131 Security Blogs

Last Updated: 09 May 25 12:35 UTC

Blog List | Github | OPML

2025-05-09

SentinelOne
Insider Risk Revisited: Espionage, Encryption & Economics


2025-05-08

Malwarebytes
Cyber criminals impersonate payroll, HR and benefits platforms to steal information and funds

Malwarebytes
Tired of Google sponsored ads? So are we! That’s why we’re introducing the option to block them on iOS    

Malwarebytes
Passwords in the age of AI: We need to find alternatives

Malwarebytes
WhatsApp hack: Meta wins payout over NSO Group spyware

Talos Intelligence
The IT help desk kindly requests you read this newsletter

Talos Intelligence
Spam campaign targeting Brazil abuses Remote Monitoring and Management tools

Cloudflare
First-party tags in seconds: Cloudflare integrates Google tag gateway for advertisers

Troy Hunt
After the Breach: Finding new Partners with Solutions for Have I Been Pwned Users

Troy Hunt
Welcoming the Isle of Man Government to Have I Been Pwned

Google Safety & Security
Read our new report on how we use AI to fight scams on Search.

Amazon Security
AWS expands Spain’s ENS High certification across 174 services

Amazon Security
AWS renews its AAA Pinakes rating for the Spanish financial sector

White Knight Labs
Protected: Harnessing the Power of Cobalt Strike Profiles for EDR Evasion – Part 2

Snyk
Driving AI Security Innovation: Snyk Enhances Global Channel & GSI Partner Program

Meta Security
Accelerating GPU indexes in Faiss with NVIDIA cuVS

Ars Technica Security
DOGE software engineer’s computer infected by info-stealing malware

Dark Reading
SonicWall Issues Patch for Exploit Chain in SMA Devices

Dark Reading
Email-Based Attacks Top Cyber-Insurance Claims

Dark Reading
Operation PowerOFF Takes Down 9 DDoS-for-Hire Domains

Dark Reading
Life Without CVEs? It's Time to Act

Dark Reading
'Lemon Sandstorm' Underscores Risks to Middle East Infrastructure

Dark Reading
'CoGUI' Phishing Kit Helps Chinese Hackers Target Japan

Google Security Blog
Using AI to stop tech support scams in Chrome

Searchlight Cyber
Early Analysis of the LockBit Data Leak

Searchlight Cyber
Emerging Threats from AI on the Dark Web

Auth0
Identity: The Critical Link in Retail and Hospitality’s Digital Future

Palo Alto Networks
Palo Alto Networks: Champion in Two Canalys Global Leadership Matrices

TrustedSec
I Got 99 Problems But a Log Ain’t One

ReversingLabs
Indirect prompt injection attacks target common LLM data sources


2025-05-07

Rapid7
Multiple vulnerabilities in SonicWall SMA 100 series (FIXED)

Rapid7
Exploring an Untethered, Unified Approach to CTEM

Schneier on Security
Chinese AI Submersible

Malwarebytes
FBI issues warning as scammers target victims of crime

Okta Security
A Guide to DORA Compliance with Okta

Microsoft Security
Meet the Deputy CISOs who help shape Microsoft’s approach to cybersecurity: Part 2

Cloudflare
QUIC restarts, slow problems: udpgrm to the rescue

Datadog HQ
Monitor Cisco Meraki with Datadog

Datadog HQ
Monitor Azure SQL Managed Instance with Datadog

Amazon Security
Introducing the AWS User Guide to Governance, Risk and Compliance for Responsible AI Adoption within Financial Services Industries

Moonlock
Apple alert: Hundreds of iPhone users targeted in a spyware attack

Ars Technica Security
WhatsApp provides no cryptographic management for group messages

Ars Technica Security
We have reached the “severed fingers and abductions” stage of the crypto revolution

Ars Technica Security
Jury orders NSO to pay $167 million for hacking WhatsApp users

Dark Reading
AI Agents Fail in Novel Ways, Put Businesses at Risk

Dark Reading
Countries Begin NATO's Locked Shields Cyber-Defense Exercise

Dark Reading
TikTok Fined €530 Million Over Chinese Access to EU Data

Dark Reading
Meta Wins Lawsuit Against Spyware Vendor NSO Group

Dark Reading
Play Ransomware Group Used Windows Zero-Day

Dark Reading
'Bring Your Own Installer' Attack Targets SentinelOne EDR

Dark Reading
Infrastructure as Code: An IaC Guide to Cloud Security

Zero Day Initiative
CVE-2024-44236: Remote Code Execution vulnerability in Apple macOS

Krebs on Security
Pakistani Firm Shipped Fentanyl Analogs, Scams to US

watchTowr Labs
SysOwned, Your Friendly Support Ticket - SysAid On-Premise Pre-Auth RCE Chain (CVE-2025-2775 And Friends)

ReversingLabs
SaaS risk is on the rise: 7 action items for better management


2025-05-06

Rapid7
Key Takeaways from the Take Command Summit 2025: From Zero to Hero: Building the Perfect Defense

Schneier on Security
Fake Student Fraud in Community Colleges

Malwarebytes
“Your privacy is a promise we don’t break”: Dating app Raw exposes sensitive user data

Malwarebytes
Android fixes 47 vulnerabilities, including one zero-day. Update as soon as you can!

