193 Security Blogs

Last Updated: 09 Jun 26 17:00 UTC

Blog List | Github | OPML

2026-06-26

Dark Reading
Name That Toon Contest


2026-06-09

Dark Reading
Russian Attackers Weaponize WinRAR Flaw Against Ukrainian Orgs

Wiz
AI Threat Readiness Pillar 2: Accelerate Patching and Response

Ars Technica Security
High-severity vulnerability in Linux caused by a single errant character

Schneier on Security
GPS As a Key Distribution Platform

GitGuardian
Reliability Lessons From the Edges at SREday NYC

Malwarebytes
Meta’s face-recognition code raises new concerns about smart glasses

Aikido
Wait, binding.gyp Can Do What? Exploring npm's Weirdest Build System

Malwarebytes
Scammers love Meta, according to Lloyds Bank

Eclypsium
You Need to Verify the Hardware Supply Chain Behind Cyber-Physical Systems

MIT Technology Review
The Download: whole-body rejuvenation drugs and five things to know about AI

Malwarebytes
Update Chrome: Google patches actively exploited vulnerability and 73 others

MIT Technology Review
Learning to lead in a hybrid human-AI enterprise

MIT Technology Review
David Sinclair plans to test whole-body rejuvenation drugs in the XPrize competition

MIT Technology Review
Five things you need to know about AI

Compass Security Blog
Entra Agent ID from a Security Perspective

OWASP
OWASP Dependency-Track 5.0 Is Now Generally Available

Cloudflare
Defend against frontier cyber models: Cloudflare's architecture as customer zero

Dark Navy
deepsec: Chasing Mythos with Open-Source LLMs

TrustedSec
How to Train Your (Dragons) Analysts - A TrustedSec Guide to Picking the Perfect Purple Team

ISC SANS
ISC Stormcast For Tuesday, June 9th, 2026 https://isc.sans.edu/podcastdetail/9964, (Tue, Jun 9th)

Teleport Blog
SOC 2 Controls for Non-Human Identities: CC6, CC7, and CC8

Auth0
The Pre-Launch Identity Audit: Shipping Secure and Optimized Auth

Fastly
AI Traffic Grew 6.5x Faster Than Human Traffic This Year

Star Labs
Old Wine in a New Bottle: A Decade-Old lxd-Group Root, Re-Armed

Fastly
Bot Defense is Table Stakes. Machine Traffic Requires a Business Strategy


2026-06-08

Step Security
Pythagora-io/gpt-pilot Compromised on GitHub - Shai-Hulud Credential Stealer Blocked by Python Linter

Amazon Security
ICYMI: May 2026 @AWS Security

Dark Reading
Silent Ransom Group Hits US Law Firms in Escalating Extortion Attacks

Dark Reading
Check Point VPN Flaw Exploited Since Early May

Dark Reading
Iran Signed a Ceasefire — Its Hackers Didn't

Ars Technica Security
For the 2nd time in weeks, Microsoft packages laced with credential stealer

Socket
Mini Shai-Hulud, Miasma, and Hades Worms Target Bioinformatics and MCP Developers via Malicious PyPI Wheels

Step Security
The Hades Campaign: Graph ML PyPI Packages Deploy Cross-Platform Memory Scrapers, AI Analyst Misdirection, and a Wiper Deterrent

ISC SANS
TeamPCP Supply Chain Campaign: Activity Through 2026-06-07, (Mon, Jun 8th)

Schneier on Security
Critical Zcash Vulnerability Found and Fixed

Rapid7
Critical Check Point VPN Zero-Day Exploited in the Wild (CVE-2026-50751)

Amazon Security
Operationalizing AWS security: A maturity roadmap

Dark Reading
'Hades' Campaign Against PyPI Puts New Spin on Shai-Hulud

Microsoft Security
AI brands as bait: How threat actors are using the AI hype in social engineering

Malwarebytes
Americans lost nearly $900 million to AI-powered scams, FBI says

Google Safety & Security
Our latest fraud and scams advisory

Exodus Blog
Off By !: Exploiting a Use-after-Free in the Linux Kernel

Cloudflare
Turning Cloudflare’s threat indicators into real-time WAF rules

Escape DAST
Claude in Security Engineering: From Proof-of-Concept to Production

MIT Technology Review
The Download: how the World Cup ball will fly and OpenAI’s “super app”

Wiz
Introducing Wiz Cloud Cost: Powering Cost Management and Optimization with Context

Schneier on Security
Anthropic’s Project Glasswing Update

Malwarebytes
Pirated PC games are delivering password-stealing malware

MIT Technology Review
Why this year’s World Cup ball may not fly as far

Sicuranext Blog
क Karna: we built our own WAF. Modern, Fast and Free.

