196 Security Blogs

Last Updated: 26 Jun 26 16:45 UTC

Blog List | Github | OPML

2026-06-26

Schneier on Security
Meta Is Testing Facial Recognition for Police and Military

Step Security
Multiple @immobiliarelabs Backstage Plugins Compromised on npm

Dark Reading
AI Won't Wipe-Out Entry-Level Cybersecurity Jobs

Jericho
Captain Obvious Audits the NVD

Socket
Rolldown Pulls Rust React Compiler Integration After Binary Size Increase

GitGuardian
AI Is the Newest Developer To Misunderstand Secrets In Your Git History

Dark Reading
Meeting Trump's 2030 Quantum Deadline Will be Expensive, Complex

SentinelOne
The Good, the Bad and the Ugly in Cybersecurity – Week 26

Dark Reading
Thanks for Crushing the Submissions Inbox. We're Trying to Keep Up

Malwarebytes
Malware steals Chrome session cookies to take over your accounts

MIT Technology Review
The Download: brain-melting heatwaves and unprecedented OpenAI restrictions

Wiz
MCP Auto-Execution: From Git Clone to Cloud Compromise in Amazon Q VS Code Extension

Schneier on Security
One Million Passports Leaked Online

MIT Technology Review
Heat waves mess with your brain. Scientists are trying to figure out why.

Auth0
Want AI Agents That Don't Spill Secrets? Don't Give Them Secrets

Aikido
Packagist is now protected by Aikido Intel and other updates to the PHP registry

Compass Security Blog
Cyber Resilience Act – Part I

Moonlock
Your Telegram got hacked? Here’s what you can do about it


2026-06-25

Dark Reading
Robinhood Cuts Access Approval Time to Support High-Velocity Development

Meta Security
Privacy-Aware Infrastructure in the AI-Native Era: An Asset Classification Case Study

Microsoft Security
Photo ZIP campaign targeting hospitality industry delivers Node.js implant for persistent access

Dark Reading
In Less Than 24 Hours, Attackers Weaponize Cisco CUCM Flaw

Dark Reading
Russian APT 'Gamaredon' Upgrades Its Arsenal, Requiring New Defenses

Dark Reading
EdTech Attackers Shift From Schools to Their Software Suppliers

Mend
Attestation in Cybersecurity: Types, Uses & Best Practices

Dark Reading
Local Police Collusion Hampers Crackdown on Asian Scam Centers

Malwarebytes
Beware of “Parcel Expert” job offers: They’re parcel mule scams

Talos Intelligence
Beyond IOCs: AI-enabled threat intelligence

Socket
Miasma Mini Shai-Hulud Hits LeoPlatform npm Packages and GitHub Actions, Expands to the Go Ecosystem

The Citizen Lab
Emile Dirks Elected to PEN Canada’s Board of Directors

Schneier on Security
AI and Liability

Eclypsium
Mythos Finds Vulnerabilities. But Can Anyone Patch Fast Enough?

Microsoft Security
Microsoft a Leader in The Forrester Wave™ for Endpoint Management Platforms

Step Security
Maven Support Comes to GitHub Checks and OSS Package Search

Jericho
2026 East Coast Drive (Part 6: TN)

Artem Golubin
Hexora v0.3: New features and improvements

Step Security
15 Malicious JetBrains Plugins Stole AI API Keys from 70,000 Developers

MIT Technology Review
Repositioning retail for the AI era

ToxSec
Decision Tracing: The Missing Piece in Every AI Agent Breach

Rapid7
Experts on Experts: Why AI and Compliance Are Forcing A New Security Operating Model

Cloudflare
How we built saga rollbacks for Cloudflare Workflows

Embrace The Red
Computer-Use and TOCTOU: What You Click Is Not What You Get!

