196 Security Blogs

Last Updated: 30 Jun 26 16:46 UTC

Blog List | Github | OPML

2026-06-30

Palo Alto Networks
A Defining Moment in Identity Security

Escape DAST
Modern AI-powered Pentesting Tools In-Depth benchmark

Meta Security
10 Years of Meta’s Commitment to Python

Eclypsium
New Gartner® Report on Preemptive Exposure Management

Troy Hunt
Weekly Update 510: Live From Mallorca with Scott Helme

Escape DAST
Two Critical Vulnerabilities, One AI Pentester: How Cascade Found an Unauthenticated RCE and Walked Around the WAF

Jericho
Save the Earth One Napkin at a Time

Malwarebytes
Update time: Apple releases security patches for iOS, MacOS Tahoe, Safari

Aikido
Aikido acquires Root to secure the supply chain

GitGuardian
IEEE Cloud Summit 2026: The Tunnels No One Mapped

Dark Reading
AI-Generated Workflows Are a Silent Security Disaster

MIT Technology Review
The Download: AI “coworkers” and stratospheric internet

Schneier on Security
The Realities of AI Video Surveillance

CISA Alerts & Advisories
Mitsubishi Electric MELSOFT Update Manager SW1DND-UDM-M

MIT Technology Review
Agriculture is ready for AI, but its data isn’t

CISA Alerts & Advisories
Delta Electronics DVP12SE PLC

CISA Alerts & Advisories
XZ Utils vulnerability impacting B&R Products

CISA Alerts & Advisories
Frangoteam FUXA SCADA/HMI

CISA Alerts & Advisories
StoneFly Storage Concentrator

CISA Alerts & Advisories
Schneider Electric EasyLogic T150 and Saitel DP RTU

CISA Alerts & Advisories
OFFIS DCMTK Toolkit

CISA Alerts & Advisories
Schneider Electric EcoStruxure IT Data Center Expert

Trail of Bits
Shipping post-quantum cryptography to Python

MIT Technology Review
Building tech in the world’s secret R&D hub

ISC SANS
June 2026 Apple Updates, (Tue, Jun 30th)

Shielder Blog
Symfony YAML Security Audit

ISC SANS
ISC Stormcast For Tuesday, June 30th, 2026 https://isc.sans.edu/podcastdetail/9988, (Tue, Jun 30th)

Rosecurify
Seclog - #184


2026-06-29

Dark Reading
NIST Enrichment Reductions Impact CVE Coverage, Accuracy

Ars Technica Security
US offers $10 million for info on group behind Signal and WhatsApp hacking spree

Dark Reading
'Djinn' Stealer Targets Cloud, AI Credentials

Socket
Chrome and Firefox Extensions Posing as Free VPNs Add Clipboard Stealers via Malicious Updates

Dark Reading
Vulnerabilities Expose Private Data in Indian Government Systems

Dark Reading
Can Clothes Make You Invisible to Facial Recognition?

Amazon Security
What the June 2026 Threat Technique Catalog update means for your AWS environment

watchTowr Labs
Enterprise Tech In, Shell Out (Progress Kemp LoadMaster Uninitialized Heap to Pre-Auth RCE CVE-2026-8037)

Dark Reading
Iran, Russia, China Target Water Systems for Sabotage

MIT Technology Review
AI agents are not your “coworkers”

Microsoft Security
Chromium extension uses AI‑related branding to redirect browser search

Github Security Blog
Inside the Advisory Database and what happens when vulnerability volume breaks records

Schneier on Security
Factoring RSA Keys with Many Zeros

Auth0
Add Auth0 Documentation to Claude Code

Jericho
The Loquacious Introvert

Malwarebytes
This pay gap is programmed (Lock and Code S07E13)

MIT Technology Review
Agent confidence on the technical frontier

Malwarebytes
119 Edge extensions promised useful tools, instead downloaded malware

Wiz
Bridging the Visibility Gap: A Unified Security Operating Model for Hybrid Cloud Teams

GitGuardian
Unified Secrets Security with GitGuardian and AWS Secrets Manager

Rapid7
Modernizing Global Vulnerability Standards For The Age Of AI

MIT Technology Review
The Download: metric weaknesses and AI elephant warnings

ISC SANS
Adding some Automation to the favicon.ico method of Host Recon, (Mon, Jun 29th)

