<<Page Under Construction 😉 >>
What does RSS even mean? RSS stands for “Really Simple Syndication”, which is a standardized system for the distribution of content from an online publisher to Internet users.
What this really means is that below, you’ll find some news feeds that I’ve chosen to follow on this page. I’m not responsible for the content, but I have tried to focus the sources to be interesting to Cybersecurity and Information Security professionals. Or, anyone who is interested in those topics. Or, anyone at all who would like to read them.
If you’re the author of a feed, or have a suggestion on one I should add to this page, please drop me a note!
General Cyber News Feeds
Forbes – Cybersecurity News
ZDNet – Security News
KrebsOnSecurity – In-depth Security News and Investigation
CSO Online, from IDG – Hottest Topics on Cyber and Security
The Hacker News – Cybersecurity News and Analysis
The Guardian – Data and Security
Threatpost – First Stop for Security News
Dark Reading – Connecting the Information and Security Community
SANS Institute – Security Awareness Tip of the Day
Help Net Security – Daily infosec news with a focus on enterprise security
IT Security Central – User Activity Monitoring | DLP | Employee Productivity
TechRepublic – Straight up Security
WeLiveSecurity – News, views, and insight from the ESET security community
Schneier on Security – A blog covering security and security technology
Lohrmann on Cybersecurity – Government Technology RSS Feed
Forbes – Cybersecurity News
- Feed has no items.
ZDNet – Security News
- Feed has no items.
Krebs On Security – In-depth Security News and Investigation
- Scattered Spider Hackers Plead Guilty on Day 1 of Trial
on 2026-06-23Two men pleaded guilty in the United Kingdom this week to criminal charges stemming from an August 2024 cyberattack that crippled Transport for London, the entity responsible for the public transport network in the Greater London area. The duo were key members of a prolific cybercrime group known as Scattered Spider, and their guilty pleas came on […]
- ‘Popa’ Botnet Linked to Publicly-Traded Israeli Firm
on 2026-06-18For the past four years, a sprawling Android-based botnet called Popa has forced millions of consumer TV boxes to relay Internet traffic linked to advertising fraud, account takeovers, and mass data-scraping efforts. This week, researchers from multiple security firms concluded that the Popa botnet is linked to NetNut, a "residential proxy" […]
- Who Runs the Ransomware Group ‘The Gentlemen?’
on 2026-06-10A cybercrime group known as The Gentlemen has emerged as the second most active ransomware gang by victim count, rapidly attracting a talented pool of hackers through an aggressive recruitment strategy that promises affiliates 90 percent of any ransom paid by victims. This post examines clues pointing to a real life identity for the administrator […]
- A Record-Breaking Patch Tuesday for June 2026
on 2026-06-09Microsoft today released software updates to plug nearly 200 security holes across its Windows operating systems and supported software, a record number of fixes for the company's monthly Patch Tuesday cycle. Nearly three dozen of those bugs earned Microsoft's most dire "critical" rating, and exploit code for at least three of the weaknesses is […]
- Hackers Used Meta’s AI Support Bot to Seize Instagram Accounts
on 2026-06-01The Instagram accounts for the Obama White House and the Chief Master Sergeant of the U.S. Space Force were briefly defaced with pro-Iranian images and messages over the weekend, after instructions began circulating on Telegram showing how to trick Meta's "AI support assistant" bot into resetting account passwords.
- Netherlands Seizes 800 Servers, Arrests 2 for Aiding Cyberattacks
on 2026-05-25Authorities in the Netherlands have arrested the co-owners of two related Internet hosting companies for operating IT infrastructure used by Russia to carry out cyberattacks, influence operations and disinformation campaigns inside the European Union. The two men were the focus of a 2025 KrebsOnSecurity story about how their hosting companies had […]
CSO Online, from IDG – Hottest Topics on Cyber and Security
- Feed has no items.
