2026-04-01
Microsoft Security
Mitigating the Axios npm supply chain compromise
Github Security Blog
Securing the open source supply chain across GitHub
Schneier on Security
Is “Hackback” Official US Cybersecurity Strategy?
The Citizen Lab
The Perils of Privatized Cyberwarfare
Black Hills Info Sec
Cloud Security: Tips and Resources for Securing the Cloud
SentinelOne
The Implementation Blind Spot | Why Organizations Are Confusing Temporary Friction with Permanent Safety
Searchlight Cyber
The 2026 ‘Forum Wars’: Deconstructing the BreachForums Drama
Trail of Bits
Mutation testing for the agentic era
Dark Reading
Are We Training AI Too Late?
Searchlight Cyber
March 30th – This Week’s Top Cybersecurity and Dark Web Stories
Schneier on Security
A Taxonomy of Cognitive Security
Palo Alto Networks
Closing the Gap by Enhancing Visibility and Mitigating Risks
ISC SANS
ISC Stormcast For Wednesday, April 1st, 2026 https://isc.sans.edu/podcastdetail/9874, (Wed, Apr 1st)
Infernux Blog
Tool Release: Log Horizon
Elastic Security Labs
Elastic releases detections for the Axios supply chain compromise
Elastic Security Labs
Inside the Axios supply chain compromise - one RAT to rule them all
2026-03-31
Dark Reading
Axios NPM Package Compromised in Precision Attack
Amazon Security
New compliance guide available: ISO/IEC 27001:2022 on AWS
Ars Technica Security
Quantum computers need vastly fewer resources than thought to break vital encryption
Microsoft Security
The threat to critical infrastructure has changed. Has your readiness?
Google Security Blog
VRP 2025 Year in Review
Meta Security
Meta Adaptive Ranking Model: Bending the Inference Scaling Curve to Serve LLM-Scale Models for Ads
Microsoft Security
Applying security fundamentals to AI: Practical advice for CISOs
Malwarebytes
Axios supply chain attack chops away at npm trust
Microsoft Security
WhatsApp malware campaign delivers VBScript and MSI backdoors
Ars Technica Security
Iran's hackers are on the offensive against the US and Israel
Cloudflare
Introducing Programmable Flow Protection: custom DDoS mitigation logic for Magic Transit customers
Step Security
10 Layers Deep: How StepSecurity Stops TeamPCP's Trivy Supply Chain Attack on GitHub Actions
Palo Alto Networks
Five Browser and AI Security Questions Keeping CxOs up at Night
Schneier on Security
Inventors of Quantum Cryptography Win Turing Award
Trail of Bits
How we made Trail of Bits AI-native (so far)
Talos Intelligence
Ransomware in 2025: Blending in is the strategy
Mend
Poisoned Axios: npm Account Takeover, 50 Million Downloads, and a RAT That Vanishes After Install
Compass Security Blog
Common Entra ID Security Assessment Findings – Part 2: Privileged Unprotected Groups
ISC SANS
ISC Stormcast For Tuesday, March 31st, 2026 https://isc.sans.edu/podcastdetail/9872, (Tue, Mar 31st)
Troy Hunt
Weekly Update 497
Elastic Security Labs
Fake Installers to Monero: A Multi-Tool Mining Operation
2026-03-30
Dark Reading
AI-Driven Code Surge Is Forcing a Rethink of AppSec
Black Lantern Security
red-run 2.0: Agent Teams
Meta Security
AI for American-Produced Cement and Concrete
Dark Reading
Storm Brews Over Critical, No-Click Telegram Flaw
Google Safety & Security
Evolving expectations of what’s possible
Schneier on Security
Apple’s Camera Indicator Lights
Step Security
Malicious IoliteLabs VSCode Extensions Target Solidity Developers on Windows, macOS, and Linux with Backdoor
Malwarebytes
A week in security (March 23 – March 29)
ISC SANS
ISC Stormcast For Monday, March 30th, 2026 https://isc.sans.edu/podcastdetail/9870, (Mon, Mar 30th)
Infernux Blog
Upcoming Microsoft Sentinel features
Rosecurify
Seclog - #171
Sansec Threat Research
Mass PolyShell attack wave hits 471 stores in one hour
2026-03-29
watchTowr Labs
Please, We Beg, Just One Weekend Free Of Appliances (Citrix NetScaler CVE-2026-3055 Memory Overread Part 2)
Infernux Blog
Privileged Access 101 in Entra ID
2026-03-28
watchTowr Labs
The Sequels Are Never As Good, But We're Still In Pain (Citrix NetScaler CVE-2026-3055 Memory Overread)
Step Security
litellm: Credential Stealer Hidden in PyPI Wheel
Android Offensive Security Blog
A Technical Deep Dive into CVE-2024-23380: Exploiting GPU Memory Corruption to Android Root
2026-03-27
Google Safety & Security
How Google Does It: An inside look at cybersecurity
Schneier on Security
Friday Squid Blogging: Bioluminescent Bacteria in Squid
Elastic Security Labs
Elastic Security Labs uncovers BRUSHWORM and BRUSHLOGGER
Datadog HQ
Analyzing round trip query latency
2026-03-26
Amazon Security
Preparing for agentic AI: A financial services approach
Ars Technica Security
Internet Yiff Machine: We hacked 93GB of "anonymous" crime tips
Black Lantern Security
Amelia Booking Pro ≤ 9.1.2: Authenticated Customer-to-Admin Password Reset via IDOR
Dark Reading
Is the FCC's Router Ban the Wrong Fix?
Dark Reading
Critical Flaw in Langflow AI Platform Under Attack
Step Security
Malicious Polymarket Bot Hides in Hijacked dev-protocol GitHub Org and Steals Wallet Keys
Step Security
ForceMemo: Hundreds of GitHub Python Repos Compromised via Account Takeover and Force-Push
Step Security
CanisterWorm: How a Self-Propagating npm Worm Is Spreading Backdoors Across the Ecosystem
Step Security
Malicious npm Releases Found in Popular React Native Packages - 130K+ Monthly Downloads Compromised
Talos Intelligence
TP-Link, Canva, HikVision vulnerabilities
Talos Intelligence
A puppet made me cry and all I got was this t-shirt
Github Security Blog
A year of open source vulnerability trends: CVEs, advisories, and malware
Bishop Fox Security
strongSwan CVE-2026-25075: Integer Underflow in VPN Authentication
Talos Intelligence
Talos Takes: 2025 insights from Talos and Splunk
Schneier on Security
As the US Midterms Approach, AI Is Going to Emerge as a Key Issue Concerning Voters
Searchlight Cyber
The Warning Signs Were There: How Credential Leaks and Dark Web Activity Foreshadowed the Stryker Breach
Elastic Security Labs
Illuminating VoidLink: Technical analysis of the VoidLink rootkit framework