CISA Alerts & Advisories
CISA Adds One Known Exploited Vulnerability to Catalog

Dark Reading
Amazon Q VS Extension Flaw Leads to Cloud Credential Theft

Mozilla Security
Improving Transparency and Assurance in the Web PKI: Mozilla Root Store Policy v3.1

Wiz
The Borderless Attack Surface: Securing Public Sector Hybrid Environments

Schneier on Security
Robot Police Officers

Wiz
The Red Agent POV: Exploiting Broken Object-Level Authorization in an Airline GraphQL API

Malwarebytes
A week in security (June 22 – June 28)

Resecurity
Reconnaissance in the Age of AI: Exploring Modern ML Infrastructure

ISC SANS
ISC Stormcast For Monday, June 29th, 2026 https://isc.sans.edu/podcastdetail/9986, (Mon, Jun 29th)

Datadog HQ
Datadog achieves GovRAMP High authorization

Datadog HQ
Preparing for OMB M-26-14: How Datadog supports federal logging maturity

Fastly
AI is Taking From Publishers! Here’s How They Can Fix It

Snyk
Snyk VulnBench JS 1.0: Can LLMs Find the Same Bugs Twice?


2026-06-28

Jericho
2026 East Coast Drive (Part 8: Random Notes)

ToxSec
How OpenAI’s Cyber Defense Plan Backs the Defenders

ISC SANS
YARA-X 1.18.0 and 1.19.0 Release, (Sun, Jun 28th)

MaskRay's Blog
Optimizing LLVM's bump allocator

Project Black
Local AI for Penetration Testing & Research


2026-06-27

Jericho
2026 East Coast Drive (Part 7: NC)

Dark Reading
Third-Party Breaches Teach Education Sector a Costly Lesson in Vendor Risk

Project Black
A user account restriction (for example, a time-of-day restriction) is preventing you from logging on. For assistance, contact your system administrator or technical support.

MaskRay's Blog
A deep dive into SmallVector::push_back


2026-06-26

Schneier on Security
The Chinese Control the Majority of Argentina’s Squid Fleet

Aikido
npm now freezes high-impact accounts after risky account changes

Rapid7
Weekly Metasploit Update: Modules for Audiobookshelf, LiteLLM, Next.js, Dalfox and more

Dark Reading
AI Decline? Confidence in Autonomous Penetration Testing Falls

Dark Reading
Cisco Adds NHI to Security Stack With Astrix, WideField Acquisitions

Aikido
Top Koi alternatives in 2026

Schneier on Security
Meta Is Testing Facial Recognition for Police and Military

Dark Reading
New Initiative Tackles Security for End-of-Life Open Source Software

Socket
Miasma Mini Shai-Hulud Hits ImmobiliareLabs npm Packages

Step Security
Multiple @immobiliarelabs Backstage Plugins Compromised on npm

Dark Reading
AI Won't Wipe-Out Entry-Level Cybersecurity Jobs

Jericho
Captain Obvious Audits the NVD

Socket
Rolldown Pulls Rust React Compiler Integration After Binary Size Increase

GitGuardian
AI Is the Newest Developer To Misunderstand Secrets In Your Git History

Dark Reading
Meeting Trump's 2030 Quantum Deadline Will be Expensive, Complex

SentinelOne
The Good, the Bad and the Ugly in Cybersecurity – Week 26

Dark Reading
Thanks for Crushing the Submissions Inbox. We're Trying to Keep Up

Malwarebytes
Malware steals Chrome session cookies to take over your accounts

MIT Technology Review
The Download: brain-melting heatwaves and unprecedented OpenAI restrictions

Wiz
MCP Auto-Execution: From Git Clone to Cloud Compromise in Amazon Q VS Code Extension

CISA Alerts & Advisories
Russian Intelligence Services Continue to Target Commercial Messaging Applications

Schneier on Security
One Million Passports Leaked Online

MIT Technology Review
Heat waves mess with your brain. Scientists are trying to figure out why.

