131 Security Blogs

Last Updated: 17 Apr 25 23:38 UTC

Blog List | Github | OPML

2025-04-17

Microsoft Security
Microsoft’s Secure by Design journey: One year of success

Fastly
Invisible Intruders – How Bots Sabotage Streaming Services

Amazon Security
Announcing AWS Security Reference Architecture Code Examples for Generative AI

Amazon Security
How to help prevent hotlinking using referer checking, AWS WAF, and Amazon CloudFront

SpiderLabs
Proton66 Part 2: Compromised WordPress Pages and Malware Campaigns

Schneier on Security
Age Verification Using Facial Scans

Talos Intelligence
Care what you share

Talos Intelligence
Unmasking the new XorDDoS controller and infrastructure

Okta Security
Detect and Prevent Cross Device Authentication

Malwarebytes
Apple patches security vulnerabilities in iOS and iPadOS. Update now!

Auth0
Generate More Secure Code With AI-Powered Tools

Auth0
Demystifying Social Login

NVISO Labs
Crisis Management – Beacon in the Storm

Moonlock
Beware of tax-related scams: Report shows a 28% spike in March

OWASP
OWASP Calls to Build a Unified Framework for Global Vulnerability Intelligence

Datadog HQ
How to optimize high-volume log data without compromising visibility

Dark Reading
Android Phones Pre-Downloaded With Malware Target User Crypto Wallets

Dark Reading
Dogged by Trump, Chris Krebs Resigns From SentinelOne

Dark Reading
CVE Program Cuts Send the Cyber Sector Into Panic Mode

Dark Reading
Cybersecurity by Design: When Humans Meet Technology

Dark Reading
Middle East, North Africa Security Spending to Top $3B

Dark Reading
GPS Spoofing Attacks Spike in Middle East, Southeast Asia

ReversingLabs
NIST's adversarial ML guidance: 6 action items for your security team

Offensive Security
CVE-2024-13059: Exploiting Path Traversal in AnythingLLM for Remote Code Execution

Searchlight Cyber
Slopsquatting Supply Chain Threat

TrustedSec
Discovering Your Baud


2025-04-16

Rapid7
Following the News: MITRE’s Common Vulnerabilities and Exposures (CVE) Funding

Microsoft Security
Cyber Signals Issue 9 | AI-powered deception: Emerging fraud threats and countermeasures

Snyk
Snyk’s Statement on the MITRE CVEs Program Funding Update

XPN's Blog
The SQL Server Crypto Detour

Schneier on Security
CVE Program Almost Unfunded

Talos Intelligence
Eclipse and STMicroelectronics vulnerabilities

Malwarebytes
Hi, robot: Half of all internet traffic now automated

Malwarebytes
“I sent you an email from your email account,” sextortion scam claims

Eclypsium
The Top Firmware and Hardware Attack Vectors

Eclypsium
Downstream Security: NIST & C-SCRM

Auth0
Digital Identity: What Users Think About Devices and Logins

Auth0
The Auth0 MCP Server is here!

Google Safety & Security
Our 2024 Ads Safety Report shows how we use AI to safeguard consumers.

Dark Reading
Multiple Groups Exploit NTLM Flaw in Microsoft Windows

Dark Reading
China-Linked Hackers Lay Brickstorm Backdoors on Euro Networks

Dark Reading
Ransomware gang 'CrazyHunter' Targets Critical Taiwanese Orgs

Dark Reading
NIST Updates Privacy Framework With AI and Governance Revisions

Dark Reading
Patch Now: NVDIA Flaws Expose AI Models, Critical Infrastructure

Dark Reading
Cloud, Cryptography Flaws in Mobile Apps Leak Enterprise Data

Dark Reading
Active Directory Recovery Can't Be an Afterthought

ReversingLabs
The cybersecurity job market is complicated: 3 key insights

The Citizen Lab
JUICYJAM: รายงานเรื่องวิธีการที่เจ้าหน้าที่รัฐเปิดเผยข้อมูลส่วนตัวเพื่อปราบปรามฝ่ายประชาธิปไตยในไทย

