131 Security Blogs

Last Updated: 09 May 25 11:37 UTC

Blog List | Github | OPML

2025-05-08

Malwarebytes
Cyber criminals impersonate payroll, HR and benefits platforms to steal information and funds

Malwarebytes
Tired of Google sponsored ads? So are we! That’s why we’re introducing the option to block them on iOS    

Malwarebytes
Passwords in the age of AI: We need to find alternatives

Malwarebytes
WhatsApp hack: Meta wins payout over NSO Group spyware

Auth0
Identity: The Critical Link in Retail and Hospitality’s Digital Future

Amazon Security
AWS expands Spain’s ENS High certification across 174 services

Amazon Security
AWS renews its AAA Pinakes rating for the Spanish financial sector

Troy Hunt
After the Breach: Finding new Partners with Solutions for Have I Been Pwned Users

Troy Hunt
Welcoming the Isle of Man Government to Have I Been Pwned

Talos Intelligence
The IT help desk kindly requests you read this newsletter

Talos Intelligence
Spam campaign targeting Brazil abuses Remote Monitoring and Management tools

Cloudflare
First-party tags in seconds: Cloudflare integrates Google tag gateway for advertisers

White Knight Labs
Protected: Harnessing the Power of Cobalt Strike Profiles for EDR Evasion – Part 2

Dark Reading
SonicWall Issues Patch for Exploit Chain in SMA Devices

Dark Reading
Email-Based Attacks Top Cyber-Insurance Claims

Dark Reading
Operation PowerOFF Takes Down 9 DDoS-for-Hire Domains

Dark Reading
Life Without CVEs? It's Time to Act

Dark Reading
'Lemon Sandstorm' Underscores Risks to Middle East Infrastructure

Dark Reading
'CoGUI' Phishing Kit Helps Chinese Hackers Target Japan

Ars Technica Security
DOGE software engineer’s computer infected by info-stealing malware

Google Safety & Security
Read our new report on how we use AI to fight scams on Search.

Meta Security
Accelerating GPU indexes in Faiss with NVIDIA cuVS

Google Security Blog
Using AI to stop tech support scams in Chrome

ReversingLabs
Indirect prompt injection attacks target common LLM data sources

Snyk
Driving AI Security Innovation: Snyk Enhances Global Channel & GSI Partner Program

Searchlight Cyber
Early Analysis of the LockBit Data Leak

Searchlight Cyber
Emerging Threats from AI on the Dark Web

TrustedSec
I Got 99 Problems But a Log Ain’t One

Palo Alto Networks
Palo Alto Networks: Champion in Two Canalys Global Leadership Matrices


2025-05-07

Microsoft Security
Meet the Deputy CISOs who help shape Microsoft’s approach to cybersecurity: Part 2

Malwarebytes
FBI issues warning as scammers target victims of crime

Schneier on Security
Chinese AI Submersible

Amazon Security
Introducing the AWS User Guide to Governance, Risk and Compliance for Responsible AI Adoption within Financial Services Industries

Moonlock
Apple alert: Hundreds of iPhone users targeted in a spyware attack

Okta Security
A Guide to DORA Compliance with Okta

Rapid7
Multiple vulnerabilities in SonicWall SMA 100 series (FIXED)

Rapid7
Exploring an Untethered, Unified Approach to CTEM

Cloudflare
QUIC restarts, slow problems: udpgrm to the rescue

Datadog HQ
Monitor Cisco Meraki with Datadog

Datadog HQ
Monitor Azure SQL Managed Instance with Datadog

Dark Reading
AI Agents Fail in Novel Ways, Put Businesses at Risk

Dark Reading
Countries Begin NATO's Locked Shields Cyber-Defense Exercise

Dark Reading
TikTok Fined €530 Million Over Chinese Access to EU Data

Dark Reading
Meta Wins Lawsuit Against Spyware Vendor NSO Group

Dark Reading
Play Ransomware Group Used Windows Zero-Day

Dark Reading
'Bring Your Own Installer' Attack Targets SentinelOne EDR

Dark Reading
Infrastructure as Code: An IaC Guide to Cloud Security

watchTowr Labs
SysOwned, Your Friendly Support Ticket - SysAid On-Premise Pre-Auth RCE Chain (CVE-2025-2775 And Friends)

Ars Technica Security
WhatsApp provides no cryptographic management for group messages

Ars Technica Security
We have reached the “severed fingers and abductions” stage of the crypto revolution

Ars Technica Security
Jury orders NSO to pay $167 million for hacking WhatsApp users

ReversingLabs
SaaS risk is on the rise: 7 action items for better management

Krebs on Security
Pakistani Firm Shipped Fentanyl Analogs, Scams to US

Zero Day Initiative
CVE-2024-44236: Remote Code Execution vulnerability in Apple macOS


2025-05-06

SentinelOne
Protection Against Local Upgrade Technique Described in Aon Research

Malwarebytes
“Your privacy is a promise we don’t break”: Dating app Raw exposes sensitive user data

Malwarebytes
Android fixes 47 vulnerabilities, including one zero-day. Update as soon as you can!

