<<Page Under Construction 😉 >>
What does RSS even mean? RSS stands for “Really Simple Syndication”, which is a standardized system for the distribution of content from an online publisher to Internet users.
What this really means is that below, you’ll find some news feeds that I’ve chosen to follow on this page. I’m not responsible for the content, but I have tried to focus the sources to be interesting to Cybersecurity and Information Security professionals. Or, anyone who is interested in those topics. Or, anyone at all who would like to read them.
If you’re the author of a feed, or have a suggestion on one I should add to this page, please drop me a note!
General Cyber News Feeds
Forbes – Cybersecurity News
ZDNet – Security News
KrebsOnSecurity – In-depth Security News and Investigation
CSO Online, from IDG – Hottest Topics on Cyber and Security
The Hacker News – Cybersecurity News and Analysis
The Guardian – Data and Security
Threatpost – First Stop for Security News
Dark Reading – Connecting the Information and Security Community
SANS Institute – Security Awareness Tip of the Day
Help Net Security – Daily infosec news with a focus on enterprise security
IT Security Central – User Activity Monitoring | DLP | Employee Productivity
TechRepublic – Straight up Security
WeLiveSecurity – News, views, and insight from the ESET security community
Schneier on Security – A blog covering security and security technology
Lohrmann on Cybersecurity – Government Technology RSS Feed
Forbes – Cybersecurity News
- Feed has no items.
ZDNet – Security News
- How to disable ACR on your TV (and why doing it makes such a big difference for privacy)on 2025-04-02
Smarter TV operating systems bring new privacy risks, with one major concern being automatic content recognition (ACR) - a feature that monitors your viewing habits.
- T-Mobile settlement payouts begin this month - how much you could geton 2025-04-02
After a 2021 data breach affected 76 million customers, settlement checks are finally on the way. Here's what you can expect.
- iOS 18.4 update draining your iPhone's battery? Try these 6 fixeson 2025-04-02
iOS 18.4 is here, and for some, it's causing major battery drain. Here are my top tips to get to the root of the issue and restore your iPhone's power ASAP.
- Clicked on a phishing link? Take these 7 steps ASAP to protect yourselfon 2025-04-02
Phishing scams are becoming brutally effective, and even technically sophisticated people can be fooled. Here's how to limit the damage immediately and what to do next.
- Windows 11 is getting a secret weapon for boot failures - how it workson 2025-04-01
Windows 11 PC won't boot? Microsoft's Quick Machine Recovery will automatically try to fix it before you have time to panic.
- 5 tools I trust to keep my online conversations private and anonymouson 2025-04-01
Privacy matters. These apps and services help you communicate without putting your identity or data at risk from prying eyes.
Krebs On Security – In-depth Security News and Investigation
- How Each Pillar of the 1st Amendment is Under Attackon 2025-03-31
In an address to Congress this month, President Trump claimed he had "brought free speech back to America." But barely two months into his second term, the president has waged an unprecedented attack on the First Amendment rights of journalists, students, universities, government workers, lawyers and judges. This story explores a slew of recent […]
- When Getting Phished Puts You in Mortal Dangeron 2025-03-27
Many successful phishing attacks result in a financial loss or malware infection. But falling for some phishing scams, like those currently targeting Russians searching online for organizations that are fighting the Kremlin war machine, can cost you your freedom or your life.
- Arrests in Tap-to-Pay Scheme Powered by Phishingon 2025-03-21
Authorities in at least two U.S. states last week independently announced arrests of Chinese nationals accused of perpetrating a novel form of tap-to-pay fraud using mobile devices. Details released by authorities so far indicate the mobile wallets being used by the scammers were created through online phishing scams, and that the accused were […]
- DOGE to Fired CISA Staff: Email Us Your Personal Dataon 2025-03-20
A message posted on Monday to the homepage of the U.S. Cybersecurity & Infrastructure Security Agency (CISA) is the latest exhibit in the Trump administration's continued disregard for basic cybersecurity protections. The message instructed recently-fired CISA employees to get in touch so they can be rehired and then immediately placed on […]
- ClickFix: How to Infect Your PC in Three Easy Stepson 2025-03-14
A clever malware deployment scheme first spotted in targeted attacks last year has now gone mainstream. In this scam, dubbed "ClickFix," the visitor to a hacked or malicious website is asked to distinguish themselves from bots by pressing a combination of keyboard keys that causes Microsoft Windows to download password-stealing malware.