The Citizen Lab
JUICYJAM: How Thai Authorities Use Online Doxxing to Suppress Dissent

Ars Technica Security
CVE, global source of cybersecurity info, was hours from being cut by DHS

Mend
MITRE CVE Program Uncertainty: Mend.io’s commitment to uninterrupted vulnerability protection

Mend
Vector and Embedding Weaknesses in AI Systems

Krebs on Security
Funding Expires for Key Cyber Vulnerability Database

TrustedSec
TrustedSec Achieves CREST Certification


2025-04-15

Microsoft Security
Threat actors misuse Node.js to deliver malware and other malicious payloads

Microsoft Security
​​Transforming security​ with Microsoft Security Exposure Management initiatives​

SentinelOne
PinnacleOne ExecBrief | Economists on AI & Workplace Productivity

Snyk
Snyk Partners with Nova8 to Empower Secure Development Across Latin America

Fastly
Take Back Control: Make AI Bots Play by Your Rules

Amazon Security
How to support OpenID AuthZEN requests with Amazon Verified Permissions

Cloudflare
Why I joined Cloudflare: to build world-class partnerships in EMEA

Schneier on Security
Slopsquatting

Talos Intelligence
Year in Review: The biggest trends in ransomware

Malwarebytes
“Follow me” to this fake crypto exchange to claim $500

Malwarebytes
Hertz data breach caused by CL0P ransomware attack on vendor

Moonlock
How to check if your phone is hacked, and what to do if it is

Moonlock
How to remove Ask toolbar from Chrome, Safari, and Firefox

Datadog HQ
Datadog named a Leader in the Forrester Wave™: AIOps Platforms, Q2 2025

Dark Reading
Accounting Firms Can't Skimp on Cybersecurity

Dark Reading
Max Severity Bug in Apache Roller Enabled Persistent Access

Dark Reading
With AI's Help, Bad Bots Are Taking Over the Web

Dark Reading
AI-Powered Presentation Tool Leveraged in Phishing Attacks

Dark Reading
Hertz Falls Victim to Cleo Zero-Day Attacks

Dark Reading
Wave of Wine-Inspired Phishing Attacks Targets EU Diplomats

Dark Reading
China-Backed Threat Actor 'UNC5174' Using Open Source Tools in Stealthy Attacks

Dark Reading
Are We Prioritizing the Wrong Security Metrics?

ReversingLabs
Quantum delivers really random numbers: How that boosts AppSec

Claroty
CVE-2025-3128

Claroty
CVE-2025-3232

Krebs on Security
Trump Revenge Tour Targets Cyber Leaders, Elections

Compass Security Blog
300 Milliseconds to Admin: Mastering DLL Hijacking and Hooking to Win the Race (CVE-2025-24076 and CVE-2025-24994)


2025-04-14

Rapid7
Take Command 2025: A Day of Insight, Innovation, and Impact

Microsoft Security
Explore how to secure AI by attending our Learn Live Series

SentinelOne
Avoiding MCP Mania | How to Secure the Next Frontier of AI

Cloudflare
Why I joined Cloudflare as Chief People Officer — Kelly Russell

Cloudflare
Developer Week 2025 wrap-up

SpiderLabs
Proton66 Part 1: Mass Scanning and Exploit Campaigns

Schneier on Security
Upcoming Speaking Engagements

Schneier on Security
China Sort of Admits to Being Behind Volt Typhoon

Malwarebytes
Meta slurps up EU user data for AI training

Malwarebytes
No, it’s not OK to delete that new inetpub folder

Malwarebytes
Malwarebytes named “Best Antivirus Software” and “Best Malware Removal Service”

Malwarebytes
A week in security (April 7 – April 13)

