167 Security Blogs

Last Updated: 08 Dec 25 23:39 UTC

Blog List | Github | OPML

2026-05-05

Dark Reading
GISEC GLOBAL 2026 – The Middle East & Africa’s Largest Cybersecurity Event


2025-12-08

Amazon Security
IAM Policy Autopilot: An open-source tool that brings IAM policy expertise to builders and AI coding assistants

Dark Reading
Apache Issues Max-Severity Tika CVE After Patch Miss

Dark Reading
Exploitation Activity Ramps Up Against React2Shell

Dark Reading
US Treasury Tracks $4.5B in Ransom Payments since 2013

Amazon Security
AWS launches AI-enhanced security innovations at re:Invent 2025

Google Security Blog
Architecting Security for Agentic Capabilities in Chrome

Varonis
When Passwords Win: A Deep Dive into ROPC-Enabled MFA Bypasses

Microsoft Security
Stronger together: New Beazley collaboration enhances cyber resilience

Auth0
Honeypots: A Simple Trap for Spam Registration Bots

Malwarebytes
How phishers hide banking scams behind free Cloudflare Pages

Malwarebytes
Scammers harvesting Facebook photos to stage fake kidnappings, warns FBI

Schneier on Security
Substitution Cipher Based on The Voynich Manuscript

Dark Reading
'Broadside' Mirai Variant Targets Maritime Logistics Sector

Malwarebytes
A week in security (December 1 – December 7)

Cloudflare
Python Workers redux: fast cold starts, packages, and a uv-first workflow

Moonlock
It’s that time of the year: The holiday scams to avoid in 2025

ISC SANS
ISC Stormcast For Monday, December 8th, 2025 https://isc.sans.edu/podcastdetail/9728, (Mon, Dec 8th)

Fastly
Unparalleled Performance: Bring Your C++ Logic to the Edge

Datadog HQ
Evolving security at Datadog: How we designed roles to support a growing organization


2025-12-07

MaskRay's Blog
Sacramento游记


2025-12-06

Krebs on Security
Drones to Diplomas: How Russia’s Largest Private University is Linked to a $25M Essay Mill


2025-12-05

SentinelOne
From React to Remote Code – Protecting Against the Critical React2Shell RCE Exposure

Schneier on Security
Friday Squid Blogging: Vampire Squid Genome

Dark Reading
Rust Code Delivers Better Security, Also Streamlines DevOps

Rapid7
Metasploit Wrap-Up 12/05/2025

Dark Reading
India Rolls Back App Mandate Amid Surveillance Concerns

Microsoft Security
Microsoft named a leader in the 2025 Gartner® Magic Quadrant™ for Email Security

Atredis Partners
Designing a Passive LiDAR Detector Device - Hardware

Palo Alto Networks
Crossing the Autonomy Threshold

Offensive Security
CVE-2025-55182 – React Server Components RCE via Flight Payload Deserialization

SentinelOne
The Good, the Bad and the Ugly in Cybersecurity – Week 49

Dark Reading
Threat Landscape Grows Increasingly Dangerous for Manufacturers

Dark Reading
React2Shell Vulnerability Under Attack From China-Nexus Groups

Dark Reading
CISOs Should Be Asking These Quantum Questions Today

Rapid7
Voices of the Experts: What to Expect from Our Predictions Webinar

Malwarebytes
Leaks show Intellexa burning zero-days to keep Predator spyware running

Kevin Beaumont
Cybersecurity industry overreacts to React vulnerability, starts panic, burns own house down again

Schneier on Security
New Anonymous Phone Service

Troy Hunt
Weekly Update 481

ISC SANS
AutoIT3 Compiled Scripts Dropping Shellcodes, (Fri, Dec 5th)

Moonlock
Is your Mac part of a botnet? This tool lets you check

Embrace The Red
The Normalization of Deviance in AI

ISC SANS
ISC Stormcast For Friday, December 5th, 2025 https://isc.sans.edu/podcastdetail/9726, (Fri, Dec 5th)

