Security Boulevard

The Complete Guide to Authentication Implementation for Modern Applications

A comprehensive developer guide to implementing secure authentication in modern applications. Covers OAuth 2.0, OIDC, ...

MCP shipped without authentication. Clawdbot shows why that's a problem.

Knostic found 1,862 MCP servers exposed with zero authentication. Here are five actions CISOs should take now.

SMS sign-in links are spreading fast and quietly opening doors to hackers

SMS sign-in links are spreading fast and quietly opening doors to private data that few users realize is exposed ...
CCN on MSN

Binance logins among 149 million credentials exposed in infostealer malware data dump — here’s what you should know

This was not a single company breach, the credentials were harvested from millions of infected user devices using infostealer malware. Binance appeared in the dataset ...

Hugging Face Repositories Abused in New Android Malware Campaign

Attackers exploited Hugging Face’s trusted infrastructure to spread an Android RAT, using fake security apps and thousands of ...

Mandiant details how ShinyHunters abuse SSO to steal cloud data

Mandiant says a wave of recent ShinyHunters SaaS data-theft attacks is being fueled by targeted voice phishing (vishing) attacks and company-branded phishing sites that steal single sign-on (SSO) ...
Infosecurity Magazine

Emojis in PureRAT’s Code Point to AI-Generated Malware Campaign

Researchers discover that PureRAT’s code now contains emojis – indicating it has been written by AI based-on comments ripped ...
Security Boulevard

APT Attacks Target Indian Government Using GOGITTER, GITSHELLPAD, and GOSHELL | Part 1

IntroductionIn September 2025, Zscaler ThreatLabz identified two campaigns, tracked as Gopher Strike and Sheet Attack, by a threat actor that operates in Pakistan and primarily targets entities in the ...
CSO Online

Hugging Face infra abused to spread Android RAT in a large-scale malware campaign

A fake security app called TrustBastion is being used to drop remote‑access malware hosted on Hugging Face, with attackers generating thousands of Android package variants to evade detection, ...