171 Security Blogs

Last Updated: 01 Feb 26 10:25 UTC

Blog List | Github | OPML

2026-02-01

MaskRay's Blog
lld 22 ELF changes


2026-01-30

Dark Reading
Torq Moves SOCs Beyond SOAR With AI-Powered Hyper Automation

Schneier on Security
Friday Squid Blogging: New Squid Species Discovered

Binarly
VulHunt in practice: detecting a remote code execution vulnerability in Rsync

Praetorian
Introducing Julius: Open Source LLM Service Fingerprinting

Dark Reading
2026: The Year Agentic AI Becomes the Attack-Surface Poster Child

Dark Reading
Out-of-the-Box Expectations for 2026 Reveal a Grab-Bag of Risk

Rapid7
Metasploit Wrap-Up 01/30/2026

Dark Reading
Tenable Tackles AI Governance, Shadow AI Risks, Data Exposure

Amazon Security
Explore scaling options for AWS Directory Service for Microsoft Active Directory

SentinelOne
The Good, the Bad and the Ugly in Cybersecurity – Week 5

Microsoft Security
Case study: Securing AI application supply chains

ISC SANS
Google Presentations Abused for Phishing, (Fri, Jan 30th)

Ars Technica Security
Web portal leaves kids' chats with AI toy open to anyone with Gmail account

Cloudflare
Google’s AI advantage: why crawler separation is the only path to a fair Internet

Dark Reading
OpenClaw AI Runs Wild in Business Environments

Offensive Security
CVE-2026-24061 – GNU InetUtils telnetd Authentication Bypass Vulnerability

watchTowr Labs
Someone Knows Bash Far Too Well, And We Love It (Ivanti EPMM Pre-Auth RCEs CVE-2026-1281 & CVE-2026-1340)

Rapid7
Critical Ivanti Endpoint Manager Mobile (EPMM) zero-day exploited in the wild (CVE-2026-1281 & CVE-2026-1340)

Schneier on Security
AIs Are Getting Better at Finding and Exploiting Security Vulnerabilities

Malwarebytes
Match, Hinge, OkCupid, and Panera Bread breached by ransomware group

Cloudflare
Building vertical microfrontends on Cloudflare’s platform

Trail of Bits
Celebrating our 2025 open-source contributions

Malwarebytes
TikTok’s privacy update mentions immigration status. Here’s why.

Moonlock
Is my Mac infected? Signs your Mac might be infected with malware

ISC SANS
ISC Stormcast For Friday, January 30th, 2026 https://isc.sans.edu/podcastdetail/9788, (Fri, Jan 30th)

Dark Reading
Chinese APTs Hacking Asian Orgs With High-End Malware

Datadog HQ
How we cut our NLQ agent debugging time from hours to minutes with LLM Observability

Auth0
Auth0 B2B Billing: Should You Pick a Monthly or Annual Plan?

Auth0
Scaling Identity: Automating Auth0 Configuration with the Auth0 Terraform Provider


2026-01-29

Dark Reading
Trump Administration Rescinds Biden-Era Software Guidance

Dark Reading
Second Round of Critical RCE Bugs in n8n Spikes Corporate Risk

Microsoft Security
Turning threat reports into detection insights with AI

Malwarebytes
Meta confirms it’s working on premium subscription for its apps

Amazon Security
How to get started with security response automation on AWS

Talos Intelligence
I'm locked in!

Ars Technica Security
County pays $600,000 to pentesters it arrested for assessing courthouse security

Microsoft Security
New Microsoft Data Security Index report explores secure AI adoption to protect sensitive data

Dark Reading
'Semantic Chaining' Jailbreak Dupes Gemini Nano Banana, Grok 4

Dark Reading
From Quantum to AI Risks: Preparing for Cybersecurity's Future

Malwarebytes
Microsoft Office zero-day lets malicious documents slip past security checks

Varonis
Data Discovery Is Not Data Security

Talos Intelligence
Microsoft releases update to address zero-day vulnerability in Microsoft Office

Malwarebytes
Clawdbot’s rename to Moltbot sparks impersonation campaign

Cloudflare
Introducing Moltworker: a self-hosted personal AI agent, minus the minis

ISC SANS
ISC Stormcast For Thursday, January 29th, 2026 https://isc.sans.edu/podcastdetail/9786, (Thu, Jan 29th)

