Security Boulevard

Attacking the MCP Trust Boundary

Every secure API draws a line between code and data. HTTP separates headers from bodies. SQL has prepared statements. Even email distinguishes the envelope from the message. The Model Context Protocol ...
CSO Online

Azure SRE Agent flaw lets outsiders silently eavesdrop on enterprise cloud operations

A multi-tenant authentication gap in Microsoft’s AI operations agent exposed live command streams, internal reasoning, and ...

New npm supply-chain attack self-spreads to steal auth tokens

A new supply chain attack targeting the Node Package Manager (npm) ecosystem is stealing developer credentials and attempting to spread through packages published from compromised accounts.
SMEChannels

Tenable Research Uncovers Remote Code Execution Vulnerability in Microsoft GitHub Repository

The discovery involves a vulnerable GitHub workflow, within the Windows-driver-samples repository. Tenable Research has ...
Security Boulevard

SAML vs OIDC vs OAuth 2.0: 12 Differences Every B2B Engineering Team Should Know

Choosing between SAML, OIDC, and OAuth 2.0? Explore 12 critical differences to help your B2B engineering team select the right authentication protocol today.
InfoWorld

Google’s Gemma 4 shines on local systems – both big and small

We tried out Google’s new family of multi-modal models with variants compact enough to work on local devices. They work well.