193 Security Blogs

Last Updated: 13 Jun 26 16:46 UTC

Blog List | Github | OPML

2026-06-26

Dark Reading
Name That Toon Contest


2026-06-13

Socket
US Government Forces Anthropic to Pull Claude Fable Days After Launch

Aikido
Full Fathom Five: The context of Anthropic’s Mythos-class public release

Step Security
400+ AUR Packages Hijacked: What the “Atomic Arch” Campaign Means for Supply-Chain Security

Project Black
LibreNMS Authenticated RCE (< 26.5.0)

Rapid7
Weekly Metasploit Update: New Kerberos/Certificate tracing options, and multiple new modules


2026-06-12

Socket
152 Chrome Live Wallpaper Extensions Hid Ad Tracking and Faked Google Search Traffic

Schneier on Security
Friday Squid Blogging: Squid-Inspired Fluid Pump

watchTowr Labs
Why Use App-Level Auth When Every Database Has Auth? (Splunk Enterprise CVE-2026-20253 Pre-Auth RCE)

Dark Reading
ShinyHunters Uses Oracle Zero-Day to Rampage Higher Ed

Ars Technica Security
PeopleSoft 0-day affecting hundreds of organizations steals gigabytes of data

The Citizen Lab
Canada Finally Has a National AI Strategy. Experts Hate It.

The Citizen Lab
Who Watches the Watchers?

The Citizen Lab
Luis Fernando García On State Surveillance in Latin America

Malwarebytes
Stolen iPhones could soon be worth a lot less to thieves

GitGuardian
KCD New York 2026: Trust, Agents, and the Work Behind the Work

Rapid7
Active Exploitation of Oracle PeopleSoft Zero-Day (CVE-2026-35273)

Dark Reading
Claude Fable 5 Doesn't Change the Mythos Security Story

SentinelOne
The Good, the Bad and the Ugly in Cybersecurity – Week 24

Cloudflare
Scaling Security Insights: how we achieved a 10x increase in global scanning capacity

ISC SANS
ISC Stormcast For Friday, June 12th, 2026 https://isc.sans.edu/podcastdetail/9970, (Fri, Jun 12th)

MIT Technology Review
The Download: “reprogramming” aging, and the hidden sense of interoception

Wiz
Navigating the New Federal Logging Mandate | OMB Memorandum M-26-14

Schneier on Security
Bernie Sanders’ AI Sovereign Wealth Fund Plan

Trail of Bits
Factoring "short-sleeve" RSA keys with polynomials

Hunt and Hackett
The no-bullshit guide to NIS2

MIT Technology Review
You do your own time

Malwarebytes
Fake verification pages are stealing Steam accounts from players

MIT Technology Review
Inside interoception: The hidden sense of how you feel inside

MIT Technology Review
Why “reprogramming” is the buzziest approach to reversing aging right now

Google Safety & Security
How we're combatting AI scams with security, legislation and more

SentinelOne
SentinelOne + Claude: Integrations for AI Visibility, Governance, and Defense

Auth0
Implementing the Device Authorization Flow in a C# Console App

watchTowr Labs
Marking Your Own Homework (Check Point Remote Access VPN IKEv1 Authentication Bypass CVE-2026-50751)

TrustedSec
JS-Tap v3: Endpoint Post-Exploitation With JavaScript Implants

Moonlock
Apple is on track to break a record for security patches in 2026

Moonlock
A fake BlueWallet app is draining crypto wallets

Moonlock
Malicious apps are infecting Macs with an adware-backdoor hybrid

Dark Reading
Phishing Attack Volume Down 20%, But Risk Still Rising

Sansec Threat Research
Unauthenticated file upload in Amasty Order Attributes for Magento


2026-06-11

Wiz
AI Threat Readiness Pillar 3: Perform AI Code Analysis Natively in Wiz

Dark Reading
Max-Severity Ivanti Flaw Exploited 24 Hours After Disclosure

Talos Intelligence
A tale of two eras

Searchlight Cyber
Targeting Illicit Crypto Flows: Searchlight Cyber Supports Law Enforcement Takedown of AudiA6 Crypto-Mixer

