137 Security Blogs

Last Updated: 04 Jul 25 10:19 UTC

Blog List | Github | OPML

2025-07-03

Github Security Blog
CVE-2025-53367: An exploitable out-of-bounds write in DjVuLibre

Krebs on Security
Big Tech’s Mixed Response to U.S. Treasury Sanctions

Talos Intelligence
A message from Bruce the mechanical shark

Schneier on Security
Surveillance Used by a Drug Cartel

Offensive Security
CVE-2025-29306 – Unauthenticated Remote Code Execution in FoxCMS v1.2.5 via Unserialize Injection

Okta Security
How this ClickFix campaign leads to Redline Stealer

Malwarebytes
Drug cartel hacked cameras and phones to spy on FBI and identify witnesses

Malwarebytes
Catwatchful “child monitoring” app exposes victims’ data

Malwarebytes
Microsoft, PayPal, DocuSign, and Geek Squad faked in callback phishing scams

Hunt and Hackett
Turning incident response challenges into scalable solutions

Eclypsium
How To Detect AMI BMC Vulnerabilities (CVE 2024 54085) with Eclypsium

Datadog HQ
This Month in Datadog - June 2025

Datadog HQ
How we created a single app to automate repetitive tasks with Datadog Workflow Automation, Datastore, and App Builder

Datadog HQ
Migrate from your existing SIEM and quickly onboard security teams with Datadog Cloud SIEM

Elastic Security Labs
Taking SHELLTER: a commercial evasion framework abused in-the-wild

Google Safety & Security
Opening up ‘Zero-Knowledge Proof’ technology to promote privacy in age assurance

ReversingLabs
3CX’s Software Supply Chain Compromise: Lessons Learned

Binarly
Type Inference for Decompiled Code: From Hidden Semantics to Structured Insights

Praetorian
CI/CD Training from the Front Lines: Offensive Security at Black Hat

Dark Reading
New Cyber Blueprint Aims to Guide Organizations on AI Journey

Dark Reading
Dark Web Vendors Shift to Third Parties, Supply Chains

Dark Reading
Criminals Sending QR Codes in Phishing, Malware Campaigns

Dark Reading
IDE Extensions Pose Hidden Risks to Software Supply Chain

Dark Reading
Attackers Impersonate Top Brands in Callback Phishing

Ars Technica Security
Provider of covert surveillance app spills passwords for 62,000 users

Palo Alto Networks
Why Diverse Cloud Environments Require Flexible Security

Mend
Automatically Update Dependencies in Maven: A Step-By-Step Guide


2025-07-02

Fastly
Edge vs Cloud: Where Should AI Live?

Talos Intelligence
PDFs: Portable documents, or perfect deliveries for phish?

Schneier on Security
Ubuntu Disables Spectre/Meltdown Protections

Malwarebytes
Qantas: Breach affects 6 million people, “significant” amount of data likely taken

Eclypsium
Eclypsium Releases Tools for Detecting AMI MegaRAC BMC Vulnerabilities

Trail of Bits
Buckle up, Buttercup, AIxCC’s scored round is underway!

ReversingLabs
AI security tools and hype: Report breaks down key considerations

Binarly
Ghost in the Controller: Abusing Supermicro BMC Firmware Verification

Troy Hunt
Welcoming Truyu to Have I Been Pwned's Partner Program

Troy Hunt
Weekly Update 458

Dark Reading
Qantas Airlines Breached, Impacting 6M Customers

Dark Reading
Browser Extensions Pose Heightened, but Manageable, Security Risks

Dark Reading
Initial Access Broker Self-Patches Zero Days as Turf Control

Dark Reading
US Treasury Sanctions BPH Provider Aeza Group

Dark Reading
AI Tackles Binary Code Challenges to Fortify Supply Chain Security

Dark Reading
Russian APT 'Gamaredon' Hits Ukraine With Fierce Phishing

Dark Reading
ClickFix Spin-Off Attack Bypasses Key Browser Safeguards

Dark Reading
1 Year Later: Lessons Learned From the CrowdStrike Outage

Dark Reading
FileFix Attack Chain Enables Malicious Script Execution

Dark Reading
Silver Fox Suspected in Taiwanese Campaign Using DeepSeek Lure

Ars Technica Security
AT&T rolls out Wireless Account Lock protection to curb the SIM-swap scourge