Auth0
OAuth 2.0 and OpenID Connect: The Professional Guide

Auth0
Build an AI Assistant with LangGraph, Vercel, and Next.js: Use Gmail as a Tool Securely

CrankySec
There is no "community"

Datadog HQ
Strategies for accelerating a successful log migration

Datadog HQ
Identify risky behavior in cloud environments

Dark Reading
AI Code Tools Widely Hallucinate Packages

Dark Reading
Threat Intel Firm Offers Crypto in Exchange for Dark Web Accounts

Dark Reading
Fortinet Zero-Day Bug May Lead to Arbitrary Code Execution

Dark Reading
Chinese APTs Exploit EDR 'Visibility Gap' for Cyber Espionage

Dark Reading
A New 'It RAT': Stealthy 'Resolver' Malware Burrows In

Dark Reading
7 RSAC 2025 Cloud Security Sessions You Don't Want to Miss

Dark Reading
How DigitalOcean Moved Away From Manual Identity Management

Dark Reading
Morocco Investigates Social Security Agency Data Leak

Palo Alto Networks
Modernizing Federal Security with Prisma Access

Searchlight Cyber
How Can Organizations Secure Their Digital Attack Surface?


2025-04-12

Troy Hunt
Weekly Update 447


2025-04-11

Rapid7
Metasploit Weekly Wrap-Up 04/11/2025

SentinelOne
The Good, the Bad and the Ugly in Cybersecurity – Week 15

SentinelOne
The AI Inflection Point | How Agentic & GenAI Are Reshaping Security Operations

Cloudflare
Simple, scalable, and global: Containers are coming to Cloudflare Workers in June 2025

Cloudflare
Startup spotlight: building AI agents and accelerating innovation with Cohort #5

Cloudflare
A global virtual private cloud for building secure cross-cloud apps on Cloudflare Workers

Cloudflare
Startup Program update: empowering every stage of the startup journey

Cloudflare
How we simplified NCMEC reporting with Cloudflare Workflows

Cloudflare
A next-generation Certificate Transparency log built on Cloudflare Workers

Cloudflare
Workers AI gets a speed boost, batch workload support, more LoRAs, new models, and a refreshed dashboard

Schneier on Security
Friday Squid Blogging: Squid and Efficient Solar Tech

Schneier on Security
AI Vulnerability Finding

Schneier on Security
Reimagining Democracy

Malwarebytes
The Pall Mall Pact and why it matters

Auth0
MCP + Auth0: An Agentic Match Made in Heaven

Moonlock
Is your Messenger hacked? Here’s how to tell and what to do

Moonlock
Recent toll payment scams traced back to the Smishing Triad group

Moonlock
How to scan your email for viruses and get rid of malware

Praetorian
ELFDICOM: PoC Malware Polyglot Exploiting Linux-Based Medical Devices

Datadog HQ
How we use our Digital Experience Monitoring products to reduce friction in frontend testing and debugging

Datadog HQ
Making profiling visualizations accessible to engineers at all levels

Dark Reading
Pall Mall Process Progresses but Leads to More Questions

Dark Reading
Paper Werewolf Threat Actor Targets Flash Drives With New Malware

Dark Reading
Financial Fraud, With a Third-Party Twist, Dominates Cyber Claims

Dark Reading
Using Third-Party ID Providers Without Losing Zero Trust

Dark Reading
Organizations Lack Incident Response Plans, but Answers Are on the Way

Dark Reading
10 Bugs Found in Perplexity AI's Chatbot Android App

Offensive Security
How OSCP Holders Can Lead Their Teams to Greater Cybersecurity Resilience

Ars Technica Security
That groan you hear is users’ reaction to Recall going back into Windows

Ars Technica Security
Researcher uncovers dozens of sketchy Chrome extensions with 4 million installs

Searchlight Cyber
Researchers Shed Light on Changes in Revived Babuk 2.0