177 Security Blogs

Last Updated: 18 Apr 26 14:09 UTC

Blog List | Github | OPML

2026-04-17

Embrace The Red
Breaking Opus 4.7 with ChatGPT (Hacking Claude's Memory)

Ars Technica Security
US-sanctioned currency exchange says $15 million heist done by "unfriendly states"

Schneier on Security
Friday Squid Blogging: New Giant Squid Video

Rapid7
Metasploit Wrap-Up 04/17/2026

Dark Reading
How NIST's Cutback of CVE Handling Impacts Cyber Teams

Dark Reading
Tycoon 2FA Phishers Scatter, Adopt Device Code Phishing

Aikido
Multiple Cross-Site Scripting (XSS) Vulnerabilities in Mailcow

Amazon Security
Transform security logs into OCSF format using a configuration-driven ETL solution

Microsoft Security
Containing a domain compromise: How predictive shielding shut down lateral movement

Dark Reading
Every Old Vulnerability Is Now an AI Vulnerability

Malwarebytes
This old-school scam is still working

Escape DAST
Top XBOW Alternatives in 2026

Cloudflare
Introducing the Agent Readiness score. Is your site agent-ready?

Cloudflare
Shared Dictionaries: compression that keeps up with the agentic web

SentinelOne
The Good, the Bad and the Ugly in Cybersecurity – Week 16

Varonis
The Invisible Footprint: How Anonymous S3 Requests Evade AWS Logging

Cloudflare
Unweight: how we compressed an LLM 22% without sacrificing quality

Cloudflare
Redirects for AI Training enforces canonical content

Cloudflare
Agents that remember: introducing Agent Memory

Cloudflare
Introducing Flagship: feature flags built for the age of AI

Dark Reading
Coast Guard's New Cybersecurity Rules Offers Lessons for CISOs

Cloudflare
Agents Week: network performance update

Schneier on Security
Mythos and Cybersecurity

Ars Technica Security
Recent advances push Big Tech closer to the Q-Day danger zone

Trail of Bits
We beat Google’s zero-knowledge proof of quantum cryptanalysis

Searchlight Cyber
Explore the Data Breach Dashboard in Cerberus

Searchlight Cyber
Faster speed to triage with improved detail view in DarkIQ

Malwarebytes
“Your shipment has arrived” email hides remote access software

TrustedSec
Mythos, Memory Loss, and the Part InfoSec Keeps Missing

Moonlock
New ClickFix attack bypasses Mac Terminal protections

Moonlock
Apple Intelligence can be hijacked using prompt injection

Moonlock
CISA warns: New vulnerability found in Adobe’s PDF tools for Mac

ISC SANS
ISC Stormcast For Friday, April 17th, 2026 https://isc.sans.edu/podcastdetail/9896, (Fri, Apr 17th)

ISC SANS
Lumma Stealer infection with Sectop RAT (ArechClient2), (Fri, Apr 17th)

Datadog HQ
Centralize observability management with Datadog Governance Console

Auth0
The AI Design Formula Does Not Exist — Yet


2026-04-16

Troy Hunt
Here's What Agentic AI Can Do With Have I Been Pwned's APIs

Dark Reading
NIST Revamps CVE Framework to Focus on High-Impact Vulnerabilities

Rapid7
CVE-2026-33032: Nginx UI Missing MCP Authentication

Dark Reading
North Korea Uses ClickFix to Target macOS Users' Data

SentinelOne
Frontier AI Reinforces the Future of Modern Cyber Defense

ISC SANS
[Guest Diary] Compromised DVRs and Finding Them in the Wild, (Thu, Apr 16th)

Dark Reading
'Harmless' Global Adware Transforms Into an AV Killer

Talos Intelligence
Foxit, LibRaw vulnerabilities

Escape DAST
DAST Tools: Complete Buyer's Guide & 10 Solutions to know in 2026

Talos Intelligence
The Q1 vulnerability pulse

Meta Security
Capacity Efficiency at Meta: How Unified AI Agents Optimize Performance at Hyperscale

Microsoft Security
Building your cryptographic inventory: A customer strategy for cryptographic posture management

Aikido
Reliable CVE sources in the age of NIST NVD cutbacks

Dark Reading
Two-Factor Authentication Breaks Free from the Desktop

Dark Reading
Microsoft's Original Windows Secure Boot Certificate Is Expiring

Microsoft Security
Dissecting Sapphire Sleet’s macOS intrusion from lure to compromise

Meta Security
Post-Quantum Cryptography Migration at Meta: Framework, Lessons, and Takeaways

Cloudflare
Cloudflare’s AI Platform: an inference layer designed for agents

Cloudflare
Building the foundation for running extra-large language models

Step Security
Announcing Dependabot Configuration Enhancements: Cooldown and Group Support

