167 Security Blogs

Last Updated: 16 Dec 25 22:18 UTC

Blog List | Github | OPML

2026-05-05

Dark Reading
GISEC GLOBAL 2026 – The Middle East & Africa’s Largest Cybersecurity Event


2025-12-16

Amazon Security
Cryptomining campaign targeting Amazon EC2 and Amazon ECS

Dark Reading
Venezuelan Oil Company Downplays Alleged US Cyberattack

Dark Reading
Russia Hits Critical Orgs Via Misconfigured Edge Devices

Mend
NPM User Flooding Registry with Fake Font Packages

Malwarebytes
SoundCloud, Pornhub, and 700Credit all reported data breaches, but the similarities end there

Eclypsium
Eclypsium Releases Version 4.2, Expanding Network Edge Security, Advanced Threat Detection, and Asset Profile Verification

Eclypsium
The Hitch-hacker’s Guide to the Galaxy’s Edge: 2025 in Cyber Stats

Dark Reading
Browser Extension Harvests 8M Users' AI Chatbot Data

Offensive Security
6 Benefits of a Fully Certified Cybersecurity Team

Offensive Security
Blue Team vs Red Team: Should Defenders Learn Offensive Skills?

Dark Reading
Enterprises Gear Up for 2026’s IT Transformation

Krebs on Security
Most Parked Domains Now Serving Malicious Content

White Knight Labs
Securing Agentic AI Systems

Varonis
Phishing Attacks: Types, Statistics, and Prevention

Malwarebytes
Android mobile adware surges in second half of 2025

Palo Alto Networks
Where Cloud Security Stands Today and Where AI Breaks It

Palo Alto Networks
Untangling Hybrid Cloud Security

Sicuranext Blog
Fight bad bot with Sec Fetch and Client Hints inconsistencies in headless browsers

Sicuranext Blog
Fight bad bot with Sec Fetch and Client Hints inconsistencies in headless browsers

Schneier on Security
Chinese Surveillance and AI

Trail of Bits
Use GWP-ASan to detect exploits in production environments

Malwarebytes
Photo booth flaw exposes people’s private pictures online

Malwarebytes
Google is discontinuing its dark web report: why it matters

NVISO Labs
The Detection & Response Chronicles: Exploring Telegram Abuse

Synacktiv
Exploiting Anno 1404

TrustedSec
Top 10 Blogs of 2025

Snyk
Old AI Security vs Evo: Watch Agentic Security Replace Weeks of Manual Work

ISC SANS
ISC Stormcast For Tuesday, December 16th, 2025 https://isc.sans.edu/podcastdetail/9740, (Tue, Dec 16th)

Auth0
FAPI for Developers: Here Is Your Guide

Datadog HQ
Troubleshooting Cilium network policies: Four common pitfalls

Teleport Blog
Secure AI Agent Infrastructure with Zero-Code MCP

Fastly
Smarter Data Migration: Move Less, Save More with Fastly


2025-12-15

Dark Reading
How Cyber Insurance MGAs Shape Policies for Evolving Cyber-Risks

Dark Reading
Apple Patches More Zero-Days Used in 'Sophisticated' Attack

Ars Technica Security
Microsoft will finally kill obsolete cipher that has wreaked decades of havoc

Amazon Security
What AWS Security learned from responding to recent npm supply chain threat campaigns

Dark Reading
Think Like an Attacker: Cybersecurity Tips From a CISO

Microsoft Security
Defending against the CVE-2025-55182 (React2Shell) vulnerability in React Server Components

Amazon Security
Amazon Threat Intelligence identifies Russian cyber threat group targeting Western critical infrastructure

Microsoft Security
Microsoft named an overall leader in KuppingerCole Leadership Compass for Generative AI Defense

Eclypsium
How to Operationalize NSA Guidance on UEFI Secure Boot at Scale

Meta Security
How AI Is Transforming the Adoption of Secure-by-Default Mobile Frameworks

Malwarebytes
Pig butchering is the next “humanitarian global crisis” (Lock and Code S06E25)

Dark Reading
Flaw in Hacktivist Ransomware Lets Victims Decrypt Own Files

Cloudflare
The 2025 Cloudflare Radar Year in Review: The rise of AI, post-quantum, and record-breaking DDoS attacks

Cloudflare
ChatGPT's rivals, Kwai's quiet rise: the top Internet services of 2025

Malwarebytes
PayPal closes loophole that let scammers send real emails with fake purchase notices