- Microsoft: 6 Zero-Days in March 2025 Patch Tuesdayon 2025-03-11
Microsoft today issued more than 50 security updates for its various Windows operating systems, including fixes for a whopping six zero-day vulnerabilities that are already seeing active exploitation.
CSO Online, from IDG – Hottest Topics on Cyber and Security
- Feed has no items.
The Hacker News – Cybersecurity News and Analysis
- Google Fixed Cloud Run Vulnerability Allowing Unauthorized Image Access via IAM Misuseon 2025-04-02 by info@thehackernews.com (The Hacker News)
Cybersecurity researchers have disclosed details of a now-patched privilege escalation vulnerability in Google Cloud Platform (GCP) Cloud Run that could have allowed a malicious actor to access container images and even inject malicious code. "The vulnerability could have allowed such an identity to abuse its Google Cloud […]
- Helping Your Clients Achieve NIST Compliance: A Step by Step Guide for Service Providerson 2025-04-02 by info@thehackernews.com (The Hacker News)
Introduction As the cybersecurity landscape evolves, service providers play an increasingly vital role in safeguarding sensitive data and maintaining compliance with industry regulations. The National Institute of Standards and Technology (NIST) offers a comprehensive set of frameworks that provide a clear path to […]
- Outlaw Group Uses SSH Brute-Force to Deploy Cryptojacking Malware on Linux Serverson 2025-04-02 by info@thehackernews.com (The Hacker News)
Cybersecurity researchers have shed light on an "auto-propagating" cryptocurrency mining botnet called Outlaw (aka Dota) that's known for targeting SSH servers with weak credentials. "Outlaw is a Linux malware that relies on SSH brute-force attacks, cryptocurrency mining, and worm-like propagation to infect and maintain […]
- How SSL Misconfigurations Impact Your Attack Surfaceon 2025-04-02 by info@thehackernews.com (The Hacker News)
When assessing an organization’s external attack surface, encryption-related issues (especially SSL misconfigurations) receive special attention. Why? Their widespread use, configuration complexity, and visibility to attackers as well as users make them more likely to be exploited. This highlights how important your […]
- FIN7 Deploys Anubis Backdoor to Hijack Windows Systems via Compromised SharePoint Siteson 2025-04-02 by info@thehackernews.com (The Hacker News)
The financially motivated threat actor known as FIN7 has been linked to a Python-based backdoor called Anubis (not to be confused with an Android banking trojan of the same name) that can grant them remote access to compromised Windows systems. "This malware allows attackers to execute remote shell commands and other […]
- New Malware Loaders Use Call Stack Spoofing, GitHub C2, and .NET Reactor for Stealthon 2025-04-02 by info@thehackernews.com (The Hacker News)
Cybersecurity researchers have discovered an updated version of a malware loader called Hijack Loader that implements new features to evade detection and establish persistence on compromised systems. "Hijack Loader released a new module that implements call stack spoofing to hide the origin of function calls (e.g., API and […]
The Guardian – Data and Security
- Birthday freebies: how to cash in on UK retailers’ gifts and discountson 2025-03-29 by Mabel Banfield-Nwachi
Join a loyalty scheme and you often get a reward or discount on your special day – but it may have strings attachedCelebrating your birthday isn’t just about getting presents and cards from family and friends. Signing up to loyalty schemes and newsletters can give you access to a host of freebies, deals and discounts […]
