Security News

Morningstar Security News gathers all the most popular infosec and cyber security news headlines into a single page that auto-updates 24/7.

Vulnerabilities

Reversing/I like ASM

Locks/Social Engineering

Mainstream Media

Thirsty for more

Security Twitterverse

Most Popular Security News

PacketStorm

The Register

Hundreds of Dutch medical records bought for pocket change at flea market

London celebrity talent agency reports itself to ICO following Rhysida attack claims

Healthcare outfit that served military personnel settles allegations it faked infosec compliance for $11M

Palo Alto firewalls under attack as miscreants chain flaws for root access

Snake Keylogger slithers into Windows, evades detection with AutoIt-compiled payload

US newspaper publisher uses linguistic gymnastics to avoid saying its outage was due to ransomware

FreSSH bugs undiscovered for years threaten OpenSSH security

Time to make C the COBOL of this century

Indian authorities seize loot from collapsed BitConnect crypto scam

XCSSET macOS malware returns with first new version since 2022

Loken: An easy interactive way to better looking websites

Twin Google flaws allowed researcher to get from YouTube ID to Gmail address in a few easy steps

Reddit - NetSec

Bleeping Computer

The Hacker News

Hackers Exploit Signal's Linked Devices Feature to Hijack Accounts via Malicious QR Codes

New Snake Keylogger Variant Leverages AutoIt Scripting to Evade Detection

The Ultimate MSP Guide to Structuring and Selling vCISO Services

Trojanized Game Installers Deploy Cryptocurrency Miner in Large-Scale StaryDobry Attack

CISA Adds Palo Alto Networks and SonicWall Flaws to Exploited Vulnerabilities List

New OpenSSH Flaws Enable Man-in-the-Middle and DoS Attacks — Patch Now

Chinese Hackers Exploit MAVInject.exe to Evade Detection in Targeted Cyber Attacks

New FrigidStealer Malware Targets macOS Users via Fake Browser Updates

Juniper Session Smart Routers Vulnerability Could Let Attackers Bypass Authentication

Debunking the AI Hype: Inside Real Hacker Tactics

Winnti APT41 Targets Japanese Firms in RevivalStone Cyber Espionage Campaign

New Xerox Printer Flaws Could Let Attackers Capture Windows Active Directory Credentials

Threat Wire

Exploits

Exploit-DB Local and Privilege Escalation

Exploit-DB DoS

Exploit-DB Shellcode

Exploit-DB Papers

Exploit-DB Remote

Exploit-DB Webapps

Packetstorm Files

LiveOverflow

Bug Bounties

HackerOne Blog

A New Approach to Proving Cybersecurity Value (That Isn’t ROI)

Celebrating 10 Years of Partnership: Snap and HackerOne Reach $1M in Bounties

Gain Actionable, Data-backed Insights with HackerOne Recommendations

Welcome, Hackbots: How AI Is Shaping the Future of Vulnerability Discovery

DORA Compliance Is Here: What Financial Entities Should Know

The HackerOne Cake Story

What Will a New Administration and Congress Mean for Cybersecurity and AI Regulation?

How HackerOne Reinvented Security for Developers

Hope in the Fight Against Cyber Threats: A New Year’s Message to CISOs

Reddit - BugBounty

Portswigger

Why it's time for AppSec to embrace AI: How PortSwigger is leading the charge

The future of security testing: harness AI-Powered Extensibility in Burp 🚀

The complexities of scaling AppSec teams and how to address them in 2025

Make Burp Suite your own: high-powered extensibility to customize and enhance your testing. 🛠️

Vulnerabilities

Full Disclosure

Re: Netgear Router Administrative Web Interface Lacks Transport Encryption By Default

Monero 18.3.4 zero-day DoS vulnerability has been dropped publicly on social network.

Netgear Router Administrative Web Interface Lacks Transport Encryption By Default

[CVE-2024-54756] GZDoom <= 4.13.1 Arbitrary Code Execution via Malicious ZScript

KL-001-2025-002: Checkmk NagVis Remote Code Execution

KL-001-2025-001: Checkmk NagVis Reflected Cross-site Scripting

APPLE-SA-01-30-2025-1 GarageBand 10.4.12

Re: Text injection on https://www.google.com/sorry/index via ?q parameter (no XSS)

Xinet Elegant 6 Asset Lib Web UI 6.1.655 / SQL Injection / Exploit Update Python3

