10+ hour, 11+ min ago (720+ words) Home " Cybersecurity " DevOps " Undetected Firefox WebAssembly Flaw Put 180 Million Users at Risk A subtle but serious security flaw in Firefox's web browser slipped past a test created by Mozilla within its WebAssembly implementation and went undetected for six months, putting more than 180 million users at risk. The vulnerability " tracked as'CVE-2025-13016 and carrying a "high" CVSS severity score of 7.5 out of 10 " was found in a single line of template code and, if exploited, could have let hackers execute arbitrary code on compromised systems. In a report about the flaw, Fort wrote that the stack buffer overflow was the result of a "subtle pointer arithmetic error'in Firefox's WebAssembly implementation [that] silently wrote past stack buffers in hundreds of millions of browsers worldwide," adding that it was "particularly insidious" because it got past a regression test that Mozilla had added along with the…...

10+ hour, 42+ min ago (669+ words) Home " Techstrong Council " OAuth Isn't Enough For Agents OAuth is a broadly accepted standard. It's used all over the internet. But as the usage of LLM agents continues to expand, OAuth isn't going to be enough. In fact, relying on OAuth will be dangerous. We won't be able to set permissions at an appropriate granularity, giving LLMs access to far too much. More data breaches are likely to occur as attackers compromise OAuth tokens. Keeping a record of authorizations of actions an LLM agent has taken will be unnecessarily complex. We need a new approach. OAuth defines the scope of access by encoding permissions data (e.g., this user is an admin) on a token, which is issued to a client. When the client tries to take an action, it provides that token in the request, and the application uses it to…...

10+ hour, 51+ min ago (348+ words) Home " Techstrong Council " Security's Next Control Plane: The Rise of Pipeline-First Architecture These challenges were front and center in a recent conversation I had with Allie Mellon, Forrester principal analyst for Security Operations, and Mark Ruiz, senior director of Cyber Risk and Resiliency at Becton Dickinson. We discussed why the monolithic model is breaking down and how a pipeline-first architecture offers a more flexible and sustainable path forward for large enterprises. The variety and velocity of modern telemetry'spanning endpoints, cloud services, SaaS, and IoT'have simply outgrown centralized designs. Enterprises now need an approach that restores flexibility, cost efficiency, and independence to the teams who operate security at scale. The answer is a pipeline-first architecture. These constraints slow transformation and keep enterprises reactive. They also make it difficult to respond to business changes such as mergers, divestitures, or cloud migrations. In…...

10+ hour, 57+ min ago (373+ words) Home " Cybersecurity " ServiceNow to Acquire Identity Security Firm Veza ServiceNow Inc. announced on Tuesday plans to acquire Veza in a move aimed at fortifying security for identity and access management. The acquisition will integrate Veza's technology into ServiceNow's Security and Risk portfolios, helping organizations monitor and control access to critical data, applications, systems, and artificial intelligence (AI) tools. The deal comes as businesses increasingly deploy autonomous AI agents, raising new concerns about managing permissions and preventing breaches. Financial terms of the acquisition were not disclosed. "In the era of agentic AI, every identity " human, AI agent, or machine " is a force for enterprise impact," Amit Zavery, ServiceNow's president, chief operating officer, and chief product officer, said in a statement. "It's only when you have continuous visibility into each identity's permissions that you can trust it." Modern enterprises face mounting challenges…...

11+ hour, 6+ min ago (248+ words) Home " Contributed Content " Closing the Document Security Gap: Why Document Workflows Must Be Part of Cybersecurity The lifecycle of a document introduces multiple points of exposure: At each of these stages, the lack of visibility and control increases the odds of regulatory non-compliance, accidental disclosure, or targeted data theft. The objection to securing documents is often fear of friction. Productivity suffers when users feel constrained by rigid processes. But the right safeguards can be nearly invisible when applied end-to-end: Individually, each safeguard addresses part of the problem. Together, they create a comprehensive framework that strengthens security while preserving the speed and flexibility of modern collaboration. Encryption is also not just about enabling it but ensuring it is applied consistently across the lifecycle. Many organizations encrypt storage but leave documents unprotected in transit or rely on weak key management practices that…...

