193 Security Blogs

Last Updated: 10 Jun 26 17:00 UTC

Blog List | Github | OPML

2026-06-26

Dark Reading
Name That Toon Contest


2026-06-10

Dark Reading
Nightmare-Eclipse Drops Yet Another Microsoft Exploit, RoguePlanet

Malwarebytes
Free Spotify Premium hacks on social media are spreading infostealers

Rapid7
Automated Threat Hunting: Turning Threat Intelligence into Executable Hunt Plans

Searchlight Cyber
Attack Surface Management FAQ: Expert Answers to Common Security Questions

Krebs on Security
Who Runs the Ransomware Group ‘The Gentlemen?’

GitGuardian
You Can't Secure What You Can't See: Making Non-Human Identities Governable

Black Hills Info Sec
The Art of the Badge: A Hard Truth About Physical Security

Aikido
SBOMs in 2026: Everyone's generating them, no one's using them

Xint
AI Wrapper vs. AI Native

Malwarebytes
Microsoft’s biggest-ever Patch Tuesday fixes 206 bugs, including 3 zero-days

MIT Technology Review
The Download: the “steroid olympics” and a safer Mythos

Malwarebytes
88% of people struggle to tell what’s real online

Schneier on Security
NSO Group Hacking WhatsApp Despite Court Order

Aikido
Compromised Rust crate onering performs code exfiltration

Rapid7
CVE-2026-10520, CVE-2026-10523 - Multiple critical vulnerabilities affecting Ivanti Sentry

Searchlight Cyber
June 10th – This Week’s Top Cybersecurity and Dark Web Stories

MIT Technology Review
The “steroid olympics” were a circus—and a window into our culture

Aikido
10 year old critical vulnerability in phpBB affecting tens of millions of users across thousands of forums

ISC SANS
How has use of framing protection security headers changed in the past 3 years?, (Wed, Jun 10th)

Troy Hunt
Weekly Update 507

ISC SANS
ISC Stormcast For Wednesday, June 10th, 2026 https://isc.sans.edu/podcastdetail/9966, (Wed, Jun 10th)

watchTowr Labs
More Evidence That Words Don't Mean What We Thought They Meant (Ivanti Sentry Pre-Auth OS Command Injection CVE-2026-10520)

Fastly
How Fastly and Skyfire Enable Trusted Agentic Commerce at the Edge

Auth0
What Our Design Team Stopped Doing to Start Leading the System for Quality


2026-06-09

Krebs on Security
A Record-Breaking Patch Tuesday for June 2026

Dark Reading
The Invisible Battlefield: How Cyber War Is Reshaping Everyday Life

Dark Reading
Blame AI: Patch Tuesday Hits Record 206 CVEs

Talos Intelligence
Microsoft Patch Tuesday for June 2026 — Snort rules and prominent vulnerabilities

Socket
npm Tooling Bug Incorrectly Marks One-Character Packages as Security Holders

Rapid7
Patch Tuesday - June 2026

Step Security
Miasma Worm Hits Microsoft Again: Azure Functions Action and 72 Other Repositories Disabled After Supply Chain Attack Targeting AI Coding Agents

Step Security
New in the Threat Center: Compromised Components, Now Available via API

Step Security
Microsoft's durabletask PyPI Package Compromised in Supply Chain Attack

Step Security
The Hades Campaign: Graph ML PyPI Packages Deploy Cross-Platform Memory Scrapers, AI Analyst Misdirection, and a Wiper Deterrent

Step Security
Pythagora-io/gpt-pilot Compromised on GitHub - Shai-Hulud Credential Stealer Blocked by Python Linter

Ars Technica Security
Locked in heated rivalry with researcher, Microsoft fixes 0-day they disclosed

Dark Reading
Microsoft Exchange Flaw Lets Attackers Spoof Any Email Address

Dark Reading
Miasma Supply Chain Worm Burrows Into 73 Microsoft Repositories

The Citizen Lab
Submission to the Standing Senate Committee on National Security, Defence and Veterans Affairs of Bill C-8

