131 Security Blogs

Last Updated: 03 Apr 25 19:36 UTC

Blog List | Github | OPML

2025-04-03

Rapid7
Ivanti Connect Secure CVE-2025-22457 exploited in the wild

Malwarebytes
QR codes sent in attachments are the new favorite for phishers

Malwarebytes
Location, name, and photos of random kids shown to parents in child tracker mix up

SentinelOne
Cyber Threats & SMBs | Chubb & SentinelOne Expedite Access to Cyber Insurance

Cloudflare
Improve your media pipelines with the Images binding for Cloudflare Workers

Github Security Blog
Localhost dangers: CORS and DNS rebinding

Microsoft Security
Threat actors leverage tax season to deploy tax-themed phishing campaigns

CrankySec
What can possibly go wrong?

Offensive Security
AI Penetration Testing: How to Secure LLM Systems

Datadog HQ
Gain key insights into user experiences faster with Datadog Synthetic Monitoring

Datadog HQ
Leverage Cloudflare logs for cost optimization, troubleshooting, and security

The Citizen Lab
How Cyber Espionage Threatens Democracy in the Age of Trump (The Agenda)

The Citizen Lab
The Citizen Lab’s Director Dissects Spyware and the ‘Proliferating’ Market for It (The Record)

The Citizen Lab
The United States is Putting the United States in Danger

The Citizen Lab
The U.S. Wants Canada to Become A Police State

Talos Intelligence
One mighty fine-looking report

Google Safety & Security
Read Google DeepMind’s new paper on responsible artificial general intelligence (AGI).

Sansec Threat Research
Found defunct.dat on your site? You've got a problem.

Schneier on Security
Web 3.0 Requires Data Integrity

Moonlock
Dark AI tools are gaining popularity with cybercriminals, report says

ReversingLabs
How to Assess VMs Prior to Deployment with Spectra Assure

ReversingLabs
Malicious Python packages target popular Bitcoin library

Dark Reading
Counterfeit Phones Carrying Hidden Revamped Triada Malware

Dark Reading
Runtime Ventures Launches New Fund for Seed, Pre-Seed Startups

Dark Reading
Social Engineering Just Got Smarter

Dark Reading
Emerging Risks Require IT/OT Collaboration to Secure Physical Systems

Dark Reading
Google Quick Share Bug Bypasses Allow Zero-Click File Transfer

Dark Reading
Israel Enters 'Stage 3' of Cyber Wars With Iran Proxies

Searchlight Cyber
How to Improve Incident Response with Attack Surface Management


2025-04-02

Rapid7
Preview the Action: Two New Sessions Available Before Take Command 2025

Rapid7
A Rebirth of a Cursed Existence? Examining ‘Babuk Locker 2.0’ Ransomware

Evan Connelly
Hacking the Call Records of Millions of Americans

Satoshi's Blog
What keeps kernel shadow stack effective against kernel exploits?

Malwarebytes
“Nudify” deepfakes stored unprotected online

Malwarebytes
“Urgent reminder” tax scam wants to phish your Microsoft credentials

SentinelOne
The Overlooked Six | AWS Security Blind Spots

Cloudflare
A steam locomotive from 1993 broke my yarn test

Fastly
Future-Proofing TLS Encryption Against Quantum Threats

Amazon Security
AWS achieves Cloud Security Assurance Program (CSAP) low-tier certification in AWS Seoul Region

Amazon Security
Planning for your IAM Roles Anywhere deployment

Datadog HQ
Reduce costs and enhance security with cross-region Datadog connectivity using AWS PrivateLink

Eclypsium
Eclypsium @ RSAC 2025

Schneier on Security
Rational Astrologies and Security

ReversingLabs
CVEs lose relevance: Get proactive — and think beyond vulnerabilities

Meta Security
Meta Open Source: 2024 by the numbers

Dark Reading
DPRK 'IT Workers' Pivot to Europe for Employment Scams

Dark Reading
SolarWinds Adds Incident Management Tool From Squadcast

Dark Reading
In Salt Typhoon's Wake, Congress Mulls Potential Options

Dark Reading
New PCI DSS Rules Say Merchants on Hook for Compliance, Not Providers