Quorum onQ OS - 6.0.0.5.2064 | Reflected Cross Site Scripting (XSS) | CVE-2024-44449

Deepseek writes textbook insecure code in 2025-01-28

Text injection on https://www.google.com/sorry/index via ?q parameter (no XSS)

NIST National Vulnerability Database

5th High-Performance Computing Security Workshop new

Open Industrial Digital Ecosystem Summit new

macOS Security Compliance Project Developer Conference new

Workshop on Foundational Cybersecurity Activities for IoT Device Manufacturers new

Exploit Dev

Reddit - Exploit Dev

Source Incite

Remote Code Execution with Spring Properties

Google Project Zero

Windows Exploitation Tricks: Trapping Virtual Memory Access (2025 Update)

Windows Bug Class: Accessing Trapped COM Objects with IDispatch

The Windows Registry Adventure #5: The regf file format

The Qualcomm DSP Driver - Unexpectedly Excavating an Exploit

Windows Tooling Updates: OleView.NET

Security Researchers

Secure Enclaves for Offensive Operations (Part I)

Senior researcher Noura Aljizawi delivers testimony before the Standing Committee on Foreign Affairs and International Development

Sending Billions of Daily Requests Without Breaking Things with our Rate Limiter

How to Prevent a Subdomain Takeover in Your Organization

Reversing/I like ASM

Reddit - Reverse Engineering

Ghidra 11.3.1 has been released!

Z x86_64 Linux Anti-Anti-Debugger: Bypass Anti-Debugging in Protected Binaries with User-Supplied LD_PRELOAD Libraries

Everyday Ghidra: How Platform Choice Influences Ghidra’s Binary Analysis

A HuggingFace space for testing the LLM4Decompile 9B V2 model for refining Ghidra decompiler output

ImHex - A Binary Data Reverse Engineering Toolkit | New v1.37.X Release with HiDPI support and tons of other UX improvements

Arechclient2 (sectopRAT) Analysis – A Highly Obfuscated .NET RAT with Malicious Chrome Extension

An introduction to LLVM IR

Debugging An Undebuggable App

New Java Runtime Reverse Engineering Tool (Injected DLL, Runtime Bytecode & Heap Analysis)

BinaryNinja PE ARM64EC Support

Supersight: Mod for DOS game stunts that increasing the field of view

A Practical Look at Windows Kernel Mode Shadow Stacks and the Secure Kernel [YouTube]

Reddit - Game Hacks

Reddit - REGames

StackExchange - ReverseEngineering

Programmatically map machine code bits to opcode and operands?

Off-By-One handler addresses for ARM Coretex ISR tables

Need help reverse engineering a website

Applying right offsets of Android Native Code in Ghidra

How to decomplie and show all nested functions in IDA?

How to Secure .NET 8 MVC Project When Converting to a Desktop App with Electron.NET?

Change default Chinese fonts into Kaiti in Android: What and where to add or replace?

Is it okay to reverse engineer a game?

Linux executable file decryption [closed]

Has anyone done a binary analysis on DeepSeek R1 Model on ollama? any obfuscate code or security concerns?

Renaming ordinal exported functions in a multi file ghidra project

Extracting & Parsing Information from a Captured Packet

Guided Hacking

Malware/APT

Reddit - Malware

Unit42

Multiple Vulnerabilities Discovered in NVIDIA CUDA Toolkit

Stealers on the Rise: A Closer Look at a Growing macOS Threat

Recent Jailbreaks Demonstrate Emerging Threat to DeepSeek

CL-STA-0048: An Espionage Operation Against High-Value Targets in South Asia

Threat Brief: CVE-2025-0282 and CVE-2025-0283 (Updated Jan. 17)

One Step Ahead in Cyber Hide-and-Seek: Automating Malicious Infrastructure Discovery With Graph Neural Networks

Bad Likert Judge: A Novel Multi-Turn Technique to Jailbreak LLMs by Misusing Their Evaluation Capability

Now You See Me, Now You Don’t: Using LLMs to Obfuscate Malicious JavaScript

Effective Phishing Campaign Targeting European Companies and Organizations

LDAP Enumeration: Unveiling the Double-Edged Sword of Active Directory

Dirty DAG: New Vulnerabilities in Azure Data Factory’s Apache Airflow Integration

Crypted Hearts: Exposing the HeartCrypt Packer-as-a-Service Operation

Crypto

Reddit - Crypto

StackExchange - Crypto

On the distribution of the Cramer-Shoup keys, if $g_2$ is not a generator

Is the Vigenère Cipher unbreakable if random passwords are being encoded?

