<<Page Under Construction 😉 >>
What does RSS even mean? RSS stands for “Really Simple Syndication”, which is a standardized system for the distribution of content from an online publisher to Internet users.
What this really means is that below, you’ll find some news feeds that I’ve chosen to follow on this page. I’m not responsible for the content, but I have tried to focus the sources to be interesting to Cybersecurity and Information Security professionals. Or, anyone who is interested in those topics. Or, anyone at all who would like to read them.
If you’re the author of a feed, or have a suggestion on one I should add to this page, please drop me a note!
General Cyber News Feeds
Forbes – Cybersecurity News
ZDNet – Security News
KrebsOnSecurity – In-depth Security News and Investigation
CSO Online, from IDG – Hottest Topics on Cyber and Security
The Hacker News – Cybersecurity News and Analysis
The Guardian – Data and Security
Threatpost – First Stop for Security News
Dark Reading – Connecting the Information and Security Community
SANS Institute – Security Awareness Tip of the Day
Help Net Security – Daily infosec news with a focus on enterprise security
IT Security Central – User Activity Monitoring | DLP | Employee Productivity
TechRepublic – Straight up Security
WeLiveSecurity – News, views, and insight from the ESET security community
Schneier on Security – A blog covering security and security technology
Lohrmann on Cybersecurity – Government Technology RSS Feed
Forbes – Cybersecurity News
- Feed has no items.
ZDNet – Security News
- Feed has no items.
Krebs On Security – In-depth Security News and Investigation
- Microsoft Patches a Record 570 Security Flawson 2026-07-14
Microsoft Corp. today released software updates to plug at least 570 security holes in its Windows operating systems and other software, almost triple the number of vulnerabilities the software giant fixed in its record-smashing Patch Tuesday release last month. Microsoft attributed the burgeoning patch counts to vulnerability discoveries aided by […]
- Lessons Learned from CISA’s Recent GitHub Leakon 2026-07-13
The Cybersecurity and Infrastructure Security Agency (CISA) has issued a postmortem on a data leak in which a contractor published dozens of internal CISA credentials -- including AWS Govcloud keys -- in a public GitHub repository for almost six months before being notified by KrebsOnSecurity. Experts say the gaps identified in the agency's […]
- Felons, Fraudsters Flog Offensive Cybersecurity Startupon 2026-07-08
A cybersecurity startup dangling millions of dollars to acquire zero-day security vulnerabilities in popular software is run by a pair of far-right conspiracy theorists and convicted felons whose most recent ventures included fake intelligence companies and a now-defunct AI-based lobbying platform they operated under assumed names.
- FBI Seizes NetNut Proxy Platform, Popa Botneton 2026-07-02
The Federal Bureau of Investigation (FBI) said today it worked with industry partners to seize hundreds of domains associated with NetNut, a sprawling residential proxy service operated by the publicly-traded Israeli company Alarum Technologies [NASDAQ: ALAR]. The action comes roughly two weeks after KrebsOnSecurity published findings from […]
- Scattered Spider Hackers Plead Guilty on Day 1 of Trialon 2026-06-23
Two men pleaded guilty in the United Kingdom this week to criminal charges stemming from an August 2024 cyberattack that crippled Transport for London, the entity responsible for the public transport network in the Greater London area. The duo were key members of a prolific cybercrime group known as Scattered Spider, and their guilty pleas came on […]
- ‘Popa’ Botnet Linked to Publicly-Traded Israeli Firmon 2026-06-18
For the past four years, a sprawling Android-based botnet called Popa has forced millions of consumer TV boxes to relay Internet traffic linked to advertising fraud, account takeovers, and mass data-scraping efforts. This week, researchers from multiple security firms concluded that the Popa botnet is linked to NetNut, a "residential proxy" […]
CSO Online, from IDG – Hottest Topics on Cyber and Security
- Feed has no items.
