167 Security Blogs

Last Updated: 10 Dec 25 15:24 UTC

Blog List | Github | OPML

2026-05-05

Dark Reading
GISEC GLOBAL 2026 – The Middle East & Africa’s Largest Cybersecurity Event


2025-12-11

Elastic Security Labs
NANOREMOTE, cousin of FINALDRAFT


2025-12-10

Black Hills Info Sec
How to Set Smart Goals (That Actually Work For You)

Eclypsium
Eclypsium Joins NVIDIA Inception Program to Secure Critical AI Infrastructure Across Private and Public Sectors

Malwarebytes
GhostFrame phishing kit fuels widespread attacks against millions

Schneier on Security
FBI Warns of Fake Video Scams

Searchlight Cyber
December 10th – This Week’s Top Cybersecurity and Dark Web Stories

Rapid7
Patch Tuesday - December 2025

Google Safety & Security
Build the internet young people are asking for — instead of simply banning them from it

Amazon Security
How to customize your response to layer 7 DDoS attacks using AWS WAF Anti-DDoS AMR

ISC SANS
ISC Stormcast For Wednesday, December 10th, 2025 https://isc.sans.edu/podcastdetail/9732, (Wed, Dec 10th)

Dark Reading
Japanese Firms Suffer Long Tail of Ransomware Damage


2025-12-09

Talos Intelligence
Microsoft Patch Tuesday for December 2025 — Snort rules and prominent vulnerabilities

Krebs on Security
Microsoft Patch Tuesday, December 2025 Edition

Dark Reading
Microsoft Fixes Exploited Zero Day in Light Patch Tuesday

Microsoft Security
Shai-Hulud 2.0: Guidance for detecting, investigating, and defending against the supply chain attack

ISC SANS
Microsoft Patch Tuesday December 2025, (Tue, Dec 9th)

Dark Reading
Packer-as-a-Service Shanya Hides Ransomware, Kills EDR

Palo Alto Networks
Partners Are Fueling Innovation with Cortex XSIAM and Prisma SASE

Zero Day Initiative
The December 2025 Security Update Review

SentinelOne
Cybersecurity 2026 | The Year Ahead in AI, Adversaries, and Global Change

Microsoft Security
Changing the physics of cyber defense

Google Security Blog
Further Hardening Android GPUs

Palo Alto Networks
Winning the AI Race Starts with the Right Security Platform

Dark Reading
Analysts Warn of Cybersecurity Risks in Humanoid Robots

Rapid7
CVE-2025-10573: Ivanti EPM Unauthenticated Stored Cross-Site Scripting (Fixed)

Varonis
Spiderman Phishing Kit Mimics Top European Banks With A Few Clicks

White Knight Labs
From Veeam to Domain Admin: Real-World Red Team Compromise Path

Offensive Security
How Will AI Affect Cybersecurity?

Malwarebytes
Prompt injection is a problem that may never be fixed, warns NCSC

Offensive Security
How to Gain Experience in Cybersecurity

Malwarebytes
EU fines X $140m, tied to verification rules that make impostor scams easier

Dark Reading
Gemini Enterprise No-Click Flaw Exposes Sensitive Data

Schneier on Security
AI vs. Human Drivers

Malwarebytes
Deepfakes, AI resumes, and the growing threat of fake applicants

Talos Intelligence
New BYOVD loader behind DeadLock ransomware attack

Talos Intelligence
New in Snort3: Enhanced rule grouping for greater flexibility and control

Cloudflare
Shifting left at enterprise scale: how we manage Cloudflare with Infrastructure as Code

TrustedSec
Holy Shuck! Weaponizing NTLM Hashes as a Wordlist

ISC SANS
ISC Stormcast For Tuesday, December 9th, 2025 https://isc.sans.edu/podcastdetail/9730, (Tue, Dec 9th)

Project Black
Orthanc 1.12.9 User Impersonation

Datadog HQ
Keep service ownership up to date with Datadog Teams' GitHub integration

CrankySec
It's never simple

Auth0
Using an API Gateway with Fine-Grained Authorization

Fastly
How React2Shell is evolving: Industries and regions targeted

Fastly
Black Friday is Dead, Long Live Black Fridays: Cyber 5 Traffic Insights


2025-12-08

Amazon Security
IAM Policy Autopilot: An open-source tool that brings IAM policy expertise to builders and AI coding assistants