Sicuranext Blog
क Karna: we built our own WAF. Modern, Fast and Free.

Malwarebytes
A week in security (June 1 – June 7)

ISC SANS
ISC Stormcast For Monday, June 8th, 2026 https://isc.sans.edu/podcastdetail/9962, (Mon, Jun 8th)

Datadog HQ
Monitor Claude Enterprise activity with Datadog Cloud SIEM

Datadog HQ
Why AI code optimization needs production-grounded benchmarks

Datadog HQ
Search and act across Datadog to resolve issues faster with Bits Chat

Rosecurify
Seclog - #181


2026-06-07

ToxSec
Agentic AI Attacks Explained: How Autonomous Agents Hack You in 2026 (and How to Stop Them)

Zero Salarium
EDRChoker: Choking The Telemetry Stream to Bypass Defenses

MaskRay's Blog
Recent LLVM hash table improvements

Socket
Shai-Hulud Descends to Hades: Miasma Worm Campaign Spreads with New PyPI Wave


2026-06-06

Aikido
What is AI SAST?

Artem Golubin
Using local ClickHouse for data processing

Step Security
Miasma Worm Hits Microsoft Again: Azure Functions Action and 72 Other Repositories Disabled After Supply Chain Attack Targeting AI Coding Agents

Step Security
Microsoft's durabletask PyPI Package Compromised in Supply Chain Attack

Joshua Rogers
Magic Switch: Share a Magic Keyboard & Trackpad Between Two Macs (Free)


2026-06-05

Ars Technica Security
How a USB-connected speaker can infect a PC without ever being touched

Dark Reading
Exposed Fuel Tank Gauges Under Attack in the US

Amazon Security
Building secure B2C applications with fine-grained access control using Amazon Cognito and Amazon Verified Permissions

Rapid7
Weekly Metasploit Update: Apache ActiveMQ RCE, Gogs Rebase RCE, and Windows Kernel Pointer Enum

Microsoft Security
Securing CI/CD in an agentic world: Claude Code Github action case

Include Security
The Smart TV in Your LivingRoom Is a Node in the AIScraping Economy

Searchlight Cyber
Preemptive Threat Exposure Management in the Age of AI

Dark Reading
Adaptive, Agentic AI Worms Loom as Next Enterprise Threat

GitGuardian
Designing Identity for the Agentic Enterprise: The Okta AI Identity Summit

Schneier on Security
AI Worm

SentinelOne
The Good, the Bad and the Ugly in Cybersecurity – Week 23

Bishop Fox Security
Popping Root on UniFi OS Server: Unauthenticated RCE Chain Detection & Analysis

Cloudflare
Your AI bill is out of control. Cloudflare can fix it now. 

Dark Reading
Trump AI Order Seeks Voluntary Frontier Model Testing

MIT Technology Review
The Download: AI hacking beyond Mythos, and chatbots’ impact on our brains

MIT Technology Review
The Meta hack shows there’s more to AI security than Mythos

MIT Technology Review
Are AI chatbots making us lose control of our brains?

Malwarebytes
AI: Threat, tool, or both?

ISC SANS
The Evil MSI Background is Back!, (Fri, Jun 5th)

Socket
RubyGems Adds Cooldown Feature to Bundler for Newly Published Gems

Resecurity
Silent Ransom Group (SRG): Uncovering DNS Fast Flux Infrastructure

Moonlock
The 11 most common Snapchat scams and how to spot them right away

Moonlock
McAfee scam emails: How fake ones work and how to spot them

Moonlock
Reddit scams: Is Reddit safe, and what red flags should you watch for?