ISC SANS
More React2Shell Exploits CVE-2025-55182, (Mon, Dec 15th)

Schneier on Security
Against the Federal Moratorium on State-Level Regulation of AI

Auth0
An Accessible Guide to WCAG 3.3.9: Going for Gold

Rapid7
SantaStealer is Coming to Town: A New, Ambitious Infostealer Advertised on Underground Forums

Malwarebytes
A week in security (December 8 – December 14)

Eye Security
Microsoft 365 AitM Phishing Protection: Free Browser Extension

Eye Security Research
AitM Block: Preventing Modern M365 Phishing Attacks

ISC SANS
ISC Stormcast For Monday, December 15th, 2025 https://isc.sans.edu/podcastdetail/9738, (Mon, Dec 15th)

Fastly
An Indispensable Pillar of Resilience - The Human

Datadog HQ
From performance to impact: Bridging frontend teams through shared context

Datadog HQ
Monitor your Kubernetes operators to keep applications running smoothly

Datadog HQ
2025 cloud security roundup: How attackers abused identities, supply chains, and AI

Sansec Threat Research
Critical backdoor found in MGT Varnish extension

Teleport Blog
OWASP Top 10 for Agentic Applications 2026: Key Takeaways & How to Take Action


2025-12-14

Schneier on Security
Upcoming Speaking Engagements

ISC SANS
Wireshark 4.6.2 Released, (Sun, Dec 14th)

MaskRay's Blog
Weak AVL Tree


2025-12-13

ISC SANS
ClickFix Attacks Still Using the Finger, (Sat, Dec 13th)


2025-12-12

Schneier on Security
Friday Squid Blogging: Giant Squid Eating a Diamondback Squid

Amazon Security
Implementing HTTP Strict Transport Security (HSTS) across AWS services

Troy Hunt
Processing 630 Million More Pwned Passwords, Courtesy of the FBI

Dark Reading
The CISO-COO Partnership: Protecting Operational Excellence

Rapid7
Metasploit Wrap-Up 12/12/2025

Dark Reading
React2Shell Exploits Flood the Internet as Attacks Continue

Dark Reading
Vibe Coding: Innovation Demands Vigilance

Dark Reading
Microsoft Will Bundle Security Copilot With M365 Enterprise Licenses

Dark Reading
Supply Chain Attacks Targeting GitHub Actions Increased in 2025

Malwarebytes
The US digital doxxing of H-1B applicants is a massive privacy misstep

Atredis Partners
Designing a Passive LiDAR Detector Device - Firmware

Amazon Security
Meet digital sovereignty needs with AWS Dedicated Local Zones expanded services

Malwarebytes
Google ads funnel Mac users to poisoned AI chats that spread the AMOS infostealer

Arch Cloud Labs
Chatting with Chippies: Modifying TP-Link AX 1800 Firmware

SentinelOne
The Good, the Bad and the Ugly in Cybersecurity – Week 50

SpiderLabs
A Rising Tide of Threats: The Offshore Energy Industry’s Threat Landscape

SpiderLabs
Threat Intelligence News from LevelBlue SpiderLabs December 2025

Dark Reading
Are Trade Concerns Trumping US Cybersecurity?

Schneier on Security
Building Trustworthy AI Agents

Trail of Bits
Catching malicious package releases using a transparency log

Malwarebytes
How private is your VPN?

Synacktiv
ActivID administrator account takeover : the story behind HID-PSA-2025-002

Dark Reading
Hamas-Linked Hackers Probe Middle Eastern Diplomats

ISC SANS
Abusing DLLs EntryPoint for the Fun, (Fri, Dec 12th)

Moonlock
Apple and Google are warning users about new Predator spyware

Moonlock
Apple security bounties are down, even though Mac malware is up

ISC SANS
ISC Stormcast For Friday, December 12th, 2025 https://isc.sans.edu/podcastdetail/9736, (Fri, Dec 12th)

Fastly
4 Recommendations to Maximize Savings and Performance with Fastly’s CDN

Fastly
Essential Checklist: Get Ready for Peak Traffic Season with Fastly


2025-12-11

Dark Reading
Money Mules Require Banks to Switch From Defense to Offense

Dark Reading
Encouraging Industry Voices to Write for the Commentary Section

Amazon Security
Exploring the new AWS European Sovereign Cloud: Sovereign Reference Framework

Palo Alto Networks
Redefining Workspace: Prisma Browser Secures Leadership in Frost Radar