MIT Technology Review
The Download: Europe’s heat wave hits the grid, and IBM’s chip targets Moore’s Law

CISA Alerts & Advisories
Horner Automation Cscape

CISA Alerts & Advisories
Daktronics Controller Firmware

CISA Alerts & Advisories
Schneider Electric PowerLogic P7

CISA Alerts & Advisories
Yokogawa FAST/TOOLS and CI Server

CISA Alerts & Advisories
EVoke Systems Charging Station Management System

CISA Alerts & Advisories
H.VIEW HV-500S6 IP Camera

CISA Alerts & Advisories
OHIF Viewers DICOM

CISA Alerts & Advisories
Delta Electronics DTM Soft

CISA Alerts & Advisories
CISA Adds Two Known Exploited Vulnerabilities to Catalog

CISA Alerts & Advisories
pydicom pynetdicom Library

Wiz
Uncovering Hidden Attack Paths in Cloud Environments Using Runtime Signals

Schneier on Security
Interesting Paper Exploring Prompt Injection

Malwarebytes
Update Chrome to patch critical browser security flaws

Malwarebytes
Fake domain renewal emails trick website owners into paying scammers

ISC SANS
What do Ports Hear When Nobody's Listening? An Assessment of Automated Cybercrime [Guest Diary], (Wed, Jun 24th)

Talos Intelligence
Introduction to COM usage by Windows threats

Dark Reading
Europe Evolves Into Ransomware's Favorite Region

MIT Technology Review
IBM has unveiled chip technology that could help extend Moore’s Law another decade

MIT Technology Review
What Europe’s heat wave means for the power grid

Malwarebytes
Elite network says it was hacked after members’ personal data was left exposed

Step Security
Mass npm Supply Chain Attack: 20 Leo Platform Packages Compromised

Step Security
simonecorsi/mawesome GitHub Action has been compromised

Step Security
codfish/semantic-release-action GitHub Action has been compromised

TrustedSec
Large Workflows with Local LLMs

Moonlock
Has your Gmail been hacked? Here’s how to tell and how to recover your account

Fastly
How to Prove the Business Value of Your Edge Infrastructure

Datadog HQ
How we saved over $3 million in idle compute costs with Datadog Kubernetes Autoscaling

Snyk
NVD in the AI Era: The Case for Multi-Source Vulnerability Intelligence

Hacktron
Metabase Cloud: The winner takes it all

Datadog HQ


2026-06-24

Xint
How a FinTech Startup Accelerates Rapid Product Iteration Without Introducing Security Gaps With Xint

Dark Reading
Attackers Hit Cisco SD-WAN Flaw 2 Months Before Disclosure

Aikido
Compromised GitHub action codfish/semantic-release-action steals CI/CD secrets

Ars Technica Security
One-two punch delivered in global operation disrupts cybercrime "assembly line"

Dark Reading
2026 FIFA World Cup Faces Surge in Cyber Threats

Amazon Security
Restrict AWS Management Console access to expected networks with sign-in resource-based policies and RCPs

Dark Reading
Do CISOs Need a Code of Ethics?

Microsoft Security
CNAPP evolution: How Microsoft aligns with leading cloud risk management platforms

Malwarebytes
PixelSmash flaw turns video files into attack tools

Dark Reading
More Malicious OpenClaw Skills Threaten AI Supply Chain

MIT Technology Review
Europe’s extreme heat is shutting down power plants

Jericho
2026 East Coast Drive (Part 5: WV / KY)

Malwarebytes
Watch out for renewal scams pretending to be Malwarebytes

GitGuardian
Identiverse 2026: The Challenges Of Solving Identity For AI Agents At Scale

Black Hills Info Sec
Insufficient Egress Filtering: How Weak Outbound Controls Enable Attacks

Snyk
A Note to Our Customers and Partners

Bishop Fox Security
AI Finds Vulnerabilities. Security Experts Find Impact.

Microsoft Security
StealC and Amadey: Breaking down infostealers and the cybercrime services that deliver them

Wiz
How AI Is Rewriting the SecOps Playbook

MIT Technology Review
The Download: introducing the Engineering issue

GitGuardian
Hunting Leaked PyPI Tokens: 62 Live, 125 Packages Exposed

MIT Technology Review
Stripe, Anthropic, and OpenAI are backing an effort to stop respiratory infections

CISA Alerts & Advisories
Using SASE in a Modern TIC 3.0 Solution

CISA News
New CISA Guide Assists Federal Agencies with Transitioning to Modernized Zero Trust Architectures

Dark Reading
Apple's MacOS Gap Lets Users Disable Security Tools

MIT Technology Review
The emergence of the web data infrastructure layer for AI

Schneier on Security
Embedding Forbidden Text in Spyware to Discourage AI Analysis

Malwarebytes
“Total access to all your devices.” Sextortion scammers strike again