Socket
Andrew Becherer Joins Socket as Chief Information Security Officer

Step Security
Miasma and Hades Are Spreading Now: Detect Them on Developer Machines with Suspicious Files

Malwarebytes
Google can be liable for false AI Overviews, court rules

Github Security Blog
Making secret scanning more trustworthy: Reducing false positives at scale

Aikido
npm v12 delivers one of the biggest security improvements in years

Dark Reading
Segmentation Works for OT If Operators Are Paying Attention

Rapid7
Criminal AI-as-a-Service in 2026: How the Underground Market Is Operationalizing Cybercrime

Bishop Fox Security
Enabling Proper PCI Testing with Internal Penetration Tests

Red Siege InfoSec Blog
Enumerate Domain Data (EDD): Powerview’s .NET Cousin

MIT Technology Review
The Download: soccer’s data renaissance and China’s big nuclear plans

Aikido
Aikido x Docker: less noise, more signal in your containers

Malwarebytes
VRChat says reported data breach never happened

Schneier on Security
Enhanced License Plate Tracking

MIT Technology Review
Google DeepMind is worried about what happens when millions of agents start to interact

Malwarebytes
Children&#8217;s phones must block nude images by September, UK says

MIT Technology Review
Job titles of the future: Nature’s drug designer

MIT Technology Review
Why China is betting on big nuclear reactors

MIT Technology Review
Inside soccer’s data renaissance

Eye Security Research
CVE-2026-30612: A vulnerability in Time4Popcorn (PopcornTime)

Resecurity
The Anubis Ransomware Attack on the Adriatic Port Authority

TrustedSec
Hardening Intune: The Implementation Guide

ISC SANS
ISC Stormcast For Thursday, June 11th, 2026 https://isc.sans.edu/podcastdetail/9968, (Thu, Jun 11th)

Dark Reading
Chinese, N. Korean Threat Groups Build on Asia-Pacific Success

Fastly
Six Common Live Streaming Mistakes (And How to Avoid Them)

Auth0
Token Vault with Organizations Support Is Generally Available

Auth0
You Are in Control: Auth0 Enterprise Is Now Self-Service

Himanshu Anand
Reading a patch tuesday diff for fun: the dhcp client memcpy that copies more than four bytes (CVE-2026-44815)


2026-06-10

Dark Reading
CISA Rewrites Federal Patching Requirements for AI Threat Era

The Citizen Lab
Ron Deibert Speaks About “Greek Watergate”

Dark Reading
Bug Bounty Research Triggers ServiceNow Security Alert

JFrog
The Governance Gap: What IDC’s 2026 Data Reveals About AI and the Software Supply Chain

Dark Reading
AI Risk Worries Insurers &amp; Businesses Alike

Aikido
Code is being written everywhere, and the device is the only constant

Socket
Socket Partners with Replit to Block Malicious Packages in AI-Powered Development

Dark Reading
Nightmare-Eclipse Drops Yet Another Microsoft Exploit, RoguePlanet

Malwarebytes
Free Spotify Premium hacks on social media are spreading infostealers

Rapid7
Automated Threat Hunting: Turning Threat Intelligence into Executable Hunt Plans

Microsoft Security
Turn specs into evals for any agent with ASSERT

Searchlight Cyber
Attack Surface Management FAQ: Expert Answers to Common Security Questions

Offensive Security
What Live Cybersecurity Training Reveals That Self-Paced Learning Doesn’t

Krebs on Security
Who Runs the Ransomware Group ‘The Gentlemen?’