Dark Reading
Attackers Exploited Gogs Zero-Day Flaw for Months

Talos Intelligence
One newsletter to rule them all

Schneier on Security
AIs Exploiting Smart Contracts

Microsoft Security
Imposter for hire: How fake people can gain very real access

Malwarebytes
DroidLock malware locks you out of your Android device and demands ransom

Cloudflare
React2Shell and related RSC vulnerabilities threat brief: early exploitation activity and threat actor techniques

Dark Reading
AI in OT Sparks Cascade of Complex Challenges

SentinelOne
CyberVolk Returns | Flawed VolkLocker Brings New Features With Growing Pains

Malwarebytes
Malwarebytes for Mac now has smarter, deeper scans 

Trail of Bits
Introducing mrva, a terminal-first approach to CodeQL multi-repo variant analysis

Malwarebytes
[Updated] Another Chrome zero-day under attack: update now

Rapid7
New Research: Multifunction Printer (MFP) Security Concerns within the Enterprise Business Environment

Rapid7
Geopolitics and Cyber Risk: How Global Tensions Shape the Attack Surface

Dark Reading
Copilot's No-Code AI Agents Liable to Leak Company Data

NVISO Labs
Managing SIEM Log Collectors at Scale with Ansible and GitHub Actions – Part 1

ISC SANS
Using AI Gemma 3 Locally with a Single CPU , (Wed, Dec 10th)

ISC SANS
ISC Stormcast For Thursday, December 11th, 2025 https://isc.sans.edu/podcastdetail/9734, (Thu, Dec 11th)

Amazon Security
Embracing our broad responsibility for securing digital infrastructure in the European Union

Datadog HQ
Highlights from AWS re:Invent 2025: Making sense of applied AI, trust, and going faster

Datadog HQ
This Month in Datadog - December 2025

Fastly
The Sleep Test: How Embracing Chaos Unlocks API Resilience

Fastly
React2Shell Continued: What to know and do about the 2 latest CVEs

Elastic Security Labs
NANOREMOTE, cousin of FINALDRAFT

Auth0
Express Configuration is now GA for Auth0 SaaS apps in the Okta Integration Network


2025-12-10

Dark Reading
Storm-0249 Abuses EDR Processes in Stealthy Attacks

Dark Reading
ClickFix Style Attack Uses Grok, ChatGPT for Malware Delivery

Eclypsium
Holiday Hardware Hacking Gift Guide

Google Security Blog
HTTPS certificate industry phasing out less secure domain validation methods

Microsoft Security
From awareness to action: Building a security-first culture for the agentic AI era

watchTowr Labs
SOAPwn: Pwning .NET Framework Applications Through HTTP Client Proxies And WSDL

Microsoft Security
Clarity in complexity: New insights for transparent email security

Malwarebytes
December Patch Tuesday fixes three zero-days, including one that hijacks Windows devices

ISC SANS
Possible exploit variant for CVE-2024-9042 (Kubernetes OS Command Injection), (Wed, Dec 10th)

Black Hills Info Sec
How to Set Smart Goals (That Actually Work For You)

Auth0
Simplify Your Stack (and Save!): A Guide to Linking Your Auth0 Tenants

Eclypsium
Eclypsium Joins NVIDIA Inception Program to Secure Critical AI Infrastructure Across Private and Public Sectors

Bishop Fox Security
A Hacker Holiday Gift Guide: 2025 Edition

Dark Reading
Feds: Pro-Russia Hacktivists Target US Critical Infrastructure

Malwarebytes
GhostFrame phishing kit fuels widespread attacks against millions

PortSwigger
The Fragile Lock: Novel Bypasses For SAML Authentication

Schneier on Security
FBI Warns of Fake Video Scams

Searchlight Cyber
December 10th – This Week’s Top Cybersecurity and Dark Web Stories

Rapid7
Patch Tuesday - December 2025

Google Safety & Security
Build the internet young people are asking for — instead of simply banning them from it

Amazon Security
How to customize your response to layer 7 DDoS attacks using AWS WAF Anti-DDoS AMR

Fastly
DDoS in November

Dark Reading
Japanese Firms Suffer Long Tail of Ransomware Damage

Fastly
Upgrading Visibility for Compute with Domain Inspector

Okta Security
Account Recovery, without Password Resets


2025-12-09

Talos Intelligence
Microsoft Patch Tuesday for December 2025 — Snort rules and prominent vulnerabilities

Krebs on Security
Microsoft Patch Tuesday, December 2025 Edition

Dark Reading
Microsoft Fixes Exploited Zero Day in Light Patch Tuesday