Weak public keys in Kyber kem

Proving pseudo-random generator given a pseudo-random generator

Encrypting a handshake with a PSK?

HELib Number Theoretic Transform

Choosing a place to publish my encrypted communication method [closed]

For block ciphers, does a key and input of all zeros lead to a specific collision?

Which of the following is NOT a

Running key variant

forgotten .pdf password [closed]

Does using stream/block ciphers as PRNGs require a key and a initialization vector?

Seytonic

Podcasts

Security Weekly

Prompt Injection, CISA, Patch Tuesday - PSW #861

Deepseek, AMD, and Forgotten Buckets - PSW #860

Cred Vaults, Cheap AI, and Hacking Devices - Matt Bishop - PSW #859

Vulnerability Prioritization In The Real World - Andy Jaquith - PSW #858

Stopping The Bad Things - Rob Allen - PSW #857

Threat Actors With A Thousand Names - PSW #856

Hacker Heroes - Haroon Meer - PSW Vault

When Public Payphones Become Smart Phones - Inbar Raz - PSW #855

Navigating Regulations in Supply Chain Security - Eric Greenwald - PSW #854

Hacker Gadgets - PSW #853

Hacker Heroes - Aaron Turner - PSW Vault

Risky.Biz

Risky Business #780 -- ASD torched Zservers data while admins were drunk

Risky Business #778 -- Musk's child soldiers seize control of FedGov IT systems

Risky Business #777 -- It's SonicWall's turn

Risky Business #776 -- Trump will flex American cyber muscles

Risky Biz Soap Box: Cool compliance tricks with the Island enterprise browser

Risky Business #775 -- Cl0p is back, SEC hack disclosures disappoint

Wide World of Cyber: SentinelOne's Chris Krebs on Chinese cyber operations

Risky Business #774 -- Cleo file transfer appliances under widespread attack

Risky Biz Soapbox: Enterprise Yubikeys can now be pre-registered

Risky Business #773 -- Cybercriminals are dropping like flies in Russia

Risky Business #772 -- Salt Typhoon is truly a national security disaster

The CyberWire

PAN-ic mode: The race to secure PAN-OS.

LIVE! From Philly [Threat Vector]

Maria Thompson-Saeb: Be flexible and make it happen. [Program Management] [Career Notes]

Bot or not? The fake CAPTCHA trick spreading Lumma malware. [Research Saturday}

AI’s blind spots need human eyes.

Avi Shua: Try to do things by yourself. [CEO] [Career Notes]

Cleo’s trojan horse. [Research Saturday]

DOGE-eat-DOGE world.

FCC around and find out.

DOGE days numbered?

A wolf in DOGE’s clothing?

Federal agencies in power struggle crossfire.

Cyber Security Interviews

ISC Daily Stormcast

SANS Stormcast Tuesday Feb 19th: ModelScan AI Model Security; OpenSSH Vuln; Juniper Patches; Dell BIOS Vulnerability

SANS Stormcast: Securing the Edge; PostgreSQL Exploit; Ivanti Exploit; WinZip Vulnerablity; Xerox Patch

SANS Stormcast Monday Feb 17th: Fake BSOD; Volatile IPs; Postgresql libpq SQL Injection; OAUTH Phishing

SANS Stormcast Feb 14th 2025: DShield Honeypot SIEM; PAN OS Auth Bypass; Salt Typhone vs. Cisco; Crowdstrike Patch

SANS Internet Stormcast Feb 10th 2025: Podcast Anniversary; SSL 2.0; Exposed Deepseek Installs; Crypto Scam costs

Darknet Diaries

154: Hijacked Line

153: Bike Index

152: Stacc Attack

Threat Intel

Reddit - Onions

HaveIBeenPwned

Storenvy - 11,052,071 breached accounts

Doxbin (TOoDA) - 136,461 breached accounts

Zacks (2024) - 11,994,223 breached accounts

LandAirSea - 337,373 breached accounts

Adopt Me Trading Values - 86,136 breached accounts

Youthmanual - 937,912 breached accounts

Thermomix Recipe World Forum - 3,123,439 breached accounts

Hakko Corporation - 9,665 breached accounts

PoinCampus - 89,116 breached accounts

1win - 96,166,543 breached accounts

DragonNest - 511,290 breached accounts

9Lives - 109,515 breached accounts

Privacy/VPNs

Slashdot - Rights

AI 'Hallucinations' in Court Papers Spell Trouble For Lawyers

Nearly 10 Years After Data and Goliath, Bruce Schneier Says: Privacy's Still Screwed

