177 Security Blogs

Last Updated: 07 Apr 26 14:52 UTC

Blog List | Github | OPML

2026-08-01

Dark Reading
Black Hat USA


2026-04-07

Dark Reading
Human vs AI: Debates Shape RSAC 2026 Cybersecurity Trends

Dark Reading
Lies, Damned Lies, and Cybersecurity Metrics

Mend
Container Security Without Context Is Just More Noise

Rapid7
A First Look at Our Speaker Lineup and Agenda for the Rapid7 2026 Global Cybersecurity Summit

Dark Reading
Focusing on the People in Cybersecurity at RSAC 2026 Conference

Talos Intelligence
Talos Takes: 2025's ransomware trends and zombie vulnerabilities

Malwarebytes
Traffic violation scams swap links for QR codes to steal your card details

Trail of Bits
What we learned about TEE security from auditing WhatsApp's Private Inference

Malwarebytes
Support platform breach exposes Hims & Hers customer data

Talos Intelligence
The Trojan horse of cybercrime: Weaponizing SaaS notification pipelines

Talos Intelligence
Year in Review: Vulnerabilities old and new and something React2

Schneier on Security
Hong Kong Police Can Force You to Reveal Your Encryption Keys

Compass Security Blog
Common Entra ID Security Assessment Findings – Part 3: Weak Privileged Identity Management Configuration

Snyk
Secure What Matters: Scaling Effortless Container Security for the AI Era

TrustedSec
Building a Detection Foundation: Part 5 - Correlation in Practice

ISC SANS
ISC Stormcast For Tuesday, April 7th, 2026 https://isc.sans.edu/podcastdetail/9882, (Tue, Apr 7th)

Troy Hunt
Weekly Update 498

Greynoise
Introducing C2 Detection: Know When Your Edge Devices Are Calling Home to Attackers

Fastly
Shrink Your Bill With Efficient Software

Sansec Threat Research
SVG Onload Tag Hides Magecart Skimmer on 99 Stores


2026-04-06

Dark Reading
AI-Assisted Supply Chain Attack Targets GitHub

Cloudflare
How we built Organizations to help enterprises manage Cloudflare at scale

Dark Reading
Axios Attack Shows Social Complex Engineering Is Industrialized

Dark Reading
Fortinet Issues Emergency Patch for FortiClient Zero-Day

Praetorian
The Attack Helix: Praetorian Guard’s AI Architecture for Offensive Security

Schneier on Security
New Mexico’s Meta Ruling and Encryption

Step Security
Behind the Scenes: How StepSecurity Detected and Helped Remediate the Largest npm Supply Chain Attack

Microsoft Security
Inside an AI‑enabled device code phishing campaign

Meta Security
How Meta Used AI to Map Tribal Knowledge in Large-Scale Data Pipelines

Microsoft Security
Storm-1175 focuses gaze on vulnerable web-facing assets in high-tempo Medusa ransomware operations

Dark Reading
Automated Credential Harvesting Campaign Exploits React2Shell Flaw

The Citizen Lab
Submission to the National Security and Intelligence Committee of Parliamentarians

The Citizen Lab
John Scott-Railton Shares Tips and Tools to Protect Yourself Digitally

Bishop Fox Security
Delivered by Trust: What the Axios Supply Chain Attack Means for Security Leaders

Dark Reading
Shadow AI in Healthcare Is Here to Stay

Black Lantern Security
Artificial Foolishness: The Hidden Dangers of External-Facing LLMs

Dark Reading
OWASP GenAI Security Project Gets Update, New Tools Matrix

Schneier on Security
Google Wants to Transition to Post-Quantum Cryptography by 2029

Buchodi
Cracking a Malvertising DGA From the Device Side

ISC SANS
How often are redirects used in phishing in 2026?, (Mon, Apr 6th)

Malwarebytes
A week in security (March 30 – April 5)

Aikido
The cybersecurity doomerism around Mythos doesn't match what we see on the ground

Krebs on Security
Germany Doxes “UNKN,” Head of RU Ransomware Gangs REvil, GandCrab

ISC SANS
ISC Stormcast For Monday, April 6th, 2026 https://isc.sans.edu/podcastdetail/9880, (Mon, Apr 6th)

Rosecurify
Seclog - #172

Datadog HQ
Capture and analyze custom heatmaps in Session Replay

Infernux Blog
Building a practical log baseline


2026-04-05

Malwarebytes
Killer robots are here. Now what? (Lock and Code S07E07)

Ars Technica Security
CBP facility codes sure seem to have leaked via online flashcards


2026-04-04

Amazon Security
Introducing the Landing Zone Accelerator on AWS Universal Configuration and LZA Compliance Workbook

Buchodi
Apple's Spotlight Search Results Come With Engagement Metrics. No One Knew.

