Security Boulevard

Xi Whiz: HTTPS connections on port 443 received forged replies.

The post NOT-So-Great Firewall: China Blocks the Web for 74 Min. appeared first on Security Boulevard.

Healthcare has more data than it knows what to do with. Petabytes of patient records, clinical notes, lab results, and wearable feeds pile up daily....Read More

The post The Future Is Predictive: Top 7 AI Tools Shaping Healthcare Analytics in 2025 appeared first on ISHIR | Software Development India.

The post The Future Is Predictive: Top 7 AI Tools Shaping Healthcare Analytics in 2025 appeared first on Security Boulevard.

Cybercriminals commonly target K-12 schools. To trick staff, students, and even parents into disclosing sensitive information, malicious attackers deploy phishing attacks. Training individuals on how to spot phishing emails is a key guardrail and can prevent significant financial, operational, and regulatory repercussions.  Read on as we unpack seven common phishing email examples and the steps ...

The post 7 Phishing Email Examples (And How To Spot Them) appeared first on ManagedMethods Cybersecurity, Safety & Compliance for K-12.

The post 7 Phishing Email Examples (And How To Spot Them) appeared first on Security Boulevard.

Over the last year, I’ve spent countless hours with CISOs, CTOs, and security architects talking about a new wave of technology that’s changing the game faster than anything we’ve seen before: Agentic AI and Model Context Protocol (MCP) servers.

If you think AI is still in the “cool demos and pilot projects” stage, think again. We’re already seeing autonomous agents reasoning, remembering, and taking actions in live production environments. MCP servers are quietly becoming the central nervous system for these agents, brokering instructions, accessing tools, and orchestrating API calls across your systems.

This is no longer an “emerging tech” conversation. It’s a real risk surface conversation. And it’s all powered by APIs.

Why APIs Are Now the Front Line

Every AI agent and MCP server interaction runs on APIs. Those APIs pull data from customer records, update transaction systems, initiate workflows, and often do so without a human in the loop.

Here’s the problem:

• Most current security tooling, like WAFs, API gateways, CDNs, and LLM security wrappers can’t see all of this API traffic.
• The API calls between an MCP server and your internal or third-party data sources often happen deep inside your environment, bypassing the “edge” where traditional tools sit.
• Many of these APIs are new, undocumented, or dynamic, created on the fly as agents take new actions.

Without real-time visibility into this API fabric, you’re blind to:

• What data agents are accessing
• Whether they’re staying within policy
• If an attacker has hijacked an agent or exploited an API to breach your system

The Stakes for CISOs

For CISOs, this is a perfect storm: a technology that’s moving faster than your governance frameworks, with attack surfaces multiplying overnight, all in a domain (APIs) where most organizations already struggle to get full visibility.

The “just secure the AI model” approach doesn’t work here. The model isn’t the thing taking actions; the APIs are. If you don’t secure them, you don’t secure the AI. Period.

The 5 Questions Every CISO Should Be Asking Right Now

When I meet with CISOs today, these are the five questions I tell them to put on the table immediately:

1. Do we have an accurate, up-to-date inventory of every API our AI agents and MCP servers are using? If you don’t know what you have, you can’t protect it.
2. Can we see API traffic between our MCP servers, AI agents, and all internal/third-party data sources in real time? Edge-only visibility isn’t enough. You need to see the whole API fabric.
3. Are our governance and policy controls applied at the API level for AI-driven actions? An AI agent can violate policy just as easily as a human, maybe faster.
4. Do we have threat detection tuned for AI-driven API attacks and abuse patterns? This is not “just another OWASP Top 10” problem. Agentic AI creates new classes of attacks.
5. How fast can we identify and stop a rogue agent or compromised MCP server before it impacts data or systems? Containment speed is everything once something goes wrong.