Auth0
Want AI Agents That Don't Spill Secrets? Don't Give Them Secrets

Aikido
Packagist is now protected by Aikido Intel and other updates to the PHP registry

Compass Security Blog
Cyber Resilience Act – Part I

Moonlock
Your Telegram got hacked? Here’s what you can do about it

Teleport Blog
PostgreSQL: How to Control and Audit Agent Access with Identity

Datadog HQ
Reduce CDN log costs with searchable archives


2026-06-25

Dark Reading
Robinhood Cuts Access Approval Time to Support High-Velocity Development

Meta Security
Privacy-Aware Infrastructure in the AI-Native Era: An Asset Classification Case Study

Microsoft Security
Photo ZIP campaign targeting hospitality industry delivers Node.js implant for persistent access

Dark Reading
In Less Than 24 Hours, Attackers Weaponize Cisco CUCM Flaw

Dark Reading
Russian APT 'Gamaredon' Upgrades Its Arsenal, Requiring New Defenses

Dark Reading
EdTech Attackers Shift From Schools to Their Software Suppliers

Mend
Attestation in Cybersecurity: Types, Uses & Best Practices

Dark Reading
Local Police Collusion Hampers Crackdown on Asian Scam Centers

Malwarebytes
Beware of “Parcel Expert” job offers: They’re parcel mule scams

Talos Intelligence
Beyond IOCs: AI-enabled threat intelligence

Socket
Miasma Mini Shai-Hulud Hits LeoPlatform npm Packages and GitHub Actions, Expands to the Go Ecosystem

The Citizen Lab
Emile Dirks Elected to PEN Canada’s Board of Directors

Schneier on Security
AI and Liability

Eclypsium
Mythos Finds Vulnerabilities. But Can Anyone Patch Fast Enough?

Microsoft Security
Microsoft a Leader in The Forrester Wave™ for Endpoint Management Platforms

Step Security
Maven Support Comes to GitHub Checks and OSS Package Search

Jericho
2026 East Coast Drive (Part 6: TN)

Artem Golubin
Hexora v0.3: New features and improvements

Step Security
15 Malicious JetBrains Plugins Stole AI API Keys from 70,000 Developers

MIT Technology Review
Repositioning retail for the AI era

ToxSec
Decision Tracing: The Missing Piece in Every AI Agent Breach

Rapid7
Experts on Experts: Why AI and Compliance Are Forcing A New Security Operating Model

Cloudflare
How we built saga rollbacks for Cloudflare Workflows

Embrace The Red
Computer-Use and TOCTOU: What You Click Is Not What You Get!

MIT Technology Review
The Download: Europe’s heat wave hits the grid, and IBM’s chip targets Moore’s Law

CISA Alerts & Advisories
H.VIEW HV-500S6 IP Camera

CISA Alerts & Advisories
OHIF Viewers DICOM

CISA Alerts & Advisories
Delta Electronics DTM Soft

CISA Alerts & Advisories
EVoke Systems Charging Station Management System

CISA Alerts & Advisories
Horner Automation Cscape

CISA Alerts & Advisories
Daktronics Controller Firmware

CISA Alerts & Advisories
pydicom pynetdicom Library

CISA Alerts & Advisories
Yokogawa FAST/TOOLS and CI Server

CISA Alerts & Advisories
CISA Adds Two Known Exploited Vulnerabilities to Catalog

CISA Alerts & Advisories
Schneider Electric PowerLogic P7

Wiz
Uncovering Hidden Attack Paths in Cloud Environments Using Runtime Signals

Schneier on Security
Interesting Paper Exploring Prompt Injection

Malwarebytes
Update Chrome to patch critical browser security flaws

Malwarebytes
Fake domain renewal emails trick website owners into paying scammers

ISC SANS
What do Ports Hear When Nobody's Listening? An Assessment of Automated Cybercrime [Guest Diary], (Wed, Jun 24th)

Talos Intelligence
Introduction to COM usage by Windows threats

Dark Reading
Europe Evolves Into Ransomware's Favorite Region

Malwarebytes
Elite network says it was hacked after members’ personal data was left exposed

Step Security
Mass npm Supply Chain Attack: 20 Leo Platform Packages Compromised

Step Security
simonecorsi/mawesome GitHub Action has been compromised

Step Security
codfish/semantic-release-action GitHub Action has been compromised

TrustedSec
Large Workflows with Local LLMs

Aikido
Everybody's shipping code they can't read

Moonlock
Has your Gmail been hacked? Here’s how to tell and how to recover your account