Dark Reading
Apache Issues Max-Severity Tika CVE After Patch Miss

Dark Reading
Exploitation Activity Ramps Up Against React2Shell

Dark Reading
US Treasury Tracks $4.5B in Ransom Payments since 2013

Amazon Security
AWS launches AI-enhanced security innovations at re:Invent 2025

Google Security Blog
Architecting Security for Agentic Capabilities in Chrome

Varonis
When Passwords Win: A Deep Dive into ROPC-Enabled MFA Bypasses

Microsoft Security
Stronger together: New Beazley collaboration enhances cyber resilience

Auth0
Honeypots: A Simple Trap for Spam Registration Bots

Malwarebytes
How phishers hide banking scams behind free Cloudflare Pages

Malwarebytes
Scammers harvesting Facebook photos to stage fake kidnappings, warns FBI

Schneier on Security
Substitution Cipher Based on The Voynich Manuscript

Dark Reading
'Broadside' Mirai Variant Targets Maritime Logistics Sector

Malwarebytes
A week in security (December 1 – December 7)

Cloudflare
Python Workers redux: fast cold starts, packages, and a uv-first workflow

Moonlock
It’s that time of the year: The holiday scams to avoid in 2025

ISC SANS
ISC Stormcast For Monday, December 8th, 2025 https://isc.sans.edu/podcastdetail/9728, (Mon, Dec 8th)

Datadog HQ
Evolving security at Datadog: How we designed roles to support a growing organization

Fastly
Fastly’s Proactive Protection for React2Shell, Critical React RCE CVE-2025-55182 and CVE-2025-66478

Fastly
Unparalleled Performance: Bring Your C++ Logic to the Edge


2025-12-07

MaskRay's Blog
Sacramento游记


2025-12-06

Krebs on Security
Drones to Diplomas: How Russia’s Largest Private University is Linked to a $25M Essay Mill


2025-12-05

SentinelOne
From React to Remote Code – Protecting Against the Critical React2Shell RCE Exposure

Schneier on Security
Friday Squid Blogging: Vampire Squid Genome

Dark Reading
Rust Code Delivers Better Security, Also Streamlines DevOps

Rapid7
Metasploit Wrap-Up 12/05/2025

Dark Reading
India Rolls Back App Mandate Amid Surveillance Concerns

Microsoft Security
Microsoft named a leader in the 2025 Gartner® Magic Quadrant™ for Email Security

Atredis Partners
Designing a Passive LiDAR Detector Device - Hardware

Palo Alto Networks
Crossing the Autonomy Threshold

Offensive Security
CVE-2025-55182 – React Server Components RCE via Flight Payload Deserialization

SentinelOne
The Good, the Bad and the Ugly in Cybersecurity – Week 49

Dark Reading
Threat Landscape Grows Increasingly Dangerous for Manufacturers

Dark Reading
React2Shell Vulnerability Under Attack From China-Nexus Groups

Dark Reading
CISOs Should Be Asking These Quantum Questions Today

Rapid7
Voices of the Experts: What to Expect from Our Predictions Webinar

Malwarebytes
Leaks show Intellexa burning zero-days to keep Predator spyware running

Kevin Beaumont
Cybersecurity industry overreacts to React vulnerability, starts panic, burns own house down again

Schneier on Security
New Anonymous Phone Service

Troy Hunt
Weekly Update 481

ISC SANS
AutoIT3 Compiled Scripts Dropping Shellcodes, (Fri, Dec 5th)

Moonlock
Is your Mac part of a botnet? This tool lets you check

Embrace The Red
The Normalization of Deviance in AI

ISC SANS
ISC Stormcast For Friday, December 5th, 2025 https://isc.sans.edu/podcastdetail/9726, (Fri, Dec 5th)

Amazon Security
China-nexus cyber threat groups rapidly exploit React2Shell vulnerability (CVE-2025-55182)

