<<Page Under Construction 😉 >>
What does RSS even mean? RSS stands for “Really Simple Syndication”, which is a standardized system for the distribution of content from an online publisher to Internet users.
What this really means is that below, you’ll find some news feeds that I’ve chosen to follow on this page. I’m not responsible for the content, but I have tried to focus the sources to be interesting to Cybersecurity and Information Security professionals. Or, anyone who is interested in those topics. Or, anyone at all who would like to read them.
If you’re the author of a feed, or have a suggestion on one I should add to this page, please drop me a note!
General Cyber News Feeds
Forbes – Cybersecurity News
ZDNet – Security News
KrebsOnSecurity – In-depth Security News and Investigation
CSO Online, from IDG – Hottest Topics on Cyber and Security
The Hacker News – Cybersecurity News and Analysis
The Guardian – Data and Security
Threatpost – First Stop for Security News
Dark Reading – Connecting the Information and Security Community
SANS Institute – Security Awareness Tip of the Day
Help Net Security – Daily infosec news with a focus on enterprise security
IT Security Central – User Activity Monitoring | DLP | Employee Productivity
TechRepublic – Straight up Security
WeLiveSecurity – News, views, and insight from the ESET security community
Schneier on Security – A blog covering security and security technology
Lohrmann on Cybersecurity – Government Technology RSS Feed
Forbes – Cybersecurity News
- Feed has no items.
ZDNet – Security News
- Feed has no items.
Krebs On Security – In-depth Security News and Investigation
- Hackers Used Meta’s AI Support Bot to Seize Instagram Accounts
on 2026-06-01The Instagram accounts for the Obama White House and the Chief Master Sergeant of the U.S. Space Force were briefly defaced with pro-Iranian images and messages over the weekend, after instructions began circulating on Telegram showing how to trick Meta's "AI support assistant" bot into resetting account passwords.
- Netherlands Seizes 800 Servers, Arrests 2 for Aiding Cyberattacks
on 2026-05-25Authorities in the Netherlands have arrested the co-owners of two related Internet hosting companies for operating IT infrastructure used by Russia to carry out cyberattacks, influence operations and disinformation campaigns inside the European Union. The two men were the focus of a 2025 KrebsOnSecurity story about how their hosting companies had […]
- Lawmakers Demand Answers as CISA Tries to Contain Data Leak
on 2026-05-22Lawmakers in both houses of Congress are demanding answers from the U.S. Cybersecurity & Infrastructure Security Agency (CISA) after KrebsOnSecurity reported this week that a CISA contractor intentionally published AWS GovCloud keys and a vast trove of other agency secrets on a public GitHub account. The inquiry comes as CISA is still […]
- Alleged Kimwolf Botmaster ‘Dort’ Arrested, Charged in U.S. and Canada
on 2026-05-21Canadian authorities on Wednesday arrested a 23-year-old Ottawa man on suspicion of building and operating Kimwolf, a fast spreading Internet-of-Things botnet that enslaved millions of devices for use in a series of massive distributed denial-of-service (DDoS) attacks over the past six months. KrebsOnSecurity publicly named the suspect in February […]
- CISA Admin Leaked AWS GovCloud Keys on Github
on 2026-05-18Until this past weekend, a contractor for the Cybersecurity & Infrastructure Security Agency (CISA) maintained a public GitHub repository that exposed credentials to several highly privileged AWS GovCloud accounts and a large number of internal CISA systems. Security experts said the public archive included files detailing how CISA builds, […]
- Patch Tuesday, May 2026 Edition
on 2026-05-12Artificial intelligence platforms may be just as susceptible to social engineering as human beings, but they are proving remarkably good at finding security vulnerabilities in human-made computer code. That reality is on full display this month with some of the more widely-used software makers -- including Apple, Google, Microsoft, Mozilla and […]
CSO Online, from IDG – Hottest Topics on Cyber and Security
- Feed has no items.
