<<Page Under Construction 😉 >>
What does RSS even mean? RSS stands for “Really Simple Syndication”, which is a standardized system for the distribution of content from an online publisher to Internet users.
What this really means is that below, you’ll find some news feeds that I’ve chosen to follow on this page. I’m not responsible for the content, but I have tried to focus the sources to be interesting to Cybersecurity and Information Security professionals. Or, anyone who is interested in those topics. Or, anyone at all who would like to read them.
If you’re the author of a feed, or have a suggestion on one I should add to this page, please drop me a note!
General Cyber News Feeds
Forbes – Cybersecurity News
ZDNet – Security News
KrebsOnSecurity – In-depth Security News and Investigation
CSO Online, from IDG – Hottest Topics on Cyber and Security
The Hacker News – Cybersecurity News and Analysis
The Guardian – Data and Security
Threatpost – First Stop for Security News
Dark Reading – Connecting the Information and Security Community
SANS Institute – Security Awareness Tip of the Day
Help Net Security – Daily infosec news with a focus on enterprise security
IT Security Central – User Activity Monitoring | DLP | Employee Productivity
TechRepublic – Straight up Security
WeLiveSecurity – News, views, and insight from the ESET security community
Schneier on Security – A blog covering security and security technology
Lohrmann on Cybersecurity – Government Technology RSS Feed
Forbes – Cybersecurity News
- Feed has no items.
ZDNet – Security News
- If we want a passwordless future, let's get our passkey story straighton 2025-04-26
Passwords and passkeys each involve a secret. The critical difference: How that secret gets handled.
- Is your Roku TV spying on you? Probably, but here's how to put an end to iton 2025-04-25
Your Amazon Fire Stick, Chromecast, and other streaming devices collect your personal data for various reasons. If you're uncomfortable with that, here's how to get peace of mind.
- Why the road from passwords to passkeys is long, bumpy, and worth it - probablyon 2025-04-25
The passkey standard has reached a precarious moment. Let's not blow it, OK?
- The best VPNs for streaming in 2025: Expert tested and reviewedon 2025-04-25
Netflix won't easily block our favorite streaming VPNs, and we've tried and tested the best VPNs for high-speed, reliable streaming.
- 8 simple ways Mac users can better protect their privacyon 2025-04-24
Just because you're running Apple's rock-solid operating system doesn't mean your privacy is automatically protected. These simple steps will keep you safer.
- The 4 VPNs I swear by for Linux - and why I trust themon 2025-04-23
Looking for the best Linux VPN? Here are my favorites.
Krebs On Security – In-depth Security News and Investigation
- DOGE Worker’s Code Supports NLRB Whistlebloweron 2025-04-23
A whistleblower at the National Labor Relations Board (NLRB) alleged last week that denizens of Elon Musk's Department of Government Efficiency (DOGE) siphoned gigabytes of data from the agency's sensitive case files in early March. The whistleblower said accounts created for DOGE at the NLRB downloaded three code repositories from GitHub. Further […]
- Whistleblower: DOGE Siphoned NLRB Case Dataon 2025-04-22
A security architect with the National Labor Relations Board (NLRB) alleges that employees from Elon Musk's Department of Government Efficiency (DOGE) transferred gigabytes of sensitive data from agency case files in early March, using short-lived accounts configured to leave few traces of network activity. The NLRB whistleblower said the unusual […]
- Funding Expires for Key Cyber Vulnerability Databaseon 2025-04-16
A critical resource that cybersecurity professionals worldwide rely on to identify, mitigate and fix security vulnerabilities in software and hardware is in danger of breaking down. The federally funded, non-profit research and development organization MITRE warned today that its contract to maintain the Common Vulnerabilities and Exposures (CVE) […]
- Trump Revenge Tour Targets Cyber Leaders, Electionson 2025-04-15
President Trump last week revoked security clearances for Chris Krebs, the former director of the Cybersecurity and Infrastructure Security Agency (CISA) who was fired by Trump after declaring the 2020 election the most secure in U.S. history. The White House memo, which also suspended clearances for other security professionals at Krebs's […]
- China-based SMS Phishing Triad Pivots to Bankson 2025-04-10
China-based purveyors of SMS phishing kits are enjoying remarkable success converting phished payment card data into mobile wallets from Apple and Google. Until recently, the so-called “Smishing Triad” mainly impersonated toll road operators and shipping companies. But experts say these groups are now directly targeting customers of […]
- Patch Tuesday, April 2025 Editionon 2025-04-09
Microsoft today released updates to plug at least 121 security holes in its Windows operating systems and software, including one vulnerability that is already being exploited in the wild. Eleven of those flaws earned Microsoft's most-dire "critical" rating, meaning malware or malcontents could exploit them with little to no interaction from […]
CSO Online, from IDG – Hottest Topics on Cyber and Security
- Feed has no items.
