196 Security Blogs

Last Updated: 25 Jun 26 16:45 UTC

Blog List | Github | OPML

2026-06-25

Eclypsium
Mythos Finds Vulnerabilities. But Can Anyone Patch Fast Enough?

Step Security
Maven Support Comes to GitHub Checks and OSS Package Search

Jericho
2026 East Coast Drive (Part 6: TN)

Artem Golubin
Hexora v0.3: New features and improvements

Step Security
15 Malicious JetBrains Plugins Stole AI API Keys from 70,000 Developers

MIT Technology Review
Repositioning retail for the AI era

ToxSec
What Did Your Agent Actually Do Last Night? Forensic IR for AI Agents

Rapid7
Experts on Experts: Why AI and Compliance Are Forcing A New Security Operating Model

Cloudflare
How we built saga rollbacks for Cloudflare Workflows

MIT Technology Review
The Download: Europe’s heat wave hits the grid, and IBM’s chip targets Moore’s Law

CISA Alerts & Advisories
EVoke Systems Charging Station Management System

CISA Alerts & Advisories
OHIF Viewers DICOM

CISA Alerts & Advisories
Delta Electronics DTM Soft

CISA Alerts & Advisories
Daktronics Controller Firmware

CISA Alerts & Advisories
Horner Automation Cscape

CISA Alerts & Advisories
Yokogawa FAST/TOOLS and CI Server

CISA Alerts & Advisories
H.VIEW HV-500S6 IP Camera

CISA Alerts & Advisories
Schneider Electric PowerLogic P7

CISA Alerts & Advisories
pydicom pynetdicom Library

Wiz
Uncovering Hidden Attack Paths in Cloud Environments Using Runtime Signals

Schneier on Security
Interesting Paper Exploring Prompt Injection

Malwarebytes
Update Chrome to patch critical browser security flaws

Malwarebytes
Fake domain renewal emails trick website owners into paying scammers

ISC SANS
What do Ports Hear When Nobody's Listening? An Assessment of Automated Cybercrime [Guest Diary], (Wed, Jun 24th)

Talos Intelligence
Introduction to COM usage by Windows threats

MIT Technology Review
What Europe’s heat wave means for the power grid

Dark Reading
Europe Evolves Into Ransomware's Favorite Region

MIT Technology Review
IBM has unveiled chip technology that could help extend Moore’s Law another decade

Malwarebytes
Elite network says it was hacked after members’ personal data was left exposed

Step Security
Mass npm Supply Chain Attack: 20 Leo Platform Packages Compromised

Step Security
simonecorsi/mawesome GitHub Action has been compromised

Step Security
codfish/semantic-release-action GitHub Action has been compromised

TrustedSec
Large Workflows with Local LLMs

Snyk
NVD in the AI Era: The Case for Multi-Source Vulnerability Intelligence

Hacktron
Metabase Cloud: The winner takes it all


2026-06-24

Xint
How a FinTech Startup Accelerates Rapid Product Iteration Without Introducing Security Gaps With Xint

Dark Reading
Attackers Hit Cisco SD-WAN Flaw 2 Months Before Disclosure

Aikido
Compromised GitHub action codfish/semantic-release-action steals CI/CD secrets

Ars Technica Security
One-two punch delivered in global operation disrupts cybercrime "assembly line"

Dark Reading
2026 FIFA World Cup Faces Surge in Cyber Threats

Amazon Security
Restrict AWS Management Console access to expected networks with sign-in resource-based policies and RCPs

Dark Reading
Do CISOs Need a Code of Ethics?

Microsoft Security
CNAPP evolution: How Microsoft aligns with leading cloud risk management platforms

Malwarebytes
PixelSmash flaw turns video files into attack tools

Dark Reading
More Malicious OpenClaw Skills Threaten AI Supply Chain

MIT Technology Review
Europe’s extreme heat is shutting down power plants

Jericho
2026 East Coast Drive (Part 5: WV / KY)

Malwarebytes
Watch out for renewal scams pretending to be Malwarebytes

GitGuardian
Identiverse 2026: The Challenges Of Solving Identity For AI Agents At Scale

Black Hills Info Sec
Insufficient Egress Filtering: How Weak Outbound Controls Enable Attacks

Snyk
A Note to Our Customers and Partners

Bishop Fox Security
AI Finds Vulnerabilities. Security Experts Find Impact.

