133 Security Blogs

Last Updated: 21 May 25 14:18 UTC

Blog List | Github | OPML

2025-06-26

Dark Reading
[Virtual Event] Strategic Security for the Modern Enterprise


2025-05-22

Snyk
Snyk Report shows 88% of CISOs are concerned with current state of U.S. cyber readiness


2025-05-21

Rapid7
Key Takeaways from the Take Command Summit 2025: Inside the Mind of an Attacker

SpiderLabs
Hospitality Under Attack: New Trustwave Report Highlights Cybersecurity Challenges in 2025

ReversingLabs
Boost VM security: 8 key strategies

Red Siege InfoSec Blog
Relics of the Past

Searchlight Cyber
Attack Surface Management Software: Why it’s Critical for Cybersecurity

Searchlight Cyber
Legal Aid Agency Confirms Data Breach

Schneier on Security
More AIs Are Taking Polls and Surveys

Dark Reading
The Day I Found an APT Group In the Most Unlikely Place

Dark Reading
Asia Produces More APT Actors, as Focus Expands Globally


2025-05-20

Auth0
Secure A2A Authentication with Auth0 and Google Cloud

Okta Security
Leveraging Okta System Logs for Proactive Threat Detection

Amazon Security
How to automate incident response for Amazon EKS on Amazon EC2

ReversingLabs
NIST Adversarial ML Guidance: How RL Can Secure Your Organization

Meta Security
Meta’s Full-stack HHVM optimizations for GenAI

Krebs on Security
KrebsOnSecurity Hit With Near-Record 6.3 Tbps DDoS

TrustedSec
Red Team Gold: Extracting Credentials from MDT Shares

Malwarebytes
23andMe and its customers’ genetic data bought by a pharmaceutical org

Malwarebytes
Malware-infected printer delivered something extra to Windows users

Cloudflare
Performance measurements… and the people who love them

Schneier on Security
DoorDash Hack

Datadog HQ
Optimize cross-platform mobile apps with Datadog RUM and Kotlin Multiplatform support

Datadog HQ
Introducing the Datadog Developer Hub

Datadog HQ
Monitoring AI Proxies to optimize performance and costs

Datadog HQ
How we use RUM to make design decisions that enhance user experience

Talos Intelligence
Duping Cloud Functions: An emerging serverless attack vector

Dark Reading
Fake Kling AI Malvertisements Lure Victims With False Promises

Dark Reading
Virgin Media 02 Vuln Exposes Call Recipient Location

Dark Reading
Tenable Adds Third-Party Connectors to Exposure Management Platform

Dark Reading
Regeneron Pledges Privacy Protection in $256M Bid for 23andMe

Dark Reading
Bumblebee Malware Takes Flight via Trojanized VMware Utility

Dark Reading
Large Retailers Land in Scattered Spider's Ransomware Web

Dark Reading
'Hazy Hawk' Cybercrime Gang Swoops In for Cloud Resources

Dark Reading
Why Rigid Security Programs Keep Failing

Dark Reading
Novel Phishing Attack Combines AES With Poisoned npm Packages

Ars Technica Security
Windows 11’s most important new feature is post-quantum cryptography. Here’s why.

Mend
Application Security Testing: Security Scanning and Runtime Protection Tools


2025-05-19

Microsoft Security
Microsoft extends Zero Trust to secure the agentic workforce

Auth0
Discover User Lifecycle Changes via Event Streams – Now in Early Access

Moonlock
Malvertising: How can you detect and prevent a malvertising attack?

Troy Hunt
Have I Been Pwned 2.0 is Now Live!

White Knight Labs
Harnessing the Power of Cobalt Strike Profiles for EDR Evasion – Part 2

Fastly
Putting an end to CAPTCHA

Malwarebytes
How Los Angeles banned smartphones in schools (Lock and Code S06E10)

Malwarebytes
Update your Chrome to fix serious actively exploited vulnerability

Malwarebytes
A week in security (May 12 – May 18)

Cloudflare
Your IPs, your rules: enabling more efficient address space usage

Schneier on Security
The NSA’s “Fifty Years of Mathematical Cryptanalysis (1937–1987)”

Datadog HQ
Amazon SES monitoring: Detect phishing campaigns in the cloud

Eclypsium
Ensuring Device Security in Federal Environments

Dark Reading
'Operation RoundPress' Targets Ukraine in XSS Webmail Attacks

Dark Reading
S. Dakota CIO Gottumukkala Signs on as CISA Deputy Director

Dark Reading
Legal Aid Agency Warns Lawyers, Defendants on Data Breach

Dark Reading
CVE Disruption Threatens Foundations of Defensive Security


2025-05-17

Mozilla Security
Firefox Security Response to pwn2own 2025

Zero Day Initiative
Pwn2Own Berlin 2025: Day Three Results

CrankySec
Pour one out for community


2025-05-16

Rapid7
Metasploit Wrap-Up 05/16/2025

Rapid7
Ivanti Endpoint Manager Mobile exploit chain exploited in the wild

SentinelOne
The Good, the Bad and the Ugly in Cybersecurity – Week 20

SpiderLabs
Guarding Against Dependency Attacks: Essential Strategies for Modern Application Development