- ‘The bot asked me four times a day how I was feeling’: is tracking everything actually good for us?on 2025-02-22 by Tom Faber
Gathering data used to be a fringe pursuit of Silicon Valley nerds. Now we’re all at it, recording everything from menstrual cycles and mobility to toothbrushing and time spent in daylight. Is this just narcissism redesigned for the big tech age?I first heard about my friend Adam’s curious new habit in a busy pub. He […]
- Apple removes advanced data protection tool in face of UK government requeston 2025-02-21 by Rachel Hall
Apple says removal of tool after government asked for right to see data will make iCloud users more vulnerableBusiness live – latest updatesApple has taken the unprecedented step of removing its strongest data security tool from customers in the UK, after the government demanded “backdoor” access to user data.UK […]
- Global ransomware payments plunge by a third amid crackdownon 2025-02-05 by Dan Milmo Global technology editor
Money stolen falls from record $1.25bn to $813m as more victims refuse to pay off criminal gangsRansomware payments fell by more than a third last year to $813m (£650m) as victims refused to pay cybercriminals and law enforcement cracked down on gangs, figures reveal.The decline in such cyber-attacks – where access to a […]
- DeepSeek blocked from some app stores in Italy amid questions on data useon 2025-01-29 by Robert Booth, Jakub Krupa and Angela Giuffrida in Rome
Italian and Irish regulators want answers on how data harvested by chatbot could be used by Chinese governmentThe Chinese AI platform DeepSeek has become unavailable for download from some app stores in Italy as regulators in Rome and in Ireland demanded answers from the company about its handling of citizens’ data.Amid […]
- Threat of cyber-attacks on Whitehall ‘is severe and advancing quickly’, NAO sayson 2025-01-29 by Robert Booth UK technology editor
Audit watchdog finds 58 critical IT systems assessed in 2024 had ‘significant gaps in cyber-resilience’The threat of potentially devastating cyber-attacks against UK government departments is “severe and advancing quickly”, with dozens of critical IT systems vulnerable to an expected regular pattern of significant […]
Threatpost – First Stop for Security News
- Student Loan Breach Exposes 2.5M Recordson 2022-08-31 by Nate Nelson
2.5 million people were affected, in a breach that could spell more trouble down the line.
- Watering Hole Attacks Push ScanBox Keyloggeron 2022-08-30 by Nate Nelson
Researchers uncover a watering hole attack likely carried out by APT TA423, which attempts to plant the ScanBox JavaScript-based reconnaissance tool.
- Tentacles of ‘0ktapus’ Threat Group Victimize 130 Firmson 2022-08-29 by Nate Nelson
Over 130 companies tangled in sprawling phishing campaign that spoofed a multi-factor authentication system.
- Ransomware Attacks are on the Riseon 2022-08-26 by Nate Nelson
Lockbit is by far this summer’s most prolific ransomware group, trailed by two offshoots of the Conti group.
- Cybercriminals Are Selling Access to Chinese Surveillance Camerason 2022-08-25 by Nate Nelson
Tens of thousands of cameras have failed to patch a critical, 11-month-old CVE, leaving thousands of organizations exposed.
- Twitter Whistleblower Complaint: The TL;DR Versionon 2022-08-24 by Threatpost
Twitter is blasted for security and privacy lapses by the company’s former head of security who alleges the social media giant’s actions amount to a national security risk.
Dark Reading – Connecting the Information and Security Community
- Feed has no items.
SANS Institute – Security Awareness Tip of the Day
- Feed has no items.