Cloudflare
Artifacts: versioned storage that speaks Git

Cloudflare
Deploy Postgres and MySQL databases with PlanetScale + Workers

Cloudflare
AI Search: the search primitive for your agents

Bishop Fox Security
Taking Maestro in Stride

Rapid7
ClickFix Phishing Campaign Masquerading as a Claude Installer

Malwarebytes
Browser Guard gets even better with Access Control 

Malwarebytes
“iCloud storage is full” scam is back, and now it wants your payment details

Talos Intelligence
PowMix botnet targets Czech workforce

Talos Intelligence
More than pretty pictures: Wendy Bishop on visual storytelling in tech

Schneier on Security
Human Trust of AI Agents

Malwarebytes
A fake Slack download is giving attackers a hidden desktop on your machine

Malwarebytes
Booking.com breach gives scammers what they need to target guests

Eye Security
Introducing complisec: Giving AI Agents the Context to Know What They’re Allowed to Do

Cloudflare
Cloudflare Email Service: now in public beta. Ready for your agents

Dark Reading
6-Year Ransomware Campaign Targets Turkish Homes & SMBs

TrustedSec
Dungeons and Daemons

ISC SANS
ISC Stormcast For Thursday, April 16th, 2026 https://isc.sans.edu/podcastdetail/9894, (Thu, Apr 16th)

Infernux Blog
How to use Log Horizon to improve Microsoft Sentinel posture

Datadog HQ
Manage service tracing across hosts with Single Step Instrumentation rules

Datadog HQ
Route OTel data from AI apps to ClickHouse and Datadog using Observability Pipelines

Datadog HQ
Spotting CI/CD misconfigurations before the bots do: Securing GitHub Actions with Datadog IaC Security

Fastly
Adapting in the Era of AI


2026-04-15

Dark Reading
Critical MCP Integration Flaw Puts NGINX at Risk

Ars Technica Security
"TotalRecall Reloaded" tool finds a side entrance to Windows 11's Recall database

Eye Security Research
Making AI Agents Work in Europe’s Regulatory Reality

Dark Reading
Navigating the Unique Security Risks of Asia's Digital Supply Chain

Praetorian
Shadow Admins in Active Directory: Hidden Privilege Paths Attackers Exploit

Malwarebytes
AI clickbait can turn your notifications into a scam feed

Microsoft Security
Incident response for AI: Same fire, different fuel

Dark Reading
Prepping for 'Q-Day': Why Quantum Risk Management Should Start Now

Dark Reading
Audit: Big Tech Often Ignores CA Privacy Law Opt-Out Requests

PT SWARM
Slowburn: Looking through AMD Platform Configuration Blobs infrastructure

PT Swarm
Slowburn: Looking through AMD Platform Configuration Blobs infrastructure

Varonis
The Map is Not the Territory: The Impact of Anthropic Mythos on Data Security

The Citizen Lab
From Stuxnet to Operation Epic Fury: The China-Iran Intelligence Nexus

Black Hills Info Sec
Signed, Trusted, and Abused: Proxy Execution via WebView2

Malwarebytes
Fake YouTube copyright notices can steal your Google login

Cloudflare
Project Think: building the next generation of AI agents on Cloudflare

Cloudflare
Rearchitecting the Workflows control plane for the agentic era

Cloudflare
Register domains wherever you build: Cloudflare Registrar API now in beta

Cloudflare
Introducing Agent Lee - a new interface to the Cloudflare stack

Cloudflare
Add voice to your agent

Cloudflare
Browser Run: give your agents a browser

Searchlight Cyber
Vulnerability Management: How to Prioritize Real Threats Over Noise

Rapid7
A Clearer Path from Prioritized Exposures to Remediation Progress

Dark Reading
Microsoft, Salesforce Patch AI Agent Data Leak Flaws

Schneier on Security
Defense in Depth, Medieval Style

Malwarebytes
From fake Proton VPN sites to gaming mods, this Windows infostealer is everywhere

Talos Intelligence
The n8n n8mare: How threat actors are misusing AI workflow automation

Malwarebytes
April Patch Tuesday fixes two zero-days, including one under active attack

Malwarebytes
Credit Resources Vault: Why this credit email set off our scam alarms

Searchlight Cyber
April 14th – This Week’s Top Cybersecurity and Dark Web Stories

ISC SANS
ISC Stormcast For Wednesday, April 15th, 2026 https://isc.sans.edu/podcastdetail/9892, (Wed, Apr 15th)

ISC SANS
Scanning for AI Models, (Tue, Apr 14th)

Dark Reading
Microsoft Bets $10B to Boost Japan's AI, Cybersecurity

Auth0
The Product Architecture Behind Trusted AI Experiences

Teleport Blog
Meet the Sales Leader Who Leads From the Front — and Won't Let You Settle for Less