The Hacker News – Cybersecurity News and Analysis
- CISA Warns Critical Lantronix EDS5000 Flaw Is Being Actively Exploited
on 2026-06-24 by info@thehackernews.com (The Hacker News)The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday warned of active exploitation of a critical security flaw impacting Lantronix EDS5000 Series devices, urging Federal Civilian Executive Branch (FCEB) agencies to apply the fixes by June 26, 2026. The vulnerability in question is CVE-2025-67038 […]
- Amadey and StealC Malware Network Disrupted, 27M Stolen Credentials Recovered
on 2026-06-24 by info@thehackernews.com (The Hacker News)A coordinated law enforcement operation, in partnership with private sector companies, including Bitdefender, Bitsight, ESET, and Microsoft, has resulted in the takedown of criminal infrastructure powering Amadey and StealC. "The main common goal was to disrupt the 'assembly lines' cybercriminals use to launch ransomware, […]
- Cordyceps CI/CD Flaws Expose 300+ GitHub Repositories to Supply-Chain Attacks
on 2026-06-24 by info@thehackernews.com (The Hacker News)Cybersecurity researchers have flagged a new class of CI/CD workflow weakness that allows attackers to hijack workflows and compromise open-source supply chains. The "critical exploitable pattern" has been codenamed Cordyceps by Novee Security. The issue can allow full attacker control of repositories at dozens of the […]
- Dawn of the Apex Agentic Adversary
on 2026-06-24 by info@thehackernews.com (The Hacker News)We are standing at the end of an era we never thought to mourn: the era of human-speed threats. For years, cybersecurity moved to a rhythm organizations could follow. A researcher found a bug, a CVE was cataloged, a vendor navigated a patch cycle, and weeks or even months later, a fix was deployed. In this era, dwell time […]
- DoJ Seizes Huione Cloud Account Tied to Cyber Scam Money Laundering
on 2026-06-24 by info@thehackernews.com (The Hacker News)The U.S. Department of Justice (DoJ) on Tuesday announced the seizure of a cloud computing account put to use by subsidiaries of Cambodia-based corporate conglomerate HuiOne Group, as the Treasury unveiled fresh sanctions against nine individuals and 26 entities linked to Prince Group. "These subsidiaries are alleged to […]
- Cisco Unified CM Flaw Exploited After PoC Reveals File-Write Path to Root
on 2026-06-24 by info@thehackernews.com (The Hacker News)Threat actors have begun to exploit a recently disclosed critical security flaw impacting Cisco Unified Communications Manager (Unified CM) and Unified Communications Manager Session Management Edition (Unified CM SME). The vulnerability, tracked as CVE-2026-20230 (CVSS score: 8.6), is a case of improper input validation […]
The Guardian – Data and Security
- Feed has no items.
Threatpost – First Stop for Security News
- Student Loan Breach Exposes 2.5M Records
on 2022-08-31 by Nate Nelson2.5 million people were affected, in a breach that could spell more trouble down the line.
- Watering Hole Attacks Push ScanBox Keylogger
on 2022-08-30 by Nate NelsonResearchers uncover a watering hole attack likely carried out by APT TA423, which attempts to plant the ScanBox JavaScript-based reconnaissance tool.
- Tentacles of ‘0ktapus’ Threat Group Victimize 130 Firms
on 2022-08-29 by Nate NelsonOver 130 companies tangled in sprawling phishing campaign that spoofed a multi-factor authentication system.
- Ransomware Attacks are on the Rise
on 2022-08-26 by Nate NelsonLockbit is by far this summer’s most prolific ransomware group, trailed by two offshoots of the Conti group.
- Cybercriminals Are Selling Access to Chinese Surveillance Cameras
on 2022-08-25 by Nate NelsonTens of thousands of cameras have failed to patch a critical, 11-month-old CVE, leaving thousands of organizations exposed.
- Twitter Whistleblower Complaint: The TL;DR Version
on 2022-08-24 by ThreatpostTwitter is blasted for security and privacy lapses by the company’s former head of security who alleges the social media giant’s actions amount to a national security risk.
Dark Reading – Connecting the Information and Security Community
- Feed has no items.
SANS Institute – Security Awareness Tip of the Day
- Feed has no items.
Help Net Security – Daily infosec news with a focus on enterprise security
- Law enforcement hits StealC and Amadey malware networkson 2026-06-24 by Zeljka Zorz
Operation Endgame, the largest international law enforcement operation aimed at disrupting ransomware and cybercrime infrastructure across the world, has claimed its latest targets: StealC and Amadey. The notice on disrupted websites (Source: Microsoft) While developed by separate criminal groups, those two malware families work in tandem to […]
- Algerian national accused of running cybercrime marketplaces extradited to USon 2026-06-24 by Sinisa Markovic
An Algerian national accused of running online marketplaces that sold phishing kits and fraud tools has been extradited from Spain to the United States to face bank fraud conspiracy charges. The post Algerian national accused of running cybercrime marketplaces extradited to US appeared first on Help Net Security.