SentinelOne
Protection Against Local Upgrade Technique Described in Aon Research

Project Black
Network Segmentation Testing Guide

Talos Intelligence
Proactive threat hunting with Talos IR

Hunt and Hackett
Building Stronger Defences Through Expert Partnerships

OWASP
OWASP Enables AI Regulation That Works with OWASP AI Exchange

Google Safety & Security
The latest AI news we announced in April

Google Safety & Security
6 ways Google Play helps keep you safe

Eclypsium
BTS #49 - The Hidden Risks of Open Source Components

Datadog HQ
Datadog acquires Eppo

Datadog HQ
Unify OpenTelemetry and Datadog with the Datadog Distribution of the OTel Collector

SpiderLabs
Lights Out and Stalled Factories: Using M.A.T.R.I.X to Learn About Modbus Vulnerabilities

Elastic Security Labs
Bit ByBit - emulation of the DPRK's largest cryptocurrency heist

Amazon Security
Introducing the AWS Zero Trust Accelerator for Government

Claroty
CVE-2025-4041

The Citizen Lab
Job Opportunity: Digital Communications Specialist

Ars Technica Security
Man pleads guilty to using malicious AI software to hack Disney employee

Dark Reading
Researcher Says Patched Commvault Bug Still Exploitable

Dark Reading
'Easily Exploitable' Langflow Vulnerability Requires Immediate Patching

Dark Reading
CISA Warns 2 SonicWall Vulnerabilities Under Active Exploitation

Dark Reading
Addressing the Top Cyber-Risks in Higher Education

Palo Alto Networks
InterSECt — The Fast Lane to a Secure Future Starts Here

TrustedSec
Application Layer Encryption with Web Crypto API

ReversingLabs
MIT researchers tame AI code with new controls


2025-05-05

Schneier on Security
Another Move in the Deepfake Creation/Detection Arms Race

Malwarebytes
The AI chatbot cop squad is here (Lock and Code S06E09)

Malwarebytes
A week in security (April 27 – May 3)

Fastly
Security Without Speed Bumps: Why a WAF Simulator Transforms DevSecOps Workflows

Microsoft Security
Microsoft partners with Global Anti-Scam Alliance to fight cybercrime

Embrace The Red
How ChatGPT Remembers You: A Deep Dive into Its Memory and Chat History Features

Cloudflare
Scaling with safety: Cloudflare's approach to global service health metrics and software releases

Troy Hunt
Passkeys for Normal People

Datadog HQ
New Learning Paths are now available in the Datadog Learning Center

Datadog HQ
The first step to fixing what matters: Datadog Error Tracking

CrankySec
We're all DEVO

Github Security Blog
Welcome to Maintainer Month: Events, exclusive discounts, and a new security challenge

Moonlock
Realtek or real threat? The macOS malware that won’t quit

Moonlock
Hackers can steal your iPhone data via public chargers

Snyk
Learn About Open Source Security Risks With the New Snyk Learn Learning Path

Meta Security
Enhancing the Python ecosystem with type checking and free threading

Ars Technica Security
Signal clone used by Trump official stops operations after report it was hacked

Ars Technica Security
Hundreds of e-commerce sites hacked in supply-chain attack

Dark Reading
AI Domination: RSAC 2025 Social Media Roundup

Dark Reading
'Venom Spider' Targets Hiring Managers in Phishing Scheme

Dark Reading
Ongoing Passkey Usability Challenges Require 'Problem-Solving'

Dark Reading
The Dark Side of Digital: Breaking the Silence on Youth Mental Health

Dark Reading
Phony Hacktivist Pleads Guilty to Disney Data Leak

Dark Reading
How to Prevent AI Agents From Becoming the Bad Guys

Mend
Dynamic Application Security Testing: DAST Basics

Auth0
Auth0’s Mobile Driver’s License Verification API

Palo Alto Networks
Enhancing UK Government Operations with Emerging Technology


2025-05-04

Kevin Beaumont
Big Game Ransomware: the myths experts tell board members


2025-05-03

SentinelOne
DragonForce Ransomware Gang | From Hacktivists to High Street Extortionists

Keowu Blog's
Writing a Windows ARM64 Debugger for Reverse Engineering - KoiDbg

Keowu Blog's
Escrevendo um Debugger para Windows ARM64 com foco em Engenharia Reversa - KoiDbg


2025-05-02

Rapid7
Metasploit Wrap-Up 05/02/2025

Schneier on Security
Friday Squid Blogging: Pyjama Squid

Schneier on Security
Privacy for Agentic AI

Malwarebytes
On world password day, Microsoft says fewer passwords, more passkeys

SentinelOne
The Good, the Bad and the Ugly in Cybersecurity – Week 18

Embrace The Red
MCP: Untrusted Servers and Confused Clients, Plus a Sneaky Exploit

Kevin Beaumont
DragonForce Ransomware Cartel attacks on UK high street retailers: walking in the front door

Troy Hunt
Weekly Update 450

SpiderLabs
A Deep-Rooted Infestation: How the ILOVEYOU Bug Continues its Legacy in Modern Worms

Black Lantern Security
ASP.NET Cryptography for Pentesters

Ars Technica Security
Microsoft’s new “passwordless by default” is great but comes at a cost

Dark Reading
UK Retailers Reeling From Likely Ransomware Attacks

Dark Reading
What NY's New Security Rules Mean for Finance Firms

Dark Reading
Attackers Ramp Up Efforts Targeting Developer Secrets

Dark Reading
Despite Arrests, Scattered Spider Continues High-Profile Hacking

Dark Reading
Cut CISA and Everyone Pays for It

Auth0
April 2025 in Auth0: Auth That Works for Humans and AI