131 Security Blogs

Last Updated: 10 May 25 05:39 UTC

Blog List | Github | OPML

2025-05-09

Rapid7
Metasploit Wrap-Up 05/09/2025

SentinelOne
The Good, the Bad and the Ugly in Cybersecurity – Week 19

SentinelOne
Insider Risk Revisited: Espionage, Encryption & Economics

Malwarebytes
Google Chrome will use AI to block tech support scam websites

Moonlock
What are botnet attacks? Everything you need to know about bot networks

Moonlock
What is a computer worm and why is it so dangerous?

Moonlock
Is Spyrix malware? Everything you need to know about the keylogger

Schneier on Security
Friday Squid Blogging: Japanese Divers Video Giant Squid

Okta Security
Okta's new Security Technical Implementation Guide (STIG)

Bishop Fox Security
Before You Red Team: Fix These 5 Common Mistakes

Datadog HQ
Why FedRAMP® High Observability Matters for Government IT Teams

Amazon Security
How to manage migration of hsm1.medium CloudHSM clusters to hsm2m.medium

Dark Reading
Rapid7 Launches Managed Detection & Response (MDR) for Enterprise

Dark Reading
After Pahalgam Attack, Hacktivists Unite Under #OpIndia

Dark Reading
LockBit Ransomware Gang Hacked, Operations Data Leaked

Dark Reading
Cyber Then & Now: Inside a 2-Decade Industry Evolution

Dark Reading
Commvault: Vulnerability Patch Works as Intended

Dark Reading
Insight Partners Data Breach: Bigger Impact Than Anticipated

Dark Reading
How Security Has Changed the Hacker Marketplace

Searchlight Cyber
DragonForce Claims Responsibility for Series of Attacks on UK Retailers


2025-05-08

Cloudflare
First-party tags in seconds: Cloudflare integrates Google tag gateway for advertisers

Talos Intelligence
The IT help desk kindly requests you read this newsletter

Talos Intelligence
Spam campaign targeting Brazil abuses Remote Monitoring and Management tools

Malwarebytes
Cyber criminals impersonate payroll, HR and benefits platforms to steal information and funds

Malwarebytes
Tired of Google sponsored ads? So are we! That’s why we’re introducing the option to block them on iOS    

Malwarebytes
Passwords in the age of AI: We need to find alternatives

Malwarebytes
WhatsApp hack: Meta wins payout over NSO Group spyware

Troy Hunt
After the Breach: Finding new Partners with Solutions for Have I Been Pwned Users

Troy Hunt
Welcoming the Isle of Man Government to Have I Been Pwned

Google Safety & Security
Read our new report on how we use AI to fight scams on Search.

Datadog HQ
This Month in Datadog - April 2025

Amazon Security
AWS expands Spain’s ENS High certification across 174 services

Amazon Security
AWS renews its AAA Pinakes rating for the Spanish financial sector

White Knight Labs
Protected: Harnessing the Power of Cobalt Strike Profiles for EDR Evasion – Part 2

Dark Reading
SonicWall Issues Patch for Exploit Chain in SMA Devices

Dark Reading
Email-Based Attacks Top Cyber-Insurance Claims

Dark Reading
Operation PowerOFF Takes Down 9 DDoS-for-Hire Domains

Dark Reading
Life Without CVEs? It's Time to Act

Dark Reading
'Lemon Sandstorm' Underscores Risks to Middle East Infrastructure

Dark Reading
'CoGUI' Phishing Kit Helps Chinese Hackers Target Japan

ReversingLabs
Indirect prompt injection attacks target common LLM data sources

Ars Technica Security
DOGE software engineer’s computer infected by info-stealing malware

Offensive Security
CVE-2025-23211: Tandoor Recipes Jinja2 SSTI to Remote Code Execution

Snyk
Driving AI Security Innovation: Snyk Enhances Global Channel & GSI Partner Program

Meta Security
Accelerating GPU indexes in Faiss with NVIDIA cuVS

Google Security Blog
Using AI to stop tech support scams in Chrome

Searchlight Cyber
Early Analysis of the LockBit Data Leak

Searchlight Cyber
Emerging Threats from AI on the Dark Web

TrustedSec
I Got 99 Problems But a Log Ain’t One

Palo Alto Networks
Palo Alto Networks: Champion in Two Canalys Global Leadership Matrices

Auth0
Identity: The Critical Link in Retail and Hospitality’s Digital Future


2025-05-07

Rapid7
Multiple vulnerabilities in SonicWall SMA 100 series (FIXED)

Rapid7
Exploring an Untethered, Unified Approach to CTEM

Cloudflare
QUIC restarts, slow problems: udpgrm to the rescue

Microsoft Security
Meet the Deputy CISOs who help shape Microsoft’s approach to cybersecurity: Part 2

Malwarebytes
FBI issues warning as scammers target victims of crime

Moonlock
Apple alert: Hundreds of iPhone users targeted in a spyware attack

Schneier on Security
Chinese AI Submersible

Okta Security
A Guide to DORA Compliance with Okta

watchTowr Labs
SysOwned, Your Friendly Support Ticket - SysAid On-Premise Pre-Auth RCE Chain (CVE-2025-2775 And Friends)

Datadog HQ
Monitor Cisco Meraki with Datadog

Datadog HQ
Monitor Azure SQL Managed Instance with Datadog

Amazon Security
Introducing the AWS User Guide to Governance, Risk and Compliance for Responsible AI Adoption within Financial Services Industries