Moonlock
Fake ChatGPT site unleashes the dangerous Odyssey Stealer

ISC SANS
ISC Stormcast For Friday, June 5th, 2026 https://isc.sans.edu/podcastdetail/9960, (Fri, Jun 5th)

Datadog HQ
Give your AI agents live Datadog access from the command line

Teleport Blog
How to Eliminate Shared Database Passwords: MySQL, PostgreSQL, and More

Hacktron
Hacktron's $350 Pentest vs XBOW and Aikido at $4,000


2026-06-04

Dark Reading
Rust-Written IronWorm Hits NPM Supply Chain

Amazon Security
Amazon Cognito unlocks advanced capabilities with next-generation infrastructure

Dark Reading
China's TA4922 Expands Cybercrime Attacks Globally

Dark Reading
4 Critical Threats Where Attackers Have the Advantage

Ars Technica Security
Dashlane explains how attackers managed to download encrypted password vaults

Amazon Security
Gain visibility into DDoS attacks with flow logs in AWS Shield Advanced

Microsoft Security
Updating the taxonomy of failure modes in agentic AI systems: What a year of red teaming taught us

Talos Intelligence
Reporting from Vegas: Networking, AI, and good boys

Black Lantern Security
CVE-2026-10880 - Osnexus Quantastor 9.8 Unauthenticated SQL Injection

Buchodi
Meta's smart glasses companion app ships a complete, dormant face-recognition pipeline on a stock account.

Step Security
Miasma npm Supply Chain Attack: Self-Spreading Worm via Phantom Gyp

Palo Alto Networks
How AI and Evasion Demand a Radical Shift in Network Threat Prevention

Amazon Security
Customize federated sign-in with new Amazon Cognito Lambda trigger

Searchlight Cyber
Unknown assets explained with Asset Attribution Visualization

NVISO Labs
The Detection & Response Chronicles: Covert Operations Through QEMU

Dark Reading
Bugcrowd Launches EU Data Residency Option For Evolving Data Sovereignty Needs

Wiz
AI Threat Readiness Pillar 1: Reduce Critical Exposures & Scan with AI

Rapid7
How the “Swiss Cheese” model can help you choose the right MDR provider

ToxSec
Why AI Guardrails Can’t Tell Your Research From an Attack

Praetorian
Enter the WasmForge: Compiling Sliver into WebAssembly

Searchlight Cyber
Introducing the AI Thread Assistant

Cloudflare
VoidZero is joining Cloudflare

MIT Technology Review
The Download: AI-generated lawsuits and virtual power plants for data centers

Talos Intelligence
Winning the cyber marathon with Tony Giandomenico

Talos Intelligence
Hypotheses, telemetry, and human judgment: Inside Cisco Talos Threat Hunting

Malwarebytes
Travel scams are everywhere. Here’s how to avoid them

Schneier on Security
Hacking Meta’s AI Chatbot

Malwarebytes
Meta’s AI support bot happily handed Instagram accounts to hackers

Escape DAST
Introducing Cascade: the multi-agent penetration testing that becomes an expert in your business

clearbluejar's Blog
System Over Model, Tested: Reproducing Mythos's FreeBSD Find on Local Open-Weight Models

ISC SANS
Microsoft's Coreutils for Windows, (Thu, Jun 4th)

Dark Reading
Pakistan Spies on Afghan Finance Ministry With Xeno RAT

TrustedSec
The Privileged Roles Nobody Talks About

Socket
pnpm 11.5 Adds Support for Recognizing npm Staged Publishes

ISC SANS
ISC Stormcast For Thursday, June 4th, 2026 https://isc.sans.edu/podcastdetail/9958, (Thu, Jun 4th)

Datadog HQ
Introducing Bits Agent Builder: Build agentic workflows for alert response and remediation

Greynoise
4 Ways GreyNoise Improves SOC Outcomes

Datadog HQ
When failover isn’t safe: Building high-availability PostgreSQL on Kubernetes

Snyk
Type Level Security: The future of secure AI code generation?

Snyk
Node-gyp Supply Chain Compromise: A Self-Propagating npm Worm That Hides in binding.gyp

Snyk
So You Have an AI Security Budget. Now what?