Praetorian
Centurion: Bring Your Own Execution Environment

Zero Day Initiative
The June 2026 Security Update Review

Microsoft Security
Reconstructing AI activity in investigations

ISC SANS
Microsoft June 2026 Patch Tuesday, (Tue, Jun 9th)

Dark Reading
Russian Attackers Weaponize WinRAR Flaw Against Ukrainian Orgs

Wiz
AI Threat Readiness Pillar 2: Accelerate Patching and Response

Ars Technica Security
High-severity vulnerability in Linux caused by a single faulty character

Schneier on Security
GPS As a Key Distribution Platform

GitGuardian
Reliability Lessons From the Edges at SREday NYC

Malwarebytes
Meta’s face-recognition code raises new concerns about smart glasses

Rapid7
Rapid7 Gains Access To Anthropic’s Project Glasswing To Explore Frontier AI For Cybersecurity

Aikido
Wait, binding.gyp Can Do What? Exploring npm's Weirdest Build System

Malwarebytes
Scammers love Meta, according to Lloyds Bank

Eclypsium
You Need to Verify the Hardware Supply Chain Behind Cyber-Physical Systems

MIT Technology Review
The Download: whole-body rejuvenation drugs and five things to know about AI

Malwarebytes
Update Chrome: Google patches actively exploited vulnerability and 73 others

MIT Technology Review
Learning to lead in a hybrid human-AI enterprise

MIT Technology Review
David Sinclair plans to test whole-body rejuvenation drugs in the XPrize competition

MIT Technology Review
Five things you need to know about AI

OWASP
OWASP Dependency-Track 5.0 Is Now Generally Available

Compass Security Blog
Entra Agent ID from a Security Perspective

Cloudflare
Defend against frontier cyber models: Cloudflare's architecture as customer zero

Dark Navy
deepsec: Chasing Mythos with Open-Source LLMs

TrustedSec
How to Train Your (Dragons) Analysts - A TrustedSec Guide to Picking the Perfect Purple Team

ISC SANS
ISC Stormcast For Tuesday, June 9th, 2026 https://isc.sans.edu/podcastdetail/9964, (Tue, Jun 9th)

Datadog HQ
Get a unified view of system health with the Datadog Synthetic Monitoring landing page

Datadog HQ
Accelerate OTel gateway resolutions with Datadog Fleet Automation

Datadog HQ
DASH 2026 Operating at Scale: Guide to Datadog’s newest announcements

Datadog HQ
DASH 2026 Security & Compliance: Guide to Datadog’s newest announcements

Datadog HQ
Investigate Kubernetes resources with Datadog MCP tools

Datadog HQ
Turn Datadog findings into automated code fixes with Bits Code

Datadog HQ
Monitor critical user journeys with Datadog Journey Monitoring

Datadog HQ
Automatically optimize database queries with Datadog Database Monitoring

Datadog HQ
Get reliable answers to business questions with Bits Data Analysis

Datadog HQ
Infinite Cardinality Metrics: Custom metrics built for modern systems

Datadog HQ
Securing the AI era: Outpace AI-powered attacks with unified security and observability

Datadog HQ
Autonomously monitor for impactful degradations with Bits Detection

Datadog HQ
DASH 2026 Harnessing AI: Guide to Datadog’s newest announcements

Datadog HQ
DASH 2026: Guide to Datadog’s newest announcements

Teleport Blog
SOC 2 Controls for Non-Human Identities: CC6, CC7, and CC8

Himanshu Anand
Defender playbook for the LLM era

Datadog HQ
Monitor Scaleway with Datadog

Auth0
The Pre-Launch Identity Audit: Shipping Secure and Optimized Auth

Fastly
AI Traffic Grew 6.5x Faster Than Human Traffic This Year

Fastly
Bot Defense is Table Stakes. Machine Traffic Requires a Business Strategy

Datadog HQ
Modernize Datadog API authentication with scoped credentials

Datadog HQ
Monitor OVHcloud with Datadog

Datadog HQ
Monitor Nebius AI Cloud with Datadog

Datadog HQ
DASH 2026 End-to-End Observability: Guide to Datadog’s newest announcements