The Hacker News – Cybersecurity News and Analysis
- ToyMaker Uses LAGTOY to Sell Access to CACTUS Ransomware Gangs for Double Extortionon 2025-04-26 by info@thehackernews.com (The Hacker News)
Cybersecurity researchers have detailed the activities of an initial access broker (IAB) dubbed ToyMaker that has been observed handing over access to double extortion ransomware gangs like CACTUS. The IAB has been assessed with medium confidence to be a financially motivated threat actor, scanning for vulnerable systems […]
- North Korean Hackers Spread Malware via Fake Crypto Firms and Job Interview Lureson 2025-04-25 by info@thehackernews.com (The Hacker News)
North Korea-linked threat actors behind the Contagious Interview have set up front companies as a way to distribute malware during the fake hiring process. "In this new campaign, the threat actor group is using three front companies in the cryptocurrency consulting industry—BlockNovas LLC (blocknovas[.] com), Angeloper […]
- New Critical SAP NetWeaver Flaw Exploited to Drop Web Shell, Brute Ratel Frameworkon 2025-04-25 by info@thehackernews.com (The Hacker News)
Threat actors are likely exploiting a new vulnerability in SAP NetWeaver to upload JSP web shells with the goal of facilitating unauthorized file uploads and code execution. "The exploitation is likely tied to either a previously disclosed vulnerability like CVE-2017-9844 or an unreported remote file inclusion (RFI) […]
- Why NHIs Are Security's Most Dangerous Blind Spoton 2025-04-25 by info@thehackernews.com (The Hacker News)
When we talk about identity in cybersecurity, most people think of usernames, passwords, and the occasional MFA prompt. But lurking beneath the surface is a growing threat that does not involve human credentials at all, as we witness the exponential growth of Non-Human Identities (NHIs). At the top of mind when NHIs are […]
- Researchers Identify Rack::Static Vulnerability Enabling Data Breaches in Ruby Serverson 2025-04-25 by info@thehackernews.com (The Hacker News)
Cybersecurity researchers have disclosed three security flaws in the Rack Ruby web server interface that, if successfully exploited, could enable attackers to gain unauthorized access to files, inject malicious data, and tamper with logs under certain conditions. The vulnerabilities, flagged by cybersecurity vendor OPSWAT, […]
- DslogdRAT Malware Deployed via Ivanti ICS Zero-Day CVE-2025-0282 in Japan Attackson 2025-04-25 by info@thehackernews.com (The Hacker News)
Cybersecurity researchers are warning about a new malware called DslogdRAT that's installed following the exploitation of a now-patched security flaw in Ivanti Connect Secure (ICS). The malware, along with a web shell, were "installed by exploiting a zero-day vulnerability at that time, CVE-2025-0282, during attacks […]
The Guardian – Data and Security
- Ofcom closes technical loophole used by criminals to intercept mobile calls and textson 2025-04-22 by Mark Sweney
Regulator acts on leasing of ‘global title’ numbers after industry efforts to tackle problem were ineffectiveThe UK communications regulator Ofcom is banning mobile operators from leasing numbers that can be used by criminals to intercept and divert calls and messages, including security codes sent by banks to […]
- Birthday freebies: how to cash in on UK retailers’ gifts and discountson 2025-03-29 by Mabel Banfield-Nwachi
Join a loyalty scheme and you often get a reward or discount on your special day – but it may have strings attachedCelebrating your birthday isn’t just about getting presents and cards from family and friends. Signing up to loyalty schemes and newsletters can give you access to a host of freebies, deals and discounts […]
- ‘The bot asked me four times a day how I was feeling’: is tracking everything actually good for us?on 2025-02-22 by Tom Faber
Gathering data used to be a fringe pursuit of Silicon Valley nerds. Now we’re all at it, recording everything from menstrual cycles and mobility to toothbrushing and time spent in daylight. Is this just narcissism redesigned for the big tech age?I first heard about my friend Adam’s curious new habit in a busy pub. He […]
- Apple removes advanced data protection tool in face of UK government requeston 2025-02-21 by Rachel Hall
Apple says removal of tool after government asked for right to see data will make iCloud users more vulnerableBusiness live – latest updatesApple has taken the unprecedented step of removing its strongest data security tool from customers in the UK, after the government demanded “backdoor” access to user data.UK […]
- Global ransomware payments plunge by a third amid crackdownon 2025-02-05 by Dan Milmo Global technology editor
Money stolen falls from record $1.25bn to $813m as more victims refuse to pay off criminal gangsRansomware payments fell by more than a third last year to $813m (£650m) as victims refused to pay cybercriminals and law enforcement cracked down on gangs, figures reveal.The decline in such cyber-attacks – where access to a […]
- DeepSeek blocked from some app stores in Italy amid questions on data useon 2025-01-29 by Robert Booth, Jakub Krupa and Angela Giuffrida in Rome
Italian and Irish regulators want answers on how data harvested by chatbot could be used by Chinese governmentThe Chinese AI platform DeepSeek has become unavailable for download from some app stores in Italy as regulators in Rome and in Ireland demanded answers from the company about its handling of citizens’ data.Amid […]
Threatpost – First Stop for Security News
- Student Loan Breach Exposes 2.5M Recordson 2022-08-31 by Nate Nelson
2.5 million people were affected, in a breach that could spell more trouble down the line.
