MCP-SandboxScan: WASM-Based Secure Execution and Runtime Analysis for MCP Tools

Tool-augmented LLM agents raise new security risks: tool executions can introduce runtime-only behaviors, including prompt injection and unintended exposure of external inputs e.g., environment secrets or local files. While existing scanners often focus on static artifacts, analyzing runtime...

AUTOVR: Automated UI Exploration for Detecting Sensitive Data Flow Exposures in Virtual Reality Apps

The rise of Virtual Reality VR has provided developers with an unprecedented platform for creating games and applications apps that require distinct inputs, different from those of conventional devices like smartphones. The Meta Quest VR platform, driven by Meta, has democratized VR app publishin...

Rethinking Cyber-Defense Strategies in the Public-Cloud Age

The pandemic has fast-tracked migration to the public cloud, including Amazon Web Services, Google Compute Platform and Microsoft Azure. But the journey hasn’t exactly been smooth as silk: The great migration has brought a raft of complex security challenges, which have led to headline-grabbing...

Global Crime Ring Bilks U.S. Military Members, Vets Out of Millions

Operators of a widespread identity-theft and fraud scheme have bilked thousands of U.S. servicemembers and veterans out of millions of dollars in stolen funds and Veterans Affairs VA benefits payments. Fredrick Brown pled guilty this week, revealing that in his role as a civilian medical records...

Houzz Urges Password Resets After Data Breach

Interior decorating website Houzz on Friday issued a notice that user data – including usernames, passwords and IP addresses – had been accessed by an “unauthorized third party.” Houzz connects consumers to varying home-goods departments or professionals for purchasing furniture. The Palo Alto,...

2018: A Banner Year for Breaches

Where to start? In 2018 the mantra became “another day, another data breach.” As a result, consumers and researchers alike are feeling “breach fatigue” and getting a bit numb to the headline. But the reality is, cybercriminals are going after personal information, credit card info and passwords...

USPS, Amazon Data Leaks Showcase API Weaknesses

The annual holiday buying bonanza has officially kicked off for 2018, and, as if on cue, a pair of security incidents at two of the most-used services this time of year – the U.S. Postal Service and Amazon – showed up to remind us of the dangers of shopping season. Both hinged on improper API use...