193 Security Blogs

Last Updated: 16 Jun 26 16:38 UTC

Blog List | Github | OPML

2026-06-16

Dark Reading
'Lorem Ipsum' Malware Pivots to ClickFix Delivery

Offensive Security
AI vs Traditional Penetration Testing: Tooling and Outcomes

Socket
Introducing Manifest Alerts

Xint
FAQ: Are the Incremental Improvements in New Models Worth the Higher Cost?

Malwarebytes
“Free World Cup stream” sites are serving scams, not football

Malwarebytes
Cardiac patients’ medical data stolen and held to ransom

MIT Technology Review
The Download: the first brain implant power user and South Korea’s AI obsession

GitGuardian
Extending Our Mission With Developer Endpoint Protection

Ars Technica Security
Critical Copilot vulnerability allowed hackers to steal 2FA code from users

Schneier on Security
Flock Cameras Are Being Used for Stalking

Wiz
Wiz Exposure Management Dashboard: Your CTEM Command Center

Malwarebytes
Deepfake posting sites depicting famous women taken down by feds

MIT Technology Review
Want to get a data center online quickly? Give it some flex.

Searchlight Cyber
14 Months of Warning: What Preemptive Threat Intelligence Reveals about the ShinyHunters Supply Chain Breaches

ISC SANS
From a VHDX File to a Remcos RAT, (Tue, Jun 16th)

Resecurity
CVE-2026-20253: Splunk Enterprise Pre-Authentication Remote Code Execution

TrustedSec
JQ for Hackers

ISC SANS
ISC Stormcast For Tuesday, June 16th, 2026 https://isc.sans.edu/podcastdetail/9974, (Tue, Jun 16th)

Moonlock
The 15 common Telegram scams you should watch out for

Himanshu Anand
Fine-tune an LLM on Vertex AI, own the whole GCP project


2026-06-15

Eclypsium
Stay Ahead of Your Next CJIS Audit

Socket
GlassWASM: WebAssembly Malware Found in Trojanized Open VSX Extensions

Malwarebytes
Inside a malicious infrastructure delivering EtherRAT, phishing pages, and malicious software 

Dark Reading
Copilot 'SearchLeak' Attack Allows 1-Click Data Theft

MIT Technology Review
Why do South Koreans love AI so much?

Ars Technica Security
Users cry foul after AMD stripped memory crypto from its consumer CPUs

Rapid7
NIS2 is raising the bar. Here’s how to turn readiness into resilience.

Rapid7
Does Your Security Programme Align With NIS2 Requirements?

Dark Reading
China-Nexus Actor Spies on US Researchers Undetected for a Year

Dark Reading
Most CISOs Report Pressure to Bury Bad Security News

The Citizen Lab
Spying Via Your Mobile Phone: Companies Can Locate Any Device at Any Time

Microsoft Security
Microsoft Defender email security benchmarking: Key insights from one year of data

Exodus Blog
Zombie COTables: Resurrecting Freed Memory to Escape VirtualBox

MIT Technology Review
This man with ALS is “the first power user” of a brain implant that lets him speak

Dark Reading
The Beginning of the End of Social Engineering

Rapid7
Beyond the Score: Using AI to Translate CVEs into Real-World Business Risk

Malwarebytes
Claude Fable 5 and Mythos 5 “abruptly disabled” after US gov. ban

Malwarebytes
Deepfake porn sites are going offline (re-air) (Lock and Code S07E12)

GitGuardian
Gitguardian Agent Skills: Secret Detection and Remediation For AI-Assisted Development

White Knight Labs
Harnessing the Power of Cobalt Strike Profiles for EDR Evasion – Part 3

Moonlock
Is Roblox safe for kids? Here’s what you need to know as a parent

Cloudflare
Growing the Cloudflare AI team with talent from Ensemble AI

Dark Reading
US Cracks Down on Anthropic AI Models Amid Abuse Concerns

MIT Technology Review
The Download: cutting AC emissions, and nature’s drug designer

Schneier on Security
The FCC Wants to Eliminate Burner Phones

Sicuranext Blog
One Paste to Rule Them All: Inside a ClickFix → EtherHiding → GULoader Intrusion

Sicuranext Blog
One Paste to Rule Them All: Inside a ClickFix → EtherHiding → GULoader Intrusion

MIT Technology Review
These new solid-state ACs promise a cool future. Scientists aren’t so sure.