CrankySec
Smash the glass wing

Teleport Blog
EU AI Act Compliance: Requirements, Risks, and What to Document


2026-04-14

SentinelOne
Securing the Software Supply Chain: How SentinelOne’s AI EDR Autonomously Blocked the CPU-Z Watering Hole Cyber Attack

Amazon Security
Secure AI agent access patterns to AWS resources using Model Context Protocol

Rapid7
Patch Tuesday - April 2026

Krebs on Security
Patch Tuesday, April 2026 Edition

Dark Reading
Privilege Elevation Dominates Massive Microsoft Patch Update

The Citizen Lab
Beijing Codifies Repression of Overseas Activists

Talos Intelligence
Microsoft Patch Tuesday for April 2026 - Snort Rule and Prominent Vulnerabilities

Dark Reading
EDR-Killer Ecosystem Expansion Requires Stronger BYOVD Defenses

Ars Technica Security
UK gov's Mythos AI tests help separate cybersecurity threat from hype

Github Security Blog
Hack the AI agent: Build agentic AI security skills with the GitHub Secure Code Game

Zero Day Initiative
The April 2026 Security Update Review

ISC SANS
Microsoft Patch Tuesday April 2026., (Tue, Apr 14th)

Auth0
How to Monitor Auth0 Usage Metrics

Dark Reading
War Game Exercise Demonstrates How Social Media Manipulation Works

Schneier on Security
Upcoming Speaking Engagements

Varonis
How Varonis Atlas Enables ISO/IEC 42001 Compliance

Github Security Blog
How exposed is your code? Find out in minutes—for free

Talos Intelligence
State-sponsored threats: Different objectives, similar access paths

Cloudflare
Securing non-human identities: automated revocation, OAuth, and scoped permissions

Bishop Fox Security
Anthropic’s Claude Mythos Preview: The AI Cybersecurity Inflection Point

Aikido
Axios CVE-2026-40175: a critical bug that’s… not exploitable

Rapid7
Your Cloud Detection Strategy in 2026: What to Expect at the Global Cybersecurity Summit

Malwarebytes
Omnistealer uses the blockchain to steal everything it can

Schneier on Security
How Hackers Are Thinking About AI

Malwarebytes
ChatGPT under scrutiny as Florida investigates campus shooting

Compass Security Blog
Common Entra ID Security Assessment Findings – Part 4: Weak Conditional Access Policies

Troy Hunt
Weekly Update 499

TrustedSec
Benchmarking Self-Hosted LLMs for Offensive Security

ISC SANS
ISC Stormcast For Tuesday, April 14th, 2026 https://isc.sans.edu/podcastdetail/9890, (Tue, Apr 14th)

Elastic Security Labs
Phantom in the vault: Obsidian abused to deliver PhantomPulse RAT

Datadog HQ
Detect runtime threats in Python Lambda functions with Datadog AAP

Auth0
How to Enable Self-Service Identity Management for B2B SaaS in Auth0

Sansec Threat Research
Over 200 PrestaShop stores expose installer, allowing full takeover

Datadog HQ
Offline evaluation for AI agents: Best practices


2026-04-13

Dark Reading
Why Orgs Need to Test Networks to Withstand DDoS Attacks During Peak Loads

Dark Reading
CSA: CISOs Should Prepare for Post-Mythos Exploit Storm

Dark Reading
Adobe Patches Actively Exploited Zero-Day That Lingered for Months

Dark Reading
Empty Attestations: OT Lacks the Tools for Cryptographic Readiness

Schneier on Security
On Anthropic’s Mythos Preview and Project Glasswing

Varonis
Deep Dive into Architectural Vulnerabilities in Agentic LLM Browsers

Dark Reading
APT41 Delivers 'Zero-Detection' Backdoor to Harvest Cloud Credentials

ISC SANS
Scans for EncystPHP Webshell, (Mon, Apr 13th)

Rapid7
Turning Log Lines into Answers: Instant Clarity for SOC Teams

Aikido
Bug bounty isn’t dead, but the old model is breaking

Malwarebytes
Simply opening a PDF could trigger this Adobe Reader zero-day

Project Black
LibreNMS < 26.3.0 Authenticated RCE & XSS

Schneier on Security
AI Chatbots and Trust

Binarly
Binarly Risk Score: A New Approach to Vulnerability Prioritization

Malwarebytes
A week in security (April 6 &#8211; April 12)

ISC SANS
ISC Stormcast For Monday, April 13th, 2026 https://isc.sans.edu/podcastdetail/9888, (Mon, Apr 13th)

Rosecurify
Seclog - #173


2026-04-12

Step Security
Securing Vibe Coding and AI Coding Agents: An End-to-End Approach with StepSecurity

Step Security
Introducing StepSecurity Dev Machine Guard: Protecting Developer Machines from Supply Chain Attacks

Step Security
Top 2024 Predictions for CI/CD Security

MaskRay's Blog
Recent lld/ELF performance improvements