2025-07-04
Schneier on Security
Friday Squid Blogging: How Squid Skin Distorts Light
The Citizen Lab
The G7 condemned transnational repression, but will Canada meet its own commitments?
watchTowr Labs
How Much More Must We Bleed? - Citrix NetScaler Memory Disclosure (CitrixBleed 2 CVE-2025-5777)
Searchlight Cyber
Global Crackdown Leads to BreachForums Arrest
2025-07-03
Schneier on Security
Surveillance Used by a Drug Cartel
Talos Intelligence
A message from Bruce the mechanical shark
Github Security Blog
CVE-2025-53367: An exploitable out-of-bounds write in DjVuLibre
Datadog HQ
This Month in Datadog - June 2025
Datadog HQ
Migrate from your existing SIEM and quickly onboard security teams with Datadog Cloud SIEM
Elastic Security Labs
Taking SHELLTER: a commercial evasion framework abused in-the-wild
Hunt and Hackett
Turning incident response challenges into scalable solutions
Google Safety & Security
Opening up ‘Zero-Knowledge Proof’ technology to promote privacy in age assurance
Offensive Security
CVE-2025-29306 – Unauthenticated Remote Code Execution in FoxCMS v1.2.5 via Unserialize Injection
ReversingLabs
3CX’s Software Supply Chain Compromise: Lessons Learned
Ars Technica Security
Provider of covert surveillance app spills passwords for 62,000 users
Krebs on Security
Big Tech’s Mixed Response to U.S. Treasury Sanctions
Palo Alto Networks
Why Diverse Cloud Environments Require Flexible Security
Okta Security
How this ClickFix campaign leads to Redline Stealer
2025-07-02
Malwarebytes
Qantas: Breach affects 6 million people, “significant” amount of data likely taken
Troy Hunt
Weekly Update 458
Schneier on Security
Ubuntu Disables Spectre/Meltdown Protections
Talos Intelligence
PDFs: Portable documents, or perfect deliveries for phish?
Trail of Bits
Buckle up, Buttercup, AIxCC’s scored round is underway!
Dark Reading
Qantas Airlines Breached, Impacting 6M Customers
Dark Reading
US Treasury Sanctions BPH Provider Aeza Group
Ars Technica Security
AT&T rolls out Wireless Account Lock protection to curb the SIM-swap scourge
Red Siege InfoSec Blog
Penetration Testing in SDLC
Red Siege InfoSec Blog
Logic Attacks: Abusing The System
Palo Alto Networks
Navigating Heightened Cyber Risks from Iranian Threats
Searchlight Cyber
How Modern ASM Uncovers Hidden Risks in Real Time
2025-07-01
Malwarebytes
Facebook wants to look at your entire camera roll for “AI restyling” suggestions, and more
Schneier on Security
Iranian Blackout Affected Misinformation Campaigns
Github Security Blog
Understand your software’s supply chain with GitHub’s dependency graph
Cloudflare
Message Signatures are now part of our Verified Bots Program, simplifying bot authentication
Google Safety & Security
We are announcing Sparkasse as our first national credential partner for EU age assurance.
Leviathan Security
Integrating Security Metrics into Quality Models: A DORA-Aligned Strategy
White Knight Labs
Understanding Out-Of-Bounds in Windows Kernel Driver
Amazon Security
Remote access to AWS: A guide for hybrid workforces
Microsoft Security
Planning your move to Microsoft Defender portal for all Microsoft Sentinel customers
Dark Reading
Like SEO, LLMs May Soon Fall Prey to Phishing Scams
Dark Reading
We've All Been Wrong: Phishing Training Doesn't Work
Ars Technica Security
US critical infrastructure exposed as feds warn of possible attacks from Iran
Searchlight Cyber Research
How we got persistent XSS on every AEM cloud site, thrice
2025-06-30
Malwarebytes
AT&T to pay compensation to data breach victims. Here’s how to check if you were affected
Malwarebytes
A week in security (June 23 – June 29)
Schneier on Security
How Cybersecurity Fears Affect Confidence in Voting Systems
Microsoft Security
Jasper Sleet: North Korean remote IT workers’ evolving tactics to infiltrate organizations
Dark Reading
Why Cybersecurity Should Come Before AI in Schools
Ars Technica Security
Drug cartel hacked FBI official’s phone to track and kill informants, report says
Meta Security
Meta joins Kotlin Foundation
Krebs on Security
Senator Chides FBI for Weak Advice on Mobile Security