<<Page Under Construction 😉 >>
What does RSS even mean? RSS stands for “Really Simple Syndication”, which is a standardized system for the distribution of content from an online publisher to Internet users.
What this really means is that below, you’ll find some news feeds that I’ve chosen to follow on this page. I’m not responsible for the content, but I have tried to focus the sources to be interesting to Cybersecurity and Information Security professionals. Or, anyone who is interested in those topics. Or, anyone at all who would like to read them.
If you’re the author of a feed, or have a suggestion on one I should add to this page, please drop me a note!
General Cyber News Feeds
Forbes – Cybersecurity News
ZDNet – Security News
KrebsOnSecurity – In-depth Security News and Investigation
CSO Online, from IDG – Hottest Topics on Cyber and Security
The Hacker News – Cybersecurity News and Analysis
The Guardian – Data and Security
Threatpost – First Stop for Security News
Dark Reading – Connecting the Information and Security Community
SANS Institute – Security Awareness Tip of the Day
Help Net Security – Daily infosec news with a focus on enterprise security
IT Security Central – User Activity Monitoring | DLP | Employee Productivity
TechRepublic – Straight up Security
WeLiveSecurity – News, views, and insight from the ESET security community
Schneier on Security – A blog covering security and security technology
Lohrmann on Cybersecurity – Government Technology RSS Feed
Forbes – Cybersecurity News
- Feed has no items.
ZDNet – Security News
- Feed has no items.
Krebs On Security – In-depth Security News and Investigation
- Patch Tuesday, May 2026 Edition
on 2026-05-12Artificial intelligence platforms may be just as susceptible to social engineering as human beings, but they are proving remarkably good at finding security vulnerabilities in human-made computer code. That reality is on full display this month with some of the more widely-used software makers -- including Apple, Google, Microsoft, Mozilla and […]
- Canvas Breach Disrupts Schools & Colleges Nationwide
on 2026-05-08An ongoing data extortion attack targeting the widely-used education technology platform Canvas disrupted classes and coursework at school districts and universities across the United States today, after a cybercrime group defaced the service's login page with a ransom demand that threatened to leak data from 275 million students and faculty […]
- Anti-DDoS Firm Heaped Attacks on Brazilian ISPs
on 2026-04-30A Brazilian tech firm that specializes in protecting networks from distributed denial-of-service (DDoS) attacks has been enabling a botnet responsible for an extended campaign of massive DDoS attacks against other network operators in Brazil, KrebsOnSecurity has learned. The firm's chief executive says the malicious activity resulted from a […]
- ‘Scattered Spider’ Member ‘Tylerb’ Pleads Guilty
on 2026-04-21A 24-year-old British national and senior member of the cybercrime group "Scattered Spider" has pleaded guilty to wire fraud conspiracy and aggravated identity theft. Tyler Robert Buchanan admitted his role in a series of text-message phishing attacks in the summer of 2022 that allowed the group to hack into at least a dozen major technology […]
- Patch Tuesday, April 2026 Edition
on 2026-04-14Microsoft today pushed software updates to fix a staggering 167 security vulnerabilities in its Windows operating systems and related software, including a SharePoint Server zero-day and a publicly disclosed weakness in Windows Defender dubbed "BlueHammer." Separately, Google Chrome fixed its fourth zero-day of 2026, and an emergency update for […]
- Russia Hacked Routers to Steal Microsoft Office Tokens
on 2026-04-07Hackers linked to Russia's military intelligence units are using known flaws in older Internet routers to mass harvest authentication tokens from Microsoft Office users, security experts warned today. The spying campaign allowed state-backed Russian hackers to quietly siphon authentication tokens from users on more than 18,000 networks without […]
CSO Online, from IDG – Hottest Topics on Cyber and Security
- Feed has no items.