The Hacker News – Cybersecurity News and Analysis
- Cisco Patches CVE-2026-20230 in Unified CM as Exploit Code Goes Public
on 2026-06-04 by info@thehackernews.com (The Hacker News)Cisco has patched a bug in Unified Communications Manager that lets an unauthenticated attacker on the network write files to the box and, from there, climb to root. It is tracked as CVE-2026-20230, and proof-of-concept exploit code is already public. Cisco's PSIRT says it has not seen the flaw used in attacks yet. The […]
- Claude Code GitHub Action Flaw Let One Malicious Issue Hijack Repositories
on 2026-06-04 by info@thehackernews.com (The Hacker News)A security researcher found a flaw in Anthropic's Claude Code GitHub Action that let an attacker take over vulnerable public repositories running it, with nothing more than a single opened GitHub issue. Because Anthropic's own action repo used the same workflow, a working attack could have pushed malicious code into the […]
- Agentic AI Is Transforming Defense, But Only Secure IT Infrastructure Will Maximize It
on 2026-06-04 by info@thehackernews.com (The Hacker News)Over the past several weeks, the cybersecurity community has been reminded how quickly frontier and agentic AI in defense networks can challenge our assumptions. When Anthropic's Claude Mythos model was made available to a limited set of organizations as a technical preview, it was reported that an unauthorized group […]
- ThreatsDay Bulletin: AI Agents Gone Wrong, Sketchy C2 Tools, ClickFix Tricks, JS Backdoors & 20+ New Stories
on 2026-06-04 by info@thehackernews.com (The Hacker News)It got stupid again. The internet still feels held together with tape. Bad plugins, old bugs, fake tools, trusted apps doing shady things. Same mess, new wrapper. And now the weird stuff is normal. Forums go down and come back worse. Cheap hackers get better toys. AI starts breaking real systems. Great. Read the whole […]
- China-Linked TA4922 Expands Phishing Attacks to U.K., Germany, Italy, and South Africa
on 2026-06-04 by info@thehackernews.com (The Hacker News)A new China-linked cybercrime group known as TA4922 has expanded its targeting focus to target European organizations in the U.K., Germany, Italy, and South Africa. These efforts have been complemented by a "rapid operational tempo" and a continually evolving malware arsenal comprising known families like ValleyRAT (aka […]
- FlutterShell Backdoor Spreads to macOS via Malicious Google and YouTube Ads
on 2026-06-04 by info@thehackernews.com (The Hacker News)Cybersecurity researchers have shed light on a macOS malvertising campaign codenamed Operation FlutterBridge that spreads a new backdoor called FlutterShell. According to Palo Alto Networks Unit 42, the campaign is said to be the next stage of a previously reported activity cluster dubbed JSCoreRunner (aka FileRipple) in […]
The Guardian – Data and Security
- Feed has no items.
Threatpost – First Stop for Security News
- Student Loan Breach Exposes 2.5M Records
on 2022-08-31 by Nate Nelson2.5 million people were affected, in a breach that could spell more trouble down the line.
- Watering Hole Attacks Push ScanBox Keylogger
on 2022-08-30 by Nate NelsonResearchers uncover a watering hole attack likely carried out by APT TA423, which attempts to plant the ScanBox JavaScript-based reconnaissance tool.
- Tentacles of ‘0ktapus’ Threat Group Victimize 130 Firms
on 2022-08-29 by Nate NelsonOver 130 companies tangled in sprawling phishing campaign that spoofed a multi-factor authentication system.
- Ransomware Attacks are on the Rise
on 2022-08-26 by Nate NelsonLockbit is by far this summer’s most prolific ransomware group, trailed by two offshoots of the Conti group.
- Cybercriminals Are Selling Access to Chinese Surveillance Cameras
on 2022-08-25 by Nate NelsonTens of thousands of cameras have failed to patch a critical, 11-month-old CVE, leaving thousands of organizations exposed.
- Twitter Whistleblower Complaint: The TL;DR Version
on 2022-08-24 by ThreatpostTwitter is blasted for security and privacy lapses by the company’s former head of security who alleges the social media giant’s actions amount to a national security risk.
Dark Reading – Connecting the Information and Security Community
- Feed has no items.
SANS Institute – Security Awareness Tip of the Day
- Feed has no items.