Trail of Bits
Building cryptographic agility into Sigstore

Talos Intelligence
Dissecting UAT-8099: New persistence mechanisms and regional focus

Talos Intelligence
IR Trends Q4 2025: Exploitation remains dominant, phishing campaign targets Native American tribal organizations

NVISO Labs
ConsentFix (a.k.a. AuthCodeFix): Detecting OAuth2 Authorization Code Phishing

TrustedSec
LDAP Channel Binding and LDAP Signing

Moonlock
XProtect on macOS: How Apple’s built-in malware protection works

Datadog HQ
Debug PostgreSQL query latency faster with EXPLAIN ANALYZE in Datadog Database Monitoring

Teleport Blog
Inside Teleport: Why Our People Love Working Here

Auth0
Scaling Identity: Why You Need Auth0 Configuration Automation


2026-01-28

Malwr Analysis
Tycoon 2FA Campaign Abusing *.contractors Domains for Gmail and Microsoft 365 Credential Harvesting

Dark Reading
How Can CISOs Respond to Ransomware Getting More Violent?

Dark Reading
Months After Patch, WinRAR Bug Poised to Hit SMBs Hardest

Ars Technica Security
Site catering to online criminals has been seized by the FBI

The Citizen Lab
Want the Federal Government to Hear Your Thoughts on AI?: New Consultation Launched

Dark Reading
Fortinet Confirms New Zero-Day Behind Malicious SSO Logins

Dark Reading
Consumers Reluctant to Shop at Stores That Don't Take Security Seriously

Eclypsium
Fortinet Under Fire: Why Your Network Edge Remains Attackers' Favorite Entry Point

Auth0
Securing OpenClaw: A Developer's Checklist for AI Agent Security

Rapid7
Patch Tuesday and the Enduring Challenge of Windows’ Backwards Compatibility

Dark Reading
China-Backed 'PeckBirdy' Takes Flight for Cross-Platform Attacks

ISC SANS
Odd WebLogic Request. Possible CVE-2026-21962 Exploit Attempt or AI Slop?, (Wed, Jan 28th)

Black Hills Info Sec
Social Engineering and Microsoft SSPR: The Road to Pwnage is Paved with Good Intentions

Rapid7
Multiple Critical SolarWinds Web Help Desk Vulnerabilities: CVE-2025-40551, CVE-2025-40552, CVE-2025-40553, CVE-2025-40554

Eye Security
The State of Incident Response 2026: Insights from 630 Investigations

Malwarebytes
Malicious Chrome extensions can spy on your ChatGPT chats

Palo Alto Networks
2026 Public Sector Cyber Outlook: Identity, AI and the Fight for Trust

Dark Reading
Surging Cyberattacks Boost Latin America to Riskiest Region

Malwarebytes
WhatsApp rolls out new protections against advanced exploits and spyware

Searchlight Cyber
January 28th – This Week’s Top Cybersecurity and Dark Web Stories

ISC SANS
ISC Stormcast For Wednesday, January 28th, 2026 https://isc.sans.edu/podcastdetail/9784, (Wed, Jan 28th)

Greynoise
GreyNoise Introduces Recall: Time-Series Intelligence for GreyNoise Query Language (GNQL)

Datadog HQ
Datadog acquires Propolis

Fastly
AI Agents on Fastly Compute: How it Works and What Makes it Secure


2026-01-27

Ars Technica Security
There's a rash of scam spam coming from a real Microsoft address

Dark Reading
AI & the Death of Accuracy: What It Means for Zero-Trust

Dark Reading
Vibe-Coded 'Sicarii' Ransomware Can't Be Decrypted

Palo Alto Networks
Introducing Palo Alto Networks Quantum-Safe Security

Dark Reading
Critical Telnet Server Flaw Exposes Forgotten Attack Surface

Dark Reading
Microsoft Rushes Emergency Patch for Office Zero-Day

Atredis Partners
General Graboids: Worms and Remote Code Execution in Command & Conquer

Amazon Security
File integrity monitoring with AWS Systems Manager and Amazon Security Lake

Dark Reading
'Stanley' Toolkit Turns Chrome Into Undetectable Phishing Vector

Eclypsium
BTS #67 - BIOS Password Cracking, Secure Boot, and Stackwarp

Malwarebytes
Watch out for AT&T rewards phishing text that wants your personal details