- Anthropic’s Claude Tag gives AI agents independent identitieson 2026-06-24 by Anamarija Pogorelec
Anthropic introduced an agent identity model for Claude Tag, its AI assistant designed for team collaboration in shared workspaces. The model gives Claude its own identity, permissions, and tool access, configured by administrators and tied to a workspace or channel. Because Claude does not rely on individual user credentials, access remains […]
- Phishing attack on healthcare firm Xsolis impacts 1.4 million peopleon 2026-06-24 by Sinisa Markovic
Healthcare technology company Xsolis confirmed that a phishing attack resulted in unauthorized access to its network. The company develops AI-powered software for hospitals, health systems, and health plans and serves more than 600 hospitals and health insurers. “On January 22, 2026, Xsolis became aware of unauthorized activity impacting a […]
- SuperOps and Guardz bundle IT operations and security into one product for MSPson 2026-06-24 by Industry News
SuperOps and Guardz announced a strategic partnership, combining their platforms into a single bundled offering for managed service providers (MSPs). The package brings professional services automation (PSA), remote monitoring and management (RMM), mobile device management (MDM), and agentic security operations into one purchase. Both companies […]
- Cisco Unified CM flaw actively exploited to drop webshells (CVE-2026-20230)on 2026-06-24 by Zeljka Zorz
CVE-2026-20230, a server-side request forgery (SSRF) vulnerability affecting Cisco’s Unified Communications Manager (Unified CM), is being exploited to drop webshells and achieve remote code execution capability on the underlying server. “Our honeypots are seeing automated sweeps dropping webshells, all via Tor,” threat intelligence firm […]
IT Security Central – User Activity Monitoring | DLP | Employee Productivity
- Feed has no items.
TechRepublic – Straight up Security
- Healthcare Vendor Xsolis Reports Breach Affecting 1.4M Peopleon 2026-06-24 by Liz Ticong
Xsolis confirmed a healthcare data breach affecting nearly 1.4 million people after a phishing attack exposed health and identity data. The post Healthcare Vendor Xsolis Reports Breach Affecting 1.4M People appeared first on TechRepublic.
- Apple’s £3B iCloud Lawsuit Could Affect 40M UK Userson 2026-06-24 by Joseph Ofonagoro
Apple lost a bid to narrow a UK iCloud lawsuit from Which?, keeping a £3 billion competition claim on track for an October 2028 trial. The post Apple’s £3B iCloud Lawsuit Could Affect 40M UK Users appeared first on TechRepublic.
- LastPass Confirms Vendor Breach Exposed Customer Contact, Support Dataon 2026-06-24 by Aminu Abdullahi
LastPass said customer contact and support data were exposed after attackers used stolen Klue OAuth tokens to access its Salesforce environment and CRM records. The post LastPass Confirms Vendor Breach Exposed Customer Contact, Support Data appeared first on TechRepublic.
- Anthropic Launches Claude Tag, Bringing AI Agents Into Slackon 2026-06-24 by Kezia Jungco
Anthropic launched Claude Tag in Slack, giving enterprise teams an AI agent with shared context, admin controls, logs, and spend limits. The post Anthropic Launches Claude Tag, Bringing AI Agents Into Slack appeared first on TechRepublic.
- Madison Square Garden Hack Exposes 26 Million Visitor Recordson 2026-06-24 by Liz Ticong
Madison Square Garden faces a 26M-record hack tied to visitor data, facial recognition, and security records from its venue operations, with fallout from the leak. The post Madison Square Garden Hack Exposes 26 Million Visitor Records appeared first on TechRepublic.
- Tata Electronics Leak Exposes 200,000 Files, Including Apple and Tesla Documentson 2026-06-23 by Joseph Ofonagoro
Tata Electronics is investigating a cyber incident after leaked files reportedly included manufacturing documents for Apple and Tesla. The post Tata Electronics Leak Exposes 200,000 Files, Including Apple and Tesla Documents appeared first on TechRepublic.