- Watering Hole Attacks Push ScanBox Keyloggeron 2022-08-30 by Nate Nelson
Researchers uncover a watering hole attack likely carried out by APT TA423, which attempts to plant the ScanBox JavaScript-based reconnaissance tool.
- Tentacles of ‘0ktapus’ Threat Group Victimize 130 Firmson 2022-08-29 by Nate Nelson
Over 130 companies tangled in sprawling phishing campaign that spoofed a multi-factor authentication system.
- Ransomware Attacks are on the Riseon 2022-08-26 by Nate Nelson
Lockbit is by far this summer’s most prolific ransomware group, trailed by two offshoots of the Conti group.
- Cybercriminals Are Selling Access to Chinese Surveillance Camerason 2022-08-25 by Nate Nelson
Tens of thousands of cameras have failed to patch a critical, 11-month-old CVE, leaving thousands of organizations exposed.
- Twitter Whistleblower Complaint: The TL;DR Versionon 2022-08-24 by Threatpost
Twitter is blasted for security and privacy lapses by the company’s former head of security who alleges the social media giant’s actions amount to a national security risk.
Dark Reading – Connecting the Information and Security Community
- Feed has no items.
SANS Institute – Security Awareness Tip of the Day
- Feed has no items.
Help Net Security – Daily infosec news with a focus on enterprise security
- Rack Ruby vulnerability could reveal secrets to attackers (CVE-2025-27610)on 2025-04-25 by Zeljka Zorz
Researchers have uncovered three serious vulnerabilities in Rack, a server interface used by most Ruby web app frameworks (Ruby on Rails, Sinatra, Hanami, Roda, and others). Two of the flaws – CVE-2025-25184 and CVE-2025-27111 – could allow attackers to manipulate log content and entries, while the third one – CVE-2025-27610 – is a path […]
- Detectify Asset Classification and Scan Recommendations improves vulnerability testingon 2025-04-25 by Industry News
Detectify announced new Asset Classification and Scan Recommendations capabilities. This innovation directly addresses a critical challenge for security teams: knowing what else, beyond their core applications, requires in-depth testing. The new features automatically classify discovered web assets based on attacker reconnaissance techniques and […]
- Rubrik Identity Resilience protects vulnerable authentication infrastructureon 2025-04-25 by Industry News
Rubrik announced its upcoming solution, Identity Resilience, designed to secure the entire identity landscape alongside data. Identity Resilience aims to protect the most common entry points for attackers – human and non-human identities (NHIs) – to help organizations maintain operations with minimal downtime. Identity Resilience aims to […]
- BreachLock AEV simulates real attacks to validate and prioritize exposureson 2025-04-25 by Industry News
BreachLock AEV automates multistep, threat-intelligence-led attack scenarios—helping security teams uncover real exposures and prioritize what matters most. Going beyond just showing security teams their risk, BreachLock Adversarial Exposure Validation simulates how real-world adversaries would exploit it by mirroring their behavior with […]
- Dashlane introduces Omnix for AI-powered credential protectionon 2025-04-25 by Industry News
Dashlane unveiled a new approach to addressing human risk in response to the rise of AI-driven phishing attacks and shadow IT in corporate environments. Built on innovation that pushes beyond vault-based password management, Dashlane Omnix is the AI-accelerated credential security platform that unifies proactive intelligence, real-time response, […]
- LastPass Secure Access Experiences simplifies access managementon 2025-04-25 by Industry News
As cloud app adoption continues to rise, and the modern workplace continues to evolve, LastPass will introduce a new approach to democratize access management. Built with the needs of small-to-mid-sized businesses in mind, Secure Access Experiences represents a more unified, intuitive way to manage identity and access in a changing world — […]
IT Security Central – User Activity Monitoring | DLP | Employee Productivity
- Feed has no items.