Elastic Security Labs
Elastic Security Integrations Roundup: Q1 2026


2026-04-03

Malwarebytes
That dream job offer from Coca-Cola or Ferrari? It’s a trap for your passwords

Schneier on Security
Friday Squid Blogging: Jurassic Fish Chokes on Squid

Dark Reading
Inconsistent Privacy Labels Don't Tell Users What They Are Getting

Varonis
A Look Inside Claude's Leaked AI Coding Agent

Ars Technica Security
OpenClaw gives users yet another reason to be freaked out about security

Rapid7
Metasploit Wrap-Up 04/03/2026

Escape DAST
Everything I Learned About Harness Engineering and AI Factories in San Francisco (April 2026)

Talos Intelligence
Do not get high(jacked) off your own supply (chain)

Dark Reading
Apple Breaks Precedent, Patches DarkSword for iOS 18

Talos Intelligence
Axios NPM supply chain incident

Praetorian
Meet Vespasian. It Sees What Static Analysis Can’t.

Amazon Security
How AWS KMS and AWS Encryption SDK overcome symmetric encryption bounds

Dark Reading
Blast Radius of TeamPCP Attacks Expands Amid Hacker Infighting

Malwarebytes
Blocking children from social media is a badly executed good idea

Rapid7
You Don’t Have a Security Problem, You Have a Visibility Problem

Dark Reading
Picking Up 'Skull Vibrations'? Could Be XR Headset Authentication

ISC SANS
TeamPCP Supply Chain Campaign: Update 006 - CERT-EU Confirms European Commission Cloud Breach, Sportradar Details Emerge, and Mandiant Quantifies Campaign at 1,000+ SaaS Environments, (Fri, Apr 3rd)

SentinelOne
The Good, the Bad and the Ugly in Cybersecurity – Week 14

Dark Reading
Claude Source Code Leak Highlights Big Supply Chain Missteps

Dark Reading
Chainguard Unveils Factory 2.0 to Automate Hardening the Software Supply Chain

Dark Reading
CrowdStrike Next-Gen SIEM Can Now Ingest Microsoft Defender Telemetry

Schneier on Security
Company that Secretly Records and Publishes Zoom Meetings

Trail of Bits
Simplifying MBA obfuscation with CoBRA

NVISO Labs
The Axios npm supply chain incident: fake dependency, real backdoor

Step Security
10 Layers Deep: How StepSecurity Stops TeamPCP's Trivy Supply Chain Attack on GitHub Actions

Moonlock
Apple issues “Critical Software” alerts for older iOS devices

Moonlock
Apple adds a ClickFix warning to macOS Terminal

Moonlock
FBI warning: Russian spies are hacking Signal, WhatsApp, and Telegram accounts

Moonlock
The new Infiniti Stealer is targeting Macs via ClickFix campaigns

ISC SANS
ISC Stormcast For Friday, April 3rd, 2026 https://isc.sans.edu/podcastdetail/9878, (Fri, Apr 3rd)

Teleport Blog
CMMC Requirements for AI Systems: What Assessors Actually Look For

Pwner Blog
Compiling Android Kernel for my OnePlus Device


2026-04-02

Dark Reading
Geopolitics, AI, and Cybersecurity: Insights From RSAC 2026

Hybrid Analysis Blog
macOS Sandbox Detonations Offline While We Upgrade for Tahoe Support

Amazon Security
Four security principles for agentic AI systems

Dark Reading
Not Toying Around: Hasbro Attack May Take 'Weeks' to Remediate

Meta Security
KernelEvolve: How Meta’s Ranking Engineer Agent Optimizes AI Infrastructure

SentinelOne
Securing the Supply Chain: How SentinelOne®’s AI EDR Stops the Axios Attack Autonomously

