193 Security Blogs

Last Updated: 04 Jun 26 16:45 UTC

Blog List | Github | OPML

2026-06-26

Dark Reading
Name That Toon Contest


2026-06-04

Step Security
Miasma npm Supply Chain Attack: Self-Spreading Worm via Phantom Gyp

Amazon Security
Customize federated sign-in with new Amazon Cognito Lambda trigger

Searchlight Cyber
Unknown assets explained with Asset Attribution Visualization

NVISO Labs
The Detection & Response Chronicles: Covert Operations Through QEMU

Wiz
AI Threat Readiness Pillar 1: Reduce Critical Exposures & Scan with AI

Rapid7
How the “Swiss Cheese” model can help you choose the right MDR provider

ToxSec
Why AI Guardrails Can’t Tell Your Research From an Attack

Praetorian
Enter the WasmForge: Compiling Sliver into WebAssembly

Searchlight Cyber
Introducing the AI Thread Assistant

Cloudflare
VoidZero is joining Cloudflare

MIT Technology Review
The Download: AI-generated lawsuits and virtual power plants for data centers

Talos Intelligence
Winning the cyber marathon with Tony Giandomenico

Talos Intelligence
Hypotheses, telemetry, and human judgment: Inside Cisco Talos Threat Hunting

Malwarebytes
Travel scams are everywhere. Here’s how to avoid them

Schneier on Security
Hacking Meta’s AI Chatbot

MIT Technology Review
How courts are coping with a flood of AI-generated lawsuits

Malwarebytes
Meta’s AI support bot happily handed Instagram accounts to hackers

Escape DAST
Introducing Cascade: the multi-agent penetration testing that becomes an expert in your business

ISC SANS
Microsoft's Coreutils for Windows, (Thu, Jun 4th)

Dark Reading
Pakistan Spies on Afghan Finance Ministry With Xeno RAT

TrustedSec
The Privileged Roles Nobody Talks About

Socket
pnpm 11.5 Adds Support for Recognizing npm Staged Publishes

ISC SANS
ISC Stormcast For Thursday, June 4th, 2026 https://isc.sans.edu/podcastdetail/9958, (Thu, Jun 4th)

Snyk
Node-gyp Supply Chain Compromise: A Self-Propagating npm Worm That Hides in binding.gyp

Snyk
Type Level Security: The future of secure AI code generation?

Snyk
So You Have an AI Security Budget. Now what?

Sansec Threat Research
Magecart skimmer turns Stripe into a malware command server


2026-06-03

Dark Reading
Attackers Use AI to Automate EDR Evasion Testing

Ars Technica Security
Can't make sense of Dashlane's vault theft notification? You're not alone.

Dark Reading
Tropical Blend: Cyber & Politics Ramp Up Across Latin America

Dark Reading
Cyber Insurance Rates Are Dropping, but Exclusions Widen

Dark Reading
Coding Gaffe Exposes Microsoft 365 Accounts to Widespread Takeover

Malwarebytes
We found this fake-invoice campaign while scammers were still building it

Eclypsium
BTS #75 - Secure Boot Certificates Expiring: What You Need to Know

Meta Security
Lights Out, Systems On: Validating Instant Power Loss Readiness

Cloudflare
Enforcing the First AS in BGP AS_PATHs

MIT Technology Review
How virtual power plants could provide energy for data centers

GitGuardian
Four Credential-Harvesting Campaigns Hit Open Source Ecosystems in Two Weeks

Rapid7
A Day in the Life of an MDR Analyst: Inside the Modern SOC

Artem Golubin
NULLs in ClickHouse can hurt performance

ISC SANS
Continuing Scans for swagger.json, (Wed, Jun 3rd)

Bishop Fox Security
Otto Support - Testing MCP Servers

Auth0
The Many Faces of OAuth 2.0 Token Exchange

Malwarebytes
Keep getting calls from questionable numbers? Meet Scam Number Check

MIT Technology Review
The Download: Trump’s new AI order, and smart glasses for warfare