Auth0
How to Migrate Users to Auth0: A Technical Guide

Moonlock
Over 2,800 hacked websites are infecting Macs with Atomic Stealer

Troy Hunt
Weekly Update 452

Searchlight Cyber
Japan’s FSA Warns of Surge in Securities Account Takeovers

Zero Day Initiative
Pwn2Own Berlin 2025: Day Two Results

Malwarebytes
Data broker protection rule quietly withdrawn by CFPB

Malwarebytes
Meta sent cease and desist letter over AI training

Cloudflare
Vulnerability transparency: strengthening security through responsible disclosure

Schneier on Security
Friday Squid Blogging: Pet Squid Simulation

Schneier on Security
Communications Backdoor in Chinese Power Inverters

Dark Reading
Coinbase Extorted, Offers $20M for Info on Its Hackers

Dark Reading
Australian Human Rights Commission Leaks Docs in Data Breach

Dark Reading
Dynamic DNS Emerges as Go-to Cyberattack Facilitator

Dark Reading
Attacker Specialization Puts Threat Modeling on Defensive

Dark Reading
How to Develop and Communicate Metrics for CSIRPs

Dark Reading
Turkish APT Exploits Chat App Zero-Day to Spy on Iraqi Kurds


2025-05-15

Microsoft Security
​​How the Microsoft Secure Future Initiative brings Zero Trust to life

SentinelOne
Prioritizing CVEs in the Cloud

Auth0
Implementing Role-Based Access Control in Your Blazor B2B SaaS Application

Moonlock
North Korean OtterCookie malware got better at stealing your data

Offensive Security
CVE-2024-2928: MLflow Local File Inclusion via URI Fragment Manipulation

Troy Hunt
Welcoming the Malaysian Government to Have I Been Pwned

ReversingLabs
Backdoor implant discovered on PyPI posing as debugging utility

Elastic Security Labs
Misbehaving Modalities: Detecting Tools, Not Techniques

Meta Security
Open-sourcing Pyrefly: A faster Python type checker written in Rust

Meta Security
Introducing Pyrefly: A new type checker and IDE experience for Python

Krebs on Security
Breachforums Boss to Pay $700k in Healthcare Breach

TrustedSec
Purpling Your Ops

Zero Day Initiative
Pwn2Own Berlin 2025: Day One Results

watchTowr Labs
Expression Payloads Meet Mayhem - Ivanti EPMM Unauth RCE Chain (CVE-2025-4427 and CVE-2025-4428)

Cloudflare
Forget IPs: using cryptography to verify bot and agent traffic

Schneier on Security
AI-Generated Law

Datadog HQ
Unify your FinOps and engineering workflows in Datadog Cloud Cost Management

Datadog HQ
3 ways to drive software delivery success with Datadog DORA Metrics

Datadog HQ
The Datadog Agent: Why it's essential for monitoring your infrastructure and applications with Datadog

Talos Intelligence
Xoxo to Prague

Eclypsium
Protecting the Exposed Network Edge from APTs, Zero Days, and Ransomware

Eclypsium
BTS #50 - SBOMs, HBOMs, and Supply Chain Visibility

Hunt and Hackett
Improving AFD Socket Visibility for Windows Forensics & Troubleshooting

Dark Reading
Big Steelmaker Halts Operations After Cyber Incident

Dark Reading
Valarian Unveils Data Management Platform Designed for Government Use

Dark Reading
International Crime Rings Defraud US Gov't Out of Billions

Dark Reading
Attackers Target Samsung MagicINFO Server Bug, Patch Now

Dark Reading
Critical SAP NetWeaver Vuln Faces Barrage of Cyberattacks

Dark Reading
RSAC 2025: AI Everywhere, Trust Nowhere

Dark Reading
RealDefense Partner Program Surpasses $100M in Annual Revenue

Dark Reading
Critical Infrastructure Under Siege: OT Security Still Lags

Ars Technica Security
FBI warns of ongoing scam that uses deepfake audio to impersonate government officials

Ars Technica Security
After latest kidnap attempt, crypto types tell crime bosses: Transfers are traceable

Ars Technica Security
Spies hack high-value mail servers using an exploit from yesteryear


2025-05-14

Rapid7
CVE-2025-32756 Exploited in the Wild, Affecting Multiple Fortinet Products

Auth0
Handling the Dual-Write Problem in Distributed Systems

Google Safety & Security
Introducing Device Trust from Android Enterprise

Amazon Security
Introducing the AWS User Guide to Governance, Risk and Compliance for Responsible AI Adoption within Financial Services Industries

Bad Security
Digital Promises, Analog Pitfalls: The Risks and Rewards of a Canadian Children’s Privacy Code

Zero Day Initiative
Pwn2Own Berlin: The Full Schedule

Malwarebytes
Google to pay $1.38 billion over privacy violations

Malwarebytes
Android users bombarded with unskippable ads

Schneier on Security
Upcoming Speaking Engagements

Dark Reading
Infosec Layoffs Aren't the Bargain That Boards May Think

Dark Reading
AI Agents May Have a Memory Problem

Dark Reading
Cyber-Risk Calculator Takes the Guesswork Out of Assessment

Dark Reading
Ivanti EPMM Zero-Day Flaws Exploited in Chained Attack

Dark Reading
Marks & Spencer Confirms Customer Data Stolen in Cyberattack

Ars Technica Security
An $8.4 billion money launderer has been operating for years on US soil

The Citizen Lab
John Scott-Railton Testifies Before EU Parliament’s Committee on Civil Liberties, Justice and Home Affairs

Mend
OWASP Dependency Check: How Does It Work?