The Hacker News – Cybersecurity News and Analysis
- Microsoft Patches Record 622 Flaws, Including Two Zero-Days Under Active Attackon 2026-07-14 by info@thehackernews.com (The Hacker News)
Microsoft shipped its largest Patch Tuesday on record today, and two of the fixes close holes that attackers are already exploiting. The release covers 622 of Microsoft's own CVEs by its Security Update Guide count, more than triple June's previous high of around 200. Those two live bugs are the ones to grab first. […]
- SAP Patches CVSS 9.9 NetWeaver ABAP Flaw That Could Expose or Modify Dataon 2026-07-14 by info@thehackernews.com (The Hacker News)
SAP has rolled out updates to address multiple vulnerabilities as part of its July 2026 security updates, including a critical flaw in SAP NetWeaver Application Server ABAP. The vulnerability in question is CVE-2026-44747 (CVSS score: 9.9), an out-of-bounds write flaw that allows an authenticated attacker to leverage […]
- Researchers Say Claude for Chrome Flaw Lets Rogue Extensions Trigger Gmail Readson 2026-07-14 by info@thehackernews.com (The Hacker News)
Any other browser extension that can run a script on claude.ai can still trigger Claude for Chrome tasks aimed at your Gmail, your latest Google Doc and its comments, and your Calendar. Both this and ClaudeBleed need a rogue extension that can already run a script on claude.ai; the difference is scope. Anthropic […]
- LabubaRAT Masquerades as NVIDIA Software to Control Windows Hostson 2026-07-14 by info@thehackernews.com (The Hacker News)
Cybersecurity researchers have flagged a previously undocumented Rust-based remote access trojan (RAT) codenamed LabubaRAT that masquerades as NVIDIA software to blend into target environments. "LabubaRAT creates a reusable foothold for hands-on activity," Blackpoint Cyber researchers Sam Decker and Nevan Beal said in an […]
- RabbitMQ Flaws Could Leak OAuth Secrets and Expose Cross-Tenant Queue Metadataon 2026-07-14 by info@thehackernews.com (The Hacker News)
Cybersecurity researchers have disclosed details of two access control-related flaws impacting the RabbitMQ message broker service that could allow attackers to leak OAuth client secrets, expose enterprise messaging infrastructure to takeover risks, and bypass tenant boundaries. Miggo's security team, which discovered and […]
- 11 Old Microsoft-Signed Linux UEFI Shims Could Let Attackers Bypass Secure Booton 2026-07-14 by info@thehackernews.com (The Hacker News)
Cybersecurity researchers have discovered 11 old, Microsoft-signed, Unified Extensible Firmware Interface (UEFI) applications that could be abused to bypass Secure Boot on most systems using the modern firmware standard. "An attacker exploiting one of these vulnerable applications can execute untrusted code during system […]
The Guardian – Data and Security
- Feed has no items.
Threatpost – First Stop for Security News
- Student Loan Breach Exposes 2.5M Recordson 2022-08-31 by Nate Nelson
2.5 million people were affected, in a breach that could spell more trouble down the line.
- Watering Hole Attacks Push ScanBox Keyloggeron 2022-08-30 by Nate Nelson
Researchers uncover a watering hole attack likely carried out by APT TA423, which attempts to plant the ScanBox JavaScript-based reconnaissance tool.
- Tentacles of ‘0ktapus’ Threat Group Victimize 130 Firmson 2022-08-29 by Nate Nelson
Over 130 companies tangled in sprawling phishing campaign that spoofed a multi-factor authentication system.
- Ransomware Attacks are on the Riseon 2022-08-26 by Nate Nelson
Lockbit is by far this summer’s most prolific ransomware group, trailed by two offshoots of the Conti group.
- Cybercriminals Are Selling Access to Chinese Surveillance Camerason 2022-08-25 by Nate Nelson
Tens of thousands of cameras have failed to patch a critical, 11-month-old CVE, leaving thousands of organizations exposed.
- Twitter Whistleblower Complaint: The TL;DR Versionon 2022-08-24 by Threatpost
Twitter is blasted for security and privacy lapses by the company’s former head of security who alleges the social media giant’s actions amount to a national security risk.
Dark Reading – Connecting the Information and Security Community
- Feed has no items.
SANS Institute – Security Awareness Tip of the Day
- Feed has no items.
