2025-01-20
Schneier on Security
Biden Signs New Cybersecurity Order
SentinelOne
2024 macOS Malware Review | Infostealers, Backdoors, and APT Campaigns Targeting the Enterprise
Malwarebytes
A week in security (January 13 – January 19)
Dark Reading
Name That Toon: Incentives
MaskRay's Blog
Natural loops
Zero Day Initiative
Looking at the Attack Surfaces of the Pioneer DMH-WT7600NEX IVI
Red Siege InfoSec Blog
From Assessment to Action: The Red Siege Security Posture Review Is Here
2025-01-17
Schneier on Security
Friday Squid Blogging: Opioid Alternatives from Squid Research
Schneier on Security
Social Engineering to Disable iMessage Protections
CrankySec
Cunty Club
Dark Reading
15K Fortinet Device Configs Leaked to the Dark Web
Dark Reading
Russian APT Phishes Kazakh Gov't for Strategic Intel
Bad Security
When Does Automotive Convenience Turn Into A Safety, Security and Surveillance Concern?
Binary Security
Finding SSRFs in Azure DevOps
2025-01-16
Schneier on Security
FBI Deletes PlugX Malware from Thousands of Computers
Kevin Beaumont
2022 zero day was used to raid Fortigate firewall configs. Somebody just released them.
Talos Intelligence
Find the helpers
SentinelOne
New Possibilities with Purple AI | Third-Party Log Sources & Multilingual Question Support
Amazon Security
Preventing unintended encryption of Amazon S3 objects
Ars Technica Security
Microsoft patches Windows to eliminate Secure Boot bypass threat
Protexity
Benefits of Security Through Obscurity
Dark Reading
183M Patient Records Exposed: Fortified Health Security Releases 2025 Healthcare Cybersecurity Report
Dark Reading
Karl Triebes Joins Ivanti as Chief Product Officer
Dark Reading
Trusted Apps Sneak a Bug Into the UEFI Boot Process
Meta Security
Measuring productivity impact with Diff Authoring Time
Google Security Blog
OSV-SCALIBR: A library for Software Composition Analysis
Zero Day Initiative
Reviewing the Attack Surface of the Autel MaxiCharger: Part Two
Shielder Blog
Karmada Security Audit
Krebs on Security
Chinese Innovations Spawn Wave of Toll Phishing Via SMS
2025-01-15
Okta Security
Raising the Bar for our Industry with IPSIE
Schneier on Security
Phishing False Alarm
Talos Intelligence
Slew of WavLink vulnerabilities
Ars Technica Security
Startup necromancy: Dead Google Apps domains can be compromised by new owners
Dark Reading
OWASP's New LLM Top 10 Shows Emerging AI Threats
Zero Day Initiative
Reviewing the Attack Surface of the Autel MaxiCharger: Part One
2025-01-14
Rapid7
Patch Tuesday - January 2025
Schneier on Security
Upcoming Speaking Engagements
Schneier on Security
The First Password on the Internet
Talos Intelligence
Microsoft Patch Tuesday for January 2025 — Snort rules and prominent vulnerabilities
Cloudflare
Demonstrating reduction of vulnerability classes: a key step in CISA’s “Secure by Design” pledge
Claroty
CVE-2025-0430
Amazon Security
AWS achieves HDS certification for 24 AWS Regions
Ars Technica Security
FBI forces Chinese malware to delete itself from thousands of US computers
Dark Reading
Microsoft Rings in 2025 With Record Security Update
Bishop Fox Security
raink: Use LLMs for Document Ranking
Zero Day Initiative
The January 2025 Security Update Review
Courk's Blog
Laser Fault Injection on a Budget: RP2350 Edition
Krebs on Security
Microsoft: Happy 2025. Here’s 161 Security Updates
Compass Security Blog
Hitchhiker’s Guide to Managed Security
TrustedSec
Command Line Underdog: WMIC in Action
2025-01-13
Dark Reading
K2 Secures Navy SeaPort Next Generation Contract
Dark Reading
Microsoft Cracks Down on Malicious Copilot AI Use