Sansec Threat Research
Magecart skimmer turns Stripe into a malware command server

Teleport Blog
How to Make Trading Infrastructure Audit-Ready Across SSH, Kubernetes, Databases, and RDP

Auth0
How to Sign Up and Log In with Passkeys on iOS Using Auth0's Native Login


2026-06-03

Dark Reading
Attackers Use AI to Automate EDR Evasion Testing

Ars Technica Security
Can't make sense of Dashlane's vault theft notification? You're not alone.

Dark Reading
Tropical Blend: Cyber & Politics Ramp Up Across Latin America

Dark Reading
Cyber Insurance Rates Are Dropping, but Exclusions Widen

Dark Reading
Coding Gaffe Exposes Microsoft 365 Accounts to Widespread Takeover

Malwarebytes
We found this fake-invoice campaign while scammers were still building it

Eclypsium
BTS #75 - Secure Boot Certificates Expiring: What You Need to Know

Meta Security
Lights Out, Systems On: Validating Instant Power Loss Readiness

Cloudflare
Enforcing the First AS in BGP AS_PATHs

GitGuardian
Four Credential-Harvesting Campaigns Hit Open Source Ecosystems in Two Weeks

Rapid7
A Day in the Life of an MDR Analyst: Inside the Modern SOC

Artem Golubin
NULLs in ClickHouse can hurt performance

ISC SANS
Continuing Scans for swagger.json, (Wed, Jun 3rd)

Bishop Fox Security
Otto Support - Testing MCP Servers

Auth0
The Many Faces of OAuth 2.0 Token Exchange

Malwarebytes
Keep getting calls from questionable numbers? Meet Scam Number Check

Dark Reading
Malicious Notifications Could Trick Google Gemini Users

Black Hills Info Sec
Auditing GitLab: The CI/CD Kill Chain

kqx
One of the many flaws of Phi untagging: CVE-2026-4447

Schneier on Security
AI Used to Decrypt Medieval Ciphers

Trail of Bits
The sorry state of skill distribution

Searchlight Cyber
June 3rd – This Week’s Top Cybersecurity and Dark Web Stories

MalwareTech
ComoDoS - Exploiting a Remote Kernel Vulnerability in Comodo Internet Security

Dark Reading
Global Stock Exchange Hit by Monthslong Email Campaign

Aikido
Top 5 Tenable Nessus alternatives in 2026

Malwarebytes
Infostealers are becoming the go-to phishing payload

Microsoft Security
Preinstall to persistence: Inside the Red Hat npm Miasma credential-stealing campaign

Troy Hunt
Welcoming the Philippine Government to Have I Been Pwned

Socket
Federal Audit Finds NIST Wasted Funds With No Plan to Clear NVD Backlog

ISC SANS
ISC Stormcast For Wednesday, June 3rd, 2026 https://isc.sans.edu/podcastdetail/9956, (Wed, Jun 3rd)

Snyk
The New Security Risks of the Agentic Development Lifecycle

Conduition
Brink is Now Funding My Research


2026-06-02

Dark Reading
Zoom CISO: AI as a Security Enabler, Not Role-Replacer

Dark Reading
FBI-Flagged Phishing Kit Kali365 Expands Its Reach

Aikido
Why EDR and proxy won’t save you from supply chain malware

Dark Reading
DriveSurge Hijacks Thousands of Sites for ClickFix, FakeUpdate Attacks

SentinelOne
SentinelOne + Claude: Integrations for AI Visibility, Governance, and Defense

Dark Reading
China Uses Dual-Method Cyberattack on Czech Orgs

Xint
Using Context to Discover IDOR Vuln in Healthcare Co: Technical Deep Dive

Dark Reading
Securing AI Agents Before They Go Rogue Is Next to Impossible

Amazon Security
Identify unused AWS KMS keys and prevent accidental key deletions

Malwarebytes
These convincing copyright notices are designed to steal Google logins

Step Security
Multiple redhat-cloud-services npm Packages compromised

Step Security
Laravel-Lang Supply Chain Attack: Every Tag Across Multiple Composer Packages Rewritten to Steal CI Secrets

Step Security
Dev Machine Guard Now Scans Extensions Across Every Modern IDE

Step Security
Nx Console VS Code Extension Compromised

Microsoft Security
Microsoft Build 2026: Securing code, agents, and models across the development lifecycle