Where Salt Security Fits

At Salt, we’ve been securing APIs since before “API security” was even a market category. Our platform gives you:

• Complete visibility into all API traffic, including the traffic no other tool sees between MCP servers, AI agents, and data sources.
• Continuous discovery so you’re never blindsided by a new or shadow API.
• Real-time threat detection and blocking built for modern API abuse patterns, including those driven by AI agents.
• Governance at scale, so your policies follow the API, no matter how dynamic your environment gets.

If Agentic AI is your new competitive advantage, API security is your new survival strategy. You can’t slow the technology down, but you can be ready for it.

Final Thought

Agentic AI and MCP servers are reshaping the attack surface, whether we like it or not. The organizations that thrive in this new reality will be the ones that treat API security as core infrastructure and not an afterthought. If you’re not already asking the five questions above, now is the time to start.

If your team is exploring agentic AI and wants to talk about securing the foundation it runs on, let’s connect. Request a demo now, and I’ll have one of our AI security experts reach out to you directly.

Also, we are hosting a webinar on August 28 to explore these topics in more depth. You can register for the webinar here.

The post Why AI Agents and MCP Servers Just Became a CISO’s Most Urgent Priority appeared first on Security Boulevard.

Originally published at Answering Your Webinar Questions: What Do Most IT Teams Get Wrong About DMARC? by Levon Vardumyan.

Our recent webinar, “What Do Most IT Teams ...

The post Answering Your Webinar Questions: What Do Most IT Teams Get Wrong About DMARC? appeared first on EasyDMARC.

The post Answering Your Webinar Questions: What Do Most IT Teams Get Wrong About DMARC? appeared first on Security Boulevard.

Learn how to automate your penetration testing, save time, reduce costs, and achieve business logic testing without human-in-the-loop.

The post How to Automate Your Penetration Testing? appeared first on Security Boulevard.

If you caught my Buyers Look at More Than Dots article on the Gartner Magic Quadrant earlier this year, you already know I’m not a fan of check‑box cheerleading. Yes, it’s nice when your company lands in a particular quadrant or, in today’s case, on the inner ring of GigaOm’s radar (I'm actually pretty darn happy about that). But the real win is a report that helps you (actual IT/Security leader) separate signal from noise when you're the one responsible for keeping your coworker's business communications safe.

The post GigaOm’s 2025 Phishing Defense Radar (a buyer’s shortcut) appeared first on Security Boulevard.

With innovation comes risk. As organizations race to build AI-first infrastructure, security is struggling to keep pace. Multi-Agentic Systems – those built on Large Language Models (LLMs) and Multi-Component Protocols (MCP) - bring immense potential, but also novel vulnerabilities that traditional tools weren’t designed to handle.  At Wallarm, we’re closely following emerging guidance around these [...]

The post Comprehensive MCP Security Checklist: Protecting Your AI-Powered Infrastructure appeared first on Wallarm.

The post Comprehensive MCP Security Checklist: Protecting Your AI-Powered Infrastructure appeared first on Security Boulevard.

Securing UK Hospitality SMBs and their supply chains in 2025 UK hospitality, including hotels, guesthouses, pubs, restaurants and their supply chains, thrives on reputation, efficiency, and trust. In 2025, data-driven bookings, contactless dining, and digital loyalty programmes accelerate gains, but also expose severe cyber risks. For small and medium-sized hospitality businesses, tight budgets, minimal IT […]

The post Securing UK Hospitality SMBs and their supply chains in 2025 appeared first on Clear Path Security Ltd.

The post Securing UK Hospitality SMBs and their supply chains in 2025 appeared first on Security Boulevard.

Rrise of SIM swap fraud, its implications, and how to protect yourself. Stay informed and secure your accounts today!

The post Protect Your Phone: Guard Against SIM Swap Scams and Fraud appeared first on Security Boulevard.

Discover how Enterprise SSO simplifies digital access for students and staff, cuts login frustration, and reduces IT load without compromising security or usability

The post Enterprise SSO for Schools: Simplifying Staff and Student Access appeared first on Security Boulevard.