GitGuardian
You Can't Secure What You Can't See: Making Non-Human Identities Governable

Black Hills Info Sec
The Art of the Badge: A Hard Truth About Physical Security

Aikido
SBOMs in 2026: Everyone's generating them, no one's using them

Xint
AI Wrapper vs. AI Native

Cloudflare
Route public traffic to private applications with Cloudflare

Malwarebytes
Microsoft’s biggest-ever Patch Tuesday fixes 206 bugs, including 3 zero-days

MIT Technology Review
The Download: the “steroid olympics” and a safer Mythos

Malwarebytes
88% of people struggle to tell what&#8217;s real online

Schneier on Security
NSO Group Hacking WhatsApp Despite Court Order

Aikido
Compromised Rust crate onering performs code exfiltration

Rapid7
CVE-2026-10520, CVE-2026-10523 - Multiple critical vulnerabilities affecting Ivanti Sentry

Searchlight Cyber
June 10th – This Week’s Top Cybersecurity and Dark Web Stories

Aikido
10 year old critical vulnerability in phpBB affecting tens of millions of users across thousands of forums

ISC SANS
How has use of framing protection security headers changed in the past 3 years&#x3f;, (Wed, Jun 10th)

Troy Hunt
Weekly Update 507

ISC SANS
ISC Stormcast For Wednesday, June 10th, 2026 https://isc.sans.edu/podcastdetail/9966, (Wed, Jun 10th)

watchTowr Labs
More Evidence That Words Don't Mean What We Thought They Meant (Ivanti Sentry Pre-Auth OS Command Injection CVE-2026-10520)

Fastly
How Fastly and Skyfire Enable Trusted Agentic Commerce at the Edge

Datadog HQ
Store and search high-volume logs with ClickHouse and Datadog

Auth0
What Our Design Team Stopped Doing to Start Leading the System for Quality

Infernux Blog
Exploring artifacts of a desired state to build health checks with limited access

Auth0
How to Connect Any OAuth2 Service to AI Agents with Auth0 Token Vault


2026-06-09

Mend
Best Software Composition Analysis Services: Top 8 in 2026

Krebs on Security
A Record-Breaking Patch Tuesday for June 2026

Dark Reading
The Invisible Battlefield: How Cyberwar Is Reshaping Everyday Life

Dark Reading
Blame AI: Patch Tuesday Hits Record 206 CVEs

Talos Intelligence
Microsoft Patch Tuesday for June 2026 — Snort rules and prominent vulnerabilities

Socket
npm Tooling Bug Incorrectly Marks One-Character Packages as Security Holders

Rapid7
Patch Tuesday - June 2026

Step Security
Miasma Worm Hits Microsoft Again: Azure Functions Action and 72 Other Repositories Disabled After Supply Chain Attack Targeting AI Coding Agents

Step Security
New in the Threat Center: Compromised Components, Now Available via API

Step Security
Microsoft's durabletask PyPI Package Compromised in Supply Chain Attack

Step Security
The Hades Campaign: Graph ML PyPI Packages Deploy Cross-Platform Memory Scrapers, AI Analyst Misdirection, and a Wiper Deterrent

Step Security
Pythagora-io/gpt-pilot Compromised on GitHub - Shai-Hulud Credential Stealer Blocked by Python Linter

Ars Technica Security
Locked in heated rivalry with researcher, Microsoft fixes 0-day they disclosed

Dark Reading
Microsoft Exchange Flaw Lets Attackers Spoof Any Email Address

Dark Reading
Miasma Supply Chain Worm Burrows Into 73 Microsoft Repositories

The Citizen Lab
Submission to the Standing Senate Committee on National Security, Defence and Veterans Affairs of Bill C-8

Praetorian
Centurion: Bring Your Own Execution Environment

Zero Day Initiative
The June 2026 Security Update Review

Microsoft Security
Reconstructing AI activity in investigations

ISC SANS
Microsoft June 2026 Patch Tuesday, (Tue, Jun 9th)

Dark Reading
Russian Attackers Weaponize WinRAR Flaw Against Ukrainian Orgs

Offensive Security
AI Penetration Testing vs Traditional Penetration Testing: Changes in 2026

Wiz
AI Threat Readiness Pillar 2: Accelerate Patching and Response

Ars Technica Security
High-severity vulnerability in Linux caused by a single faulty character

Schneier on Security
GPS As a Key Distribution Platform

GitGuardian
Reliability Lessons From the Edges at SREday NYC

Malwarebytes
Meta&#8217;s face-recognition code raises new concerns about smart glasses