Black Lantern Security
Introducing CloudCheck: Comprehensive Cloud Provider Detection

Rapid7
Threat Actors Using AWS WorkMail in Phishing Campaigns

Microsoft Security
Microsoft announces the 2026 Security Excellence Awards winners

Google Security Blog
New Android Theft Protection Feature Updates: Smarter, Stronger

Dark Reading
WorldLeaks Extortion Group Claims It Stole 1.4TB of Nike Data

Searchlight Cyber
Enriched Actor Profiles in Cerberus

Bad Privacy
Is TikTok Suddenly the Most Transparent App?

Meta Security
Rust at Scale: An Added Layer of Security for WhatsApp

Rapid7
The End of the Road for Cisco Kenna: Take a Measured Path into Exposure Management

Cloudflare
Building a serverless, post-quantum Matrix homeserver

Varonis
Exfil Out&Look for Logs: Weaponizing Outlook Add-ins for Zero-Trace Email Exfiltration

Dark Reading
Hand CVE Over to the Private Sector

Schneier on Security
The Constitutionality of Geofence Warrants

Malwarebytes
A WhatsApp bug lets malicious media files spread through group chats

Eye Security
From Helper To Risk Factor: Why AI Canvases Deserve Executive Attention

Malwarebytes
TikTok narrowly avoids a US ban by spinning up a new American joint venture

Eye Security Research
From Helper to Adversary: The Dual-Use Risks of AI Canvases

Troy Hunt
Weekly Update 488

Snyk
4 Reasons Why CTFs Are One of the Best Ways to Grow in Cybersecurity

ISC SANS
Initial Stages of Romance Scams [Guest Diary], (Tue, Jan 27th)

ISC SANS
ISC Stormcast For Tuesday, January 27th, 2026 https://isc.sans.edu/podcastdetail/9782, (Tue, Jan 27th)

Elastic Security Labs
How Elastic Infosec Optimizes Defend for Cost and Performance

Teleport Blog
AI Infrastructure Needs an Agentic Identity Framework — We’re Building It


2026-01-26

Dark Reading
Beauty in Destruction: Exploring Malware's Impact Through Art

Dark Reading
Sandworm Blamed for Wiper Attack on Polish Power Grid

Ars Technica Security
Why has Microsoft been routing example.com traffic to a company in Japan?

Praetorian
Corrupting the Hive Mind: Persistence Through Forgotten Windows Internals

Amazon Security
IAM Identity Center now supports IPv6

Bad Security
Canadian Education Sector Data Breaches are Nothing New

Binarly
Have you patched? Are you sure? The story of the sticky Supermicro BMC bugs

The Citizen Lab
People’s Consultation on AI Now Accepting Submissions

Ars Technica Security
How to encrypt your PC's disk without giving the keys to Microsoft

Amazon Security
Updated PCI PIN compliance package for AWS CloudHSM now available

Microsoft Security
Security strategies for safeguarding governmental data

The Citizen Lab
Perpetrators and Methods of Transnational Repression and Possible Counter Strategies

Dark Reading
DPRK's Konni Targets Blockchain Developers With AI-Generated Backdoor

Malwarebytes
Get paid to scroll TikTok? The data trade behind Freecash ads

Cloudflare
Cable cuts, storms, and DNS: a look at Internet disruptions in Q4 2025

Malwarebytes
One privacy change I made for 2026 (Lock and Code S07E02)

Schneier on Security
Ireland Proposes Giving Police New Digital Surveillance Powers

Malwarebytes
A week in security (January 19 – January 25)

Binarly
Introducing VulHunt: A High-Level Look at Binary Vulnerability Detection

Moonlock
What an infostealer is, how it impacts your device, and how to remove it

ISC SANS
ISC Stormcast For Monday, January 26th, 2026 https://isc.sans.edu/podcastdetail/9780, (Mon, Jan 26th)

ISC SANS
Scanning Webserver with /$(pwd)/ as a Starting Path, (Sun, Jan 25th)

Fastly
Break Free from ESI Lock-in: Learn How to Migrate Today with Fastly

Rosecurify
Gakido - CRLF Injection

Rosecurify
Seclog - #162