120 Security Blogs

Last Updated: 07 Feb 25 04:42 UTC

Blog List | Github | OPML

2025-02-07

Cloudflare
Cloudflare Incident on February 6, 2025


2025-02-06

Schneier on Security
AIs and Robots Should Sound Robotic

Malwarebytes
New scams could abuse brief USPS suspension of inbound packages from China, Hong Kong

Malwarebytes
University site cloned to evade ad detection distributes fake Cisco installer

Rapid7
4 Reasons Why MSPs & MSSPs Need to Enhance Attack Surface Management

Fastly
DDoS in January

Moonlock
Hackers are posing as Google support in a sophisticated attack

Ars Technica Security
DeepSeek iOS app sends data unencrypted to ByteDance-controlled servers

Ars Technica Security
Ransomware payments declined in 2024 despite massive. well-known hacks

Krebs on Security
Experts Flag Security, Privacy Risks in DeepSeek AI App

Dark Reading
Researcher Outsmarts, Jailbreaks OpenAI's New o3-mini

Dark Reading
US Cybersecurity Efforts for Spacecraft Are Up in the Air

Dark Reading
DeepSeek Phishing Sites Pursue User Data, Crypto Wallets

Dark Reading
Agencies Sound Alarm on Patient Monitors With Hardcoded Backdoor

Dark Reading
The Cyber Savanna: A Rigged Race You Can't Win, but Must Run Anyway

Dark Reading
Basket of Bank Trojans Defraud Citizens of East India

Talos Intelligence
Changing the tide: Reflections on threat data from 2024

Talos Intelligence
Google Cloud Platform Data Destruction via Cloud Build

Eclypsium
BTS #45 - Understanding Firmware Vulnerabilities in Network Appliances

Eclypsium
AMD Processors Vulnerable to Malicious Microcode

Mend
Fake VS Code Extension on npm Spreads Multi-Stage Malware

Mend
2025 OWASP Top 10 for LLM Applications: A Quick Guide

Amazon Security
2024 PiTuKri ISAE 3000 Type II attestation report available with 179 services in scope

Amazon Security
2024 FINMA ISAE 3000 Type II attestation report available with 179 services in scope

Snyk
Consolidate Security Findings with Snyk and Google Security Command Center

Palo Alto Networks
Driving Innovation Together — Palo Alto Networks 2024 Partner Awards

TrustedSec
The Hidden Trap in the PCI DSS SAQ A Changes


2025-02-05

Schneier on Security
On Generative AI Security

Malwarebytes
Small business owners, secure your web shop

Rapid7
Take Command | Rapid7’s 2025 Cybersecurity Summit: Own Your Attack Surface on April 9

Okta Security
How Okta Embraces Identity Verification Using Persona

Google Safety & Security
$15 million to support hands-on cybersecurity education

Trail of Bits
Preventing account takeover on centralized cryptocurrency exchanges in 2025

Fastly
Cache Me If You Can: HTTP Cache API Edition

Ars Technica Security
7-Zip 0-day was exploited in Russia’s ongoing invasion of Ukraine

Ars Technica Security
Go Module Mirror served backdoor to devs for 3+ years

Auth0
Okta Universal Logout Integration Now Supported in Auth0

Auth0
How to Implement Relationship-Based Access Control (ReBAC) in a Ruby On Rails API?

Dark Reading
Why Cybersecurity Needs Probability — Not Predictions

Dark Reading
Abandoned AWS Cloud Storage: A Major Cyberattack Vector

Dark Reading
Attackers Target Education Sector, Hijack Microsoft Accounts

Dark Reading
Nigeria Touts Cyber Success, Even as Cybercrime Rises in Africa

Offensive Security
Building a Cyber-Resilient Public Sector Through Hands-on Security Training

Datadog HQ
Simplify your SIEM migration to Microsoft Sentinel with Datadog Observability Pipelines

Amazon Security
AWS renews MTCS Level 3 certification under the SS584:2020 standard

Amazon Security
How AWS Network Firewall session state replication maximizes high availability for your application traffic

Cloudflare
Cloudflare’s commitment to advancing Public Sector security worldwide by pursuing FedRAMP High, IRAP, and ENS

Bishop Fox Security
From Dial Tone to Throne: IVR Testing in the Spirit of The King of NYNEX

Meta Security
Revolutionizing software testing: Introducing LLM-powered bug catchers

Snyk
Creating SBOMs with the Snyk CLI


2025-02-04

Schneier on Security
Deepfakes and the 2024 US Election

Malwarebytes
Valley News Live exposed more than a million job seeker’s resumes

Malwarebytes
New AI “agents” could hold people for ransom in 2025

Rapid7
Introducing the Exposure Management Webinar Series: Commanding Your Attack Surface

SpiderLabs
Beyond the Chatbot: Meta Phishing with Fake Live Support

Fastly
Three application security trends to monitor in 2025

Ars Technica Security
22-year-old math wiz indicted for alleged DeFI hack that stole $65M

Krebs on Security
Who’s Behind the Seized Forums ‘Cracked’ & ‘Nulled’?

Dark Reading
How Are Modern Fraud Groups Using GenAI and Deepfakes?