Help Net Security – Daily infosec news with a focus on enterprise security
- The MDR renewal question: What changes when AI can handle the alertson 2026-07-15 by Help Net Security
For most of the past decade, the managed detection and response (MDR) decision was a simple one: teams that couldn’t staff a 24/7 SOC outsourced detection and response to a provider who could. It solved a resources problem, and the alternatives (hiring a team you couldn’t afford or keeping a functional set of SOAR playbooks across an expanding […]
- An AI overthinking attack can tie a robot up for over a minuteon 2026-07-15 by Anamarija Pogorelec
Robots that read the world through cameras now lean on large vision-language models to interpret what they see and decide what to do next. These models handle images and text together, so any words that fall inside the camera frame become part of the input. A stop sign, a street name, a sticker on a wall. The overthinking behavior at the center of […]
- AI used to help plan the break-in, now it’s doing the break-inon 2026-07-15 by Anamarija Pogorelec
Over the past twelve months, researchers documented intrusions in which AI ran exploitation workflows autonomously, generating thousands of commands across dozens of sessions with minimal human direction, according to Check Point’s AI Security Report 2026. AI-powered cyber attacks The attackers posing the greatest risk are those orchestrating AI […]
- SonicWall SMA appliances targeted in zero-day attacks (CVE-2026-15409, CVE-2026-15410)on 2026-07-14 by Zeljka Zorz
SonicWall has fixed two actively exploited vulnerabilities (CVE-2026-15409, CVE-2026-15410) affecting its Secure Mobile Access (SMA) 1000 Series appliances, and is urging customer organizations to upgrade to a fixed firmare version and search for evidence of potential compromise. If the outlined indicators of compromise are present on the system, […]
- New macOS malware steals passwords by posing as Apple’s crash-reporting toolon 2026-07-14 by Sinisa Markovic
Jamf Threat Labs has uncovered a new macOS infostealer named CrashStealer that disguises itself as Apple’s crash-reporting tool to steal passwords, Keychain data, and cryptocurrency wallets. The malware was first spotted in May while it was still under development. By early July, Jamf was seeing in-the-wild detections, indicating it had moved […]
- Download: The ultimate guide to network operations managementon 2026-07-14 by Anamarija Pogorelec
Modern network operations are too manual. Today’s IT and security teams are managing growing complexity across networks, infrastructure, tools, and workflows. The result? Slower response, duplicated effort, and operational friction. This guide explores how intelligent workflows help teams reduce manual work, improve visibility, and move faster […]
IT Security Central – User Activity Monitoring | DLP | Employee Productivity
- Feed has no items.
TechRepublic – Straight up Security
- Australian Enterprises At Risk as Anthropic Finds Hackers In Claude Codeon 2026-07-14 by Joseph Ofonagoro
A Claude Code-powered cyberattack exposed AI governance gaps common among Australian businesses, where oversight continues to lag adoption. The post Australian Enterprises At Risk as Anthropic Finds Hackers In Claude Code appeared first on TechRepublic.
- Online Protection Is Simple and Effective with Panda Dome for $29.99on 2026-07-14 by TechRepublic Academy
Get antivirus, firewall, and VPN service with a one-year subscription to Panda Dome for just $29.99. The post Online Protection Is Simple and Effective with Panda Dome for $29.99 appeared first on TechRepublic.
- Meta Removes Muse Image Instagram Feature After Consent Backlashon 2026-07-13 by Kezia Jungco
Meta scrapped a Muse Image feature days after launch following backlash over consent, privacy, and the use of public Instagram photos. The post Meta Removes Muse Image Instagram Feature After Consent Backlash appeared first on TechRepublic.
- Fake Bank Apps Let Scammers Control Android Phones in Southeast Asiaon 2026-07-13 by Liz Ticong
RedHook malware uses fake banking and government apps to steal data and control Android phones, with attacks confirmed in Vietnam and Indonesia so far. The post Fake Bank Apps Let Scammers Control Android Phones in Southeast Asia appeared first on TechRepublic.
- Get Peace of Mind: Protect Data for Life With BigMind DR for $59.99on 2026-07-13 by TechRepublic Academy
With a lifetime subscription to BigMIND DR, you can recover your data for 83% off the regular price of $357. The post Get Peace of Mind: Protect Data for Life With BigMind DR for $59.99 appeared first on TechRepublic.
- Exposed Server Reveals 25,000 Compromised WordPress Websiteson 2026-07-10 by Ken Underhill
An exposed WP-SHELLSTORM server revealed tools, logs, cloud credentials, and thousands of webshells used in a large website hacking campaign. The post Exposed Server Reveals 25,000 Compromised WordPress Websites appeared first on TechRepublic.
