Security Boulevard

MCP Authentication and Authorization Patterns

In MCP, every request comes from a nonhuman identity: an agent, server or tool. These identities don't act under direct human oversight. They generate requests dynamically, chain operations and carry ...
Security Boulevard

Everyone Knows About Broken Authorization – So Why Does It Still Work for Attackers?

Broken authorization is one of the most widely known API vulnerabilities.  It features in the OWASP Top 10, AppSec conversations, and secure coding guidelines. Broken Object Level Authorization (BOLA) ...
Microsoft

OAuth redirection abuse enables phishing and malware delivery

OAuth redirection is being repurposed as a phishing delivery path. Trusted authentication flows are weaponized to move users ...

"I was fighting to survive": Patients still struggle with preauthorization despite promise of reform

Last summer, the Trump administration announced a voluntary pledge by health insurers to reform prior authorization, but patient advocates and medical providers remain skeptical.
CPO Magazine

Researchers Warn Benign Google API Keys Could be Exploited to Rack Up Gemini AI Bills

Researchers with Truffle Security are warning that old and seemingly benign Google API keys might now be weaponized by threat actors after gaining Gemini AI authorization permissions, in a destructive ...
Healthcare IT News

At HIMSS26, Epic to highlight no-code Agent Factory and other AI advances

"Think about where you want to apply AI – documentation, patient engagement, revenue cycle, clinical trials – and go talk to ...
KFF Health News on MSN

Families Scramble To Pay Five-Figure Bills as Clock Ticks on Promised Preauthorization Reforms

Last summer, the Trump administration announced a voluntary pledge by health insurers to reform prior authorization, which often requires patients or their doctors to seek preapproval from insurers ...
CSO Online

When AI safety constrains defenders more than attackers

AI guardrails increasingly block legitimate security work while attackers bypass restrictions with ease. For CISOs, this asymmetry creates blind spots in defensive capabilities.
Sierra Sun Times

KFF Health News: Families Scramble To Pay Five-Figure Bills as Clock Ticks on Promised Preauthorization Reforms for Medical Care

Aetna CVS Health began “bundling” prior authorizations for musculoskeletal procedures, as well as for lung, breast, and ...
The American Journal of Managed Care

Experts Weigh Cost-Saving Promises of AI in Health Care Against Risk of Higher Spending

Rising national health expenditures and high administrative overhead create a compelling but not definitive business case for AI-enabled automation across billing, claims, and compliance functions.
Opinion
The New Republic on MSNOpinion

The Supreme Court Has Another Tribal Sovereignty Test on Its Hands

Six years ago, the Supreme Court held that nearly half of the state of Oklahoma was still legally considered Indian country. State officials have gone to great lengths to refuse to apply the court’s ...

Google says 90 zero-days were exploited in attacks last year

Google Threat Intelligence Group (GTIG) tracked 90 zero-day vulnerabilities actively exploited throughout 2025, almost half of them in enterprise software and appliances.