Datadog HQ
Optimize Spark and Databricks jobs with Datadog

Datadog HQ
Maintain observability during cloud outages with Datadog Disaster Recovery

Datadog HQ
Resolve network issues from L7 to L1 with Datadog

Datadog HQ
Remediate issues autonomously with Bits Infrastructure Operations

Datadog HQ
Simplify request flows with Datadog Forms and Case Management

Datadog HQ
Start your day with the IDP Homepage

Datadog HQ
Improve AI agent quality with Bits Evals

Datadog HQ
Trace Azure-managed services in .NET applications with Datadog

Datadog HQ
Automate synthetic test coverage with Bits Testing

Datadog HQ
Troubleshoot frontend performance with Datadog’s Browser Profiler

Datadog HQ
Monitor agent adoption with Datadog Agent Console

Datadog HQ
Bring live Datadog telemetry into your AI agents with native integrations

Datadog HQ
Triage synthetic test failures faster with Bits Investigation

Datadog HQ
Detect and resolve endpoint issues across your fleet with Datadog

Datadog HQ
Understand production LLM behavior with Patterns in Agent Observability

Datadog HQ
Trace network paths from devices to SaaS applications

Datadog HQ
Investigate logs across your entire stack with Federated Logs

Datadog HQ
Detect source code attacks with Datadog Code Threat Detection

Datadog HQ
Ship code safely at AI speed with Bits Release

Datadog HQ
Ship internal applications from your AI Agent with Datadog Apps

Datadog HQ
Comprehensively connect your service data with Service Remapping

Datadog HQ
Automate threat hunting with Datadog Cloud SIEM

Datadog HQ
Datadog MCP Apps: Interactive experiences in AI workflows

Star Labs
Old Wine in a New Bottle: A Decade-Old lxd-Group Root, Re-Armed


2026-06-08

Dark Reading
AI Slop Will Kill Cybersecurity Storytelling If We Let It

Amazon Security
ICYMI: May 2026 @AWS Security

Dark Reading
Silent Ransom Group Hits US Law Firms in Escalating Extortion Attacks

Dark Reading
Check Point VPN Flaw Exploited Since Early May

Dark Reading
Iran Signed a Ceasefire — Its Hackers Didn't

Ars Technica Security
For the 2nd time in weeks, Microsoft packages laced with credential stealer

Socket
Mini Shai-Hulud, Miasma, and Hades Worms Target Bioinformatics and MCP Developers via Malicious PyPI Wheels

ISC SANS
TeamPCP Supply Chain Campaign: Activity Through 2026-06-07, (Mon, Jun 8th)

Schneier on Security
Critical Zcash Vulnerability Found and Fixed

Rapid7
Critical Check Point VPN Zero-Day Exploited in the Wild (CVE-2026-50751)

Amazon Security
Operationalizing AWS security: A maturity roadmap

Dark Reading
'Hades' Campaign Against PyPI Puts New Spin on Shai-Hulud

Microsoft Security
AI brands as bait: How threat actors are using the AI hype in social engineering

Malwarebytes
Americans lost nearly $900 million to AI-powered scams, FBI says

Google Safety & Security
Our latest fraud and scams advisory

Exodus Blog
Off By !: Exploiting a Use-after-Free in the Linux Kernel

Cloudflare
Turning Cloudflare’s threat indicators into real-time WAF rules

Escape DAST
Claude in Security Engineering: From Proof-of-Concept to Production

MIT Technology Review
The Download: how the World Cup ball will fly and OpenAI’s “super app”

Wiz
Introducing Wiz Cloud Cost: Powering Cost Management and Optimization with Context

Schneier on Security
Anthropic’s Project Glasswing Update

Malwarebytes
Pirated PC games are delivering password-stealing malware

MIT Technology Review
Why this year’s World Cup ball may not fly as far

Sicuranext Blog
क Karna: we built our own WAF. Modern, Fast and Free.

Sicuranext Blog
क Karna: we built our own WAF. Modern, Fast and Free.