Dark Reading
Malicious Notifications Could Trick Google Gemini Users

Black Hills Info Sec
Auditing GitLab: The CI/CD Kill Chain

Schneier on Security
AI Used to Decrypt Medieval Ciphers

Trail of Bits
The sorry state of skill distribution

Searchlight Cyber
June 3rd – This Week’s Top Cybersecurity and Dark Web Stories

MalwareTech
ComoDoS - Exploiting a Remote Kernel Vulnerability in Comodo Internet Security

Dark Reading
Global Stock Exchange Hit by Monthslong Email Campaign

Aikido
Top 5 Tenable Nessus alternatives in 2026

Malwarebytes
Infostealers are becoming the go-to phishing payload

Microsoft Security
Preinstall to persistence: Inside the Red Hat npm Miasma credential-stealing campaign

Troy Hunt
Welcoming the Philippine Government to Have I Been Pwned

Socket
Federal Audit Finds NIST Wasted Funds With No Plan to Clear NVD Backlog

ISC SANS
ISC Stormcast For Wednesday, June 3rd, 2026 https://isc.sans.edu/podcastdetail/9956, (Wed, Jun 3rd)

Conduition
Brink is Now Funding My Research

Snyk
The New Security Risks of the Agentic Development Lifecycle


2026-06-02

Dark Reading
Zoom CISO: AI as a Security Enabler, Not Role-Replacer

Dark Reading
FBI-Flagged Phishing Kit Kali365 Expands Its Reach

Aikido
Why EDR and proxy won’t save you from supply chain malware

Dark Reading
DriveSurge Hijacks Thousands of Sites for ClickFix, FakeUpdate Attacks

SentinelOne
SentinelOne + Claude: Integrations for AI Visibility, Governance, and Defense

Dark Reading
China Uses Dual-Method Cyberattack on Czech Orgs

Xint
Using Context to Discover IDOR Vuln in Healthcare Co: Technical Deep Dive

Dark Reading
Securing AI Agents Before They Go Rogue Is Next to Impossible

Amazon Security
Identify unused AWS KMS keys and prevent accidental key deletions

Malwarebytes
These convincing copyright notices are designed to steal Google logins

Step Security
Dev Machine Guard Now Scans Extensions Across Every Modern IDE

Step Security
Multiple redhat-cloud-services npm Packages compromised

Step Security
Laravel-Lang Supply Chain Attack: Every Tag Across Multiple Composer Packages Rewritten to Steal CI Secrets

Step Security
Nx Console VS Code Extension Compromised

Microsoft Security
Microsoft Build 2026: Securing code, agents, and models across the development lifecycle

Amazon Security
Secure multi-tenant AI agents with Amazon Bedrock AgentCore resource-based policies

Dark Reading
[An RX Global Event] Infosecurity Europe

Eclypsium
Microsoft Secure Boot Certificates Expiring in 2026: Enterprise Impact

Eye Security Research
Device Code Phishing Forensics: What We Learned Investigating BEC in the Wild

MIT Technology Review
The Download: AI can run your admin department now

Dark Reading
Beyond Assume-Breach: How AI-Native Security Will Reshape Enterprise Defense

MIT Technology Review
Rehumanizing global health care with agentic AI

Schneier on Security
The Intersection of Encryption and AI

Schneier on Security
Microsoft Threatening Security Researcher

Reversemode
Did Israel Present a Video of Fast16 in Action?

Malwarebytes
23andMe exposed genetic information of millions, lawsuit says

Malwarebytes
Fake virus alerts are invading mobile games

MIT Technology Review
How small businesses can leverage AI

ISC SANS
New Wave Of Phishing Emails with SVG Files, (Tue, Jun 2nd)

TrustedSec
CMMC Conditional Status - Contracting Without Compliance

ISC SANS
ISC Stormcast For Tuesday, June 2nd, 2026 https://isc.sans.edu/podcastdetail/9954, (Tue, Jun 2nd)

Infernux Blog
Shipping OpenTelemetry logs from coding agents to Microsoft Sentinel

