LLMs leave statistical fingerprints in the passwords they generate. We built a 100-year-old model to find them and detected 28,000 in the wild.

The post The Bot Left a Fingerprint: Detecting and Attributing LLM-Generated Passwords appeared first on Security Boulevard.

Unit 42 reveals how multi-agent AI systems can autonomously attack cloud environments. Learn critical insights and vital lessons for proactive security.

The post Can AI Attack the Cloud? Lessons From Building an Autonomous Cloud Offensive Multi-Agent System appeared first on Unit 42.

Unit 42は、マルチエージェントAIシステムがクラウド環境をどのように自律的に攻撃できるかを明らかにします。プロアクティブなセキュリティのための重要なインサイトと不可欠な教訓を学びます。

The post AIはクラウドを攻撃できるのか?自律型クラウド攻撃型マルチエージェント システムの構築から得られた教訓 appeared first on Unit 42.

Vercel's Context.ai breach exposed environment variables that weren't marked sensitive. Learn how to pull and scan your secrets with GitGuardian.

The post Vercel April 2026 Incident: Non-Sensitive Environment Variables Need Investigation Too appeared first on Security Boulevard.

Recent supply chain attacks stayed live for hours. Automation tools silently merged their malware in minutes. Read how upgrade bots and AI agents became the insider threat.

The post Renovate & Dependabot: The New Malware Delivery System appeared first on Security Boulevard.

Explore Google’s synced passkey architecture. Unit 42 details its mechanisms, key management, and secure communication in passwordless systems."

The post Google Cloud Authenticator: The Hidden Mechanisms of Passwordless Authentication appeared first on Unit 42.

GitGuardian’s 5th State of Secrets Sprawl report is here. In this blog, we unpack the key findings behind the 2026 edition, from AI-driven leak growth to the remediation gaps security teams can’t ignore.

The post The State of Secrets Sprawl 2026: AI-Service Leaks Surge 81% and 29M Secrets Hit Public GitHub appeared first on Security Boulevard.

GitGuardian partnered with Google to answer: what happens when private keys leak? Using Certificate Transparency, we mapped about 1M leaked keys to 140k certificates. Result: 2,622 were valid as of September 2025, exposing major organizations. Our disclosure campaign achieved 97% remediation.

The post 2,622 Valid Certificates Exposed: A Google-GitGuardian Study Maps Private Key Leaks to Real-World Risk appeared first on Security Boulevard.

Starkiller is a new SaaS-style phishing framework that runs real brand websites inside headless Chrome containers, acting as a live reverse proxy to steal credentials, session tokens, and MFA-protected accounts while evading traditional detection.

The post Starkiller Phishing Framework Bypasses Defenses with Reverse Proxies, Takes an SaaS Approach  appeared first on Security Boulevard.

We introduce a novel method that maps cloud alert trends to MITRE ATT&CK techniques. The patterns created could identify threat actors by behavior.

The post Novel Technique to Detect Cloud Threat Actor Operations appeared first on Unit 42.

In the first two parts of our LockBit 5.0 series, we provided a comprehensive analysis of this cross-platform ransomware’s ESXi and Linux variants. This final installment features our analysis of LockBit 5.0’s Windows variant.

In the first part of our LockBit 5.0 series, where we analyzed 19 samples of the latest version of this cross-platform ransomware, we provided a comprehensive technical analysis of its ESXi variant. This report, which is the second part of a three-part series, focuses on our analysis of the Linux x64 variant of LockBit 5.0.

The Cybereason, A LevelBlue Company, Threat Intelligence Team conducted an analysis of DragonForce, a ransomware group that emerged in late 2023 as a significant cyber threat actor.

January 2026

As 2025 winds down and cruises into the holiday season, it’s a good time to take a look back and reflect on what took place in the cybersecurity industry. The members of this community know that while every year is not the same, there are trends that tend to stick with us from year to year, making it important to remember what happened so we are ready for what will take place in the coming months.

LevelBlue SpiderLabs has discovered a vulnerability in the Orkes Conductor platform (version 5.2.4 | v1.19.12) that allows authenticated attackers to perform time-based blind SQL injection attacks against the backend PostgreSQL database.

We've identified an aspect of Azure’s Private Endpoint architecture that could expose Azure resources to denial of service (DoS) attacks.

The post DNS OverDoS: Are Private Endpoints Too Private? appeared first on Unit 42.

Security researchers found a Google Gemini flaw that let hidden instructions in a meeting invite extract private calendar data and create deceptive events.

The post Google Gemini Flaw Let Attackers Access Private Calendar Data appeared first on TechRepublic.

January 2026

As 2025 winds down and cruises into the holiday season, it’s a good time to take a look back and reflect on what took place in the cybersecurity industry. The members of this community know that while every year is not the same, there are trends that tend to stick with us from year to year, making it important to remember what happened so we are ready for what will take place in the coming months.