Dark Reading
How an Interdiction Mindset Can Help Win War on Cyberattacks

Dark Reading
Gootloader Malware Resurfaces in Google Ads for Legal Docs

Dark Reading
Malaysian Airport's Cyber Disruption a Warning for Asia


2025-04-01

Rapid7
A New Approach to Managing Vulnerabilities is Required - Work Smarter not Harder with Rapid7 Remediation Hub

Rapid7
What’s New in Rapid7 Products & Services: Q1 2025 in Review

Malwarebytes
Intimate images from kink and LGBTQ+ dating apps left exposed online

Cloudflare
“You get Instant Purge, and you get Instant Purge!” — all purge methods now available to all customers

Github Security Blog
GitHub found 39M secret leaks in 2024. Here’s what we’re doing to help

Auth0
March 2025 Updates: What’s New in Auth0 (Developer Edition)

SpiderLabs
Babuk2 Bjorka: The Evolution of Ransomware for ‘Data Commoditization’

Microsoft Security
Transforming public sector security operations in the AI era

Fastly
#hugops for vibe coders

Datadog HQ
Manage PCI DSS v4.0.1 requirements with Datadog

Datadog HQ
Simplify multi-cloud cost management with FOCUS and Datadog

Datadog HQ
This Month in Datadog - March 2025

watchTowr Labs
XSS To RCE By Abusing Custom File Handlers - Kentico Xperience CMS (CVE-2025-2748)

The Citizen Lab
Gender-Based Digital Transnational Repression and the Authoritarian Targeting of Women in the Diaspora

Praetorian
An Improved Detection Signature for the Kubernetes IngressNightmare Vulnerability

Hunt and Hackett
The Evolving Threat of OT: Do You Know Your Weak Spots?

Schneier on Security
Cell Phone OPSEC for Border Crossings

Bishop Fox Security
SonicWall-CVE-2024-53704: Exploit Details

Bishop Fox Security
Tomcat CVE-2025-24813: What You Need to Know

Elastic Security Labs
Outlaw Linux Malware: Persistent, Unsophisticated, and Surprisingly Effective

ReversingLabs
OpenSSF guidelines encourage OSS developers to build securely

Mozilla Security
Updated GPG key for signing Firefox Releases

Dark Reading
Google Brings End-to-End Encryption to Gmail

Dark Reading
Visibility, Monitoring Key to Enterprise Endpoint Strategy

Dark Reading
Surge in Scans on PAN GlobalProtect VPNs Hints at Attacks

Dark Reading
As CISA Downsizes, Where Can Enterprises Get Support?

Dark Reading
Japan Bolsters Cybersecurity Safeguards With Cyber Defense Bill

Dark Reading
Check Point Disputes Hacker's Breach Claims

Dark Reading
FDA's Critical Role in Keeping Medical Devices Secure

Dark Reading
Google 'ImageRunner' Bug Enabled Privilege Escalation

Dark Reading
Lazarus APT Jumps on ClickFix Bandwagon in Recent Attacks

Snyk
Q&A Session with Snyk & John Hammond: Your Fetch the Flag Questions, Answered

Snyk
Get Off My Lawn and Fix Your Vulnerabilities!

Compass Security Blog
I wannabe Red Team Operator

TrustedSec
CUI For the Rest of Us: The New Government-Wide CUI Protection Contract Clause

Palo Alto Networks
Platformization Maximizes Security Efficacy & IT Operations Efficiency


2025-03-31

Rapid7
Seeing is Securing: MDR VALUE at-a-glance with the Detection and Response Dashboard

Malwarebytes
Why we’re no longer doing April Fools’ Day 

Malwarebytes
A week in security (March 24 – March 30)

Microsoft Security
Analyzing open-source bootloaders: Finding vulnerabilities faster with AI

Microsoft Security
New innovations in Microsoft Purview for protected, AI-ready data

Kevin Beaumont
Oracle attempt to hide serious cybersecurity incident from customers in Oracle SaaS service

Datadog HQ
Auto-remediate Kubernetes incidents using private actions in workflows and apps

Datadog HQ
Enrich your existing Datadog telemetry with custom metadata using Reference Tables

Datadog HQ
Monitor the performance of queues and topics with Azure Service Bus

Talos Intelligence
Beers with Talos: Year in Review episode

Talos Intelligence
Available now: 2024 Year in Review

White Knight Labs
Windows Kernel Buffer Overflow

Schneier on Security
The Signal Chat Leak and the NSA

Moonlock
Why does my search keep switching to Yahoo, and what is the Yahoo virus?