Schneier on Security
Fake Student Fraud in Community Colleges

SpiderLabs
Lights Out and Stalled Factories: Using M.A.T.R.I.X to Learn About Modbus Vulnerabilities

Amazon Security
Introducing the AWS Zero Trust Accelerator for Government

Talos Intelligence
Proactive threat hunting with Talos IR

OWASP
OWASP Enables AI Regulation That Works with OWASP AI Exchange

Project Black
Network Segmentation Testing Guide

Rapid7
Key Takeaways from the Take Command Summit 2025: From Zero to Hero: Building the Perfect Defense

Hunt and Hackett
Building Stronger Defences Through Expert Partnerships

The Citizen Lab
Job Opportunity: Digital Communications Specialist

Eclypsium
BTS #49 - The Hidden Risks of Open Source Components

Datadog HQ
Datadog acquires Eppo

Datadog HQ
Unify OpenTelemetry and Datadog with the Datadog Distribution of the OTel Collector

Dark Reading
Researcher Says Patched Commvault Bug Still Exploitable

Dark Reading
'Easily Exploitable' Langflow Vulnerability Requires Immediate Patching

Dark Reading
CISA Warns 2 SonicWall Vulnerabilities Under Active Exploitation

Dark Reading
Addressing the Top Cyber-Risks in Higher Education

Ars Technica Security
Man pleads guilty to using malicious AI software to hack Disney employee

Elastic Security Labs
Bit ByBit - emulation of the DPRK's largest cryptocurrency heist

Google Safety & Security
The latest AI news we announced in April

Google Safety & Security
6 ways Google Play helps keep you safe

Claroty
CVE-2025-4041

ReversingLabs
MIT researchers tame AI code with new controls

TrustedSec
Application Layer Encryption with Web Crypto API

Palo Alto Networks
InterSECt — The Fast Lane to a Secure Future Starts Here


2025-05-05

Fastly
Security Without Speed Bumps: Why a WAF Simulator Transforms DevSecOps Workflows

Microsoft Security
Microsoft partners with Global Anti-Scam Alliance to fight cybercrime

Malwarebytes
The AI chatbot cop squad is here (Lock and Code S06E09)

Malwarebytes
A week in security (April 27 – May 3)

Github Security Blog
Welcome to Maintainer Month: Events, exclusive discounts, and a new security challenge

Auth0
Auth0’s Mobile Driver’s License Verification API

Schneier on Security
Another Move in the Deepfake Creation/Detection Arms Race

CrankySec
We're all DEVO

Embrace The Red
How ChatGPT Remembers You: A Deep Dive into Its Memory and Chat History Features

Moonlock
Realtek or real threat? The macOS malware that won’t quit

Moonlock
Hackers can steal your iPhone data via public chargers

Troy Hunt
Passkeys for Normal People

Cloudflare
Scaling with safety: Cloudflare's approach to global service health metrics and software releases

Datadog HQ
New Learning Paths are now available in the Datadog Learning Center

Datadog HQ
The first step to fixing what matters: Datadog Error Tracking

Dark Reading
AI Domination: RSAC 2025 Social Media Roundup

Dark Reading
'Venom Spider' Targets Hiring Managers in Phishing Scheme

Dark Reading
Ongoing Passkey Usability Challenges Require 'Problem-Solving'

Dark Reading
The Dark Side of Digital: Breaking the Silence on Youth Mental Health

Dark Reading
Phony Hacktivist Pleads Guilty to Disney Data Leak

Dark Reading
How to Prevent AI Agents From Becoming the Bad Guys

Ars Technica Security
Signal clone used by Trump official stops operations after report it was hacked

Ars Technica Security
Hundreds of e-commerce sites hacked in supply-chain attack

Meta Security
Enhancing the Python ecosystem with type checking and free threading

Snyk
Learn About Open Source Security Risks With the New Snyk Learn Learning Path

Mend
Dynamic Application Security Testing: DAST Basics

Palo Alto Networks
Enhancing UK Government Operations with Emerging Technology


2025-05-04

Kevin Beaumont
Big Game Ransomware: the myths experts tell board members


2025-05-03

SentinelOne
DragonForce Ransomware Gang | From Hacktivists to High Street Extortionists

Keowu Blog's
Writing a Windows ARM64 Debugger for Reverse Engineering - KoiDbg

Keowu Blog's
Escrevendo um Debugger para Windows ARM64 com foco em Engenharia Reversa - KoiDbg


2025-05-02

Kevin Beaumont
DragonForce Ransomware Cartel attacks on UK high street retailers: walking in the front door

SentinelOne
The Good, the Bad and the Ugly in Cybersecurity – Week 18

Malwarebytes
On world password day, Microsoft says fewer passwords, more passkeys

Auth0
April 2025 in Auth0: Auth That Works for Humans and AI

Schneier on Security
Friday Squid Blogging: Pyjama Squid

Schneier on Security
Privacy for Agentic AI

SpiderLabs
A Deep-Rooted Infestation: How the ILOVEYOU Bug Continues its Legacy in Modern Worms

Embrace The Red
MCP: Untrusted Servers and Confused Clients, Plus a Sneaky Exploit

Troy Hunt
Weekly Update 450

Rapid7
Metasploit Wrap-Up 05/02/2025

Dark Reading
UK Retailers Reeling From Likely Ransomware Attacks

Dark Reading
What NY's New Security Rules Mean for Finance Firms

Dark Reading
Attackers Ramp Up Efforts Targeting Developer Secrets

Dark Reading
Despite Arrests, Scattered Spider Continues High-Profile Hacking

Dark Reading
Cut CISA and Everyone Pays for It

Ars Technica Security
Microsoft’s new “passwordless by default” is great but comes at a cost

Black Lantern Security
ASP.NET Cryptography for Pentesters