ISC SANS
Evil MSI Background: BASE64 Statistical Analysis, (Mon, Jun 15th)

Malwarebytes
A week in security (June 8 – June 14)

Bad Privacy
Protect Children or Foster Digital Literacy: Can The Canadian Government Solve a False Dichotomy?

Troy Hunt
Weekly Update 508

ISC SANS
ISC Stormcast For Monday, June 15th, 2026 https://isc.sans.edu/podcastdetail/9972, (Mon, Jun 15th)

Auth0
Accelerating Developer Velocity: Announcing Auth0's Native Integration with Vercel

Snyk
The Government Just Banned an AI Model. An Engineer's Perspective.

Rosecurify
Seclog - #182

Fastly
We Built the Proxy Behind Firefox's New Built-In VPN — Here's How It Works


2026-06-14

Schneier on Security
Upcoming Speaking Engagements

ToxSec
Fable 5 Export Control Takedown: One Jailbreak, Whole Planet Dark

Snyk
When a Government Pulls an AI Model: What the Fable 5 and Mythos 5 Suspension Means for Security Teams

Project Black
Pi.Alert - Unauthenticated SQL Injection

Project Black
Guide to Penetration Testing Services in Australia


2026-06-13

Socket
US Government Forces Anthropic to Pull Claude Fable Days After Launch

Aikido
Full Fathom Five: The context of Anthropic’s Mythos-class public release

Step Security
400+ AUR Packages Hijacked: What the “Atomic Arch” Campaign Means for Supply-Chain Security

Project Black
LibreNMS Authenticated RCE (< 26.5.0)

Rapid7
Weekly Metasploit Update: New Kerberos/Certificate tracing options, and multiple new modules

Sansec Threat Research
OptinMonster supply chain attack hits 1.2 million sites


2026-06-12

Socket
152 Chrome Live Wallpaper Extensions Hid Ad Tracking and Faked Google Search Traffic

Schneier on Security
Friday Squid Blogging: Squid-Inspired Fluid Pump

watchTowr Labs
Why Use App-Level Auth When Every Database Has Auth? (Splunk Enterprise CVE-2026-20253 Pre-Auth RCE)

Dark Reading
ShinyHunters Uses Oracle Zero-Day to Rampage Higher Ed

Ars Technica Security
PeopleSoft 0-day affecting hundreds of organizations steals gigabytes of data

The Citizen Lab
Canada Finally Has a National AI Strategy. Experts Hate It.

The Citizen Lab
Who Watches the Watchers?

Palo Alto Networks
Securing Canada’s Digital Future: Why PBMM Matters Beyond Government

The Citizen Lab
Luis Fernando García On State Surveillance in Latin America

Malwarebytes
Stolen iPhones could soon be worth a lot less to thieves

GitGuardian
KCD New York 2026: Trust, Agents, and the Work Behind the Work

Rapid7
Active Exploitation of Oracle PeopleSoft Zero-Day (CVE-2026-35273)

Dark Reading
Claude Fable 5 Doesn't Change the Mythos Security Story

SentinelOne
The Good, the Bad and the Ugly in Cybersecurity – Week 24

Cloudflare
Scaling Security Insights: how we achieved a 10x increase in global scanning capacity

ISC SANS
ISC Stormcast For Friday, June 12th, 2026 https://isc.sans.edu/podcastdetail/9970, (Fri, Jun 12th)

MIT Technology Review
The Download: “reprogramming” aging, and the hidden sense of interoception

Wiz
Navigating the New Federal Logging Mandate | OMB Memorandum M-26-14

Schneier on Security
Bernie Sanders’ AI Sovereign Wealth Fund Plan

Trail of Bits
Factoring "short-sleeve" RSA keys with polynomials

Hunt and Hackett
The no-bullshit guide to NIS2

MIT Technology Review
You do your own time

Malwarebytes
Fake verification pages are stealing Steam accounts from players

MIT Technology Review
Why “reprogramming” is the buzziest approach to reversing aging right now

MIT Technology Review
Inside interoception: The hidden sense of how you feel inside

Google Safety & Security
How we're combatting AI scams with security, legislation and more