Help Net Security – Daily infosec news with a focus on enterprise security
- Travelers Cyber Risk Services reduces the risk of a cyberattackon 2025-04-02 by Industry News
The Travelers Companies announced Travelers Cyber Risk Services, a suite of capabilities added to all cyber liability policies designed to help lower both the risk of a cyberattack and the cost to recover from one. In addition to always-on threat monitoring and tailored alerts, key benefits of Travelers Cyber Risk Services include: Cyber Risk […]
- How to map and manage your cyber attack surface with EASMon 2025-04-02 by Help Net Security
In today’s digital landscape, understanding your organization’s attack surface is crucial for maintaining robust cybersecurity. To effectively manage and mitigate the cyber-risks hiding in modern attack surfaces, it’s important to adopt an attacker-centric approach. In this article, we will be diving deeper into a company’s attack surface, […]
- Utimaco releases Quantum Protect solutionon 2025-04-02 by Industry News
Utimaco launched Quantum Protect, the Post Quantum Cryptography application package for its u.trust General Purpose HSM (Hardware Security Modules) Se-Series. The advent of quantum computers poses a threat to today’s cryptographic landscape. A cryptanalytically relevant quantum computer that could break common public key schemes such as RSA or […]
- Google is making sending end-to-end encrypted emails easyon 2025-04-02 by Zeljka Zorz
Sending end-to-end encrypted (E2EE) emails from Gmail enterprise accounts is about to become much easier than it is now, Google has announced on Tuesday. The company will first make available this simplified capability to users who want to send E2EE emails to other Gmail users in their own organization, and will extend it in the coming weeks to […]
- North Korean IT workers set their sights on European organizationson 2025-04-02 by Zeljka Zorz
North Korean IT workers are expanding their efforts beyond the US, and are seeking to fraudulently gain employment with organizations around the world, but most especially in Europe. According to Google’s threat researchers, they are also increasingly attempting to extort money from these companies once they get discovered and/or fired. […]
- Exabeam Nova accelerates threat detection and responseon 2025-04-02 by Industry News
Exabeam unveiled Exabeam Nova, an autonomous AI agent delivering actionable intelligence that enables security teams to respond faster to incidents, reduce investigation times by over 50%, and mitigate threats more effectively. Exabeam delivers a multi-agent experience where specialized AI components are integrated throughout the security […]
IT Security Central – User Activity Monitoring | DLP | Employee Productivity
- Feed has no items.
TechRepublic – Straight up Security
- Still Using an Older Version of iOS or iPadOS? Update Now to Patch These Critical Security Vulnerabilitieson 2025-04-02 by Fiona Jackson
Apple has also fixed vulnerabilities in iPadOS 17.7.6, macOS Sonoma 14.7.5, and macOS Ventura 13.7.5, as well as its recently released iOS 18.4.
- Apple Rolls Out iOS 18.4 With New Languages, Emojis & Apple Intelligence in the EUon 2025-04-02 by Fiona Jackson
Apple’s iOS 18.4 lets EU users choose default navigation apps like Google Maps or Waze, complying with the Digital Markets Act for more competition and user control.
- KeePass Review (2025): Features, Pricing, and Securityon 2025-04-02 by TechRepublic Staff
While its downloadable plugins make it highly customizable, KeePass’ unintuitive interface holds it back from one of our top password manager picks.
- 3 Ways the UK Government Plans to Tighten Cyber Security Rules with New Billon 2025-04-02 by Fiona Jackson
Amid a sharp spike in ransomware attacks disrupting essential services and critical infrastructure, the U.K. government has set out the scope of its upcoming Cyber Security and Resilience Bill for the first time. It aims to patch the holes in the country’s existing cyber regulations and protect critical infrastructure from ransomware and other […]
- Get a Lifetime of 1TB Cloud Storage for Only $60 with FolderForton 2025-04-02 by TechRepublic Academy
Fast, affordable cloud storage isn’t always easy to find for businesses, but now you can have a massive amount with maximum security.
- Developers Wanted: OpenAI Seeks Feedback About Open Model That Will Be Revealed ‘In the Coming Months’on 2025-04-01 by Megan Crouse
Find out how to provide OpenAI with your input about its upcoming open language model, which Sam Altman stated will be a "reasoning" model like OpenAI o1.