DeepSeek Removed from South Korea App Stores Pending Privacy Review

California Considers Taking Over Some Oil Refineries

Lawsuit Accuses Meta Of Training AI On Torrented 82TB Dataset Of Pirated Books

Alleged 'CEO Shooter' Luigi Mangione Raises $297K Online

The IRS Is Buying an AI Supercomputer From Nvidia

News Orgs Say AI Firm Stole Articles, Spit Out 'Hallucinations'

US Releases Russian Cybercriminal As Part of Prisoner Swap

Nintendo Patent Push Against Hit Game Palworld Hits Roadblock in US

Elizabeth Holmes Breaks Her Silence In First Interview From Prison

Woeful Security On Financial Phone Apps Is Getting People Murdered

Reddit - Privacy

Reddit - VPN

PrivacyTools.io

EFF

EFF and Repro Uncensored Launch #StopCensoringAbortion Campaign

Stop Censoring Abortion: The Fight for Reproductive Rights in the Digital Age

Saving the Internet in Europe: Defending Privacy and Fighting Surveillance

Crimson Memo: Analyzing the Privacy Impact of Xianghongshu AKA Red Note

Alaa Abd El Fattah's Mother, Laila Soueif, Calls on UK Government to Help as She Continues Hunger Strike

The UK's Demands for Apple to Break Encryption Is an Emergency for Us All

EFF to Ninth Circuit: Young People Have a First Amendment Right to Use Social Media (and All of Its Features)

EFF Applauds Little Rock, AR for Cancelling ShotSpotter Contract

Protecting Free Speech in Texas: We Need To Stop SB 336

Closing the Gap in Encryption on Mobile

Paraguay’s Broadband Providers Continue to Struggle to Attain Best Practices at Protecting Users’ Data

Victory! EFF Helps Defeat Meritless Lawsuit Against Journalist

Help Wanted

Reddit - AskNetSec

Reddit - Netsec Students

Stackoverflow - Security

Can I put SELECT queries as data on a dimension (Data Warehouse) and use a SP to iterate the dimension and generate FACT_ data?

Python SQL Injection Script on WebGoat Always Redirects to Login Page

How to properly store Logged-In user data in HttpSession in spring Boot?

How can I grant a user permission to manage an SQL Server Agent job if they are not a member of the sysadmin role?

Malicious file upload using double extensions

Integrate Google Security Command Centre premium with JIRA [closed]

I wanted to learn Cyber security from basic to advanced [closed]

Is there anything else that I can do resolve this error in SQL Server 2019 [closed]

I have this error in the browser as well as in postman

Basic auth application - public or private login endpoint for first call

AWS Inspector Reporting Vulnerabilities in Unused Maven Dependencies (META-INF/maven) - How to Handle?

I accidentally did an npm install on reacct-dom instead of react-dom. What should I do?

Stack Exchange

Government Website Backend [closed]

What kind of game is this?

How to use character sets to limit the search space in hashcat?

Clarifying BitLocker Full Disk Encryption and the role of TPM

Card number I'll buy!

Is it bad practice to state the purpose of a verification code?

Are repeated (daily and global) attempts to access my email address unusual?

How does Bob trust that X is a physical fingerprint of Alice?

BSOD Kernel Security + Corrupt BIOS Update [closed]

How safe are password generator sites for htaccess

Locks/Social Engineering

Reddit - Lockpicking

Reddit - Social Engineering

Hak5

Security Blogs

Dark Reading

Securelist

Spam and phishing in 2024

StaryDobry ruins New Year’s Eve, delivering miner instead of presents

HITB News

Found on VirusTotal: The world’s first UEFI bootkit for Linux

OpenAI is at war with its own Sora video testers following brief public leak

North Korean hackers posing as IT workers steal over $1B in cyberattack

The RISKS Digest

DeepSeek redefines who'll control AI

Ex-Google boss fears AI could be used by terrorists

Dear, did you say pastry? meet the AI granny driving scammers up the wall

AI chatbots unable to accurately summarise news

AI can now replicate itself -- a milestone that has experts terrified

ChatGPT may not be as power-hungry as once assumed

The Government's Computing Experts Say They're Terrified

Government Accountability Office report on IT challenges

Lies, Damned Lies and Trumpflation

No squirrels? Monkeys will do!

