2025-07-23
Schneier on Security
Google Sues the Badbox Botnet Operators
Malwarebytes
Proton launches Lumo, a privacy-focused AI chatbot
Fastly
DDoS in June
Talos Intelligence
Meet Hazel Burton
Amazon Security
New whitepaper available: AICPA SOC 2 Compliance Guide on AWS
Trail of Bits
Inside EthCC[8]: Becoming a smart contract auditor
Dark Reading
Banking Trojan Coyote Abuses Windows UI Automation
Dark Reading
Dark Web Hackers Moonlight as Travel Agents
Dark Reading
Lumma Stealer Is Back & Stealthier Than Ever
Dark Reading
Why ISO 42001 Matters for AI Governance at Scale
Black Hills Info Sec
Detecting ADCS Privilege Escalation
Meta Security
Policy Zones: How Meta enforces purpose limitation at scale in batch processing systems
Ars Technica Security
What to know about ToolShell, the SharePoint threat under mass exploitation
Ars Technica Security
After $380M hack, Clorox sues its “service desk” vendor for simply giving out passwords
Searchlight Cyber
What Are the Four Ways CTEM Fails Without ASM?
Palo Alto Networks
Redefining DNS Protection
2025-07-22
Schneier on Security
“Encryption Backdoors and the Fourth Amendment”
Malwarebytes
‘Car crash victim’ calls mother for help and $15K bail money. But it’s an AI voice scam
Microsoft Security
Disrupting active exploitation of on-premises SharePoint vulnerabilities
Microsoft Security
Microsoft Sentinel data lake: Unify signals, cut costs, and power agentic AI
Amazon Security
Five facts about how the CLOUD Act actually works
Dark Reading
Microsoft Integrates Data Lake With Sentinel SIEM
Dark Reading
3 China Nation-State Actors Target SharePoint Bugs
Dark Reading
China-Backed APT41 Cyberattack Surfaces in Africa
ReversingLabs
SharePoint ‘ToolShell’ zero-day: What we know
Meta Security
How Meta keeps its AI hardware reliable
Ars Technica Security
A power utility is reporting suspected pot growers to cops. EFF says that’s illegal.
Searchlight Cyber Research
How We Accidentally Discovered a Remote Code Execution Vulnerability in ETQ Reliance
Palo Alto Networks
How Apps and Your Phone Can Expose Your Life Without Permission
TrustedSec
Why is this Finding on my Pentest Report?
Datadog HQ
Datadog Summit is heading to San Francisco
White Knight Labs
AzDevRecon: Turning Tokens into DevOps Portal
RME-DisCo Research Group
Scalable Similarity Detection in Digital Forensics? Meet APOTHEOSIS
Onyphe
Massive Exploitation of Microsoft SharePoint Server Following the Disclosure of CVE-2025-53770
2025-07-21
Schneier on Security
Another Supply Chain Vulnerability
Malwarebytes
A week in security (July 14 – July 20)
Project Black
Free Web Filtering
Talos Intelligence
ToolShell: Details of CVEs affecting SharePoint servers
Amazon Security
Beyond IAM access keys: Modern authentication approaches for AWS
Trail of Bits
Detecting code copying at scale with Vendetect
Dark Reading
Containment as a Core Security Strategy
Ars Technica Security
SharePoint vulnerability with 9.8 severity rating under exploit across globe
Searchlight Cyber Research
A Novel Technique for SQL Injection in PDO’s Prepared Statements
Krebs on Security
Microsoft Fix Targets Attacks on SharePoint Zero-Day
Google Security Blog
Introducing OSS Rebuild: Open Source, Rebuilt to Last
Offensive Security
How OffSec Certifications Help You Hire With Confidence
The Citizen Lab
The Citizen Lab’s Submission to the UN on Universal Birth Registration and the Use of Digital Technologies
The Citizen Lab
Canada’s Outdated Laws Leave Spyware Oversight Dangerously Weak
2025-07-18
Schneier on Security
Friday Squid Blogging: The Giant Squid Nebula
Schneier on Security
New Mobile Phone Forensics Tool
Microsoft Security
Microsoft at Black Hat USA 2025: A unified approach to modern cyber defense
Dark Reading
'PoisonSeed' Attacker Skates Around FIDO Keys
Dark Reading
3 Ways Security Teams Can Minimize Agentic AI Chaos
Ars Technica Security
Phishers have found a way to downgrade—not bypass—FIDO MFA
Searchlight Cyber
Pay2Key Ransomware Gang Resurfaces with Geopolitical Focus
Krebs on Security
Poor Passwords Tattle on AI Hiring Bot Maker Paradox.ai
CrankySec
When You Wish Upon a Star
2025-07-17
Schneier on Security
Security Vulnerabilities in ICEBlock
Malwarebytes
Adoption agency leaks over a million records
Talos Intelligence
This is your sign to step away from the keyboard
Talos Intelligence
MaaS operation using Emmenhtal and Amadey linked to threats against Ukrainian entities
SentinelOne
Primary Attack Vectors Persist
Eclypsium
Black Hat 2025
Google Safety & Security
We’re taking legal action against the BadBox 2.0 botnet.
Dark Reading
Armenian Extradited to US Over Ryuk Ransomware
Ars Technica Security
GitHub abused to distribute payloads on behalf of malware-as-a-service
Palo Alto Networks
A Leader in the 2025 Gartner Magic Quadrant for EPP — 3 Years Running
Offensive Security
CVE-2024-12029 – InvokeAI Deserialization of Untrusted Data vulnerability
Bishop Fox Security
Fox Den Pull List: Our Favorite Comics