11+ hour, 7+ min ago (669+ words) Home " Contributed Content " How Financial Institutions Can Future-Proof Their Security Against a New Breed of Cyber Attackers Financial institutions, with their rich troves of sensitive data and sprawling digital footprints, have always been prime targets for attack. And while many organizations have invested heavily in cyber security infrastructure, they must now adopt a more proactive, external-facing approach to defend against a new generation of threats. In 2024, we witnessed a notable shift in attacker behavior " from opportunistic smash-and-grab tactics to coordinated campaigns involving deep reconnaissance, AI-powered phishing, and the exploitation of exposed third-party systems. This trend is only accelerating in 2025. Cybercriminals are capitalizing on this complexity. The use of Initial Access Brokers (IABs) has become industrialized, with specialized groups identifying and selling access to vulnerable systems. Often, these entry points stem from misconfigured cloud services, unpatched software, or forgotten web assets,…...

11+ hour, 10+ min ago (375+ words) Home " Cybersecurity " Security Gap Widens as Organizations Rush to Deploy AI Agents Without Proper Identity Controls Organizations are racing to implement autonomous artificial intelligence (AI) agents across their operations, but a sweeping new study reveals they're doing so without adequate security frameworks, creating what researchers call "the unsecured frontier of autonomous operations." The research, released Tuesday by Enterprise Management Associates (EMA), surveyed 271 IT, security, and identity and access management (IAM) professionals and found that agentic AI has moved from emerging technology to operational reality. Among companies with 500 or more employees, only 2% reported no plans to adopt the technology, with most organizations already deploying AI agents for both employee-facing and customer-facing tasks. However, rapid adoption has exposed a critical vulnerability: Existing identity management systems aren't equipped to handle autonomous agents, and organizations lack the policies needed to secure them. "When it…...

15+ hour, 41+ min ago (262+ words) Home " Security Bloggers Network " Uncategorized " Cyber Startup Frenetik Launches with Patented Deception Technology That Bets Against the AI Arms Race Bethesda, USA / Maryland, December 2nd, 2025, CyberNewsWire While most cybersecurity companies pour resources into AI models, massive compute, hoovering up all the data, and enhanced analytics to detect and prevent threats, Frenetik, a Maryland cyber startup, is betting on something simpler: making sure attackers don't know what defenders know. The company emerged today with a fundamentally different approach using novel cyber deception and a newly issued U.S. patent to back it. "The industry has turned cybersecurity into a compute and analysis war," said founder Hans Ismirnioglou. "Bigger models, more data, faster analysis. But you can't out-compute or out-analyze an adversary forever. We're not trying to. We're exploiting information asymmetry." Defenders stay informed. Attackers work from stale intelligence. "Adversaries, especially AI-driven ones, build models…...

16+ hour, 41+ min ago (372+ words) Home " Security Bloggers Network " Uncategorized " AI Adoption Surges While Governance Lags " Report Warns of Growing Shadow Identity Risk Baltimore, MD, December 2nd, 2025, CyberNewsWire The 2025 State of AI Data Security Report reveals a widening contradiction in enterprise security: AI adoption is nearly universal, yet oversight remains limited. Eighty-three percent of organizations already use AI in daily operations, but only 13 percent say they have strong visibility into how these systems handle sensitive data. Produced by Cybersecurity Insiders with research support from Cyera Research Labs, the study reflects responses from 921 cybersecurity and IT professionals across industries and organization sizes. The data shows AI increasingly behaving as an ungoverned identity " a non-human user that reads faster, accesses more, and operates continuously. Yet most organizations still use human-centric identity models that break down at machine speed. As a result, two-thirds have caught AI tools over-accessing sensitive…...

1+ day, 7+ hour ago (202+ words) Home " Video Interviews " The Dual Role of AI in Cybersecurity: Shield or Weapon? We may be at the "beginning of the beginning" for AI in security, Arazi says, but the gap between how quickly AI can introduce risk and how slowly enterprises adapt is already here. The job now is to close that gap before adversaries do it for us. Throughout his career spanning over 25 years in the IT industry, Alan Shimel has been at the forefront of leading technology change. From hosting and infrastructure, to security and now DevOps, Shimel is an industry leader whose opinions and views are widely sought after. Alan is also the founder of the Security Bloggers Network, the Security Bloggers Meetups and awards which run at various Security conferences and Security Boulevard. Alan has a BA in Government and Politics from St Johns University,…...