Elastic Security Labs
From API key to live threat detections in minutes: how Elastic Security ingests Google Threat Intelligence

Snyk
Protestware by open source maintainer to hinder agentic coding: The jqwik 1.10.0 Prompt Injection

Sansec Threat Research
GorgonAgora: 4,800+ fake storefronts skim cards across hundreds of impersonated brands

Fastly
Python SDK Beta: How the Language of AI Runs Faster and Safer with Fastly

Auth0
Back-Channel Logout with TanStack Start

Datadog HQ
From single pull requests to full software packages: Detecting malicious code at scale


2026-06-01

Dark Reading
Anthropic to Open Mythos AI to EU's ENISA

Ars Technica Security
Hackers duped Meta AI support chatbot to steal celebrity Instagram accounts

Ars Technica Security
Dozens of Red Hat packages backdoored through its official NPM channel

The Citizen Lab
Chilling Effects of Trump’s War on Free Speech Extend Far Beyond Campus Walls – And That’s the Point

Dark Reading
Microsoft's Zero-Day Legal Threats Spark Backlash

Aikido
Move over, Mythos. Here comes... pretty much any other model with a good harness

Mend
Miasma: Red Hat Cloud Services npm Packages Hit by a Mini Shai-Hulud-Style Campaign

Krebs on Security
Hackers Used Meta’s AI Support Bot to Seize Instagram Accounts

Cloudflare
How we reduced core unit boot time from hours to minutes

Schneier on Security
Vulnerability Disclosure in the Age of AI

Amazon Security
Spring 2026 SOC 1, 2, and 3 reports are now available with 188 services in scope

Wiz
Eliminate Critical API Attack Paths with Wiz API SPM

Malwarebytes
Fake BlueWallet steals passwords, accounts, and crypto from Macs

Dark Reading
Patch Now: Another Palo Alto Auth Bypass Bug Under Active Exploit

Exodus Blog
Adobe Acrobat Reader Escript.api Use-After-Free Remote Code Execution

Aikido
Red Hat npm Packages Compromised to Spread a Credential-Stealing Worm

Socket
Mini Shai-Hulud Campaign Hits Red Hat Cloud Services npm Packages

Rapid7
CVE-2026-0826: Critical unauthenticated stack buffer overflow in HP Poly VVX and Trio VoIP Phones (FIXED)

Rapid7
CVE-2026-0826: How an Old Bug Can Feed AI-Powered Impersonation

Wiz
Miasma: Supply Chain Attack Targeting RedHat npm Packages

MIT Technology Review
The Download: China’s brain implant ambitions

MIT Technology Review
China has approved the world’s first invasive brain-computer chip—here’s what’s next

GitGuardian
How We Migrated the Heart of Our Platform to Rust

Malwarebytes
Your phone called. It needs a cleanup.

Troy Hunt
1,000 Data Breaches Later, the Disclosure Lag is Worse Than Ever

Rapid7
Rapid7 and Exclusive Networks Expand Partnership Across the Nordics

Malwarebytes
A week in security (May 25 – May 31)

Auth0
How to Sign Up and Log In with Passkeys on iOS Using Auth0's Native Login

Troy Hunt
Weekly Update 506

ISC SANS
ISC Stormcast For Monday, June 1st, 2026 https://isc.sans.edu/podcastdetail/9952, (Mon, Jun 1st)

Malwarebytes
Payment apps are watching what you say (Lock and Code S07E11)

ISC SANS
Unidentified RAT pushes NetSupport RAT, (Mon, Jun 1st)

Datadog HQ
How we cut Spark compute costs by 44% with agentic AI and Datadog Jobs Monitoring

Sansec Threat Research
Sansec adds support for Sylius 1 & 2

GMO Flatt Security Research
Poisoning Claude Code: One GitHub Issue to Break the Supply Chain

Snyk
Miasma supply chain attack: malicious code found in @redhat-cloud-services npm packages

Auth0
Why AI Agents Need Their Own Permission Model

Rosecurify
Seclog - #180

Flatt Security Research
Poisoning Claude Code: One GitHub Issue to Break the Supply Chain