Dark Reading
Security Bosses Are All-In on AI. Here's Why

Talos Intelligence
The democratisation of business email compromise fraud

Eclypsium
Techzine: Blind trust in hardware vendors is always a bad idea

Schneier on Security
US Bans All Foreign-Made Consumer Routers

Ars Technica Security
New Rowhammer attacks give complete control of machines running Nvidia GPUs

Google Security Blog
Google Workspace’s continuous approach to mitigating indirect prompt injections

Microsoft Security
Threat actor abuse of AI accelerates from tool to cyberattack surface

Dark Reading
RSAC 2026: AI Dominates, But Community Remains Key to Security

Microsoft Security
Cookie-controlled PHP webshells: A stealthy tradecraft in Linux hosting environments

Searchlight Cyber
Why Do Most Ransomware Defenses Start Too Late?

ISC SANS
Attempts to Exploit Exposed "Vite" Installs (CVE-2025-30208), (Thu, Apr 2nd)

Malwarebytes
Apple expands “DarkSword” patches to iOS 18.7.7

Talos Intelligence
[Video] The TTP Ep 21: When Attackers Become Trusted Users

SentinelOne
The Identity Paradox: The Hidden Risks in Your Valid Credentials

Rapid7
New Whitepaper: Stealthy BPFDoor Variants are a Needle That Looks Like Hay

Cloudflare
Why we're rethinking cache for the AI era

Dark Reading
Bank Trojan 'Casbaneiro' Worms Through Latin America

Malwarebytes
Malwarebytes Privacy VPN receives full third-party audit

Schneier on Security
Possible US Government iPhone Hacking Tool Leaked

Talos Intelligence
UAT-10608: Inside a large-scale automated credential harvesting operation targeting web applications

Talos Intelligence
Qilin EDR killer infection chain

Talos Intelligence
Inside the Talos 2025 Year in Review: A discussion on what the data means for defenders

watchTowr Labs
You’re Not Supposed To ShareFile With Everyone (Progress ShareFile Pre-Auth RCE Chain CVE-2026-2699 & CVE-2026-2701)

Talos Intelligence
An overview of ransomware threats in Japan in 2025 and early detection insights from Qilin cases

Step Security
axios Compromised on npm - Malicious Versions Drop Remote Access Trojan

Step Security
Malicious IoliteLabs VSCode Extensions Target Solidity Developers on Windows, macOS, and Linux with Backdoor

Step Security
TeamPCP Plants WAV Steganography Credential Stealer in telnyx PyPI Package

Snyk
You Patched LiteLLM, But Do You Know Your AI Blast Radius?

TrustedSec
Reduce Repetition and Free up Time With Mobile File Extractor

ISC SANS
ISC Stormcast For Thursday, April 2nd, 2026 https://isc.sans.edu/podcastdetail/9876, (Thu, Apr 2nd)

Elastic Security Labs
Prioritizing Alerts Triage with Higher-Order Detection Rules

Datadog HQ
How we designed empathetic alert sounds for on-call engineers

Elastic Security Labs
Hooked on Linux: Rootkit Detection Engineering

Datadog HQ
Monitor ClickHouse query performance with Datadog Database Monitoring

Greynoise
The Invisible Army: Why IP Reputation Fails Against the Rotation Economy

Elastic Security Labs
How we caught the Axios supply chain attack

Datadog HQ
Search and act across Datadog to resolve issues faster with Bits Assistant

Auth0
Securing AI Document Agents with LlamaIndex and Auth0

Datadog HQ
Understand session replays faster with AI summaries and smart chapters


2026-04-01

Praetorian
A Possible Solution to the Zodiac Killer Z32 Cipher

Dark Reading
Ransomware Will Hit Hospitals. Rehearsals Are Key to Defense

itm4n's Blog
BitLocker's Little Secrets: The Undocumented FVE API

EvilSocket
Mongoose: Preauth RCE and mTLS Bypass on Millions of Devices

Malwarebytes
Wikipedia’s AI agent row likely just the beginning of the bot-ocalypse

Microsoft Security
Mitigating the Axios npm supply chain compromise

ISC SANS
Malicious Script That Gets Rid of ADS, (Wed, Apr 1st)

Github Security Blog
Securing the open source supply chain across GitHub

Dark Reading
LatAm's Self-Taught Cyber Talent Overlooked Amid Cyberattack Glut

Schneier on Security
Is “Hackback” Official US Cybersecurity Strategy?