Searchlight Cyber
June 24th – This Week’s Top Cybersecurity and Dark Web Stories

ISC SANS
Linux Process Name Masquerading, (Wed, Jun 24th)

Cloudflare
Unlocking the Cloudflare app ecosystem with OAuth for all

Troy Hunt
Weekly Update 509

Socket
Frontier AI Is Now Critical Infrastructure

ISC SANS
ISC Stormcast For Wednesday, June 24th, 2026 https://isc.sans.edu/podcastdetail/9984, (Wed, Jun 24th)

Star Labs
Old Bug, Harder Rules : Exploiting CVE-2023-36802 Without the Usual Shortcuts

Datadog HQ
Automatically enrich security logs with MITRE ATT&CK context before they reach your SIEM

Fastly
Using the Gini Coefficient to Plan Edge Capacity

Teleport Blog
Your AI Agent Needs to Know Who You Are

Auth0
Embedded Login Advancements: Put Your Apps in Control of Identity to Accelerate Conversions


2026-06-23

Palo Alto Networks
New Executive Order Accelerates Post-Quantum Readiness Amid the Cryptographic Reset

Ars Technica Security
White House drastically shortens deadline for dropping quantum-vulnerable crypto

Dark Reading
Scope of Salesforce Attacks Expands as Icarus Leaks Data

Dark Reading
'Cordyceps': Mushrooming Malicious Pull Requests Threaten Developer Workflows

Cloudflare
The White House's post-quantum executive order is an important milestone. It’s time to get to work

Rapid7
Why SIEM is Moving Toward Unified Security Operations: Rapid7 Named a Major Player in IDC MarketScape

Offensive Security
Intro to STIG Tools

Krebs on Security
Scattered Spider Hackers Plead Guilty on Day 1 of Trial

Meta Security
How Meta Engineered Ultra-Narrow Batteries for AI Glasses

Mozilla Security
Keeping the web open and private in the bot era

Palo Alto Networks
Built to Last: What Stonehenge Teaches us About IT Architecture & Cyber Resilience

Malwarebytes
Inside the dark web: Stolen identities for 95¢, malware, and scams-for-hire

Socket
The Code You Didn't Write Is Still Yours to Defend

Jericho
2026 East Coast Drive (Part 4: Food)

Xint
Xint Achieves Dual ISO Certifications, Accelerating Global Security Compliance Roadmap

Auth0
Does Your Agent Want to See Other People? Identity-Chained Authorization with Auth0 Token Vault.

Dark Reading
SocGholish Takedown Highlights Malicious TDS Threats

Offensive Security
Cybersecurity Training in the Age of AI

Sicuranext Blog
Ghost Stories: investigating an undocumented ClickFix C2 in Ghost CMS

Sicuranext Blog
Ghost Stories: investigating an undocumented ClickFix C2 in Ghost CMS

Malwarebytes
Meta pauses controversial employee-tracking program after security review

Eclypsium
CISA BOD 26-04: What it Means and How Eclypsium Can Help

Filippo Valsorda
Vulnerability Reports Are Not Special Anymore

Aikido
Aikido x Drydock | A way for maintainers to catch malware before it ships

Dark Reading
FortiBleed Attackers Turn Firewalls Into Credential Stealers as Heists Persist

Wiz
AI Threat Readiness Pillar 4: Detect and contain threats in real-time

CISA Alerts & Advisories
CISA Adds Four Known Exploited Vulnerabilities to Catalog

CISA Alerts & Advisories
Siemens SIPROTEC 5 Using DIGSI5 Protocol

CISA Alerts & Advisories
Impact of Linux Kernel vulnerabilities on B&R products

CISA Alerts & Advisories
Siemens SINEC INS

CISA Alerts & Advisories
ABB Freelance Security Lock

CISA Alerts & Advisories
Siemens WinCC Certificate Manager

CISA Alerts & Advisories
Hubbell Aclara Metrum Cellular Web Interface

CISA Alerts & Advisories
Siemens Products using OpenSSL

Schneier on Security
Anthropic’s Fable 5 Model Jailbroken Within Days

Malwarebytes
Hackers steal passport and driver’s license data of 3 million Texans

Malwarebytes
GTA 6 early access is nothing but a scam

Google Safety & Security
Expanding financial advertiser verification across Europe