WeLiveSecurity – News, views, and insight from the ESET security community
- ESET takes part in Operation Endgame to disrupt Amadey and Stealcon 2026-06-24
ESET researchers assisted in the global disruption of the Amadey botnet and Stealc infostealer, providing technical analysis, infrastructure tracking, and affiliate-level insights
- Killing me gently: Inside Gentlemen’s EDR killer frameworkon 2026-06-18
ESET Research shares the results of a months-long investigation into the suite of EDR killers maintained by the RaaS gang Gentlemen
- Protecting legacy OT systems against modern cyberthreatson 2026-06-17
Many manufacturing plants depend on OT systems that stay in service for many years. That long run can hide significant cybersecurity risks.
- FishMonger’s arsenal upgraded: SprySOCKS for Windowson 2026-06-16
ESET researchers have discovered SprySOCKS for Windows, FishMonger’s backdoor weaponizing a kernel driver for advanced stealthiness
- EvilTokens: A phishing attack that doesn’t steal your passwordon 2026-06-15
A phishing kit subverting Microsoft’s legitimate authentication flow lets attackers break into accounts without stealing passwords or creating fake login pages
- OceanLotus: From external espionage to domestic targetingon 2026-06-11
A shift in operational pattern of the infamous Vietnam-aligned APT group
Schneier on Security – A blog covering security and security technology
- Embedding Forbidden Text in Spyware to Discourage AI Analysison 2026-06-24
At least one malware developer is adding text about nuclear and biological weapons to their spyware, in an effort to stop automatic AI analysis. Details: The _index.js payload begins with a large JavaScript block comment containing fake system instructions and policy-triggering content. Because it is inside a comment, it does not affect JavaScript […]
- Anthropic’s Fable 5 Model Jailbroken Within Dayson 2026-06-23
Fable 5 is the supposed safe version of Anthropic’s Mythos Preview, with guardrails to ensure that it can’t be used to create cyberattacks. Well, that restriction was bypassed within days.
- Professional Athletes and Wearableson 2026-06-22
I haven’t thought about the privacy issues surrounding professional athletes and wearables. Wearables present serious privacy issues for “Average Joe” consumers, who are entrusting tech companies to safely store and protect their biometric data. Imagine the stakes for a professional athlete, whose entire livelihood could be affected by a […]
- Friday Squid Blogging: Victims of Unregulated Squid Fishingon 2026-06-19
Dolphins, sharks, turtles, and human workers are all victims of unregulated squid fishing fleets. Another news article. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Blog moderation policy.
- Anthropic’s Fable and the State of AIon 2026-06-19
On June 9th, Anthropic released its Fable generative AI model. Three days later, the US government classified it as a dangerous munition, and used its export-control authority to prohibit any foreign nationals from accessing it. Unable to differentiate between Americans and foreigners, the company shut off access for everyone. The government’s […]
- Embedding Forbidden Text in Spyware to Discourage AI Analysison 2026-06-18
At least one malware developer is adding text about nuclear and biological weapons to their spyware, in an effort to stop automatic AI analysis. Details: The _index.js payload begins with a large JavaScript block comment containing fake system instructions and policy-triggering content. Because it is inside a comment, it does not affect JavaScript […]
Lohrmann on Cybersecurity – Government Technology RSS Feed
- AI, Mind Reading and Microchip Brain Implantson 2026-06-21
How neurotech advancements and new state laws are shaping the future of human-machine interfaces.
- The Global State of Technology Risk in 2026on 2026-06-14
A leadership guide to trust, governance and workforce evolution in a rapidly shifting technology landscape.
- The Mythos Race: Trump’s New EO and Glasswing’s Expansionon 2026-06-07
A roundup of headline AI developments from this past week is warranted, as fast-moving decisions from the White House to Anthropic demand immediate attention. Plus, a look at what may be the AI metric that matters most.
- No Longer Invisible: When Cyber Attacks Go Physicalon 2026-05-31
Critical infrastructure cyber attacks are increasing in the U.S. — and they’re changing in nature. Here are some examples and the top trends from the first half of 2026.
- How New College Grads Can Succeed in an AI Economyon 2026-05-24
It’s graduation season, and people entering the workforce now can turn the 2026 hiring slowdown into a career launchpad using practical skills — and some surprising suggestions.
- Protecting People and Infrastructure: A 2026 World Cup Security Previewon 2026-05-17
Expert insights on guarding digital ecosystems, managing vendor risks and ensuring public safety during the world’s largest sporting event.
#StayVigilant
#StaySafe
#LookOutForEachOther