Microsoft Security
StealC and Amadey: Breaking down infostealers and the cybercrime services that deliver them

Wiz
How AI Is Rewriting the SecOps Playbook

MIT Technology Review
The Download: introducing the Engineering issue

GitGuardian
Hunting Leaked PyPI Tokens: 62 Live, 125 Packages Exposed

Dark Reading
Apple's MacOS Gap Lets Users Disable Security Tools

CISA News
New CISA Guide Assists Federal Agencies with Transitioning to Modernized Zero Trust Architectures

CISA Alerts & Advisories
Using SASE in a Modern TIC 3.0 Solution

MIT Technology Review
Stripe, Anthropic, and OpenAI are backing an effort to stop respiratory infections

MIT Technology Review
The emergence of the web data infrastructure layer for AI

Schneier on Security
Embedding Forbidden Text in Spyware to Discourage AI Analysis

Malwarebytes
“Total access to all your devices.” Sextortion scammers strike again

Searchlight Cyber
June 24th – This Week’s Top Cybersecurity and Dark Web Stories

MIT Technology Review
All challenges big and small

MIT Technology Review
This flying solar-powered platform could deliver better internet from the air

Buchodi
Phishing's New Growth Team: Meta Ads and Lovable

ISC SANS
Linux Process Name Masquerading, (Wed, Jun 24th)

Cloudflare
Unlocking the Cloudflare app ecosystem with OAuth for all

Troy Hunt
Weekly Update 509

Socket
Frontier AI Is Now Critical Infrastructure

ISC SANS
ISC Stormcast For Wednesday, June 24th, 2026 https://isc.sans.edu/podcastdetail/9984, (Wed, Jun 24th)

Fastly
Using the Gini Coefficient to Plan Edge Capacity

Auth0
Embedded Login Advancements: Put Your Apps in Control of Identity to Accelerate Conversions

Datadog HQ
Automatically enrich security logs with MITRE ATT&CK context before they reach your SIEM

Teleport Blog
Your AI Agent Needs to Know Who You Are

Star Labs
Old Bug, Harder Rules : Exploiting CVE-2023-36802 Without the Usual Shortcuts


2026-06-23

Palo Alto Networks
New Executive Order Accelerates Post-Quantum Readiness Amid the Cryptographic Reset

Ars Technica Security
White House drastically shortens deadline for dropping quantum-vulnerable crypto

Dark Reading
Scope of Salesforce Attacks Expands as Icarus Leaks Data

Dark Reading
'Cordyceps': Mushrooming Malicious Pull Requests Threaten Developer Workflows

Cloudflare
The post-quantum EO is an important milestone. Now it’s time to get to work

Rapid7
Why SIEM is Moving Toward Unified Security Operations: Rapid7 Named a Major Player in IDC MarketScape

Offensive Security
Intro to STIG Tools

Krebs on Security
Scattered Spider Hackers Plead Guilty on Day 1 of Trial

Meta Security
How Meta Engineered Ultra-Narrow Batteries for AI Glasses

Mozilla Security
Keeping the Web Open and Private in the Bot Era

Palo Alto Networks
Built to Last: What Stonehenge Teaches us About IT Architecture & Cyber Resilience

Malwarebytes
Inside the dark web: Stolen identities for 95¢, malware, and scams-for-hire

Socket
The Code You Didn't Write Is Still Yours to Defend

Jericho
2026 East Coast Drive (Part 4: Food)

Xint
Xint Achieves Dual ISO Certifications, Accelerating Global Security Compliance Roadmap

Auth0
Does Your Agent Want to See Other People? Identity-Chained Authorization with Auth0 Token Vault.