The Hacker News – Cybersecurity News and Analysis
- On-Prem Microsoft Exchange Server CVE-2026-42897 Exploited via Crafted Email
on 2026-05-15 by info@thehackernews.com (The Hacker News)Microsoft has disclosed a new security vulnerability impacting on-premise versions of Exchange Server that it said has come under active exploitation in the wild. The vulnerability, tracked as CVE-2026-42897 (CVSS score: 8.1), has been described as a spoofing bug stemming from a cross-site scripting flaw. An anonymous […]
- CISA Adds Cisco SD-WAN CVE-2026-20182 to KEV After Admin Access Exploits
on 2026-05-15 by info@thehackernews.com (The Hacker News)The U.S.Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a newly disclosed vulnerability impacting Cisco Catalyst SD-WAN Controller to its Known Exploited Vulnerabilities (KEV) catalog, requiring Federal Civilian Executive Branch (FCEB) agencies to remediate the issue by May 17, 2026. The […]
- Cisco Catalyst SD-WAN Controller Auth Bypass Actively Exploited to Gain Admin Access
on 2026-05-14 by info@thehackernews.com (The Hacker News)Cisco has released updates to address a maximum-severity authentication bypass flaw in Catalyst SD-WAN Controller that it said has been exploited in limited attacks. The vulnerability, tracked as CVE-2026-20182, carries a CVSS score of 10.0. "A vulnerability in the peering authentication in Cisco Catalyst SD-WAN […]
- Stealer Backdoor Found in 3 Node-IPC Versions Targeting Developer Secrets
on 2026-05-14 by info@thehackernews.com (The Hacker News)Cybersecurity researchers are sounding the alarm about what has been described as "malicious activity" in newly published versions of node-ipc. According to Socket and StepSecurity, three different versions of the npm package have been confirmed as malicious - node-ipc@9.1.6 node-ipc@9.2.3 node-ipc@12.0.1 "Early analysis […]
- ThreatsDay Bulletin: PAN-OS RCE, Mythos cURL Bug, AI Tokenizer Attacks, and 10+ Stories
on 2026-05-14 by info@thehackernews.com (The Hacker News)Everything is still on fire. This week feels dumb in the worst way — bad links, weak checks, fake help desks, shady forum posts, and people turning supply chain attacks into some cursed little game for clout and cash. Half of it feels new. Half of it feels like crap we should have fixed years ago. The mess keeps getting […]
- Ghostwriter Targets Ukrainian Government With Geofenced PDF Phishing, Cobalt Strike
on 2026-05-14 by info@thehackernews.com (The Hacker News)The Belarus-aligned threat group known as Ghostwriter has been attributed to a fresh set of attacks targeting governmental organizations in Ukraine. Active since at least 2016, Ghostwriter has been linked to both cyber espionage and influence operations targeting neighboring countries, particularly Ukraine. It's also […]
The Guardian – Data and Security
- Feed has no items.
Threatpost – First Stop for Security News
- Student Loan Breach Exposes 2.5M Records
on 2022-08-31 by Nate Nelson2.5 million people were affected, in a breach that could spell more trouble down the line.
- Watering Hole Attacks Push ScanBox Keylogger
on 2022-08-30 by Nate NelsonResearchers uncover a watering hole attack likely carried out by APT TA423, which attempts to plant the ScanBox JavaScript-based reconnaissance tool.
- Tentacles of ‘0ktapus’ Threat Group Victimize 130 Firms
on 2022-08-29 by Nate NelsonOver 130 companies tangled in sprawling phishing campaign that spoofed a multi-factor authentication system.
- Ransomware Attacks are on the Rise
on 2022-08-26 by Nate NelsonLockbit is by far this summer’s most prolific ransomware group, trailed by two offshoots of the Conti group.
- Cybercriminals Are Selling Access to Chinese Surveillance Cameras
on 2022-08-25 by Nate NelsonTens of thousands of cameras have failed to patch a critical, 11-month-old CVE, leaving thousands of organizations exposed.
- Twitter Whistleblower Complaint: The TL;DR Version
on 2022-08-24 by ThreatpostTwitter is blasted for security and privacy lapses by the company’s former head of security who alleges the social media giant’s actions amount to a national security risk.
Dark Reading – Connecting the Information and Security Community
- Feed has no items.
SANS Institute – Security Awareness Tip of the Day
- Feed has no items.