Help Net Security – Daily infosec news with a focus on enterprise security
- OAuth marketplace apps keep access after publishers vanishon 2026-06-04 by Mirko Zorz
Installing an app from the Google Workspace Marketplace or GitHub Marketplace can grant a third party access to company email, files, calendars, code repositories, CI workflows, organization settings, and secrets. Marketplace presence gives these apps the appearance of approval. The OAuth grants behind them often reach into business systems beyond […]
- The modern-day business can learn a lot about risk from this year’s mega eventson 2026-06-04 by Help Net Security
Every year brings its share of global events, but 2026 is proving to be a banner year for mega-scale entertainment. The year got off to a roaring start with the Winter Olympics, and now anticipation is building for the fast-approaching FIFA World Cup. But amid the buzz, have you ever paused to consider the staggering level of risk inherent to such […]
- Spotless compliance evidence can still hide a broken controlon 2026-06-04 by Mirko Zorz
In this interview with Help Net Security, Marc Rubbinaccio, Head of Cybersecurity and Compliance at Secureframe, explains where security teams go wrong when preparing for CMMC and FedRAMP 20x. The conversation covers how organizations check the 110 requirements but miss the 320 assessment objectives beneath them, why spotless SOC 2 evidence can […]
- From critical to controlled: Cutting vulnerabilities in a live manufacturing environmenton 2026-06-04 by Help Net Security
A vulnerability scanner flags a critical CVSS 10 vulnerability on an industrial asset. The report lands in the boss’ inbox and now he wants to know why we’re sitting on a critical vulnerability. In a normal IT environment, you patch it then close the ticket and call it a day. If, however, you’re in OT or dealing with ICS in a live […]
- Attackers already know the secrets are on your developers’ machines. Do you?on 2026-06-04 by Help Net Security
In a recent GitGuardian analysis, an average of 150 secrets were found on a sample of developer endpoints. Private keys accounted for 38% of unique secrets, while cloud, identity provider, and secret management credentials (AWS IAM, Hashicorp vault) added another 22%. Those figures should not be treated as a universal prevalence estimate for every […]
- Product showcase: Trend Micro Mobile Security detects scams in messages, QR codes, and websiteson 2026-06-04 by Anamarija Pogorelec
Trend Micro Mobile Security for iOS protects devices from potentially harmful websites while browsing, blocks ads and personal information trackers, helps users avoid unsafe Wi-Fi networks, and monitors data usage. The app is available for both iOS and Android devices. Getting Started After installing the app from the App Store, I created an […]
IT Security Central – User Activity Monitoring | DLP | Employee Productivity
- Feed has no items.
TechRepublic – Straight up Security
- Microsoft 365 Android Apps Had a Token Flaw IT Teams Should Check Nowon 2026-06-04 by TechRepublic Staff
A debug flag left active in six Microsoft 365 Android apps allowed another installed app on the same device to request account tokens without user interaction. The post Microsoft 365 Android Apps Had a Token Flaw IT Teams Should Check Now appeared first on TechRepublic.
- US Firms Try DeepSeek as Silicon Valley AI Costs Riseon 2026-06-04 by Kezia Jungco
US firms are testing China’s DeepSeek as Silicon Valley AI costs rise, raising questions about savings, data residency, and risk. The post US Firms Try DeepSeek as Silicon Valley AI Costs Rise appeared first on TechRepublic.
- Malicious WhatsApp, Slack Alerts Could Have Exposed Millions of Android Userson 2026-06-04 by Kezia Jungco
SafeBreach found a now-fixed Gemini Android flaw that let malicious WhatsApp and Slack alerts manipulate AI responses and tools. The post Malicious WhatsApp, Slack Alerts Could Have Exposed Millions of Android Users appeared first on TechRepublic.
- Apple’s 2026 Security Events: iPhone Exploits, Zero-Days Put Millions at Riskon 2026-06-03 by Aminu Abdullahi
Apple’s 2026 security year includes zero-days, iPhone exploit kits, WebKit fixes, and background patches that users and IT teams need to track. The post Apple’s 2026 Security Events: iPhone Exploits, Zero-Days Put Millions at Risk appeared first on TechRepublic.
- Microsoft Tests Wearable AI Badge for Office Workerson 2026-06-03 by Kezia Jungco
Microsoft showed Project Solara concept devices at Build 2026, including a wearable AI badge for office workers using AI agents. The post Microsoft Tests Wearable AI Badge for Office Workers appeared first on TechRepublic.
- CISA Flags 2-Year-Old Oracle WebLogic Vulnerability as Actively Exploitedon 2026-06-03 by Joseph Ofonagoro
CISA added Oracle WebLogic flaw CVE-2024-21182 to its KEV catalog, giving federal agencies until June 4 to patch exposed servers. The post CISA Flags 2-Year-Old Oracle WebLogic Vulnerability as Actively Exploited appeared first on TechRepublic.
WeLiveSecurity – News, views, and insight from the ESET security community
- Lessons for life: Why children’s data is a long-term identity riskon 2026-06-03
Your child’s first data breach may happen before they’ve even opened a bank account. Here’s how to keep their digital life safe.