Bishop Fox Security
Epic Fails and Heist Tales: A Red Teamer’s Journey to Deadwood

Meta Security
Mobile GraphQL at Meta in 2025

Dark Reading
Oracle Cloud Users Urged to Take Action

Dark Reading
CoffeeLoader Malware Is Stacked With Vicious Evasion Tricks

Dark Reading
Top 10 Most-Used RDP Passwords Are Not Complex Enough

Dark Reading
DoJ Seizes Over $8M From Sprawling Pig Butchering Scheme

Dark Reading
CISA Warns of Resurge Malware Connected to Ivanti Vuln

Dark Reading
Trend Micro Open Sources AI Tool Cybertron

Dark Reading
Bridging the Gap Between the CISO & the Board of Directors

Dark Reading
Qakbot Resurfaces in Fresh Wave of ClickFix Attacks

Krebs on Security
How Each Pillar of the 1st Amendment is Under Attack


2025-03-30

Troy Hunt
Weekly Update 445

Project Black
ZendTo NDay Vulnerability Hunting - Unauthenticated RCE in v5.24-3 <= v6.10-4

Ars Technica Security
FBI raids home of prominent computer scientist who has gone incommunicado


2025-03-29

Project Black
Disable TLS 1.0 and 1.1 via GPO


2025-03-28

Rapid7
Metasploit Wrap-Up 03/28/2025

Rapid7
Overcoming the Challenges of Vulnerability Remediation

Hay Mizrachi
Hunting 12 Zero Days in Popular WooCommerce Plugins - A Research Journey

Malwarebytes
Vulnerability in most browsers abused in targeted attacks

SentinelOne
The Good, the Bad and the Ugly in Cybersecurity – Week 13

Fastly
Making the Internet Sustainable— Starting from Its Infrastructure

MalwareTech
The US Needs A New Cybersecurity Strategy: More Offensive Cyber Operations Isn't It

Amazon Security
AWS continues to support government cloud security and shape FedRAMP’s evolution toward automated compliance

Talos Intelligence
Gamaredon campaign abuses LNK files to distribute Remcos backdoor

Schneier on Security
Friday Squid Blogging: Squid Werewolf Hacking Group

Schneier on Security
AIs as Trusted Third Parties

Moonlock
Has your Gmail been hacked? Here’s how to tell and how to recover your account

Moonlock
New phishing attack convinces users their Mac is locked

Moonlock
What is the Bing redirect virus, and how do you remove Google redirects to Bing?

Ars Technica Security
Oracle has reportedly suffered 2 separate breaches exposing thousands of customers‘ PII

Ars Technica Security
Gemini hackers can deliver more potent attacks with a helping hand from… Gemini

Dark Reading
GSA Plans FedRAMP Revamp

Dark Reading
Evilginx Tool (Still) Bypasses MFA

Dark Reading
Oracle Still Denies Breach as Researchers Persist

Dark Reading
Harmonic Security Raises $17.5M Series A to Accelerate Zero-Touch Data Protection to Market

Dark Reading
Traditional Data Loss Prevention Solutions Are Not Working for Most Organizations

Dark Reading
SecurityScorecard 2025 Global Third-Party Breach Report Reveals Surge in Vendor-Driven Attacks

Dark Reading
Malaysia PM Refuses to Pay $10M Ransomware Demand

Dark Reading
Concord Orthopaedic Notifies Individuals of Security Incident

Dark Reading
Navigating Cyber-Risks and New Defenses

Dark Reading
Iran's MOIS-Linked APT34 Spies on Allies Iraq &amp; Yemen

Searchlight Cyber
Russian Zero-Day Seller Offers $4m For Exploits in Telegram

TrustedSec
MCP: An Introduction to Agentic Op Support

Palo Alto Networks
Addressing Federal Cybersecurity Challenges in the Cloud Era


2025-03-27

SentinelOne
GPU Device Plugins | Unveiling Risks in Kubernetes Workloads

Dark Reading
Hoff's Rule: People First

Dark Reading
How CISA Cuts Impact Election Security

Dark Reading
OpenAI Bumps Up Bug Bounty Reward to $100K in Security Update

Google Security Blog
New security requirements adopted by HTTPS certificate industry