Help Net Security – Daily infosec news with a focus on enterprise security
- Unpatched Microsoft Exchange Server vulnerability exploited (CVE-2026-42897)on 2026-05-15 by Zeljka Zorz
A critical cross-site scripting (XSS) vulnerability (CVE-2026-42897) in Microsoft Exchange Server is being exploited by attackers, Microsoft warned on Thursday. A permanent fix is still in the works. In the meantime, Microsoft provided temporary mitigations. About CVE-2026-42897 CVE-2026-42897 affects on-premises versions of Microsoft Exchange […]
- Rocky Linux launches opt-in security repository for urgent fixeson 2026-05-15 by Sinisa Markovic
Rocky Linux has introduced a Security Repository that allows the distribution to ship urgent security fixes ahead of upstream Enterprise Linux when public exploit code exists and upstream patches are unavailable. “The repository is disabled by default. That’s intentional. The default Rocky Linux experience stays exactly what it has always […]
- Keycard helps developers secure autonomous AI agents with scoped accesson 2026-05-15 by Industry News
Keycard has announced Keycard for Multi-Agent Apps, extending its platform to support delegated, session-based access across systems of autonomous agents. Keycard lets developers build apps where every agent has its own identity, access is scoped to each task and every action is fully attributable across agents, users and systems. “Enterprises […]
- Deepfake detection is losing ground to generative modelson 2026-05-15 by Sinisa Markovic
Deepfake detection has been built around a single question for close to a decade. Given a video or audio clip, is it real or synthetic? Commercial detectors analyze pixels, frequencies, and biometric signals to answer that question, and the best of them post strong accuracy numbers on standard benchmarks. In deployment, performance drops sharply […]
- Zombie linkages are keeping expired domains trusted for yearson 2026-05-15 by Sinisa Markovic
Domains expire, get transferred, and return to the market every day. The systems connected to those domains can continue trusting the original owner long after control has changed. Researchers at USC and the University of Twente examined this problem in three widely used systems: Web PKI, Maven Central, and Ethereum Name Service. They use the term […]
- The AI oversight paradox: Is the investment worth the cost of watching it?on 2026-05-15 by Anamarija Pogorelec
Unlike in 2025, when AI adoption and testing drove business strategies, organizations in 2026 want proven ROI before committing budgets, according to a report by Globalization Partners. How global executives characterize their organization’s approach to AI adoption (Source: Globalization Partners) 62% of business leaders said they felt pressure […]
IT Security Central – User Activity Monitoring | DLP | Employee Productivity
- Feed has no items.
TechRepublic – Straight up Security
- Apple’s iPhone Privacy Feature Expands to More Users Worldwideon 2026-05-14 by Aminu Abdullahi
Apple expanded Limit Precise Location in iOS 26.5, but the carrier privacy feature still requires select iPhones and iPads. The post Apple’s iPhone Privacy Feature Expands to More Users Worldwide appeared first on TechRepublic.
- Microsoft’s Patch Tuesday Update Targets 120 Security Flawson 2026-05-13 by Joseph Ofonagoro
Microsoft’s May Patch Tuesday fixes 120 flaws, including 31 remote code execution bugs, with no zero-days reported at release. The post Microsoft’s Patch Tuesday Update Targets 120 Security Flaws appeared first on TechRepublic.
- Google Launches New Android Security Features to Fight Scams, Thefton 2026-05-13 by Aminu Abdullahi
Google detailed Android security updates for 2026, including verified bank calls, stronger theft protection, OTP hiding, and spyware forensics. The post Google Launches New Android Security Features to Fight Scams, Theft appeared first on TechRepublic.
- Hackers Claim 11M Files Stolen From Foxconn, Supplier to Apple and Nvidiaon 2026-05-13 by Liz Ticong
Foxconn confirmed a North American cyberattack after Nitrogen claimed it had stolen 11M files tied to major tech customer projects. The post Hackers Claim 11M Files Stolen From Foxconn, Supplier to Apple and Nvidia appeared first on TechRepublic.
- Canvas Breach Hackers Reach Deal After Claiming 275M Records Stolenon 2026-05-13 by Kezia Jungco
Instructure reached a deal with the Canvas hackers after they claimed to have stolen data tied to nearly 9,000 schools and 275 million people. The post Canvas Breach Hackers Reach Deal After Claiming 275M Records Stolen appeared first on TechRepublic.
- Over 1 Million Baby Monitors, Security Cameras Exposed Through Meari Flawson 2026-05-12 by Ken Underhill
Meari IoT flaws reportedly exposed baby monitor images, camera activity, and device data across more than 1 million connected devices. The post Over 1 Million Baby Monitors, Security Cameras Exposed Through Meari Flaws appeared first on TechRepublic.
WeLiveSecurity – News, views, and insight from the ESET security community
- FrostyNeighbor: Fresh mischief and digital shenaniganson 2026-05-14
ESET researchers uncovered new activities attributed to FrostyNeighbor, updating its compromise chain to support the group’s continual cyberespionage operations
- Eyes wide open: How to mitigate the security and privacy risks of smart glasseson 2026-05-11
Smart glasses allow anyone to track and record the world around them. That could put your data and the privacy of those nearby at risk.
