134 Security Blogs

Last Updated: 17 Jun 25 03:07 UTC

Blog List | Github | OPML

2025-06-16

Auth0
What Is Relationship-based access control (ReBAC)?

Malwarebytes
The data on denying social media for kids (re-air) (Lock and Code S06E12)

Malwarebytes
A week in security (June 9 – June 15)

Moonlock
FBI warns: BADBOX malware is after your smart TV

Dark Reading
Malicious Chimera Turns Larcenous on Python Package Index

Dark Reading
Anubis Ransomware-as-a-Service Kit Adds Data Wiper

Dark Reading
Washington Post Staffer Emails Targeted in Cyber Breach

Dark Reading
'Water Curse' Targets Infosec Pros via Poisoned GitHub Repositories

Dark Reading
Security Is Only as Strong as the Weakest Third-Party Link

Dark Reading
NIST Outlines Real-World Zero-Trust Examples

Amazon Security
How AWS improves active defense to empower customers

The Citizen Lab
Unspoken Implications: A Preliminary Analysis of Bill C-2 and Canada’s Potential Data-Sharing Obligations Towards the United States and Other Countries

Ars Technica Security
Vandals cut fiber-optic lines, causing outage for Spectrum Internet subscribers


2025-06-15

Schneier on Security
Upcoming Speaking Engagements

SentinelOne
Redefining Fatherhood: How SentinelOne Dads Are Leading At Work & At Home

Snyk
Why ANZ Technology Leaders Are Rethinking How AI, Speed, and Security Intersect


2025-06-14

itm4n's Blog
Offline Extraction of Symantec Account Connectivity Credentials (ACCs)


2025-06-13

Auth0
B2B SaaS Identity Challenges: The Foundation

Schneier on Security
Friday Squid Blogging: Stubby Squid

Schneier on Security
Paragon Spyware Used to Spy on European Journalists

Malwarebytes
Your Meta AI chats might be public, and it’s not a bug

SentinelOne
The Good, the Bad and the Ugly in Cybersecurity – Week 24

Google Safety & Security
An age assurance tool for Europe and beyond

Moonlock
How secure is the new macOS Tahoe? Here are our concerns

Eclypsium
Secure Device Lifecycle Management

Dark Reading
CISA Reveals 'Pattern' of Ransomware Attacks Against SimpleHelp RMM

Dark Reading
Threat Actor Abuses TeamFiltration for Entra ID Account Takeovers

Dark Reading
Why CISOs Must Align Business Objectives & Cybersecurity

Dark Reading
Cyberattacks on Humanitarian Orgs Jump Worldwide

Amazon Security
How to create post-quantum signatures using AWS KMS and ML-DSA

Amazon Security
AI security strategies from Amazon and the CIA: Insights from AWS Summit Washington, DC

Amazon Security
AWS CIRT announces the launch of the Threat Technique Catalog for AWS

Searchlight Cyber
Cartier Confirms Data Breach and Warns Customers They Could Become Targets

Google Security Blog
Mitigating prompt injection attacks with a layered defense strategy

Mend
Shadow AI: Examples, Risks, and 8 Ways to Mitigate Them

Palo Alto Networks
The New AI Attack Surface — How Cortex Cloud Secures MCP

TrustedSec
Dragging Secrets Out of Chrome: NTLM Hash Leaks via File URLs


2025-06-12

Microsoft Security
Cyber resilience begins before the crisis

Troy Hunt
Weekly Update 456

Cloudflare
Cloudflare service outage June 12, 2025

Cloudflare
Celebrating 11 years of Project Galileo’s global impact

Schneier on Security
Airlines Secretly Selling Passenger Data to the Government

Talos Intelligence
Know thyself, know thy environment

Eclypsium
Securing AI Data Centers

Eclypsium
Even More Holes In Your Boot: Critical UEFI Secure Boot Bypass Vulnerabilities

Offensive Security
CVE-2024-21683 – Authenticated RCE via “Add a New Language” in Atlassian Confluence

Offensive Security
CVE‑2025‑49113 – Post‑Auth Remote Code Execution in Roundcube via PHP Object Deserialization

Elastic Security Labs
Call Stacks: No More Free Passes For Malware

Dark Reading
Researchers Detail Zero-Click Copilot Exploit 'EchoLeak'

Dark Reading
New COPPA Rules to Take Effect Over Child Data Privacy Concerns

Dark Reading
Hacking the Hackers: When Bad Guys Let Their Guard Down

Dark Reading
Foundations of Cybersecurity: Reassessing What Matters

Amazon Security
Introducing the AWS Security Champion Knowledge Path and digital badge

Sansec Threat Research
Adobe patches critical Magento admin takeover via menu injection

The Citizen Lab
Graphite Caught: First Forensic Confirmation of Paragon’s iOS Mercenary Spyware Finds Journalists Targeted

Praetorian
Introducing: GitHub Device Code Phishing

Ars Technica Security
Coming to Apple OSes: A seamless, secure way to import and export passkeys

Krebs on Security
Inside a Dark Adtech Empire Fed by Fake CAPTCHAs

Datadog HQ
Datadog + OpenAI: Codex CLI integration for AI‑assisted DevOps

ReversingLabs
Accelerate PQC Migration: How to Leverage CBOMs for Cryptographic Asset Discovery