Dark Reading
Cyberattacks Intensify Pressure on Latin American Governments

The Citizen Lab
The Perils of Privatized Cyberwarfare

Dark Reading
Venom Stealer MaaS Platform Commoditizes ClickFix Attacks

Malwarebytes
WhatsApp on Windows users targeted in new campaign, warns Microsoft

Black Hills Info Sec
Cloud Security: Tips and Resources for Securing the Cloud

Offensive Security
Shadow AI: How Unsanctioned Tools Create Invisible Risk

ISC SANS
TeamPCP Supply Chain Campaign: Update 005 - First Confirmed Victim Disclosure, Post-Compromise Cloud Enumeration Documented, and Axios Attribution Narrows, (Wed, Apr 1st)

SentinelOne
The Implementation Blind Spot | Why Organizations Are Confusing Temporary Friction with Permanent Safety

Varonis
A Quiet "Storm": Infostealer Hijacks Sessions, Decrypts Server-Side

Cloudflare
Our ongoing commitment to privacy for the 1.1.1.1 public DNS resolver

Rapid7
What CISOs Should Expect from AI Powered MDR in 2026, According to Rapid7 CEO Corey Thomas

Malwarebytes
Why we’re still not doing April Fools’ Day

Cloudflare
Introducing EmDash — the spiritual successor to WordPress that solves plugin security

Eclypsium
Eclypsium Detects F5 BIG-IP Remote Code Execution Vulnerability (CVE-2025-53521)

Searchlight Cyber
The 2026 ‘Forum Wars’: Deconstructing the BreachForums Drama

Moonlock
Moonlock on MacVoices: What Mac security looks like today

Trail of Bits
Mutation testing for the agentic era

Dark Reading
Are We Training AI Too Late?

Searchlight Cyber
March 30th – This Week’s Top Cybersecurity and Dark Web Stories

Schneier on Security
A Taxonomy of Cognitive Security

Palo Alto Networks
Closing the Gap by Enhancing Visibility and Mitigating Risks

Snyk
Building AI Security with Our Customers: 5 Lessons from Evo’s Design Partner Program

ISC SANS
ISC Stormcast For Wednesday, April 1st, 2026 https://isc.sans.edu/podcastdetail/9874, (Wed, Apr 1st)

Infernux Blog
Tool Release: Log Horizon

Datadog HQ
Measure the business impact of every product change with Datadog Experiments

Elastic Security Labs
Elastic releases detections for the Axios supply chain compromise

Elastic Security Labs
Inside the Axios supply chain compromise - one RAT to rule them all

Teleport Blog
Kubernetes for Agentic AI: Best Practices for Security and Observability

Auth0
Scale Enterprise Teams Securely with Roles for Auth0 FGA

Star Labs
CHECK Removed, Context Confused, Checkmate Achieved


2026-03-31

Dark Reading
The Forgotten Endpoint: Security Risks of Dormant Devices

Dark Reading
Axios NPM Package Compromised in Precision Attack

Amazon Security
New compliance guide available: ISO/IEC 27001:2022 on AWS

Dark Reading
Google's Vertex AI Is Over-Privileged. That's a Problem

Dark Reading
TeamPCP Breaches Cloud, SaaS Instances With Stolen Credentials

Malwarebytes
Asking AI for personal advice is a bad idea, Stanford study shows

SentinelOne
How SentinelOne’s AI EDR Autonomously Discovered and Stopped Anthropic’s Claude from Executing a Zero Day Supply Chain Attack, Globally

Ars Technica Security
Quantum computers need vastly fewer resources than thought to break vital encryption

Microsoft Security
The threat to critical infrastructure has changed. Has your readiness?

Google Security Blog
VRP 2025 Year in Review

Amazon Security
AWS Security Agent on-demand penetration testing now generally available

Meta Security
Meta Adaptive Ranking Model: Bending the Inference Scaling Curve to Serve LLM-Scale Models for Ads

Microsoft Security
Applying security fundamentals to AI: Practical advice for CISOs

Dark Reading
AI and Quantum Are Forcing a Rethink of Digital Trust

Malwarebytes
Axios supply chain attack chops away at npm trust