Dark Reading
AI Agents Fail in Novel Ways, Put Businesses at Risk

Dark Reading
Countries Begin NATO's Locked Shields Cyber-Defense Exercise

Dark Reading
TikTok Fined €530 Million Over Chinese Access to EU Data

Dark Reading
Meta Wins Lawsuit Against Spyware Vendor NSO Group

Dark Reading
Play Ransomware Group Used Windows Zero-Day

Dark Reading
'Bring Your Own Installer' Attack Targets SentinelOne EDR

Dark Reading
Infrastructure as Code: An IaC Guide to Cloud Security

ReversingLabs
SaaS risk is on the rise: 7 action items for better management

Ars Technica Security
WhatsApp provides no cryptographic management for group messages

Ars Technica Security
We have reached the “severed fingers and abductions” stage of the crypto revolution

Ars Technica Security
Jury orders NSO to pay $167 million for hacking WhatsApp users

Krebs on Security
Pakistani Firm Shipped Fentanyl Analogs, Scams to US

Zero Day Initiative
CVE-2024-44236: Remote Code Execution vulnerability in Apple macOS


2025-05-06

SpiderLabs
Lights Out and Stalled Factories: Using M.A.T.R.I.X to Learn About Modbus Vulnerabilities

Rapid7
Key Takeaways from the Take Command Summit 2025: From Zero to Hero: Building the Perfect Defense

Talos Intelligence
Proactive threat hunting with Talos IR

SentinelOne
Protection Against Local Upgrade Technique Described in Aon Research

Malwarebytes
“Your privacy is a promise we don’t break”: Dating app Raw exposes sensitive user data

Malwarebytes
Android fixes 47 vulnerabilities, including one zero-day. Update as soon as you can!

Hunt and Hackett
Building Stronger Defences Through Expert Partnerships

Google Safety & Security
The latest AI news we announced in April

Google Safety & Security
6 ways Google Play helps keep you safe

Schneier on Security
Fake Student Fraud in Community Colleges

Eclypsium
BTS #49 - The Hidden Risks of Open Source Components

Elastic Security Labs
Bit ByBit - emulation of the DPRK's largest cryptocurrency heist

OWASP
OWASP Enables AI Regulation That Works with OWASP AI Exchange

Datadog HQ
Datadog acquires Eppo

Datadog HQ
Unify OpenTelemetry and Datadog with the Datadog Distribution of the OTel Collector

Amazon Security
Introducing the AWS Zero Trust Accelerator for Government

Project Black
Network Segmentation Testing Guide

The Citizen Lab
Job Opportunity: Digital Communications Specialist

Dark Reading
Researcher Says Patched Commvault Bug Still Exploitable

Dark Reading
'Easily Exploitable' Langflow Vulnerability Requires Immediate Patching

Dark Reading
CISA Warns 2 SonicWall Vulnerabilities Under Active Exploitation

Dark Reading
Addressing the Top Cyber-Risks in Higher Education

ReversingLabs
MIT researchers tame AI code with new controls

Ars Technica Security
Man pleads guilty to using malicious AI software to hack Disney employee

Claroty
CVE-2025-4041

TrustedSec
Application Layer Encryption with Web Crypto API

Palo Alto Networks
InterSECt — The Fast Lane to a Secure Future Starts Here


2025-05-05

Fastly
Security Without Speed Bumps: Why a WAF Simulator Transforms DevSecOps Workflows

Cloudflare
Scaling with safety: Cloudflare's approach to global service health metrics and software releases

Microsoft Security
Microsoft partners with Global Anti-Scam Alliance to fight cybercrime

Malwarebytes
The AI chatbot cop squad is here (Lock and Code S06E09)

Malwarebytes
A week in security (April 27 – May 3)

Github Security Blog
Welcome to Maintainer Month: Events, exclusive discounts, and a new security challenge

Troy Hunt
Passkeys for Normal People

Embrace The Red
How ChatGPT Remembers You: A Deep Dive into Its Memory and Chat History Features

Moonlock
Realtek or real threat? The macOS malware that won’t quit

Moonlock
Hackers can steal your iPhone data via public chargers

Schneier on Security
Another Move in the Deepfake Creation/Detection Arms Race

CrankySec
We're all DEVO

Datadog HQ
New Learning Paths are now available in the Datadog Learning Center

Datadog HQ
The first step to fixing what matters: Datadog Error Tracking

Dark Reading
AI Domination: RSAC 2025 Social Media Roundup

Dark Reading
'Venom Spider' Targets Hiring Managers in Phishing Scheme

Dark Reading
Ongoing Passkey Usability Challenges Require 'Problem-Solving'

Dark Reading
The Dark Side of Digital: Breaking the Silence on Youth Mental Health

Dark Reading
Phony Hacktivist Pleads Guilty to Disney Data Leak

Dark Reading
How to Prevent AI Agents From Becoming the Bad Guys

Ars Technica Security
Signal clone used by Trump official stops operations after report it was hacked

Ars Technica Security
Hundreds of e-commerce sites hacked in supply-chain attack

Snyk
Learn About Open Source Security Risks With the New Snyk Learn Learning Path

Meta Security
Enhancing the Python ecosystem with type checking and free threading

Mend
Dynamic Application Security Testing: DAST Basics

Palo Alto Networks
Enhancing UK Government Operations with Emerging Technology

Auth0
Auth0’s Mobile Driver’s License Verification API


2025-05-04

Kevin Beaumont
Big Game Ransomware: the myths experts tell board members