Datadog HQ
How we saved over $3 million in idle compute costs with Datadog Kubernetes Autoscaling

Hacktron
Metabase Cloud: The winner takes it all

Fastly
How to Prove the Business Value of Your Edge Infrastructure

Datadog HQ

Snyk
NVD in the AI Era: The Case for Multi-Source Vulnerability Intelligence


2026-06-24

Xint
How a FinTech Startup Accelerates Rapid Product Iteration Without Introducing Security Gaps With Xint

Dark Reading
Attackers Hit Cisco SD-WAN Flaw 2 Months Before Disclosure

Aikido
Compromised GitHub action codfish/semantic-release-action steals CI/CD secrets

Ars Technica Security
One-two punch delivered in global operation disrupts cybercrime "assembly line"

Dark Reading
2026 FIFA World Cup Faces Surge in Cyber Threats

Amazon Security
Restrict AWS Management Console access to expected networks with sign-in resource-based policies and RCPs

Dark Reading
Do CISOs Need a Code of Ethics?

Microsoft Security
CNAPP evolution: How Microsoft aligns with leading cloud risk management platforms

Malwarebytes
PixelSmash flaw turns video files into attack tools

Dark Reading
More Malicious OpenClaw Skills Threaten AI Supply Chain

Jericho
2026 East Coast Drive (Part 5: WV / KY)

Malwarebytes
Watch out for renewal scams pretending to be Malwarebytes

GitGuardian
Identiverse 2026: The Challenges Of Solving Identity For AI Agents At Scale

Black Hills Info Sec
Insufficient Egress Filtering: How Weak Outbound Controls Enable Attacks

Snyk
A Note to Our Customers and Partners

Bishop Fox Security
AI Finds Vulnerabilities. Security Experts Find Impact.

Microsoft Security
StealC and Amadey: Breaking down infostealers and the cybercrime services that deliver them

Wiz
How AI Is Rewriting the SecOps Playbook

GitGuardian
Hunting Leaked PyPI Tokens: 62 Live, 125 Packages Exposed

CISA News
New CISA Guide Assists Federal Agencies with Transitioning to Modernized Zero Trust Architectures

CISA Alerts & Advisories
Using SASE in a Modern TIC 3.0 Solution

Dark Reading
Apple's MacOS Gap Lets Users Disable Security Tools

Schneier on Security
Embedding Forbidden Text in Spyware to Discourage AI Analysis

Malwarebytes
“Total access to all your devices.” Sextortion scammers strike again

Searchlight Cyber
June 24th – This Week’s Top Cybersecurity and Dark Web Stories

ISC SANS
Linux Process Name Masquerading, (Wed, Jun 24th)

Cloudflare
Unlocking the Cloudflare app ecosystem with OAuth for all

Troy Hunt
Weekly Update 509

Socket
Frontier AI Is Now Critical Infrastructure

ISC SANS
ISC Stormcast For Wednesday, June 24th, 2026 https://isc.sans.edu/podcastdetail/9984, (Wed, Jun 24th)

Auth0
Embedded Login Advancements: Put Your Apps in Control of Identity to Accelerate Conversions

Star Labs
Old Bug, Harder Rules : Exploiting CVE-2023-36802 Without the Usual Shortcuts

Teleport Blog
Your AI Agent Needs to Know Who You Are

Datadog HQ
Automatically enrich security logs with MITRE ATT&CK context before they reach your SIEM

Fastly
Using the Gini Coefficient to Plan Edge Capacity


2026-06-23

Palo Alto Networks
New Executive Order Accelerates Post-Quantum Readiness Amid the Cryptographic Reset

Ars Technica Security
White House drastically shortens deadline for dropping quantum-vulnerable crypto

Dark Reading
Scope of Salesforce Attacks Expands as Icarus Leaks Data

Dark Reading
'Cordyceps': Mushrooming Malicious Pull Requests Threaten Developer Workflows

Cloudflare
The White House's post-quantum executive order is an important milestone. It’s time to get to work

Rapid7
Why SIEM is Moving Toward Unified Security Operations: Rapid7 Named a Major Player in IDC MarketScape