Malwarebytes
A week in security (June 1 – June 7)

ISC SANS
ISC Stormcast For Monday, June 8th, 2026 https://isc.sans.edu/podcastdetail/9962, (Mon, Jun 8th)

Datadog HQ
Why AI code optimization needs production-grounded benchmarks

Datadog HQ
Monitor Claude Enterprise activity with Datadog Cloud SIEM

Datadog HQ
Search and act across Datadog to resolve issues faster with Bits Chat

Rosecurify
Seclog - #181


2026-06-07

ToxSec
Agentic AI Attacks Explained: How Autonomous Agents Hack You in 2026 (and How to Stop Them)

Zero Salarium
EDRChoker: Choking The Telemetry Stream to Bypass Defenses

MaskRay's Blog
Recent LLVM hash table improvements

Socket
Shai-Hulud Descends to Hades: Miasma Worm Campaign Spreads with New PyPI Wave


2026-06-06

Aikido
What is AI SAST?

Artem Golubin
Using local ClickHouse for data processing

Joshua Rogers
Magic Switch: Share a Magic Keyboard & Trackpad Between Two Macs (Free)


2026-06-05

Ars Technica Security
How a USB-connected speaker can infect a PC without ever being touched

Dark Reading
Exposed Fuel Tank Gauges Under Attack in the US

Amazon Security
Building secure B2C applications with fine-grained access control using Amazon Cognito and Amazon Verified Permissions

Rapid7
Weekly Metasploit Update: Apache ActiveMQ RCE, Gogs Rebase RCE, and Windows Kernel Pointer Enum

Microsoft Security
Securing CI/CD in an agentic world: Claude Code Github action case

Include Security
The Smart TV in Your LivingRoom Is a Node in the AIScraping Economy

Searchlight Cyber
Preemptive Threat Exposure Management in the Age of AI

Dark Reading
Adaptive, Agentic AI Worms Loom as Next Enterprise Threat

GitGuardian
Designing Identity for the Agentic Enterprise: The Okta AI Identity Summit

Schneier on Security
AI Worm

SentinelOne
The Good, the Bad and the Ugly in Cybersecurity – Week 23

Cloudflare
Your AI bill is out of control. Cloudflare can fix it now. 

Dark Reading
Trump AI Order Seeks Voluntary Frontier Model Testing

MIT Technology Review
The Download: AI hacking beyond Mythos, and chatbots’ impact on our brains

MIT Technology Review
Are AI chatbots making us lose control of our brains?

Malwarebytes
AI: Threat, tool, or both?

ISC SANS
The Evil MSI Background is Back!, (Fri, Jun 5th)

Socket
RubyGems Adds Cooldown Feature to Bundler for Newly Published Gems

Resecurity
Silent Ransom Group (SRG): Uncovering DNS Fast Flux Infrastructure

Moonlock
The 11 most common Snapchat scams and how to spot them right away

Moonlock
McAfee scam emails: How fake ones work and how to spot them

Moonlock
Reddit scams: Is Reddit safe, and what red flags should you watch for?

Moonlock
Fake ChatGPT site unleashes the dangerous Odyssey Stealer

ISC SANS
ISC Stormcast For Friday, June 5th, 2026 https://isc.sans.edu/podcastdetail/9960, (Fri, Jun 5th)

Hacktron
Hacktron's $350 Pentest vs XBOW and Aikido at $4,000

Teleport Blog
How to Eliminate Shared Database Passwords: MySQL, PostgreSQL, and More

Datadog HQ
Give your AI agents live Datadog access from the command line


2026-06-04

Dark Reading
Rust-Written IronWorm Hits NPM Supply Chain

Amazon Security
Amazon Cognito unlocks advanced capabilities with next-generation infrastructure

Dark Reading
China's TA4922 Expands Cybercrime Attacks Globally

Dark Reading
4 Critical Threats Where Attackers Have the Advantage

Ars Technica Security
Dashlane explains how attackers managed to download encrypted password vaults

Amazon Security
Gain visibility into DDoS attacks with flow logs in AWS Shield Advanced

Microsoft Security
Updating the taxonomy of failure modes in agentic AI systems: What a year of red teaming taught us

Talos Intelligence
Reporting from Vegas: Networking, AI, and good boys

Black Lantern Security
CVE-2026-10880 - Osnexus Quantastor 9.8 Unauthenticated SQL Injection

Buchodi
Meta's smart glasses companion app ships a complete, dormant face-recognition pipeline on a stock account.