- This month in security with Tony Anscombe – May 2026 editionon 2026-05-29
In this roundup, Tony looks at attacks against Polish water treatment facilities, how AI-directed attacks failed in Mexico, and what Google believes is the first AI-generated zero-day exploit
- ESET APT Activity Report Q4 2025–Q1 2026on 2026-05-28
An overview of the activities of selected APT groups investigated and analyzed by ESET Research in Q4 2025 and Q1 2026
- What to consider before asking an AI chatbot for health adviceon 2026-05-27
Using chatbots for medical advice could elicit hallucinations and even expose you to security and privacy risks. Here’s what’s at stake and how to stay safe.
- BTMOB: A stealthy RAT burrowing deep into Android deviceson 2026-05-26
The malware pairs remote access capabilities with ready-made campaign tools, lowering the barrier for full device compromise
- Foul play: Fake FIFA websites target soccer fans looking for World Cup tickets, merchandiseon 2026-05-22
Watch out for bogus World Cup websites that mimic official ticket and merchandise flows to steal money and personal data
Schneier on Security – A blog covering security and security technology
- Hacking Meta’s AI Chatboton 2026-06-04
Hackers are convincing Meta’s AI support chatbot to let them take over other peoples’ accounts: A video posted on X showed the step-by-step process to hack someone’s Instagram account. The hacker allegedly used a VPN to spoof the targets’ presumed location to avoid triggering Instagram’s automated account protections. Then, the hacker […]
- AI Used to Decrypt Medieval Cipherson 2026-06-03
Researchers are using machine learning algorithms to decrypt historical pencil-and-paper ciphers.
- The Intersection of Encryption and AIon 2026-06-02
As part of their 20th Anniversary celebration, Dark Reading asked five cybersecurity industry leaders who wrote blogs or columns for them over the years to select their favorite piece and share their reflections on the topic today. This is my section. Renowned technologist and author Bruce Schneier contributed a column on June 20, 2010, warning […]
- Microsoft Threatening Security Researcheron 2026-06-02
An anonymous security researcher called “Nightmare Eclipse” has been publishing a series of significant security exploits against Microsoft Windows—including one that breaks BitLocker. Microsoft has threatened legal action against the researcher. Lots of recriminations are being traded back and forth.
- Vulnerability Disclosure in the Age of AIon 2026-06-01
New article: “Responsible Disclosure in the Age of AI: A Call for Urgent Action,” by Melissa Hathaway. Abstract: Artificial intelligence is fundamentally reshaping the balance between vulnerability discovery and remediation. Frontier AI models are now capable of autonomously identifying exploitable software vulnerabilities at unprecedented […]
- Friday Squid Blogging: Another Squidon 2026-05-29
Someone named “Squid” seems to be a “West Country legend.” As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Blog moderation policy.
Lohrmann on Cybersecurity – Government Technology RSS Feed
- No Longer Invisible: When Cyber Attacks Go Physicalon 2026-05-31
Critical infrastructure cyber attacks are increasing in the U.S. — and they’re changing in nature. Here are some examples and the top trends from the first half of 2026.
- How New College Grads Can Succeed in an AI Economyon 2026-05-24
It’s graduation season, and people entering the workforce now can turn the 2026 hiring slowdown into a career launchpad using practical skills — and some surprising suggestions.
- Protecting People and Infrastructure: A 2026 World Cup Security Previewon 2026-05-17
Expert insights on guarding digital ecosystems, managing vendor risks and ensuring public safety during the world’s largest sporting event.
- ‘CI Fortify’ Is the New Road Map for State and Local Resilienceon 2026-05-10
In light of increasing international cyber threats, CISA unveiled “CI Fortify” to help secure critical infrastructure. Here’s what you need to know.
- A Tale of Two States: The 2026 Cybersecurity Paradoxon 2026-05-03
The cyber threat outlooks from CIOs and CISOs at the NASCIO Midyear Conference in Philadelphia ranged from the good to the bad to the ugly — with AI front and center.
- The Great Stay: Why Tech Talent Is Choosing Stability Over Salaryon 2026-04-26
How mass layoffs and economic anxiety have upended the talent war, turning “job hugging” into the public sector’s greatest opportunity to fill open tech positions.
#StayVigilant
#StaySafe
#LookOutForEachOther