Auth0
A New Auth0 ASP.NET SDK to Secure Your API

Cloudflare
Cloudflare outage on December 5, 2025

Greynoise
CVE-2025-55182 (React2Shell) Opportunistic Exploitation In The Wild: What The GreyNoise Observation Grid Is Seeing So Far

Joshua Rogers
Another AI slop story: ChatGPT vs. Human

Elastic Security Labs
Automating detection tuning requests with Kibana cases

Okta Security
Okta’s Response to React2Shell

Fastly
Deploy for Performance: Fastly’s Principles of Infrastructure Diversity and Soft Control


2025-12-04

Dark Reading
How Agentic AI Can Boost Cyber Defense

Krebs on Security
SMS Phishers Pivot to Points, Taxes, Fake Retailers

Dark Reading
A Tale of Two CISOs: Why An Engineering-Focused CISO Can Be a Liability

Praetorian
Critical Advisory: Remote Code Execution in Next.js (CVE-2025-66478) with Working Exploit

Dark Reading
CISA Warns of 'Ongoing' Brickstorm Backdoor Attacks

Dark Reading
CISA Publishes Security Guidance for Using AI in OT

Talos Intelligence
Socomec DIRIS Digiware M series and Easy Config, PDF XChange Editor vulnerabilities

Talos Intelligence
Your year-end infosec wrapped

Malwarebytes
How scammers use fake insurance texts to steal your identity

Microsoft Security
Cybersecurity strategies to prioritize now​​

Rapid7
React2Shell (CVE-2025-55182) - Critical unauthenticated RCE affecting React Server Components

Dark Reading
ServiceNow's Acquisition of NHI Provider Veza Strengthens Governance Portfolio

Palo Alto Networks
Securing the AI Frontier

Bishop Fox Security
Arista NextGen Firewall XSS to RCE Chain

Rapid7
From Policy to Practice: Why Cyber Resilience Needs a Reboot

Dark Reading
Student Sells Gov't, University Sites to Chinese Actors

Escape DAST
Duck Store is Open for Business & Business Logic Vulnerabilities

Malwarebytes
Canadian police trialing facial recognition bodycams

Escape DAST
Introducing Projects: Turn Visibility Into Action With Clear Ownership

Malwarebytes
Update Chrome now: Google fixes 13 security issues affecting billions

Mend
From Zero to RCE: How a Single HTTP Request Compromises React and Next.js Applications

Searchlight Cyber
The Intelligence Hidden in Ransomware Data

Talos Intelligence
Spy vs. spy: How GenAI is powering defenders and attackers

Dark Reading
'MuddyWater' Hackers Target Israeli Orgs With Retro Game Tactic

TrustedSec
What is a TrustedSec Program Maturity Assessment (PMA)?

ISC SANS
ISC Stormcast For Thursday, December 4th, 2025 https://isc.sans.edu/podcastdetail/9724, (Thu, Dec 4th)

ISC SANS
Nation-State Attack or Compromised Government? [Guest Diary], (Thu, Dec 4th)

Fastly
CAPTCHAs Are Costing Retailers Customers — Heavy AI Users Are the First to Walk Away

Auth0
How to Add Sign in with Vercel to Auth0

Greynoise
A Hidden Pattern Within Months of Credential-Based Attacks Against Palo Alto GlobalProtect

Datadog HQ
Automate infrastructure operations with Datadog Infrastructure Management


2025-12-03

Troy Hunt
Why Does Have I Been Pwned Contain "Fake" Email Addresses?

Ars Technica Security
Admins and defenders gird themselves against maximum-severity server vuln

Infernux Blog
Lab - Defender for IoT configuration

Eclypsium
Strengthening Telecom Security in a Voluntary Compliance Landscape

Dark Reading
'ShadyPanda' Hackers Weaponize Millions of Browsers

Dark Reading
Critical React Flaw Triggers Calls for Immediate Action

Dark Reading
Arizona AG Sues Temu Over 'Stealing' User Data

ISC SANS
Attempts to Bypass CDNs, (Wed, Dec 3rd)

Ars Technica Security
Fraudulent gambling network may actually be something more nefarious

Google Security Blog
Android expands pilot for in-call scam protection for financial apps

Malwarebytes
Attackers have a new way to slip past MFA in educational orgs