Please download one of these browsers:
Keep your browser version up-to-date for a fast, secure, web experience.
Dino DiMarino and Dan Hewitt of Tenable examine how real-world OT breaches highlight the need for holistic exposure management across converged IT/OT environments, from asset visibility to identity governance.
Moriah Hara and Hardik Mehta explore practical AI implementation in financial services, cutting through industry hype to reveal real-world applications, risk management strategies and governance frameworks that protect institutions.
Ronald Chan of Aboitiz Power Corporation shares practical lessons from deploying a unified secure remote access framework across a major energy operator's OT network, from zero-trust principles to cultural change.
ISMG's Sean D. Mack walks through the NIST AI RMF's four-pillar model - Govern, Map, Measure and Manage - to help organizations at any maturity level tackle real-world AI governance failures head-on.
Chris Christensen of Honeywell addresses legacy building systems vulnerabilities, common attack vectors against hospital systems, IT-OT collaboration strategies and defense-in-depth frameworks using NIST standards.
Aaron Jensen reveals critical vulnerabilities in non-production environments most organizations overlook and shares strategies to secure test, development and backup data containing sensitive information.
Hitesh Chhabra of Zscaler examines how zero trust principles - privileged remote access, east-west segmentation and OT deception - can replace VPN-based architectures and reduce the attack surface in manufacturing environments.
Security Researcher Thomas Roth and University of Birmingham's Marius Muench examine how fault injection and double glitches defeated RP2350 secure boot protections and reshaped hardware defense assumptions.
Wei Che Kao of DEVCORE shows how flaws in Wi-Fi authentication and frame handling enable unauthorized access and remote code execution across modern devices.
Niek Timmers of Raelize demonstrates how electromagnetic fault injection corrupts Linux system calls to gain root on Android TV hardware.
Wouter Bokslag and Carlo Meijer of Midnight Blue discuss how cache side channels and ROM flaws enabled full compromise of the OMAP-L138 trusted execution environment.
Moritz Abrell of SySS GmbH discusses how Bluetooth flaws and firmware weaknesses in a popular sports watch enable wireless attacks, account takeover and data exposure.
Andrew Huang of Sutajio Ko-usagi examines practical ways to verify silicon integrity using infrared inspection and open design principles.
Mathé Hertogh of VU Amsterdam shows how chained transient execution flaws can leak sensitive data across cloud tenants under real-world conditions.
Ashish Kataria of Synacor examines how modern sanitization pipelines can inadvertently introduce XSS vulnerabilities through structural mutations, namespace confusion and multi-stage parser mismatches.
Jakkaraju Varshith and Vivek Joshi of Rashtriya Raksha University demonstrate how POSIX-based self-deletion and stealth injection bypass Windows 11 25H2 security controls, with detection guidance for blue teams.
Sudhanshu Dasgupta and Sahil Bansal of SafeDep dissect the Shai-Hulud npm worm and walk through the static and dynamic detection architecture that caught it, including open-source tools you can deploy today.
Shubham Mittal of RedHunt Labs maps nine AI exposure layers - from leaked API keys to unprotected orchestration platforms - and explains why these invisible breach paths evade traditional security tools entirely.
Urvish Acharya, Uday Deshpande, Kedar Telavane and Sriranga Narasimha examine how cascading third- and fourth-party dependencies create enterprise risk, and where AI-driven automation changes the equation.
Rakesh Seal unveils a zero-day TLS covert channel that exfiltrates data by permutating handshake parameters, bypassing multiple leading firewalls with no anomalous footprints, in IEEE award-winning research disclosed to CISA, GSMA and 100+ vendors.
Adobe's Kamalpreet Khurana exposes how legacy SOAP systems still fuel critical vulnerabilities in 2026, walking through a real zero-day XXE discovery and offering practical mitigations for teams that can't retire their SOAP infrastructure.
SoYeon Kim, Hea-Eun Moon and Sang-tae Woo of NSHC share lessons from organizing ACDC 2025, Korea's first AI security CTF, covering challenge design, unintended AI-powered solutions and format pitfalls.
Gurjot Singh, Vipin Venu and Arjun V of Innspark Solutions expose a BLE vulnerability class that lets any nearby attacker send commands to unprotected smartwatches - no pairing, no authentication required.
Priyanshu Sharma of MIT Pune walks through a five-step driver vulnerability pipeline that moves beyond fuzzing to produce consistent zero-day discoveries.
Saikat Datta, Col. Alok Shankar Pandey, Makarand Kadave and Amit Malhotra examine how AI-driven deception is targeting trust and what security leaders must do to respond.
Rishav Raj and Rajkumar Rathod of FIS demo VISTA, an open-source Burp Suite extension that integrates LLM reasoning into penetration testing workflows without replacing human judgment.