Dark Reading
SocGholish Takedown Highlights Malicious TDS Threats

Offensive Security
Cybersecurity Training in the Age of AI

Sicuranext Blog
Ghost Stories: investigating an undocumented ClickFix C2 in Ghost CMS

Sicuranext Blog
Ghost Stories: investigating an undocumented ClickFix C2 in Ghost CMS

Malwarebytes
Meta pauses controversial employee-tracking program after security review

Eclypsium
CISA BOD 26-04: What it Means and How Eclypsium Can Help

Filippo Valsorda
Vulnerability Reports Are Not Special Anymore

Aikido
Aikido x Drydock | A way for maintainers to catch malware before it ships

Dark Reading
FortiBleed Attackers Turn Firewalls Into Credential Stealers as Heists Persist

Wiz
AI Threat Readiness Pillar 4: Detect and contain threats in real-time

CISA Alerts & Advisories
Siemens Products using OpenSSL

CISA Alerts & Advisories
ABB Freelance Security Lock

CISA Alerts & Advisories
Hubbell Aclara Metrum Cellular Web Interface

CISA Alerts & Advisories
Siemens WinCC Certificate Manager

CISA Alerts & Advisories
Siemens SINEC INS

CISA Alerts & Advisories
CISA Adds Four Known Exploited Vulnerabilities to Catalog

CISA Alerts & Advisories
Impact of Linux Kernel vulnerabilities on B&R products

CISA Alerts & Advisories
Siemens SIPROTEC 5 Using DIGSI5 Protocol

Schneier on Security
Anthropic’s Fable 5 Model Jailbroken Within Days

Malwarebytes
Hackers steal passport and driver’s license data of 3 million Texans

Malwarebytes
GTA 6 early access is nothing but a scam

Google Safety & Security
Expanding financial advertiser verification across Europe

Snyk
Announcing Agentic Development Security (ADS)

Snyk
What nearly 10,000 developer environments reveal about agentic development risk

Snyk
The New Security Control Point: Governing AI Agents Inside the Execution Loop

ISC SANS
CVE-2024-40766: The Patch Fixed the Bug. Nobody Fixed the Configuration., (Tue, Jun 23rd)

Snyk
When a vendor's breach becomes yours: lessons from the Klue incident

ISC SANS
ISC Stormcast For Tuesday, June 23rd, 2026 https://isc.sans.edu/podcastdetail/9982, (Tue, Jun 23rd)

Datadog HQ
How we migrated a live routing system using AI-assisted refactoring

Fastly
The Fastly C++ SDK is Now Generally Available

Elastic Security Labs
From vulnerability report to CVE draft in minutes: how Elastic automated security advisories with AI

Rosecurify
Seclog - #183

Datadog HQ
How to migrate feature flags without breaking production


2026-06-22

Dark Reading
DifyTap Bugs Let Attackers 'Wiretap' AI Chat Histories

Ars Technica Security
Following user outcry, AMD reinstates memory encryption in consumer CPUs

Microsoft Security
Guarding AI memory

Mend
AI changed what you ship. It also changed what you have to secure.

Cloudflare
How we found a bug in the hyper HTTP library

Trail of Bits
Introducing Patch the Planet

Dark Reading
Crypto Heist Fueled by Elaborate Fake Reputation-Boosting Campaign

Meta Security
Adopting AV1 for Real-Time Communication (RTC) at Scale

Microsoft Security
One intrusion, two cyberattackers: Uncovering parallel threat activity

Exodus Blog
Out of Shift: How a Shared State Bug in V8’s AsmJS Parser Broke the Ubercage

Amazon Security
Prevent data exfiltration: AWS egress controls for cloud workloads

Auth0
Passkey Adoption Is Rising, but Is It Worth It Yet?

Searchlight Cyber
How to Measure Continuous Attack Surface Management Success: Essential Metrics That Matter

Malwarebytes
Thousands of D-Link routers under control of AryStinger botnet

Jericho
2026 East Coast Drive (Part 3: VA / DC)

Dark Reading
He Thought He Was Secure; His Phone Number Was Stolen Anyway

ISC SANS
Webshells Remain Popular, (Mon, Jun 22nd)

Wiz
Cloud-native Security for your Windows environment: Announcing the Wiz Runtime Sensor for Windows

Malwarebytes
Document delivery scams: What are they and what’s their goal?

JFrog
PixelSmash – Critical FFmpeg Vulnerability Turns Media Files into Weapons

CISA Blog
Five Eyes Cyber Security Agencies Statement

Schneier on Security
Professional Athletes and Wearables

Escape DAST
Race against the Machine: Can you match AI's pentesting time?