SentinelOne
SentinelOne + Claude: Integrations for AI Visibility, Governance, and Defense

Auth0
Implementing the Device Authorization Flow in a C# Console App

watchTowr Labs
Marking Your Own Homework (Check Point Remote Access VPN IKEv1 Authentication Bypass CVE-2026-50751)

TrustedSec
JS-Tap v3: Endpoint Post-Exploitation With JavaScript Implants

Moonlock
Malicious apps are infecting Macs with an adware-backdoor hybrid

Moonlock
A fake BlueWallet app is draining crypto wallets

Moonlock
Apple is on track to break a record for security patches in 2026

Dark Reading
Phishing Attack Volume Down 20%, But Risk Still Rising

Sansec Threat Research
Unauthenticated file upload in Amasty Order Attributes for Magento


2026-06-11

Wiz
AI Threat Readiness Pillar 3: Perform AI Code Analysis Natively in Wiz

Dark Reading
Max-Severity Ivanti Flaw Exploited 24 Hours After Disclosure

Talos Intelligence
A tale of two eras

Searchlight Cyber
Targeting Illicit Crypto Flows: Searchlight Cyber Supports Law Enforcement Takedown of AudiA6 Crypto-Mixer

Socket
Andrew Becherer Joins Socket as Chief Information Security Officer

Step Security
Miasma and Hades Are Spreading Now: Detect Them on Developer Machines with Suspicious Files

Malwarebytes
Google can be liable for false AI Overviews, court rules

Github Security Blog
Making secret scanning more trustworthy: Reducing false positives at scale

Aikido
npm v12 delivers one of the biggest security improvements in years

Dark Reading
Segmentation Works for OT If Operators Are Paying Attention

Bishop Fox Security
Enabling Proper PCI Testing with Internal Penetration Tests

Rapid7
Criminal AI-as-a-Service in 2026: How the Underground Market Is Operationalizing Cybercrime

Red Siege InfoSec Blog
Enumerate Domain Data (EDD): Powerview’s .NET Cousin

Aikido
Aikido x Docker: less noise, more signal in your containers

Malwarebytes
VRChat says reported data breach never happened

Schneier on Security
Enhanced License Plate Tracking

Malwarebytes
Children&#8217;s phones must block nude images by September, UK says

Eye Security Research
CVE-2026-30612: A vulnerability in Time4Popcorn (PopcornTime)

Resecurity
The Anubis Ransomware Attack on the Adriatic Port Authority

TrustedSec
Hardening Intune: The Implementation Guide

ISC SANS
ISC Stormcast For Thursday, June 11th, 2026 https://isc.sans.edu/podcastdetail/9968, (Thu, Jun 11th)

Dark Reading
Chinese, N. Korean Threat Groups Build on Asia-Pacific Success

Auth0
Token Vault with Organizations Support Is Generally Available

Auth0
You Are in Control: Auth0 Enterprise Is Now Self-Service

Himanshu Anand
Reading a patch tuesday diff for fun: the dhcp client memcpy that copies more than four bytes (CVE-2026-44815)

Fastly
Six Common Live Streaming Mistakes (And How to Avoid Them)


2026-06-10

Dark Reading
CISA Rewrites Federal Patching Requirements for AI Threat Era

The Citizen Lab
Ron Deibert Speaks About “Greek Watergate”

Dark Reading
Bug Bounty Research Triggers ServiceNow Security Alert

JFrog
The Governance Gap: What IDC’s 2026 Data Reveals About AI and the Software Supply Chain

Dark Reading
AI Risk Worries Insurers &amp; Businesses Alike

Aikido
Code is being written everywhere, and the device is the only constant

Socket
Socket Partners with Replit to Block Malicious Packages in AI-Powered Development

Dark Reading
Nightmare-Eclipse Drops Yet Another Microsoft Exploit, RoguePlanet

Malwarebytes
Free Spotify Premium hacks on social media are spreading infostealers

Rapid7
Automated Threat Hunting: Turning Threat Intelligence into Executable Hunt Plans

Microsoft Security
Turn specs into evals for any agent with ASSERT

Searchlight Cyber
Attack Surface Management FAQ: Expert Answers to Common Security Questions

Offensive Security
What Live Cybersecurity Training Reveals That Self-Paced Learning Doesn’t

Krebs on Security
Who Runs the Ransomware Group ‘The Gentlemen?’