- Fake call logs, real payments: How CallPhantom tricks Android userson 2026-05-07
ESET researchers uncovered fraudulent apps on Google Play that claim to provide the call history “for any number” and had been downloaded more than seven million times before being taken down
- Fixing the password problem is as easy as 123456on 2026-05-07
How come it’s still possible to ‘secure’ an online account with a six-digit string?
- A rigged game: ScarCruft compromises gaming platform in a supply-chain attackon 2026-05-05
ESET researchers have investigated an ongoing attack by the ScarCruft APT group that targets the Yanbian region via backdoor-laced Windows and Android games
- This month in security with Tony Anscombe – April 2026 editionon 2026-04-30
Warnings about helpdesk impersonation scams and Iran-linked hackers targeting critical sectors in the US, plus the most damaging scams of 2025 - here's some of what made the headlines this month
Schneier on Security – A blog covering security and security technology
- Upcoming Speaking Engagementson 2026-05-14
This is a current list of where and when I am scheduled to speak: I’m giving a virtual talk on “The Security of Trust in the Age of AI,” hosted by the Financial Women’s Association of New York, at 6:00 PM ET on May 21, 2026. I’m speaking at the Potsdam Conference on National Cybersecurity at the Hasso Plattner Institut in Potsdam, […]
- How Dangerous Is Anthropic’s Mythos AI?on 2026-05-14
Last month, Anthropic made a remarkable announcement about its new model, Claude Mythos Preview: it was so good at finding security vulnerabilities in software that the company would not release it to the general public. Instead, it would only be available to a select group of companies to scan and fix their own software. The announcement requires […]
- OpenAI’s GPT-5.5 is as Good as Mythos at Finding Security Vulnerabilitieson 2026-05-13
The UK’s AI Security Institute evaluated GPT-5.5’s ability to find security vulnerabilities, and found that it is comparable to Claude Mythos. Note that the OpenAI model is generally available. Here is the Institute’s evaluation of Mythos. And here is an analysis of a smaller, cheaper model. It requires more scaffolding from the prompter, […]
- Copy.Fail Linux Vulnerabilityon 2026-05-12
This is the worst Linux vulnerability in years. TL;DR copy.fail is a Linux kernel local privilege escalation, not a browser or clipboard attack. Disclosed by Theori on 29 April 2026 with a working PoC. It abuses the kernel crypto API (AF_ALG sockets) plus splice() to write four bytes at a time straight into the page cache of a file the attacker […]
- LLMs and Text-in-Text Steganographyon 2026-05-11
Turns out that LLMs are really good at hiding text messages in other text messages.
- Friday Squid Blogging: Giant Squid Live in the Waters of Western Australiaon 2026-05-08
Evidence of them has been found by analyzing DNA in the seawater. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Blog moderation policy.
Lohrmann on Cybersecurity – Government Technology RSS Feed
- ‘CI Fortify’ Is the New Road Map for State and Local Resilienceon 2026-05-10
In light of increasing international cyber threats, CISA unveiled “CI Fortify” to help secure critical infrastructure. Here’s what you need to know.
- A Tale of Two States: The 2026 Cybersecurity Paradoxon 2026-05-03
The cyber threat outlooks from CIOs and CISOs at the NASCIO Midyear Conference in Philadelphia ranged from the good to the bad to the ugly — with AI front and center.
- The Great Stay: Why Tech Talent Is Choosing Stability Over Salaryon 2026-04-26
How mass layoffs and economic anxiety have upended the talent war, turning “job hugging” into the public sector’s greatest opportunity to fill open tech positions.
- A History of Global Hacking — and Where It’s Going Nexton 2026-04-19
In her new book, Code War: How Nations Hack, Spy, and Shape the Digital Battlefield, Allie Mellen provides true stories of the current cyber war and, importantly, what might be ahead.
- Why Anthropic’s Mythos Is a Systemic Shift for Global Cybersecurityon 2026-04-12
With the release of Anthropic’s Project Glasswing and Claude Mythos, how should CISOs navigate the arrival of automated exploit chaining, collapsing patch cycles and the inevitable rise of adversarial AI?
- Post-Quantum Cryptography: Moving From Awareness to Executionon 2026-04-05
Google recently released important research that moves Q-Day — the day quantum computers will be able to “break the Internet” — up to 2029. How should enterprises secure their systems?
#StayVigilant
#StaySafe
#LookOutForEachOther