Red Siege InfoSec Blog
Penetration Testing in SDLC

Red Siege InfoSec Blog
Logic Attacks: Abusing The System

Searchlight Cyber
How Modern ASM Uncovers Hidden Risks in Real Time

Palo Alto Networks
Navigating Heightened Cyber Risks from Iranian Threats


2025-07-01

Fastly
How to Control and Monetize AI Bot Traffic Using Fastly and TollBit

Microsoft Security
Planning your move to Microsoft Defender portal for all Microsoft Sentinel customers

Github Security Blog
Understand your software’s supply chain with GitHub’s dependency graph

Snyk
Minimizing False Positives: Enhancing Security Efficiency

Schneier on Security
Iranian Blackout Affected Misinformation Campaigns

Malwarebytes
Update your Chrome to fix new actively exploited zero-day vulnerability

Malwarebytes
Bluetooth vulnerability in audio devices can be exploited to spy on users

Malwarebytes
Facebook wants to look at your entire camera roll for “AI restyling” suggestions, and more

Cloudflare
Content Independence Day: no AI crawl without compensation!

Cloudflare
The crawl before the fall… of referrals: understanding AI’s impact on content providers

Cloudflare
Control content use for AI training with Cloudflare’s managed robots.txt and blocking for monetized content

Cloudflare
Introducing pay per crawl: enabling content owners to charge AI crawlers for access

Cloudflare
From Googlebot to GPTBot: who’s crawling your site in 2025

Cloudflare
Message Signatures are now part of our Verified Bots Program, simplifying bot authentication

Eclypsium
BTS #52 - Securing the Future of AI Infrastructure

Datadog HQ
Unify APM and RUM data for full-stack visibility

Datadog HQ
Why GovRAMP-authorized observability matters for state, local, and education IT teams

Google Safety & Security
We are announcing Sparkasse as our first national credential partner for EU age assurance.

White Knight Labs
Understanding Out-Of-Bounds in Windows Kernel Driver

ReversingLabs
Europe's EUVD could shake up the vulnerability database ecosystem

Praetorian
GitPhish: Automating Enterprise GitHub Device Code Phishing

Leviathan Security
Integrating Security Metrics into Quality Models: A DORA-Aligned Strategy

Meta Security
An inside look at Meta’s transition from C to Rust on mobile

Amazon Security
Remote access to AWS: A guide for hybrid workforces

Dark Reading
Like SEO, LLMs May Soon Fall Prey to Phishing Scams

Dark Reading
LevelBlue Acquires Trustwave, Forms World's Largest Independent MSSP

Dark Reading
Scope, Scale of Spurious North Korean IT Workers Emerges

Dark Reading
Ransomware Reshaped How Cyber Insurers Perform Security Assessments

Dark Reading
We've All Been Wrong: Phishing Training Doesn't Work

Dark Reading
DoJ Disrupts North Korean IT Worker Scheme Across Multiple US States

Dark Reading
Chrome Zero-Day, 'FoxyWallet' Firefox Attacks Threaten Browsers

Dark Reading
How Businesses Can Align Cyber Defenses With Real Threats

Ars Technica Security
US critical infrastructure exposed as feds warn of possible attacks from Iran

Searchlight Cyber Research
How we got persistent XSS on every AEM cloud site, thrice

TrustedSec
Abusing Chrome Remote Desktop on Red Team Operations: A Practical Guide


2025-06-30

Fastly
Can We Make AI Green? Big AI Sustainability Questions, Answered by Fastly’s Co-Founder