Sanjay Bahl, Kuldeep Tomar, Mrudul Uchil and Kalpesh Doshi examine how security leaders can build genuine resilience - beyond certifications - in an era of expanding regulation and emerging threats.
Durga Prasad Dube, Satyavathi Divadari and Rajeev Verma examine the authority-accountability gap facing modern CISOs and how to navigate it without losing credibility or board support.
Jagannath Sahoo, Yask Sharma and Neilmani Sahu examine the practical challenges of meeting DPDPA's 72-hour breach notification requirement and why existing cyber response playbooks fall short.
Maor Abutbul of CyberArk Labs demonstrates how QUIC's multiplexing can be weaponized for race conditions and fuzzing via QuicDraw - an open-source HTTP/3 security testing tool.
CyberArk's Eviatar Gerzi explores how attackers exploit SPIFFE/SPIRE trust assumptions to impersonate workloads and move laterally in Kubernetes environments, along with key defenses for zero trust systems.
Thejes Sree Satheesh Kumar and Srinivasan Sekar examine how AI agents using protocols like MCP create unmonitored toolchain attack surfaces and why traditional security models are unequipped to defend them.
Kandi Abhishek Reddy and Alla Vamsi Krishna examine CVE-2025-21533, a VirtualBox speculative execution flaw that exposes sensitive data via cache-based side channels, and what it means for virtualization security.
Chandrashekar Chettiar, Aditya Khullar, Abhishek Bansal and Sujit Nair explore how enterprises can reconcile AI's data appetite with zero trust and DPDPA obligations through Lean Cloud architecture.
Lt. Gen. Rajesh Pant, Lokesh Garg, Sanjay Bahl and Richard LaTulip debate how the three lines of defense must evolve for an era of AI threats, continuous change and board-level accountability.
Anant Shrivastava and Saikat Datta examine whether AI will disrupt or demolish the cybersecurity industry - separating market sentiment from ground reality.
Rajnish Gupta of Tenable explains how to gain full visibility into your enterprise AI attack surface - from shadow AI discovery and risk correlation to exposure management and remediation prioritization.
Rajesh Kumar Natarajan and Srinivasan Govindarajan present a framework that combines Volatility 3 and RAG to simplify memory forensics, enrich artifacts with threat intelligence and generate accurate insights for faster detection of advanced threats.
Shailendra Fuloria, Vivek Yadav, Yask Sharma and Nageshwaran Chinnadurai discuss how CXOs must redefine resilience for an era defined by AI threats, supply chain risk and geopolitical instability.
Rishi Mehta, M.A.K.P. Singh and Abhishek Bansal examine how CISOs can cut through noise, build shared accountability and prioritize what actually matters in a landscape where everything feels critical.
Gaurav Saxena of SentinelOne presents the absorb-adapt-recover framework for building resilient security systems designed to contain breaches, mutate with threats and accelerate recovery.
Col. Tarun Uppal of I4C, Ministry of Home Affairs, traces how cybercrime in India has evolved into organized, state-backed networks and how coordinated intelligence is beginning to turn the tide.
Lukas Bernhard explores custom intermediate representations for semantic-aware mutations that penetrate compiler optimization paths, GPU process sandboxing weaknesses, and fuzzing vendor GPU stacks without source access.
Emanuele Barbeno of Compass Security demonstrates how DHCP response fields enable JSON injection into IPC channels, how missing input validation creates unauthenticated RCE paths, and exploit challenges including timing constraints and ARP spoofing.
Simon Gerst of Asymmetric Research covers bounded model checking for V8's C++ code, floating-point edge cases in range analysis that create security vulnerabilities, and automated JavaScript proof-of-concept generation from symbolic counterexamples.
Joern Schneeweisz of GitLab reveals how prompt injection exploits in-band signaling, why AI agent tooling magnifies security failures when accessing sensitive data, and defense strategies including context visibility.
Mickey Jin breaks down a race-condition vulnerability Apple once deemed unexploitable, showing how it enabled sandbox escapes and TCC bypasses, why early patches failed, and what finally worked.
Rainer Rodler, Luis Contasti and Stefan Gerling examine why OT security failures persist, how attackers exploit legacy systems and supply chains, and what resilience really takes in industrial environments.
Simcha Kosman of CyberArk explains how MCP servers enable indirect prompt injection through tool outputs, schemas and external APIs, exposing AI systems to silent data exfiltration and misuse.
Daniel Wegemer of Nvidia and Edoardo Mantovani reveal how MediaTek Wi-Fi firmware exposes hidden interfaces that enable raw signal capture, channel analysis and advanced physical-layer research on commodity hardware.
1 2 3 Next