Mend
Kubernetes Security Risks and Critical Best Practices

Palo Alto Networks
See How We’re Fortifying Cloud and AI at AWS re:Inforce 2025

TrustedSec
Hunting Deserialization Vulnerabilities With Claude


2025-06-11

Fastly
DDoS in May

Cloudflare
We shipped FinalizationRegistry in Workers: why you should never use it

Project Black
FileFlows SQL Injection by Decompiling .NET Code

Malwarebytes
US airline industry quietly selling flight data to DHS

Malwarebytes
23andMe raked by Congress on privacy, sale of genetic data

Talos Intelligence
catdoc zero-day, NVIDIA, High-Logic FontCreator and Parallel vulnerabilities

Dark Reading
Infostealer Ring Bust-up Takes Down 20,000 Malicious IPs

Dark Reading
ConnectWise to Rotate Code-Signing Certificates

Dark Reading
Agentic AI Takes Over Gartner's SRM Summit

Dark Reading
Google Bug Allowed Brute-Forcing of Any User Phone Number

Dark Reading
Securonix Acquires Threat Intelligence Firm ThreatQuotient

Dark Reading
Security Pitfalls & Solutions of Multiregion Cloud Architectures

Dark Reading
Mirai Botnets Exploit Flaw in Wazuh Security Platform

Dark Reading
India's Security Leaders Struggle to Keep Up With Threats

Amazon Security
AWS completes Police-Assured Secure Facilities (PASF) audit in Europe (London) AWS Region

Black Lantern Security
Doomla! Zero Days

Krebs on Security
Patch Tuesday, June 2025 Edition

Datadog HQ
Build, test, and scale detections as code with Datadog Cloud SIEM

ReversingLabs
DoD issues new marching orders on secure software and SBOMs

Synacktiv
NTLM reflection is dead, long live NTLM reflection! – An in-depth analysis of CVE-2025-33073

Redteam-Pentesting.de
A Look in the Mirror - The Reflective Kerberos Relay Attack

Searchlight Cyber
Why is Attack Surface Management Now Worth the Cost?

Snyk
Finding Software Flaws Early in the Development Process Provides Clear ROI

Snyk
Build Fast, Stay Secure: Guardrails for AI Coding Assistants

Snyk
Transform Your AppSec Program With the Power of Snyk Analytics


2025-06-10

itm4n's Blog
Checking for Symantec Account Connectivity Credentials (ACCs) with PrivescCheck

Malwarebytes
GirlsDoPorn owner faces life in jail after pleading guilty to sex trafficking

Malwarebytes
44% of people encounter a mobile scam every single day, Malwarebytes finds

Malwarebytes
Google bug allowed phone number of almost any user to be discovered

Rapid7
Patch Tuesday - June 2025

Rapid7
BlackSuit Continues Social Engineering Attacks in Wake of Black Basta’s Internal Conflict

Rapid7
Key Takeaways from the Take Command Summit 2025: Demystifying Cloud Detection & Response – The Future of SOC and MDR

Talos Intelligence
Microsoft Patch Tuesday for June 2025 — Snort rules and prominent vulnerabilities

Trail of Bits
What we learned reviewing one of the first DKLs23 libraries from Silence Laboratories

White Knight Labs
Understanding Double Free in Windows Kernel Drivers

Eclypsium
Leading Cloud Computing Company Relies on Eclypsium to Protect AI Data Center Infrastructure

Eclypsium
The Ultimate Guide to AI Data Center Infrastructure Security

Eclypsium
GenAI Compute Infrastructure Under Siege: Defending the Foundation of AI

Eclypsium
AI Data Centers: The Cyber Target of the Century

Eclypsium
Eclypsium Secures AI Data Centers as AI Arms Race Escalates

Eclypsium
AI is Critical Infrastructure: Securing the Foundation of the Global Future

Dark Reading
Stealth Falcon APT Exploits Microsoft RCE Zero-Day in Mideast

Dark Reading
Bridging the Secure Access Gap in Third-Party, Unmanaged Devices

Dark Reading
PoC Code Escalates Roundcube Vuln Threat

Dark Reading
Red Canary Expands AI Innovations to Cut Alert Overload

Dark Reading
GitHub: How Code Provenance Can Prevent Supply Chain Attacks

Dark Reading
United Natural Food's Operations Limp Through Cybersecurity Incident

Dark Reading
Poisoned npm Packages Disguised as Utilities Aim for System Wipeout

Dark Reading
SSH Keys: The Most Powerful Credential You're Probably Ignoring

Amazon Security
Building identity-first security: A guide to the Identity and Access Management track at AWS re:Inforce 2025

Binarly
Another Crack in the Chain of Trust: Uncovering (Yet Another) Secure Boot Bypass

Ars Technica Security
Found in the wild: 2 Secure Boot exploits. Microsoft is patching only 1 of them.

ReversingLabs
Chat Playground project lets security teams toy with gen AI

Synacktiv
Exploiting Heroes of Might and Magic V

Compass Security Blog
LinkedIn for OSINT: tips and tricks

Mend
The Growing Challenge of Shadow MCP: Unauthorized AI Connectivity in Your Codebase

Sicuranext Blog
Influencing LLM Output using logprobs and Token Distribution

Sicuranext Blog
Influencing LLM Output using logprobs and Token Distribution

Zero Day Initiative
The June 2025 Security Update Review

TrustedSec
Common Mobile Device Threat Vectors