wasn’t 0, but 4194304 = 0x400000 (TRUST_ATTRIBUTE_TREE_PARENT) which is documented as “Previously used trust bits, and are obsolete.” This one was not a concern for us.

Then we upgraded the parent prehistoric.lan domain to the 2003 domain functional level by adding a 2003 domain controller, then removing the initial 2000 domain controller. Remember, this is the version when the new TRUST_ATTRIBUTE_WITHIN_FOREST flag was introduced. However, as we hypothesized, the TDO in the parent domain kept its trustAttributes=0:

Attributes of the TDO with the child domain (Windows 2000 DFL) as seen from the parent domain (upgraded Windows 2003 DFL). Source: Tenable, November 2025

We thought perhaps it was a matter of forest functional level, so we also upgraded the child domain to domain functional level 2003 with the same steps, then upgraded the forest functional level to 2003. Same observation for the TDO in the parent domain, which is still set to trustAttributes=0:

Attributes of the TDO with the child domain (upgraded to Windows 2003 DFL) as seen from the parent domain (Windows 2003 DFL & FFL). Source: Tenable, November 2025

For an even higher level of confidence, we then upgraded the parent prehistoric.lan to the 2016 domain functional level and the observation remained the same:

Attributes of the TDO with the child domain (Windows 2003 DFL) as seen from the parent domain (upgraded to Windows 2016 DFL). Source: Tenable, November 2025

And finally, as you may have guessed, we also upgraded the child domain to domain functional level 2016, then upgraded the forest functional level to 2016, too. And the trust remained stuck with trustAttributes=0 like it did at the very beginning in the Windows 2000 era:

Attributes of the TDO with the child domain (Windows 2016 DFL) as seen from the parent domain (upgraded to Windows 2016 DFL & FFL). Source: Tenable, November 2025

We didn’t upgrade further. We were very confident that our hypothesis was confirmed: an intra-forest trust, created under Windows 2000, will never automatically obtain the TRUST_ATTRIBUTE_WITHIN_FOREST flag even when the domain and forest are later upgraded.

Here comes the confusion

We have confirmation that we can be missing the TRUST_ATTRIBUTE_WITHIN_FOREST flag even for intra-forest trusts, but is that really an issue? Can’t we simply ignore it? After all, we have the other TRUST_ATTRIBUTE_FOREST_TRANSITIVE flag set for cross-forest trusts. We should be good, right?

Unfortunately, the answers are “no.” The reason? External trusts, which are another kind of inter-forest trusts. They don’t have any dedicated flag in “trustAttributes”, so they can be found with trustAttributes=0 or, more commonly, with trustAttributes=4 when the TRUST_ATTRIBUTE_QUARANTINED_DOMAIN flag is correctly enabled.

Here’s an example, taken from a different lab, of an external trust between two forests, first with trustAttributes=4 when quarantined, then with trustAttributes=0 after disabling the quarantine:

Source: Tenable, November 2025

Here lies our problem: trustAttributes=0 can mean either:

• intra-forest trust which is too old to have the TRUST_ATTRIBUTE_WITHIN_FOREST flag set; or
• external trust without quarantine

Surprisingly, we also noticed that the classic “Active Directory Domains and Trusts” admin tool is not affected by this confusion, as it’s able to show the correct trust type (Parent-Child in our case) for these trusts despite the ! We suppose that there is a mechanism, somewhere, to fix the interpretation of these trusts, or that it relies on other indicator(s). Unfortunately, we didn’t find the definitive location where this magic happens. We confirmed the observation in the first lab we used, see how the “Active Directory Domains and Trusts” admin tool correctly shows the trust type as “Child” despite trustAttributes=0:

Source: Tenable, November 2025

We wondered if perhaps we could find the answer in the official AD PowerShell module, which relies on Active Directory Web Services (ADWS), and which is easier to reverse-engineer. Unfortunately, the Get-ADTrust cmdlet doesn’t have the same magic. It interprets directly trustAttributes, and so incorrectly considers that this Parent-Child trust is not intra-forest!

Source: Tenable, November 2025

Therefore, we had to find an alternative way to interpret these Trusted Domain Objects where trustAttributes=0. We thought about finding hints in their other attributes but there was nothing characteristic so we had to find a different source of information.

CrossRef to the rescue

At this moment we remembered about the crossRef technical objects, also stored in AD. They are used to store different naming context types, but those relevant for us are the domain crossRef objects. Each Active Directory domain has a corresponding crossRef object, but only for those that are in the forest (e.g. a crossRef is not created when there’s a forest trust), so we have our solution.

When there’s a trust object with trustAttributes=0, search for a corresponding crossRef object where trustedDomain.trustPartner == crossRef.dnsRoot:

• There’s a corresponding crossRef, which by definition means that the target domain is in the forest: so it’s an intra-forest trust
• Otherwise, if there’s no crossRef, it means that the target domain isn’t in the forest: so it’s an external trust

This alternative rule allowed us to interpret the correct types for these confusing trusts (others continue using existing rules) and the updated interpretations were validated outside our lab in a real-world environment.