GitGuardian
You Can't Secure What You Can't See: Making Non-Human Identities Governable

Black Hills Info Sec
The Art of the Badge: A Hard Truth About Physical Security

Aikido
SBOMs in 2026: Everyone's generating them, no one's using them

Xint
AI Wrapper vs. AI Native

Cloudflare
Route public traffic to private applications with Cloudflare

Malwarebytes
Microsoft’s biggest-ever Patch Tuesday fixes 206 bugs, including 3 zero-days

Malwarebytes
88% of people struggle to tell what&#8217;s real online

Schneier on Security
NSO Group Hacking WhatsApp Despite Court Order

Aikido
Compromised Rust crate onering performs code exfiltration

Rapid7
CVE-2026-10520, CVE-2026-10523 - Multiple critical vulnerabilities affecting Ivanti Sentry

Searchlight Cyber
June 10th – This Week’s Top Cybersecurity and Dark Web Stories

Aikido
10 year old critical vulnerability in phpBB affecting tens of millions of users across thousands of forums

ISC SANS
How has use of framing protection security headers changed in the past 3 years&#x3f;, (Wed, Jun 10th)

Troy Hunt
Weekly Update 507

ISC SANS
ISC Stormcast For Wednesday, June 10th, 2026 https://isc.sans.edu/podcastdetail/9966, (Wed, Jun 10th)

watchTowr Labs
More Evidence That Words Don't Mean What We Thought They Meant (Ivanti Sentry Pre-Auth OS Command Injection CVE-2026-10520)

Datadog HQ
Store and search high-volume logs with ClickHouse and Datadog

Infernux Blog
Exploring artifacts of a desired state to build health checks with limited access

Auth0
How to Connect Any OAuth2 Service to AI Agents with Auth0 Token Vault

Auth0
What Our Design Team Stopped Doing to Start Leading the System for Quality

Fastly
How Fastly and Skyfire Enable Trusted Agentic Commerce at the Edge


2026-06-09

Palo Alto Networks
Beyond Human Oversight: Adapting to the Frontier AI Era

Palo Alto Networks
Shifting from Data Hoarding to Active Defense: Navigating the New Era of OMB M-26-14

Mend
Best Software Composition Analysis Services: Top 8 in 2026

Krebs on Security
A Record-Breaking Patch Tuesday for June 2026

Dark Reading
The Invisible Battlefield: How Cyberwar Is Reshaping Everyday Life

Dark Reading
Blame AI: Patch Tuesday Hits Record 206 CVEs

Talos Intelligence
Microsoft Patch Tuesday for June 2026 — Snort rules and prominent vulnerabilities

Socket
npm Tooling Bug Incorrectly Marks One-Character Packages as Security Holders

Rapid7
Patch Tuesday - June 2026

Step Security
Pythagora-io/gpt-pilot Compromised on GitHub - Shai-Hulud Credential Stealer Blocked by Python Linter

Step Security
Microsoft's durabletask PyPI Package Compromised in Supply Chain Attack

Step Security
Miasma Worm Hits Microsoft Again: Azure Functions Action and 72 Other Repositories Disabled After Supply Chain Attack Targeting AI Coding Agents

Step Security
The Hades Campaign: Graph ML PyPI Packages Deploy Cross-Platform Memory Scrapers, AI Analyst Misdirection, and a Wiper Deterrent

Step Security
New in the Threat Center: Compromised Components, Now Available via API

Ars Technica Security
Locked in heated rivalry with researcher, Microsoft fixes 0-day they disclosed

Dark Reading
Microsoft Exchange Flaw Lets Attackers Spoof Any Email Address

Dark Reading
Miasma Supply Chain Worm Burrows Into 73 Microsoft Repositories

The Citizen Lab
Submission to the Standing Senate Committee on National Security, Defence and Veterans Affairs of Bill C-8

Praetorian
Centurion: Bring Your Own Execution Environment

Zero Day Initiative
The June 2026 Security Update Review

Microsoft Security
Reconstructing AI activity in investigations

ISC SANS
Microsoft June 2026 Patch Tuesday, (Tue, Jun 9th)