TechRepublic – Straight up Security
- Feed has no items.
WeLiveSecurity – News, views, and insight from the ESET security community
- How fraudsters abuse Google Forms to spread scamson 2025-04-23
The form and quiz-building tool is a popular vector for social engineering and malware. Here’s how to stay safe.
- Will super-smart AI be attacking us anytime soon?on 2025-04-22
What practical AI attacks exist today? “More than zero” is the answer – and they’re getting better.
- CapCut copycats are on the prowlon 2025-04-17
Cybercriminals lure content creators with promises of cutting-edge AI wizardry, only to attempt to steal their data or hijack their devices instead
- They’re coming for your data: What are infostealers and how do I stay safe?on 2025-04-16
Here's what to know about malware that raids email accounts, web browsers, crypto wallets, and more – all in a quest for your sensitive data
- Attacks on the education sector are surging: How can cyber-defenders respond?on 2025-04-14
Academic institutions have a unique set of characteristics that makes them attractive to bad actors. What's the right antidote to cyber-risk?
- Watch out for these traps lurking in search resultson 2025-04-10
Here’s how to avoid being hit by fraudulent websites that scammers can catapult directly to the top of your search results
Schneier on Security – A blog covering security and security technology
- Friday Squid Blogging: Squid Facts on Your Phoneon 2025-04-25
Text “SQUID” to 1-833-SCI-TEXT for daily squid facts. The website has merch. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered.
- Cryptocurrency Thefts Get Physicalon 2025-04-25
Long story of a $250 million cryptocurrency theft that, in a complicated chain events, resulted in a pretty brutal kidnapping.
- New Linux Rootkiton 2025-04-24
Interesting: The company has released a working rootkit called “Curing” that uses io_uring, a feature built into the Linux kernel, to stealthily perform malicious activities without being caught by many of the detection solutions currently on the market. At the heart of the issue is the heavy reliance on monitoring system calls, which has […]
- Regulating AI Behavior with a Hypervisoron 2025-04-23
Interesting research: “Guillotine: Hypervisors for Isolating Malicious AIs.” Abstract:As AI models become more embedded in critical sectors like finance, healthcare, and the military, their inscrutable behavior poses ever-greater risks to society. To mitigate this risk, we propose Guillotine, a hypervisor architecture for sandboxing powerful […]
- Android Improves Its Securityon 2025-04-22
Android phones will soon reboot themselves after sitting idle for three days. iPhones have had this feature for a while; it’s nice to see Google add it to their phones.
- Friday Squid Blogging: Live Colossal Squid Filmedon 2025-04-18
A live colossal squid was filmed for the first time in the ocean. It’s only a juvenile: a foot long. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered.
Lohrmann on Cybersecurity – Government Technology RSS Feed
- Switching to Cybersecurity: Advice for Midcareer Professionalson 2025-04-20
In our emerging age of AI, there are predictions about various careers becoming obsolete. More people are asking about moving into cyber roles. Here are some tips to consider.
- Navigating Cybersecurity Amid DOGE Cuts and Global Tariffson 2025-04-13
Tariffs and DOGE cuts are grabbing headlines at the moment, and both will likely impact government cybersecurity at the federal, state and local levels. Let’s explore.
- Where Is Government When It Comes to Cloud in 2025?on 2025-04-06
A new report just released by Forrester highlights the growing cloud footprint in the public sector globally, along with challenges ahead in areas such as security and modernizing core applications.
- Is There a Robot in Your Future?on 2025-03-30
Recent developments in humanoid robots are grabbing plenty of global attention. Here are some intriguing robot developments and why we all need to pay attention.
- Health Care: Cyber Attacks, Worrying Trends and Solutionson 2025-03-23
Cyber threats against hospitals are surging. What steps are being taken by the health-care sector to address the increasing impacts of cyber attacks? Let’s explore.
- Zero-Trust Architecture in Government: Spring 2025 Roundupon 2025-03-16
Where do things stand with the deployment of zero-trust architectures in federal, state and local governments across the country — and the world? Here’s a March 2025 roundup.
#StayVigilant
#StaySafe
#LookOutForEachOther