Conclusion

Active Directory is full of surprises, even on very old topics, such as trusts, that we may think are fully mastered by now. It was an interesting discovery which brought us back ~25 years in the early days of Active Directory.

A correct interpretation of Active Directory trusts is required in AD exposure management solutions such as Tenable Identity Exposure, whose Dangerous Trust Relationships Indicator of Exposure implements the alternative we identified for this confusing case. More broadly, we hope that sharing this discovery will help AD administrators and security experts to properly understand when they stumble upon these in their manual reviews or in their custom scripts.

We are very proud to serve Tenable customers who trust us with helping secure their Active Directory domains that they created two decades ago and maintain to this day.

The post Active Directory Trust Misclassification: Why Old Trusts Look Like Insecure External Trusts appeared first on Security Boulevard.

Credential detection finds exposed passwords your policy can’t. Learn how continuous credential checks close the security gap.

The post Compromised Credential Detection vs. Password Policy Enforcement appeared first on Security Boulevard.

Google’s Lighthouse lawsuit signals a new era in cybersecurity, where companies use civil litigation—including the CFAA, Lanham Act, and RICO—to dismantle phishing networks, seize malicious infrastructure, and fight hackers when criminal prosecution falls short.

The post Sue The Hackers – Google Sues Over Phishing as a Service appeared first on Security Boulevard.

Every 39 seconds, somewhere in the world, a new cyberattack is launched — and far too often, it’s not a sophisticated hack but the reuse of legitimate credentials already exposed online. As data breaches multiply and stolen credentials circulate across public and underground channels, one truth is clear: exposure is inevitable, but compromise doesn’t have …

The post From Exposure to Action: How Proactive Identity Monitoring Turns Breached Data into Defense appeared first on Security Boulevard.

Singapore, Singapore, 19th November 2025, CyberNewsWire

The post CredShields Joins Forces with Checkmarx to Bring Smart Contract Security to Enterprise AppSec Programs appeared first on Security Boulevard.

Improve Google email deliverability and land in Gmail inboxes. Learn best practices and start optimizing your email performance today.

The post Google Email Deliverability: How to Avoid Spam Folders appeared first on Security Boulevard.

November 18, 2025 – Cloudflare Global Outage (not a DDoS) The timing and Cloudflare’s brief initial misdiagnosis caused widespread confusion, with many people incorrectly believing Cloudflare had been DDoSed. Some reports even mentioned that the Cloudflare Incident was linked to an earlier DDoS incident towards Microsoft Azure. In reality, the two events were unrelated. October […]

The post Record-Breaking Cloud Incident Brings Outage Through the Internet appeared first on NSFOCUS, Inc., a global network and cyber security leader, protects enterprises and carriers from advanced cyber attacks..

The post Record-Breaking Cloud Incident Brings Outage Through the Internet appeared first on Security Boulevard.

Find out what an email deliverability consultant does, key signs you need one, and how they help optimize email deliverability and engagement.

The post Email Deliverability Consultant: How to Boost Campaign ROI appeared first on Security Boulevard.

The post How to Enable Safe File Handling for Clinical and Research Portals appeared first on Votiro.

The post How to Enable Safe File Handling for Clinical and Research Portals appeared first on Security Boulevard.

4 min readAnthropic’s recent disclosure of an AI-driven espionage campaign it halted represents less a new class of attack than a faster, more persistent version of patterns the industry has seen before. What distinguishes this incident is the continuity of activity an autonomous system can sustain once it is given the ability to interpret its surroundings and […]

The post Anthropic Disruption of an AI-Run Attack and What It Means for Agentic Identity appeared first on Aembit.

The post Anthropic Disruption of an AI-Run Attack and What It Means for Agentic Identity appeared first on Security Boulevard.

Understand Single Sign-On (SSO), its benefits, and why creating an account is still a crucial step for initial setup and enhanced security. Learn how SSO simplifies access while maintaining control.

The post What is Single Sign-On and why do I need to create an account? appeared first on Security Boulevard.

Learn how to implement risk-based authorization for enhanced security in identity and access management. Protect your applications from unauthorized access and data breaches.

The post Comprehensive Guide to Risk-Based Authorization for Identity and Access Management appeared first on Security Boulevard.

Four U.S. citizens and a Ukrainian national pleaded guilty to their roles in a North Korean IT worker scam that victimized more than 135 U.S. companies and netted more than $2.2 million for the DPRK regime and is military and weapons programs.

The post 4 U.S. Citizens, Ukrainian Plead Guilty in N. Korea IT Worker Scheme appeared first on Security Boulevard.