WeLiveSecurity – News, views, and insight from the ESET security community
- Fake job offers target software developers with infostealerson 2025-02-20
A North Korea-aligned activity cluster tracked by ESET as DeceptiveDevelopment drains victims' crypto wallets and steals their login details from web browsers and password managers
- DeceptiveDevelopment targets freelance developerson 2025-02-20
ESET researchers analyzed a campaign delivering malware bundled with job interview challenges
- No, you’re not fired – but beware of job termination scamson 2025-02-18
Some employment scams take an unexpected turn as cybercriminals shift from “hiring” to “firing” staff
- Katharine Hayhoe: The most important climate equation | Starmus highlightson 2025-02-17
The atmospheric scientist makes a compelling case for a head-to-heart-to-hands connection as a catalyst for climate action
- Gaming or gambling? Lifting the lid on in-game loot boxeson 2025-02-13
The virtual treasure chests and other casino-like rewards inside your children’s games may pose risks you shouldn’t play down
- What is penetration testing? | Unlocked 403 cybersecurity podcast (ep. 10)on 2025-02-12
Ever wondered what it's like to hack for a living – legally? Learn about the art and thrill of ethical hacking and how white-hat hackers help organizations tighten up their security.
Schneier on Security – A blog covering security and security technology
- Rational Astrologies and Securityon 2025-04-02
John Kelsey and I wrote a short paper for the Rossfest Festschrift: “Rational Astrologies and Security“: There is another non-security way that designers can spend their security budget: on making their own lives easier. Many of these fall into the category of what has been called rational astrology. First identified by Randy Steve Waldman […]
- Cell Phone OPSEC for Border Crossingson 2025-04-01
I have heard stories of more aggressive interrogation of electronic devices at US border crossings. I know a lot about securing computers, but very little about securing phones. Are there easy ways to delete data—files, photos, etc.—on phones so it can’t be recovered? Does resetting a phone to factory defaults erase data, or is it still […]
- The Signal Chat Leak and the NSAon 2025-03-31
US National Security Advisor Mike Waltz, who started the now-infamous group chat coordinating a US attack against the Yemen-based Houthis on March 15, is seemingly now suggesting that the secure messaging service Signal has security vulnerabilities. "I didn’t see this loser in the group," Waltz told Fox News about Atlantic editor in chief […]
- Friday Squid Blogging: Squid Werewolf Hacking Groupon 2025-03-28
In another rare squid/cybersecurity intersection, APT37 is also known as “Squid Werewolf.” As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered.
- AIs as Trusted Third Partieson 2025-03-28
This is a truly fascinating paper: “Trusted Machine Learning Models Unlock Private Inference for Problems Currently Infeasible with Cryptography.” The basic idea is that AIs can act as trusted third parties: Abstract: We often interact with untrusted parties. Prioritization of privacy can limit the effectiveness of these interactions, as […]
- A Taxonomy of Adversarial Machine Learning Attacks and Mitigationson 2025-03-27
NIST just released a comprehensive taxonomy of adversarial machine learning attacks and countermeasures.
Lohrmann on Cybersecurity – Government Technology RSS Feed
- Is There a Robot in Your Future?on 2025-03-30
Recent developments in humanoid robots are grabbing plenty of global attention. Here are some intriguing robot developments and why we all need to pay attention.
- Health Care: Cyber Attacks, Worrying Trends and Solutionson 2025-03-23
Cyber threats against hospitals are surging. What steps are being taken by the health-care sector to address the increasing impacts of cyber attacks? Let’s explore.
- Zero-Trust Architecture in Government: Spring 2025 Roundupon 2025-03-16
Where do things stand with the deployment of zero-trust architectures in federal, state and local governments across the country — and the world? Here’s a March 2025 roundup.
- Grading CISOs: Effective Metrics and Personal Growth Strategieson 2025-03-09
What are some good, bad and ugly ways to measure how your security and technology leaders are doing? More important, how do you measure and improve your own growth as a CISO?
- Ransomware 2025: Lessons from the Past Year and What Lies Aheadon 2025-03-02
Ransomware attacks hit another record in 2024, and attacks in 2025 are not slowing down. So what’s new and what can we learn about ransomware as we move forward?
- Cybersecurity Needs to Stay Nonpartisan in the Age of DOGEon 2025-02-23
Cybersecurity has been in recent national headlines, with experts claiming DOGE is giving unvetted access to sensitive data. But do these partisan attacks harm the entire cyber industry and government trust?
#StayVigilant
#StaySafe
#LookOutForEachOther