Datadog HQ
Migrate to Azure Managed Redis with Datadog and Eden

Datadog HQ
A deep dive into AWS data perimeter misconfigurations


2026-05-31

Socket
Famous Chollima Targets PHP Developers Through Compromised Packagist Package

ISC SANS
YARA-X 1.17.0 Release, (Sun, May 31st)

Jericho
MSRC; Tell The Whole Story Please

ToxSec
LLM Defense in Depth: Assume Breach and Contain the Blast

GitGuardian
Top 16 Secrets Management Tools and Platforms for 2026 (Compared)

Socket
Rust Moves to Restrict LLM Use in Contributions After Months of Internal Debate

Moonlock
Is Temu legit? Here’s the truth about its safety and potential scams


2026-05-30

Moonlock
Snapchat hacked? Signs to watch for and how to recover your account

Microsoft Security
Malicious npm packages abuse dependency confusion to profile developer environments


2026-05-29

Schneier on Security
Friday Squid Blogging: Another Squid

Dark Reading
Name That Toon: Mark of (Cybersecurity) Progress

Rapid7
Metasploit Wrap Up 05/29/2026

Ars Technica Security
Botnet of more than 17 million devices dismantled

Rapid7
Rapid7 Observed Exploitation of PAN-OS GlobalProtect Authentication Bypass Vulnerability (CVE-2026-0257)

Microsoft Security
Microsoft is named a Leader in the 2026 Gartner® Magic Quadrant™ for Endpoint Protection

Dark Reading
As Global Powers Explore Humanoid Robots, Cyber-Risk Looms

The Citizen Lab
Researchers Uncover Espionage in Mobile Networks

SentinelOne
The Good, the Bad and the Ugly in Cybersecurity – Week 22

Dark Reading
Asia's Cyber Insurance Market Shows Signs of Life

Dark Reading
With Complex Cloud Integrations, Small Errors Lead to Major Compromises

Bishop Fox Security
Looting UniFi Controllers: Detecting and Weaponizing CVE-2026-22557

MIT Technology Review
The Download: unlocking lithium and controlling Ebola

Malwarebytes
Signal users targeted in backup-stealing phishing attacks

Dark Reading
'The Com' Cyberattacks Support Violence & Sexploitation

Schneier on Security
Chilling Effects

Moonlock
Is Poshmark safe? Common scams & how to stay safe as a buyer or seller

Snyk
How Relay Network Adopted AI Coding Securely and Built the Foundation for Agentic Development

Snyk
Fix SCA issues at scale in your terminal with Snyk Remediation Agent in the CLI

Microsoft Security
Typosquatted npm packages used to steal cloud and CI/CD secrets

Moonlock
New Mac stealer SHub Reaper is spoofing Apple, Google, and Microsoft

Moonlock
Coinbase scam: How to recognize fake texts, emails, and calls before it’s too late

ISC SANS
ISC Stormcast For Friday, May 29th, 2026 https://isc.sans.edu/podcastdetail/9950, (Fri, May 29th)

Teleport Blog
What SPIFFE Answers for Workload Identity and What It Doesn’t

Star Labs
Race Against The Patch: The Evolution of Four Exploit Chains in LiteLLM

Datadog HQ
Monitoring LangGraph agents with Datadog: a practical guide

Datadog HQ
Monitor LLM routing with the Kubernetes Inference Extension

Datadog HQ
How a unified data model improves feature flag rollout decisions


2026-05-28

Amazon Security
Why and how to migrate to a Transit Gateway-attached AWS Network Firewall

Praetorian
When Encryption Isn’t Really Encryption

Ars Technica Security
Fed up with vibe coders, dev sneaks data-nuking prompt injection into their code

Dark Reading
Dutch Raid Fails to Dent Russian Bulletproof Host

Amazon Security
Simplifying policy management with URL and Domain Category filtering on AWS Network Firewall

Talos Intelligence
Less panic patching, more precision

Praetorian
Adversarial Oracles: LLM-Guided EDR Signature Reduction