WeLiveSecurity – News, views, and insight from the ESET security community
- ESET Threat Report H1 2026on 2026-07-08
A view of the H1 2026 threat landscape as seen by ESET telemetry and from the perspective of ESET threat detection and research experts.
- Cyber readiness for SMBs: Getting the basics righton 2026-07-03
AI is changing cybercrime, but SMB cyber readiness still largely depends on closing the familiar gaps
- This month in security with Tony Anscombe – June 2026 editionon 2026-06-30
Three-day patching deadlines, exposed fuel-tank systems, scams costing billions of dollars, and social media bans for children all gave Tony plenty to unpack in June 2026
- Inside the inbox: Why cybercriminals want to break into your email accounton 2026-06-29
Your inbox is an identity system all of its own: whoever owns it may own a lot more
- SMB cyber readiness: the road to resilience starts hereon 2026-06-26
Your business may be small, but its attack surface is anything but. Readiness is the first step to resilience.
- Gamaredon in 2025: Leveraging tunnels, workers, dead drops, and new allianceson 2026-06-25
ESET Research analyzes Gamaredon’s new toolset and the group’s growing reliance on legitimate online services to hide its C&C infrastructure and exfiltrate stolen data
Schneier on Security – A blog covering security and security technology
- Upcoming Speaking Engagementson 2026-07-14
This is a current list of where and when I am scheduled to speak: I’m speaking (virtually) at the Policy-Relevant Privacy Research Workshop in Calgary, Canada, on Monday, July 20, 2026. I’m speaking at Boston Leadership Exchange in Boston, Massachusetts, USA, on Wednesday, July 22, 2026. I’m speaking at Cognitive Security Conference in Las […]
- Vulnerability in FIFA’s Networkon 2026-07-14
FIFA’s network was vulnerable to anyone with even minimal access.
- AI Data Centers and the Concentration of Wealthon 2026-07-13
This essay was written with Nathan E. Sanders, and originally appeared in The Guardian. Opposition to AI data centers has emerged as a primary theme in US politics, one that—surprisingly—doesn’t fall along party lines. We applaud people coming together for constructive debate on any issue, and agree that communities need to evaluate whether […]
- Friday Squid Blogging: “Squidbleed” Vulnerabilityon 2026-07-10
In a rare combined cybersecurity/squid post, a twenty-nine-year-old squid proxy bug can leak HTTP requests. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Blog moderation policy.
- AI Surveillance and Social Progresson 2026-07-10
In the near future, AI-powered surveillance systems will be able to track everything we do in public, and much of what we do in private. And if we do something wrong—shoplift, litter, jaywalk, you name it—the system will notice, retain it, tie it to your official government record, communicate that fact to you, and provide real-time alerts to […]
- The Language of AI Could Change How Humans Speakon 2026-07-09
Because of the way they are trained, large language models capture only a slice of human language. They’re trained on the written word, from textbooks to social media posts, and our speech as captured in movies and on television. These models have minimal access to the unscripted conversations we have face to face or voice to voice. This is the […]
Lohrmann on Cybersecurity – Government Technology RSS Feed
- On AI Ethics: Why Prompt Engineering Needs a Moral Compasson 2026-07-12
In this first of a three-part series, we look at why “working as designed” is no longer good enough for enterprise AI or cybersecurity pros.
- Navigating NIST’s New Cybersecurity AI Frontieron 2026-07-05
AI and quantum guidance are driving the future of the National Institute of Standards and Technology Cybersecurity Framework. Here’s how.
- AI at Work: Employees Aren’t Waiting for Permissionon 2026-06-28
New research is showing that staff are bringing their own AI to work at a growing pace, and security predictions from years ago are coming to fruition now. What’s the trend and what can you do?
- AI, Mind Reading and Microchip Brain Implantson 2026-06-21
How neurotech advancements and new state laws are shaping the future of human-machine interfaces.
- The Global State of Technology Risk in 2026on 2026-06-14
A leadership guide to trust, governance and workforce evolution in a rapidly shifting technology landscape.
- The Mythos Race: Trump’s New EO and Glasswing’s Expansionon 2026-06-07
A roundup of headline AI developments from this past week is warranted, as fast-moving decisions from the White House to Anthropic demand immediate attention. Plus, a look at what may be the AI metric that matters most.
#StayVigilant
#StaySafe
#LookOutForEachOther

















