Security Boulevard

I Gave 4 AI Agents a Corporate Bank Account. Here’s How I Stopped Them From Draining It.

A technical build log of the Multi-Agent Control Room, where AI agents pay invoices, escalate denials, and every action is ...

iDenfy combines physical and electronic ID verification in a single onboarding flow

The alternative workflow will require pre-saved electronic ID credentials without the need to enter personal details ...
Microsoft

Investigating Storm-2755: “Payroll pirate” attacks targeting Canadian employees

Microsoft Incident Response – Detection and Response Team (DART) researchers observed an emerging, financially motivated ...

When attackers already have the keys, MFA is just another door to open

Stolen credentials turn authentication systems into the attack surface. Token shows how wearable biometric authentication ...
CSO Online

Hackers exploit a critical Flowise flaw affecting thousands of AI workflows

The design flaw in Flowise’s Custom MCP node has allowed attackers to execute arbitrary JavaScript through unvalidated ...
GitHub

Declarative authentication flow tester for CI/CD pipelines

Testing authentication flows is painful. You manually click through OAuth2 consent screens, copy-paste tokens into Postman, eyeball JWT claims, and pray your CI pipeline catches auth regressions.
The Hacker News

Device Code Phishing Hits 340+ Microsoft 365 Orgs Across Five Countries via OAuth Abuse

Cybersecurity researchers are calling attention to an active device code phishing campaign that's targeting Microsoft 365 identities across more than 340 organizations in the U.S., Canada, Australia, ...
The New England Journal of Medicine

High-Flow or Standard Oxygen in Acute Hypoxemic Respiratory Failure

Data are needed on the effect of oxygen delivered through a high-flow nasal cannula, as compared with standard oxygen therapy, on intubation and mortality in patients with acute hypoxemic respiratory ...