Microsoft Security
Jasper Sleet: North Korean remote IT workers’ evolving tactics to infiltrate organizations

Krebs on Security
Senator Chides FBI for Weak Advice on Mobile Security

Snyk
Fixing Fix Fatigue: Building Developer Trust for Secure AI Code

Schneier on Security
How Cybersecurity Fears Affect Confidence in Voting Systems

Malwarebytes
Corpse-eating selfies, and other ways to trick scammers (Lock and Code S06E14)

Malwarebytes
AT&T to pay compensation to data breach victims. Here’s how to check if you were affected

Malwarebytes
Android threats rise sharply, with mobile malware jumping by 151% since start of year

Malwarebytes
A week in security (June 23 – June 29)

Datadog HQ
How we've created a successful FinOps practice at Datadog

Meta Security
Meta joins Kotlin Foundation

Amazon Security
AWS Certificate Manager now supports exporting public certificates

Dark Reading
Scattered Spider Hacking Spree Continues With Airline Sector Attacks

Dark Reading
Hired Hacker Assists Drug Cartel in Finding, Killing FBI Sources

Dark Reading
Chinese Company Hikvision Banned By Canadian Government

Dark Reading
Rethinking Cyber-Risk as Traditional Models Fall Short

Dark Reading
Airoha Chip Vulns Put Sony, Bose Earbuds & Headphones at Risk

Dark Reading
AI-Themed SEO Poisoning Attacks Spread Info, Crypto Stealers

Dark Reading
Why Cybersecurity Should Come Before AI in Schools

Ars Technica Security
Drug cartel hacked FBI official’s phone to track and kill informants, report says

Mend
Best Software Composition Analysis (SCA) Tools: Top 6 Solutions in 2025


2025-06-28

OWASP
InfoSecMap x OWASP Collaboration

Mend
Best Application Security Testing Tools: Top 10 Tools in 2025

Retooling_
My Emulation Goes to the Moon... Until False Flag


2025-06-27

Microsoft Security
Unveiling RIFT: Enhancing Rust malware analysis through pattern matching

Github Security Blog
GitHub Advisory Database by the numbers: Known security vulnerabilities and what you can do about them

Auth0
B2B SaaS Identity Challenges: Enterprise Integration and Security

SpiderLabs
Tracing Blind Eagle to Proton66

Schneier on Security
Friday Squid Blogging: What to Do When You Find a Squid “Egg Mop”

Schneier on Security
The Age of Integrity

Malwarebytes
Fake DocuSign email hides tricky phishing attempt

Cloudflare
Celebrate Micro-Small, and Medium-sized Enterprises Day with Cloudflare

SentinelOne
The Good, the Bad and the Ugly in Cybersecurity – Week 26

Eclypsium
Ars Technica: Actively exploited vulnerability gives extraordinary control over server fleets

Eclypsium
SC Media: Attacks leveraging maximum severity AMI MegaRAC vulnerability underway

Eclypsium
The Hacker News: CISA Adds 3 Flaws to KEV Catalog, Impacting AMI MegaRAC, D-Link, Fortinet

Eclypsium
Hackaday: This Week In Security: MegaOWNed, Store Danger, And FileFix

Dark Reading
Top Apple, Google VPN Apps May Help China Spy on Users

Dark Reading
'CitrixBleed 2' Shows Signs of Active Exploitation

Dark Reading
Scattered Spider Taps CFO Credentials in 'Scorched Earth' Attack

Dark Reading
Hackers Make Hay? Smart Tractors Vulnerable to Full Takeover

Dark Reading
Vulnerability Debt: How Do You Put a Price on What to Fix?

Dark Reading
US Falling Behind China in Exploit Production

Ars Technica Security
Microsoft changes Windows in attempt to prevent next CrowdStrike-style catastrophe

Searchlight Cyber
Scattered Spider Shifts Focus to Insurance Industry