For years, the challenge in software security and governance hasn't been knowing what to do, but instead scaling that knowledge across fast-moving teams. At Sonatype, we invested heavily in solving that through contextual policy. Not just rules, but rules that understood intent. Rules that prioritized based on usage, risk, and relevance, and turned raw security data into actionable, in-context decisions.

The post The End of Tribal Knowledge: Why Contextual Policy Is the Foundation for Agentic AI Development appeared first on Security Boulevard.

Could You Revolutionize Your Cybersecurity Strategy with NHI Management? Raising the bar in cybersecurity defense has become a critical concern for organizations operating. One area that has gained traction in this regard is Non-Human Identities (NHIs) and Secrets Management. This innovative approach enables companies to prioritize security without compromising the agility and flexibility that modern […]

The post Empower Your SOC Team with Enhanced NHI Management appeared first on Entro.

The post Empower Your SOC Team with Enhanced NHI Management appeared first on Security Boulevard.

Are You Seeking a Budget-Friendly Approach to Secrets Management? One area that often perplexes businesses is the management of Non-Human Identities (NHIs) and their secrets. This crucial aspect of cybersecurity requires strategic focus, however, cost constraints can often pose a significant challenge. So how does a business balance the need for robust secrets management without […]

The post Secrets Management Solutions That Fit Your Budget appeared first on Entro.

The post Secrets Management Solutions That Fit Your Budget appeared first on Security Boulevard.

If you’re trying to separate real AI-SOC capability from hype, you’ll love this: we’re making the 2025 AI SOC Market Landscape report available as a download. Produced by Software Analyst Cyber Research (SACR), it’s the most comprehensive snapshot of this emerging category. It features 13 vendors, architectural guidance, risk frameworks, implementation roadmaps, and a capabilities […]

The post AI To Handle 60% of SOC Work By 2028. It Had Better Be Robust. appeared first on D3 Security.

The post AI To Handle 60% of SOC Work By 2028. It Had Better Be Robust. appeared first on Security Boulevard.

The post Life in the Swimlane with Ryan Knauer, Principal Site Reliability Engineer appeared first on AI Security Automation.

The post Life in the Swimlane with Ryan Knauer, Principal Site Reliability Engineer appeared first on Security Boulevard.

Learn how to create and automate an AI BOM.

The post What is an AI Bill of Materials (AI BOM)? appeared first on Security Boulevard.

ManagedMethods recently hosted a webinar on one of the most pressing issues in K–12 cybersecurity: phishing. While schools have been targets for years, 2025 feels different. Attackers are evolving faster than ever, and traditional email security filters are falling behind. The upside? AI-powered defenses are emerging to give districts a fighting chance. Here’s a recap ...

The post Phishing in 2025: Smarter Threats, Smarter Defense appeared first on ManagedMethods Cybersecurity, Safety & Compliance for K-12.

The post Phishing in 2025: Smarter Threats, Smarter Defense appeared first on Security Boulevard.

There’s never been more data available about people and organizations. Yet, paradoxically, the overwhelming volume of that data can obscure the very truths security professionals are trying to uncover. In a landscape shaped by automation, AI, and surface-level scans, the need for human-powered due diligence hasn’t diminished; it’s grown. While automated tools are invaluable for..

The post Your Digital Shadow: Why Human-Powered Due Diligence Still Matters in the Age of Data Overload appeared first on Security Boulevard.

Creator, Author and Presenter: Simon Wijckmans

Our deep appreciation to Security BSides - San Francisco and the Creators, Authors and Presenters for publishing their BSidesSF 2025 video content on YouTube. Originating from the conference’s events held at the lauded CityView / AMC Metreon - certainly a venue like no other; and via the organization's YouTube channel.

Additionally, the organization is welcoming volunteers for the BSidesSF Volunteer Force, as well as their Program Team & Operations roles. See their succinct BSidesSF 'Work With Us' page, in which, the appropriate information is to be had!

Permalink

The post BSidesSF 2025: How To Pull Off A Near Undetectable DDoS Attack (And How To Stop It) appeared first on Security Boulevard.