Snyk
Announcing Agentic Development Security (ADS)

Snyk
What nearly 10,000 developer environments reveal about agentic development risk

Snyk
The New Security Control Point: Governing AI Agents Inside the Execution Loop

ISC SANS
CVE-2024-40766: The Patch Fixed the Bug. Nobody Fixed the Configuration., (Tue, Jun 23rd)

Snyk
When a vendor's breach becomes yours: lessons from the Klue incident

ISC SANS
ISC Stormcast For Tuesday, June 23rd, 2026 https://isc.sans.edu/podcastdetail/9982, (Tue, Jun 23rd)

Elastic Security Labs
From vulnerability report to CVE draft in minutes: how Elastic automated security advisories with AI

Datadog HQ
How we migrated a live routing system using AI-assisted refactoring

Fastly
The Fastly C++ SDK is Now Generally Available

Rosecurify
Seclog - #183

Datadog HQ
How to migrate feature flags without breaking production


2026-06-22

Dark Reading
DifyTap Bugs Let Attackers 'Wiretap' AI Chat Histories

Ars Technica Security
Following user outcry, AMD reinstates memory encryption in consumer CPUs

Microsoft Security
Guarding AI memory

Mend
AI changed what you ship. It also changed what you have to secure.

Cloudflare
How we found a bug in the hyper HTTP library

Trail of Bits
Introducing Patch the Planet

Dark Reading
Crypto Heist Fueled by Elaborate Fake Reputation-Boosting Campaign

Meta Security
Adopting AV1 for Real-Time Communication (RTC) at Scale

Microsoft Security
One intrusion, two cyberattackers: Uncovering parallel threat activity

Exodus Blog
Out of Shift: How a Shared State Bug in V8’s AsmJS Parser Broke the Ubercage

Amazon Security
Prevent data exfiltration: AWS egress controls for cloud workloads

Auth0
Passkey Adoption Is Rising, but Is It Worth It Yet?

Searchlight Cyber
How to Measure Continuous Attack Surface Management Success: Essential Metrics That Matter

Malwarebytes
Thousands of D-Link routers under control of AryStinger botnet

Jericho
2026 East Coast Drive (Part 3: VA / DC)

Dark Reading
He Thought He Was Secure; His Phone Number Was Stolen Anyway

ISC SANS
Webshells Remain Popular, (Mon, Jun 22nd)

Wiz
Cloud-native Security for your Windows environment: Announcing the Wiz Runtime Sensor for Windows

Malwarebytes
Document delivery scams: What are they and what’s their goal?

JFrog
PixelSmash – Critical FFmpeg Vulnerability Turns Media Files into Weapons

CISA Blog
Five Eyes Cyber Security Agencies Statement

Schneier on Security
Professional Athletes and Wearables

Escape DAST
Race against the Machine: Can you match AI's pentesting time?

Malwarebytes
A week in security (June 15 – June 21)

Moonlock
eBay scams: How to spot eBay fraud before you lose money

Moonlock
Facebook scams: How to recognize them before it’s too late

ISC SANS
ISC Stormcast For Monday, June 22nd, 2026 https://isc.sans.edu/podcastdetail/9980, (Mon, Jun 22nd)

GitGuardian
BSides San Antonio 2026: Following Trust Across Applications, Cloud, and Compliance

Datadog HQ
Using Evaluation Frameworks with Agent Observability


2026-06-21

Jericho
2026 East Coast Drive (Part 2: North Carolina / Virginia)

ToxSec
AI Tar Pits Are Drowning LLM Scrapers in Infinite Garbage


2026-06-20

Jericho
2026 East Coast Drive (Part 1: NaClCON)

Project Black
Liquidfiles Privilege Escalation

Socket
GitHub Actions Checkout Now Blocks Risky pull_request_target Checkouts

Joshua Rogers
Hacking fun with zip-slips, tar-slips, symlinks, hardlinks, collisions, and more


2026-06-19

Schneier on Security
Friday Squid Blogging: Victims of Unregulated Squid Fishing

Kevin Beaumont
An update on FortiBleed — what’s happening with victim orgs

Socket
Introducing Repository Access Permissions and Custom Roles

Rapid7
Weekly Metasploit Update: NTLM Relay Priv Esc, MCP Server Integration, Paperclip AI RCE Chain, and more