Rapid7
Rapid7 Gains Access To Anthropic’s Project Glasswing To Explore Frontier AI For Cybersecurity

Aikido
Wait, binding.gyp Can Do What? Exploring npm's Weirdest Build System

Malwarebytes
Scammers love Meta, according to Lloyds Bank

Bishop Fox Security
Mythos Doesn't Deploy Itself

Eclypsium
You Need to Verify the Hardware Supply Chain Behind Cyber-Physical Systems

Malwarebytes
Update Chrome: Google patches actively exploited vulnerability and 73 others

Compass Security Blog
Entra Agent ID from a Security Perspective

OWASP
OWASP Dependency-Track 5.0 Is Now Generally Available

Cloudflare
Defend against frontier cyber models: Cloudflare's architecture as customer zero

Dark Navy
deepsec: Chasing Mythos with Open-Source LLMs

TrustedSec
How to Train Your (Dragons) Analysts - A TrustedSec Guide to Picking the Perfect Purple Team

ISC SANS
ISC Stormcast For Tuesday, June 9th, 2026 https://isc.sans.edu/podcastdetail/9964, (Tue, Jun 9th)

Datadog HQ
Start your day with the IDP Homepage

Star Labs
Old Wine in a New Bottle: A Decade-Old lxd-Group Root, Re-Armed

Datadog HQ
Infinite Cardinality Metrics: Custom metrics built for modern systems

Datadog HQ
Securing the AI era: Outpace AI-powered attacks with unified security and observability

Datadog HQ
Autonomously monitor for impactful degradations with Bits Detection

Datadog HQ
DASH 2026 Security & Compliance: Guide to Datadog’s newest announcements

Fastly
AI Traffic Grew 6.5x Faster Than Human Traffic This Year

Datadog HQ
DASH 2026 Operating at Scale: Guide to Datadog’s newest announcements

Datadog HQ
DASH 2026 End-to-End Observability: Guide to Datadog’s newest announcements

Himanshu Anand
Defender playbook for the LLM era

Datadog HQ
DASH 2026 Harnessing AI: Guide to Datadog’s newest announcements

Datadog HQ
DASH 2026: Guide to Datadog’s newest announcements

Datadog HQ
Monitor Scaleway with Datadog

Auth0
The Pre-Launch Identity Audit: Shipping Secure and Optimized Auth

Datadog HQ
Modernize Datadog API authentication with scoped credentials

Datadog HQ
Monitor OVHcloud with Datadog

Datadog HQ
Monitor Nebius AI Cloud with Datadog

Datadog HQ
Accelerate OTel gateway resolutions with Datadog Fleet Automation

Datadog HQ
Optimize Spark and Databricks jobs with Datadog

Datadog HQ
Maintain observability during cloud outages with Datadog Disaster Recovery

Datadog HQ
Resolve network issues from L7 to L1 with Datadog

Datadog HQ
Remediate issues autonomously with Bits Infrastructure Operations

Datadog HQ
Simplify request flows with Datadog Forms and Case Management

Datadog HQ
Investigate Kubernetes resources with Datadog MCP tools

Datadog HQ
Get reliable answers to business questions with Bits Data Analysis

Datadog HQ
Automate synthetic test coverage with Bits Testing

Datadog HQ
Improve AI agent quality with Bits Evals

Datadog HQ
Troubleshoot frontend performance with Datadog’s Browser Profiler

Datadog HQ
Monitor agent adoption with Datadog Agent Console

Datadog HQ
Get a unified view of system health with the Datadog Synthetic Monitoring landing page

Datadog HQ
Bring live Datadog telemetry into your AI agents with native integrations

Datadog HQ
Automatically optimize database queries with Datadog Database Monitoring

Datadog HQ
Triage synthetic test failures faster with Bits Investigation

Datadog HQ
Detect and resolve endpoint issues across your fleet with Datadog

Datadog HQ
Understand production LLM behavior with Patterns in Agent Observability