Amazon Security
China-nexus cyber threat groups rapidly exploit React2Shell vulnerability (CVE-2025-55182)

Elastic Security Labs
Automating detection tuning requests with Kibana cases

Joshua Rogers
Another AI slop story: ChatGPT vs. Human

Auth0
A New Auth0 ASP.NET SDK to Secure Your API

Okta Security
Okta’s Response to React2Shell

Cloudflare
Cloudflare outage on December 5, 2025

Greynoise
CVE-2025-55182 (React2Shell) Opportunistic Exploitation In The Wild: What The GreyNoise Observation Grid Is Seeing So Far

Fastly
Deploy for Performance: Fastly’s Principles of Infrastructure Diversity and Soft Control


2025-12-04

Dark Reading
How Agentic AI Can Boost Cyber Defense

Krebs on Security
SMS Phishers Pivot to Points, Taxes, Fake Retailers

Dark Reading
A Tale of Two CISOs: Why An Engineering-Focused CISO Can Be a Liability

Dark Reading
CISA Warns of 'Ongoing' Brickstorm Backdoor Attacks

Dark Reading
CISA Publishes Security Guidance for Using AI in OT

Talos Intelligence
Socomec DIRIS Digiware M series and Easy Config, PDF XChange Editor vulnerabilities

Talos Intelligence
Your year-end infosec wrapped

Malwarebytes
How scammers use fake insurance texts to steal your identity

Microsoft Security
Cybersecurity strategies to prioritize now​​

Rapid7
React2Shell (CVE-2025-55182) - Critical unauthenticated RCE affecting React Server Components

Dark Reading
ServiceNow's Acquisition of NHI Provider Veza Strengthens Governance Portfolio

Palo Alto Networks
Securing the AI Frontier

Bishop Fox Security
Arista NextGen Firewall XSS to RCE Chain

Dark Reading
Student Sells Gov't, University Sites to Chinese Actors

Rapid7
From Policy to Practice: Why Cyber Resilience Needs a Reboot

Escape DAST
Duck Store is Open for Business & Business Logic Vulnerabilities

Malwarebytes
Canadian police trialing facial recognition bodycams

Escape DAST
Introducing Projects: Turn Visibility Into Action With Clear Ownership

Malwarebytes
Update Chrome now: Google fixes 13 security issues affecting billions

Mend
From Zero to RCE: How a Single HTTP Request Compromises React and Next.js Applications

Searchlight Cyber
The Intelligence Hidden in Ransomware Data

Talos Intelligence
Spy vs. spy: How GenAI is powering defenders and attackers

Dark Reading
'MuddyWater' Hackers Target Israeli Orgs With Retro Game Tactic

TrustedSec
What is a TrustedSec Program Maturity Assessment (PMA)?

ISC SANS
ISC Stormcast For Thursday, December 4th, 2025 https://isc.sans.edu/podcastdetail/9724, (Thu, Dec 4th)

ISC SANS
Nation-State Attack or Compromised Government? [Guest Diary], (Thu, Dec 4th)

Auth0
How to Add Sign in with Vercel to Auth0

Datadog HQ
Automate infrastructure operations with Datadog Infrastructure Management

Greynoise
A Hidden Pattern Within Months of Credential-Based Attacks Against Palo Alto GlobalProtect

Fastly
CAPTCHAs Are Costing Retailers Customers — Heavy AI Users Are the First to Walk Away


2025-12-03

Troy Hunt
Why Does Have I Been Pwned Contain "Fake" Email Addresses?