Malwarebytes
A week in security (June 15 – June 21)

Moonlock
Facebook scams: How to recognize them before it’s too late

Moonlock
eBay scams: How to spot eBay fraud before you lose money

ISC SANS
ISC Stormcast For Monday, June 22nd, 2026 https://isc.sans.edu/podcastdetail/9980, (Mon, Jun 22nd)

GitGuardian
BSides San Antonio 2026: Following Trust Across Applications, Cloud, and Compliance

Datadog HQ
Using Evaluation Frameworks with Agent Observability


2026-06-21

Jericho
2026 East Coast Drive (Part 2: North Carolina / Virginia)

ToxSec
AI Tar Pits Are Drowning LLM Scrapers in Infinite Garbage


2026-06-20

Jericho
2026 East Coast Drive (Part 1: NaClCON)

Project Black
Liquidfiles Privilege Escalation

Socket
GitHub Actions Checkout Now Blocks Risky pull_request_target Checkouts

Joshua Rogers
Hacking fun with zip-slips, tar-slips, symlinks, hardlinks, collisions, and more


2026-06-19

Schneier on Security
Friday Squid Blogging: Victims of Unregulated Squid Fishing

Kevin Beaumont
An update on FortiBleed — what’s happening with victim orgs

Socket
Introducing Repository Access Permissions and Custom Roles

Rapid7
Weekly Metasploit Update: NTLM Relay Priv Esc, MCP Server Integration, Paperclip AI RCE Chain, and more

Malwarebytes
Nearly 15,000 infected websites cleaned in SocGholish crackdown

The Citizen Lab
WhatsApp Accuses NSO of Fresh Pegasus Targeting

Jericho
My Quest for the White Squirrel!

Escape DAST
How Escape helped Bridgetech Group replace pentests with automated evidence

SentinelOne
The Good, the Bad and the Ugly in Cybersecurity – Week 25

Dark Reading
Stressors, AI Forcing Changes to Cybersecurity Teams

Cloudflare
Temporary Cloudflare Accounts for AI agents

Malwarebytes
Apple patches Beats Studio Buds flaw that could turn earbuds into a wiretap

Schneier on Security
Anthropic’s Fable and the State of AI

ISC SANS
eBanking Phishing Delivered Through IPv4-Mapped IPv6 Address, (Fri, Jun 19th)

Palo Alto Networks
Expanding Our Footprint: Local Cloud Availability for Prisma AIRS in Japan

Moonlock
Apple explains why macOS 26 blocks pasted Terminal commands

Moonlock
Apple adds more privacy controls to Find My and Maps

Moonlock
Downloaded a Mac app? It could be an infostealer in disguise

Moonlock
Meta disrupts a WhatsApp phishing campaign spreading spyware

Moonlock
Apple Pay scams: how to spot them and what to do if you’re scammed

Praetorian
GhostPack Necromancy: Reforging C# Tools with WasmForge

Microsoft Security
AutoJack: How a single page can RCE the host running your AI agent

Elastic Security Labs
Lost in relocation: analysis of a new loader distributing CASTLESTEALER

Elastic Security Labs
Azure AD Graph Activity Logs: Ingestion and threat detection to close the visibility gap


2026-06-18

Ars Technica Security
Microsoft discovers new lightweight backdoor that steals cryptocurrency

Socket
Socket MCP Adds Org Alerts, Threat Feed Review, and Package Inspection

Palo Alto Networks
The Invisible CEO of Crisis: Breaking the Cycle of CISO Burnout

Eclypsium
FortiBleed: You Can't Patch Your Way Out of This

Dark Reading
Novo Nordisk Breach Highlights Software Development Pipeline Risk

Ars Technica Security
Apple patches high-severity eavesdropping vulnerability in Beats Studio Buds

Microsoft Security
New Forrester Total Economic Impact™ study projects a 124% ROI from unifying with Microsoft Security

Amazon Security
Accelerate security investigations with Kiro CLI

Dark Reading
Operation Escaneo Signals Shift in LatAm Threat Landscape

Dark Reading
FIFA Bug Exposes World Cup Streams to Remote Takeover

Talos Intelligence
Close Encounters of the Human Kind

Cloudflare
Build your own vulnerability harness

Krebs on Security
‘Popa’ Botnet Linked to Publicly-Traded Israeli Firm

Amazon Security
Spring 2026 SOC 1 and 2 reports are now available in OSCAL format

Dark Reading
Salesforce Data Thefts Continue via Klue App Compromise