Datadog HQ
Trace network paths from devices to SaaS applications

Datadog HQ
Investigate logs across your entire stack with Federated Logs

Datadog HQ
Detect source code attacks with Datadog Code Threat Detection

Teleport Blog
SOC 2 Controls for Non-Human Identities: CC6, CC7, and CC8

Datadog HQ
Ship code safely at AI speed with Bits Release

Datadog HQ
Monitor critical user journeys with Datadog Journey Monitoring

Datadog HQ
Trace Azure-managed services in .NET applications with Datadog

Datadog HQ
Ship internal applications from your AI Agent with Datadog Apps

Hacktron
The Attack Surface Is Everyone Now

Datadog HQ
Comprehensively connect your service data with Service Remapping

Datadog HQ
Automate threat hunting with Datadog Cloud SIEM

Datadog HQ
Turn Datadog findings into automated code fixes with Bits Code

Datadog HQ
Datadog MCP Apps: Interactive experiences in AI workflows

Fastly
Bot Defense is Table Stakes. Machine Traffic Requires a Business Strategy


2026-06-08

Dark Reading
AI Slop Will Kill Cybersecurity Storytelling If We Let It

Amazon Security
ICYMI: May 2026 @AWS Security

Dark Reading
Silent Ransom Group Hits US Law Firms in Escalating Extortion Attacks

Dark Reading
Check Point VPN Flaw Exploited Since Early May

Dark Reading
Iran Signed a Ceasefire — Its Hackers Didn't

Ars Technica Security
For the 2nd time in weeks, Microsoft packages laced with credential stealer

Socket
Mini Shai-Hulud, Miasma, and Hades Worms Target Bioinformatics and MCP Developers via Malicious PyPI Wheels

ISC SANS
TeamPCP Supply Chain Campaign: Activity Through 2026-06-07, (Mon, Jun 8th)

Schneier on Security
Critical Zcash Vulnerability Found and Fixed

Rapid7
Critical Check Point VPN Zero-Day Exploited in the Wild (CVE-2026-50751)

Amazon Security
Operationalizing AWS security: A maturity roadmap

Dark Reading
'Hades' Campaign Against PyPI Puts New Spin on Shai-Hulud

Microsoft Security
AI brands as bait: How threat actors are using the AI hype in social engineering

Malwarebytes
Americans lost nearly $900 million to AI-powered scams, FBI says

Google Safety & Security
Our latest fraud and scams advisory

Exodus Blog
Off By !: Exploiting a Use-after-Free in the Linux Kernel

Cloudflare
Turning Cloudflare’s threat indicators into real-time WAF rules

Escape DAST
Claude in Security Engineering: From Proof-of-Concept to Production

Wiz
Introducing Wiz Cloud Cost: Powering Cost Management and Optimization with Context

Schneier on Security
Anthropic’s Project Glasswing Update

Malwarebytes
Pirated PC games are delivering password-stealing malware

Sicuranext Blog
क Karna: we built our own WAF. Modern, Fast and Free.

Sicuranext Blog
क Karna: we built our own WAF. Modern, Fast and Free.

Malwarebytes
A week in security (June 1 &#8211; June 7)

ISC SANS
ISC Stormcast For Monday, June 8th, 2026 https://isc.sans.edu/podcastdetail/9962, (Mon, Jun 8th)

Datadog HQ
Search and act across Datadog to resolve issues faster with Bits Chat

Datadog HQ
Monitor Claude Enterprise activity with Datadog Cloud SIEM

Datadog HQ
Why AI code optimization needs production-grounded benchmarks

Rosecurify
Seclog - #181


2026-06-07

ToxSec
Agentic AI Attacks Explained: How Autonomous Agents Hack You in 2026 (and How to Stop Them)

Zero Salarium
EDRChoker: Choking The Telemetry Stream to Bypass Defenses

MaskRay's Blog
Recent LLVM hash table improvements

Socket
Shai-Hulud Descends to Hades: Miasma Worm Campaign Spreads with New PyPI Wave


2026-06-06

Aikido
What is AI SAST?