2025-07-08
Compass Security Blog
xvulnhuntr
Microsoft Security
Enhancing Microsoft 365 security by eliminating high-privilege access
Troy Hunt
Weekly Update 459
Auth0
Unlock Enterprise Readiness: How to Edit Existing Connections with Self-Service SSO in your SaaS App
Talos Intelligence
Microsoft Patch Tuesday for July 2025 — Snort rules and prominent vulnerabilities
Kevin Beaumont
CitrixBleed 2 exploitation started mid-June — how to spot it
White Knight Labs
Understanding Type Confusion in Kernel Driver
Amazon Security
Spring 2025 PCI DSS compliance package available now
Trail of Bits
Investigate your dependencies with Deptective
Google Security Blog
Advancing Protection in Chrome on Android
Searchlight Cyber Research
Abusing Windows, .NET quirks, and Unicode Normalization to exploit DNN (DotNetNuke)
ReversingLabs
Malicious pull request infects VS Code extension
Sabotage Sec Blog
Love for Microsoft Component Object Model, RPC and AMSI attack surface
Zero Day Initiative
The July 2025 Security Update Review
Palo Alto Networks
Modernizing Cybersecurity for State and Local Government
2025-07-07
Schneier on Security
Hiding Prompt Injections in Academic Papers
Malwarebytes
A week in security (June 30 – July 6)
Microsoft Security
Learn how to build an AI-powered, unified SOC in new Microsoft e-book
Project Black
Password Policy GPO
Dark Reading
Bert Blitzes Linux & Windows Systems
Dark Reading
'Hunters International' RaaS Group Closes Its Doors
Ars Technica Security
Unless users take action, Android will let Gemini access third-party apps
Ars Technica Security
“No honor among thieves”: M&S hacking group starts turf war
2025-07-04
Schneier on Security
Friday Squid Blogging: How Squid Skin Distorts Light
The Citizen Lab
The G7 condemned transnational repression, but will Canada meet its own commitments?
watchTowr Labs
How Much More Must We Bleed? - Citrix NetScaler Memory Disclosure (CitrixBleed 2 CVE-2025-5777)
Searchlight Cyber
Global Crackdown Leads to BreachForums Arrest
2025-07-03
Schneier on Security
Surveillance Used by a Drug Cartel
Github Security Blog
CVE-2025-53367: An exploitable out-of-bounds write in DjVuLibre
Okta Security
How this ClickFix campaign leads to Redline Stealer
Talos Intelligence
A message from Bruce the mechanical shark
Elastic Security Labs
Taking SHELLTER: a commercial evasion framework abused in-the-wild
Offensive Security
CVE-2025-29306 – Unauthenticated Remote Code Execution in FoxCMS v1.2.5 via Unserialize Injection
Hunt and Hackett
Turning incident response challenges into scalable solutions
Datadog HQ
This Month in Datadog - June 2025
Datadog HQ
Migrate from your existing SIEM and quickly onboard security teams with Datadog Cloud SIEM
Google Safety & Security
Opening up ‘Zero-Knowledge Proof’ technology to promote privacy in age assurance
ReversingLabs
3CX’s Software Supply Chain Compromise: Lessons Learned
Ars Technica Security
Provider of covert surveillance app spills passwords for 62,000 users
Krebs on Security
Big Tech’s Mixed Response to U.S. Treasury Sanctions
Palo Alto Networks
Why Diverse Cloud Environments Require Flexible Security
2025-07-02
Schneier on Security
Ubuntu Disables Spectre/Meltdown Protections
Malwarebytes
Qantas: Breach affects 6 million people, “significant” amount of data likely taken
Troy Hunt
Weekly Update 458
Talos Intelligence
PDFs: Portable documents, or perfect deliveries for phish?
Trail of Bits
Buckle up, Buttercup, AIxCC’s scored round is underway!
Dark Reading
Qantas Airlines Breached, Impacting 6M Customers
Dark Reading
US Treasury Sanctions BPH Provider Aeza Group
Searchlight Cyber
How Modern ASM Uncovers Hidden Risks in Real Time
Ars Technica Security
AT&T rolls out Wireless Account Lock protection to curb the SIM-swap scourge
Red Siege InfoSec Blog
Penetration Testing in SDLC
Red Siege InfoSec Blog
Logic Attacks: Abusing The System
Palo Alto Networks
Navigating Heightened Cyber Risks from Iranian Threats
2025-07-01
Dark Reading
Like SEO, LLMs May Soon Fall Prey to Phishing Scams
Leviathan Security
Integrating Security Metrics into Quality Models: A DORA-Aligned Strategy