Negotiating with the Board: Translating Active Risk into Financial Exposure

Security leaders rarely struggle to produce data. The challenge is turning that data into something the board can use to make decisions. Walk into a board meeting with a slide showing 1,200 critical vulnerabilities and 44 internet-facing assets, and you will likely see polite acknowledgment rathe...

MCP-In-SoS: Risk Assessment Framework for Open-Source MCP Servers

Model Context Protocol MCP servers have rapidly emerged over the past year as a widely adopted way to enable Large Language Model LLM agents to access dynamic, real-world tools. As MCP servers proliferate and become easy to adopt via open-source releases, understanding their security risks become...

Security Threat Modeling for Emerging AI-Agent Protocols: A Comparative Analysis of MCP, A2A, Agora, and ANP

The rapid development of the AI agent communication protocols, including the Model Context Protocol MCP, Agent2Agent A2A, Agora, and Agent Network Protocol ANP, is reshaping how AI agents communicate with tools, services, and each other. While these protocols support scalable multi-agent...

Microsoft SDL: Evolving security practices for an AI-powered world

As AI reshapes the world, organizations encounter unprecedented risks, and security leaders take on new responsibilities. Microsoft’s Secure Development Lifecycle SDL is expanding to address AI-specific security concerns in addition to the traditional software security areas that it has...

PT-2025-39765

Name of the Vulnerable Software and Affected Versions WordPress Search Exclude plugin versions up to and including 2.5.7 Description The WordPress Search Exclude plugin contains a flaw that allows unauthorized modification of data. This is due to an inadequate capability check within the Base::ge...

SoK: Securing the Final Frontier for Cybersecurity in Space-Based Infrastructure

With the advent of modern technology, critical infrastructure, communications, and national security depend increasingly on space-based assets. These assets, along with associated assets like data relay systems and ground stations, are, therefore, in serious danger of cyberattacks. Strong securit...

TELSAFE: Security Gap Quantitative Risk Assessment Framework

Gaps between established security standards and their practical implementation have the potential to introduce vulnerabilities, possibly exposing them to security risks. To effectively address and mitigate these security and compliance challenges, security risk management strategies are essential...

Doxing Via the Lens: Revealing Location-Related Privacy Leakage on Multi-Modal Large Reasoning Models

Recent advances in multi-modal large reasoning models MLRMs have shown significant ability to interpret complex visual content. While these models enable impressive reasoning capabilities, they also introduce novel and underexplored privacy risks. In this paper, we identify a novel category of...

Thinking about the balance between compliance and security

Today, many organizations still struggle to adhere to General Data Protection Regulation GDPR mandates even though this landmark regulation took effect nearly two years ago. A key learning for some: being compliant does not always mean you are secure. Shifting privacy regulations, combined with...

Preventing Silent Data Exits a Workable Problem for Businesses

CANCUN–Businesses, especially those in the financial sector, should operate under the assumption that data exfiltration either is or will soon happen in their organization. A lot like car insurance, end users should hope for the best and prepare for the worst, according to Wells Fargo’s Steve...