Dark Reading
Backline Tackles Enterprise Security Backlogs With AI

Dark Reading
Credential Theft Becomes Cybercriminals' Favorite Target

Dark Reading
Ferret Malware Added to 'Contagious Interview' Campaign

Dark Reading
Cybercriminals Court Traitorous Insiders via Ransom Notes

Dark Reading
Chinese 'Infrastructure Laundering' Abuses AWS, Microsoft Cloud

Dark Reading
Managing Software Risk in a World of Exploding Vulnerabilities

Datadog HQ
Quickly get rich, actionable context for alerts with Datadog's new Monitor Status page

PortSwigger
Top 10 web hacking techniques of 2024

watchTowr Labs
8 Million Requests Later, We Made The SolarWinds Supply Chain Attack Look Amateur

Cloudflare
No hallucinations here: track the latest AI trends with expanded insights on Cloudflare Radar

Meta Security
Data logs: The latest evolution in Meta’s access tools

Snyk
Best practices for creating a modern npm package with security in mind


2025-02-03

Schneier on Security
Journalists and Civil Society Members Using WhatsApp Targeted by Paragon Spyware

Malwarebytes
WhatsApp says Paragon is spying on specific users

Malwarebytes
A week in security (January 27 – February 2)

Rapid7
Excellence in Leadership: CRN Recognizes Alex Page Among Its 2025 Channel Chiefs

Fastly
PCI DSS 4.0 Demystified

Sansec Threat Research
Sorry, client-side security does not work

Dark Reading
DNSFilter's Annual Security Report Reveals Worrisome Spike in Malicious DNS Requests

Dark Reading
EMEA CISOs Plan 2025 Cloud Security Investment

Dark Reading
Interactive Online Training for Cybersecurity Professionals; Earn CPE Credits

Dark Reading
'Constitutional Classifiers' Technique Mitigates GenAI Jailbreaks

Dark Reading
Name That Edge Toon: In the Cloud

Dark Reading
Microsoft Sets End Date for Defender VPN

Dark Reading
AI Malware Dressed Up as DeepSeek Packages Lurk in PyPi

Dark Reading
Ransomware Groups Weathered Raids, Profited in 2024

Dark Reading
1-Click Phishing Campaign Targets High-Profile X Accounts

Dark Reading
Black Hat USA

Dark Reading
Proactive Vulnerability Management for Engineering Success

Offensive Security
CVE-2025-21298: A Critical Windows OLE Zero-Click Vulnerability

Datadog HQ
How insurance companies discover, classify, and act on sensitive data risks with Datadog

Datadog HQ
Monitor Google Cloud TPUs with Datadog

SentinelOne
macOS FlexibleFerret | Further Variants of DPRK Malware Family Unearthed

Amazon Security
Implement effective data authorization mechanisms to secure your data used in generative AI applications – part 2

Cloudflare
Preserving content provenance by integrating Content Credentials into Cloudflare Images

HackerOne
Welcome, Hackbots: How AI Is Shaping the Future of Vulnerability Discovery

Meta Security
How Precision Time Protocol handles leap seconds

Palo Alto Networks
10 Cyber Recommendations for the Trump Administration


2025-02-02

Star Labs
Mali-cious Intent: Exploiting GPU Vulnerabilities (CVE-2022-22706 / CVE-2021-39793)

Troy Hunt
Weekly Update 437

Red Siege InfoSec Blog
Red Siege at Wild West Hackin’ Fest Mile High 2025 – What to Expect!

MaskRay's Blog
lld 20 ELF changes


2025-02-01

Bad Security
Google's AI Says Its Own Technology Is Being Used To Harm Palestinians


2025-01-31

Schneier on Security
Friday Squid Blogging: On Squid Brains

Malwarebytes
ClickFix vs. traditional download in new DarkGate campaign

Malwarebytes
Cybercrime gets a few punches on the nose

Rapid7
Metasploit Weekly Wrap-Up 01/31/25

Moonlock
Fake Reddit and WeTransfer pages are spreading stealer malware

Binary Security
CRLF injection via TryAddWithoutValidation in .NET

Krebs on Security
FBI, Dutch Police Disrupt ‘Manipulaters’ Phishing Gang

Auth0
Use CIBA Authentication with Auth0 and .NET

Dark Reading
DeepSeek Jailbreak Reveals Its Entire System Prompt

Dark Reading
Black Hat USA 2024 Highlights

Dark Reading
Community Health Center Data Breach Affects 1M Patients

Dark Reading
DoJ Shutters Cybercrime Forums Behind Attacks on 17M Americans

Dark Reading
State Data Privacy Regulators Are Coming. What Story Will You Tell Them?

Dark Reading
Tenable to Acquire Vulcan Cyber to Boost Exposure Management Focus

Dark Reading
Code-Scanning Tool's License at Heart of Security Breakup

Dark Reading
Can AI & the Cyber Trust Mark Rebuild Endpoint Confidence?

SentinelOne
The Good, the Bad and the Ugly in Cybersecurity – Week 5

The Citizen Lab
Job posting: Systems and Security Technical Lead

HackerOne
DORA Compliance Is Here: What Financial Entities Should Know

Red Siege InfoSec Blog
Security Posture Review and Penetration Testing