%term

Securing LLM Superpowers: When Tools Turn Hostile in MCP

Sep 3, 2025 By Gianpietro Cutolo In Netskope

In Part 1 of this blog series, we explored the architecture, capabilities, and risks of the Model Context Protocol (MCP). In this post, we will focus on two attack vectors in the MCP ecosystem: prompt injection via tool definitions and cross-server tool shadowing. Both exploit how LLMs trust and internalize tool metadata and responses, allowing attackers to embed hidden instructions or persistently influence future tool calls without direct user prompts.

Read Post

Netskope

Read more about Securing LLM Superpowers: When Tools Turn Hostile in MCP

NIST Tightens Software Update Security: What SP 800-53 Release 5.2.0 Means for You

Sep 3, 2025 By Mohammed Hoque In Sedara

When it comes to cybersecurity, even “routine” actions like applying patches can introduce risk. An update meant to fix one vulnerability can sometimes open the door to another, disrupt operations, or create compliance headaches.

Read Post

Sedara

Read more about NIST Tightens Software Update Security: What SP 800-53 Release 5.2.0 Means for You

What To Look for in a Password Manager

Sep 3, 2025 By Keeper Security In Keeper

Thinking about using a password manager? Good move. But not all password managers are created equal. In this video, we break down the key features you actually need to protect your online accounts, from strong encryption and passkey support to secure sharing and built-in 2FA code storage. Plus, we’ll walk you through what setup looks like and why the best password management tools make it easy from the start.

View Video

Keeper

Read more about What To Look for in a Password Manager

Securonix - Breach Ready. Board Ready. AI-Powered.

Sep 3, 2025 By Securonix In Securonix

Security teams today are expected to do it all. Stop threats faster. Prove value to the board. Scale with fewer resources. Securonix makes it possible. Breach Ready means unified detection and response with up to 60 percent faster time to containment and 50 percent less analyst workload. Board Ready means 193 percent ROI, a six-month payback period, and reporting that drives strategic decisions. AI Powered means modular agents that cut false positives by 90 percent and automate triage with precision, keeping your team in control. This is modern security. This is Securonix.

View Video

Securonix

Read more about Securonix - Breach Ready. Board Ready. AI-Powered.

When Google Says "Scan for Secrets": A Complete Guide to Finding Hidden Credentials in Salesforce

Sep 3, 2025 By Guillaume Valadon In GitGuardian

The Salesloft Drift breach affected hundreds of organizations through Salesforce, including Cloudflare, Palo Alto Networks, and Zscaler. Google now explicitly recommends running secrets scanning tools across Salesforce data—here's your complete guide.

Read Post

GitGuardian

Read more about When Google Says "Scan for Secrets": A Complete Guide to Finding Hidden Credentials in Salesforce

Why We Built Nucleus Insights

Sep 3, 2025 By Scott Kuffer In Nucleus

Today we’re announcing the beginning of the next phase of our journey. We’re launching our Vulnerability Intelligence feed, Nucleus Insights. As we’ve worked with many companies, partners, and clients over the years, this became an obvious next step for Nucleus, and I want to share with you why. Fixing vulnerabilities is expensive. Not just in terms of patching costs or system downtime, but in people, time, and lost focus.

Read Post

Nucleus

Read more about Why We Built Nucleus Insights

How to Maintain DevSecOps Velocity Without Compromising Security

Sep 3, 2025 By Sanskriti Jain In Astra

Software delivery today is a delicate balancing act between moving quickly and maintaining security. CXOs chase release velocity, PMs measure success by the number of features shipped, and developers are asked to code faster with every sprint. However, every pipeline that prioritizes speed without embedded security is essentially gambling with the risk of a breach. Legacy security models still act like toll gates, piling on reviews and post-deploy scans that stall progress.

Read Post

Astra

Read more about How to Maintain DevSecOps Velocity Without Compromising Security

EMBER2024: Advancing the Training of Cybersecurity ML Models Against Evasive Malware

Sep 3, 2025 By Phil Roth In CrowdStrike

CrowdStrike data scientists are members of a team of cybersecurity researchers that recently released EMBER2024, an update to EMBER, the popular open source malware benchmark dataset originally released in 2018. The EMBER2024 dataset includes metadata, labels, and calculated features for over 3.2 million files from six different file formats.

Read Post

CrowdStrike

Read more about EMBER2024: Advancing the Training of Cybersecurity ML Models Against Evasive Malware

The Case of the Phantom Date: How a Single Pixel Fooled Our Visual AI

Sep 3, 2025 By Andriy Zaretskyy In Egnyte

We’ve all seen it: a cutting-edge, multimodal LLM, capable of understanding complex documents, stumbles on a seemingly simple task. In our case, the model confidently reported a contract’s signing date as "March 30". The only problem? The document clearly stated "March 9th". It wasn't just a minor error; it was a baffling one that sent us down a rabbit hole of debugging.

Read Post

Egnyte

Read more about The Case of the Phantom Date: How a Single Pixel Fooled Our Visual AI

Balancing Scan Depth and Speed in Modern Pipelines

Sep 3, 2025 By Sanskriti Jain In Astra

Most teams run on velocity budgets, not risk budgets. While features get sprints, milestones, and release slots, risk, on the other hand, gets hope. When scan depth and speed decisions are made without an explicit budget for risk, the outcome is predictable: throughput is optimized while exposure compounds silently in the background.

Read Post