Ars Technica Security
Admins and defenders gird themselves against maximum-severity server vuln

Infernux Blog
Lab - Defender for IoT configuration

Eclypsium
Strengthening Telecom Security in a Voluntary Compliance Landscape

Dark Reading
'ShadyPanda' Hackers Weaponize Millions of Browsers

Dark Reading
Critical React Flaw Triggers Calls for Immediate Action

Dark Reading
Arizona AG Sues Temu Over 'Stealing' User Data

ISC SANS
Attempts to Bypass CDNs, (Wed, Dec 3rd)

Ars Technica Security
Fraudulent gambling network may actually be something more nefarious

Google Security Blog
Android expands pilot for in-call scam protection for financial apps

Malwarebytes
Attackers have a new way to slip past MFA in educational orgs

Cloudflare
Cloudflare WAF proactively protects against React vulnerability

Malwarebytes
How attackers use real IT tools to take over your computer

SpiderLabs
Sha1-Hulud: The Second Coming of The New npm GitHub Worm

Bishop Fox Security
What Will Shape Cybersecurity in 2026: AI Speed, Expanding Attack Surfaces, and Specialized Red Teams

Cloudflare
Cloudflare's 2025 Q3 DDoS threat report -- including Aisuru, the apex of botnets

Black Hills Info Sec
Inside the BHIS SOC: A Conversation with Hayden Covington

Dark Reading
The Ransomware Holiday Bind: Burnout or Be Vulnerable

Searchlight Cyber
December 3rd – This Week’s Top Cybersecurity and Dark Web Stories

Malwarebytes
Fileless protection explained: Blocking the invisible threat others miss

Dark Reading
AI Bolsters Python Variant of Brazilian WhatsApp Attacks

Snyk
Run AutoMCP To Supercharge Your AI Agent with Libraries MCP Servers

Snyk
Accelerating innovation with AWS: Snyk selected as an AWS Pattern Partner

Snyk
Security Advisory: Critical RCE Vulnerabilities in React Server Components (CVE-2025-55182)

Moonlock
Moonlock’s 2025 macOS threat report

ISC SANS
ISC Stormcast For Wednesday, December 3rd, 2025 https://isc.sans.edu/podcastdetail/9722, (Wed, Dec 3rd)

Dark Reading
China Researches Ways to Disrupt Satellite Internet

Fastly
Fastly’s Proactive Protection for React2Shell, Critical React RCE CVE-2025-55182 and CVE-2025-66478

Auth0
How Startups can Leverage Auth0’s B2B Capabilities


2025-12-02

Dark Reading
While ECH Adoption Is Low, Risks Remain for Enterprises, End Users

Dark Reading
Iran's 'MuddyWater' Levels Up With MuddyViper Backdoor

Dark Reading
Researchers Use Poetry to Jailbreak AI Models

Varonis
Varonis Integrates with AWS Security Hub

Rapid7
Announcing Rapid7’s Next-Gen SIEM Buyer’s Guide

Kevin Beaumont
Small numbers of Notepad++ users reporting security woes

Malwarebytes
“Sleeper” browser extensions woke up as spyware on 4 million devices

Microsoft Security
How to build forward-thinking cybersecurity teams for tomorrow

Malwarebytes
Air fryer app caught asking for voice data (re-air) (Lock and Code S06E24)

Mend
Mend.io + Wiz: A New Code-to-Cloud Integration for Accurate, Context-Driven Risk Prioritization

Dark Reading
New Raptor Framework Uses Agentic Workflows to Create Patches

Malwarebytes
Whispering poetry at AI can make it break its own rules

Rapid7
Rapid7 Helps Lower Your Cost to Assurance for HITRUST

White Knight Labs
UEFI Vulnerability Analysis Using AI: Part 1

Dark Reading
DPRK's 'Contagious Interview' Spawns Malicious Npm Package Factory

Palo Alto Networks
Unit 42 Incident Response Retainer for AWS Security Incident Response

Schneier on Security
Like Social Media, AI Requires Difficult Choices

Trail of Bits
Introducing constant-time support for LLVM to protect cryptographic code

Malwarebytes
Google patches 107 Android flaws, including two being actively exploited

Alex Schapiro
How I Reverse Engineered a Billion-Dollar Legal AI Tool and Found 100k+ Confidential Files

ISC SANS
ISC Stormcast For Tuesday, December 2nd, 2025 https://isc.sans.edu/podcastdetail/9720, (Tue, Dec 2nd)

Datadog HQ
Observability in the AI age: Datadog's approach

Datadog HQ
Optimize Kubernetes cluster cost with Datadog Cluster Autoscaler