Step Security
Miasma npm Supply Chain Attack: Self-Spreading Worm via Phantom Gyp

Palo Alto Networks
How AI and Evasion Demand a Radical Shift in Network Threat Prevention

Amazon Security
Customize federated sign-in with new Amazon Cognito Lambda trigger

Searchlight Cyber
Unknown assets explained with Asset Attribution Visualization

NVISO Labs
The Detection & Response Chronicles: Covert Operations Through QEMU

Dark Reading
Bugcrowd Launches EU Data Residency Option For Evolving Data Sovereignty Needs

Wiz
AI Threat Readiness Pillar 1: Reduce Critical Exposures & Scan with AI

Rapid7
How the “Swiss Cheese” model can help you choose the right MDR provider

ToxSec
Why AI Guardrails Can’t Tell Your Research From an Attack

Praetorian
Enter the WasmForge: Compiling Sliver into WebAssembly

Cloudflare
VoidZero is joining Cloudflare

Talos Intelligence
Winning the cyber marathon with Tony Giandomenico

Talos Intelligence
Hypotheses, telemetry, and human judgment: Inside Cisco Talos Threat Hunting

Malwarebytes
Travel scams are everywhere. Here’s how to avoid them

Schneier on Security
Hacking Meta’s AI Chatbot

Malwarebytes
Meta’s AI support bot happily handed Instagram accounts to hackers

Escape DAST
Introducing Cascade: the multi-agent penetration testing that becomes an expert in your business

clearbluejar's Blog
System Over Model, Tested: Reproducing Mythos's FreeBSD Find on Local Open-Weight Models

ISC SANS
Microsoft's Coreutils for Windows, (Thu, Jun 4th)

Dark Reading
Pakistan Spies on Afghan Finance Ministry With Xeno RAT

TrustedSec
The Privileged Roles Nobody Talks About

Socket
pnpm 11.5 Adds Support for Recognizing npm Staged Publishes

ISC SANS
ISC Stormcast For Thursday, June 4th, 2026 https://isc.sans.edu/podcastdetail/9958, (Thu, Jun 4th)

Snyk
So You Have an AI Security Budget. Now what?

Greynoise
4 Ways GreyNoise Improves SOC Outcomes

Sansec Threat Research
Magecart skimmer turns Stripe into a malware command server

Teleport Blog
How to Make Trading Infrastructure Audit-Ready Across SSH, Kubernetes, Databases, and RDP

Datadog HQ
When failover isn’t safe: Building high-availability PostgreSQL on Kubernetes

Datadog HQ
Introducing Bits Agent Builder: Build agentic workflows for alert response and remediation

Snyk
Type Level Security: The future of secure AI code generation?

Auth0
How to Sign Up and Log In with Passkeys on iOS Using Auth0's Native Login

Snyk
Node-gyp Supply Chain Compromise: A Self-Propagating npm Worm That Hides in binding.gyp


2026-06-03

Dark Reading
Attackers Use AI to Automate EDR Evasion Testing

Ars Technica Security
Can't make sense of Dashlane's vault theft notification? You're not alone.

Dark Reading
Tropical Blend: Cyber & Politics Ramp Up Across Latin America

Dark Reading
Cyber Insurance Rates Are Dropping, but Exclusions Widen

Dark Reading
Coding Gaffe Exposes Microsoft 365 Accounts to Widespread Takeover

Malwarebytes
We found this fake-invoice campaign while scammers were still building it

Eclypsium
BTS #75 - Secure Boot Certificates Expiring: What You Need to Know

Meta Security
Lights Out, Systems On: Validating Instant Power Loss Readiness