Hollywood writers say AI is ripping off their work. They want studios to sue

Canadian residents are racing to save the data in Trump's crosshairs

Kaspersky Blog

Adam Shostack & friends

A New Hope for Threat Modeling, on The CyberTuesday Podcast

Blackhat and Human Factors

Appsec Roundup - Jan 2025

The Birth of the CVE System, on Hackers To Founders

Hoarding, Debt and Threat Modeling

National Cyber Incident Response Plan comments

Spatial Reasoning and Threat Modeling

Handling Pandemic-Scale Cyber Threats: Lessons from COVID-19

Lessons for Cybersecurity from the American Public Health System

Who Are 'We?' Power Centers in Threat Modeling

Appsec Roundup - Dec 2024

A Different Hackathon Design?

Graham Cluley

Smashing Security podcast #403: Coinbase crypto heists, QR codes, and ransomware in the classroom

Man sentenced to 7 years in prison for role in $50m internet scam

The AI Fix #36: A DeepSeek special

Smashing Security podcast #402: Hackers get hacked, the British Museum IT shutdown, and social media kidnaps

Ex-worker arrested after ‘shutdown’ of British Museum computer systems

The AI Fix #35: Project Stargate, the AI emergency, and batsh*t AI cryonics

Hacked buses blare out patriotic pro-European anthems in Tbilisi, attack government

Be careful what you say about data leaks in Turkey, new law could mean prison for reporting hacks

Smashing Security podcast #401: Hacks on the high seas, and how your home can be stolen under your nose

Half a million hotel guests at risk after hackers accessed sensitive data

The AI Fix #34: Fake Brad Pitt and why AI means we will lose our jobs

Medusa ransomware: what you need to know

Rapid7

Metasploit Weekly Wrap-Up 02/14/2025

Xerox Versalink C7025 Multifunction Printer: Pass-Back Attack Vulnerabilities (FIXED)

Vector Command Opportunistic Phishing Blog

Metasploit Weekly Wrap-Up 02/07/2025

4 Reasons Why MSPs & MSSPs Need to Enhance Attack Surface Management

Take Command | Rapid7’s 2025 Cybersecurity Summit: Own Your Attack Surface on April 9

Introducing the Exposure Management Webinar Series: Commanding Your Attack Surface

Excellence in Leadership: CRN Recognizes Alex Page Among Its 2025 Channel Chiefs

Metasploit Weekly Wrap-Up 01/31/25

Paying It Forward: Giving and Receiving Mentorship in Tech

The 2024 Ransomware Landscape: Looking back on another painful year

Metasploit Weekly Wrap-Up 01/24/2025

Security Bloggers Network

DEF CON 32 – Dysfunctional Unity: The Road To Nowhere

Randall Munroe’s XKCD ‘Archive Request’

From Defense to Offense: Inside-Out Data Security Strategies for CISOs in 2025

Your Social Security Number is on the Dark Web: What Do You Do?

DEF CON 32 – MoWireless MoProblems: Modular Wireless Survey Sys. & Data Analytics

CaaS Surges in 2025, Along With RATs, Ransomware

Flaws in Xerox VersaLink MFPs Spotlight Printer Security Concerns

INE Security’s Cybersecurity and IT Training Enhances Career Stability in Tech

The MSSP Advantage: Elevating Executive Digital Risk Protection in 2025

Everything You Need to Know About PCI DSS 4.0 (with a 2025 Compliance Checklist)

PCI DSS Requirements 6.4.3 and 11.6.1: A Complete Guide to Client-Side Security

DeepSeek App Security Flaws Exposed: How Approov Could Have Averted the Risk

Hacker News (YCombinator) - Security

Bill prohibiting police from lying to children passes Virginia Senate

Multiple Russia-Aligned Threat Actors Actively Targeting Signal Messenger

Multiple Russia-aligned threat actors actively targeting Signal Messenger

Penguins Help to Map Antarctica's Growing Mercury Threat

The 88x31 GIF Collection

Reviewing the Cryptography Used by Signal

The Secret Poker Game You Can Play on the Subway

A secret poker game you can play on the subway

Police arrest apparent leader of cultlike 'Zizian' group linked to killings

Privacy Is Not Dead: Beware the All-or-Nothing Mindset

Word embeddings – Part 3: The secret ingredients of Word2Vec

The secret ingredients of word2vec (2016)

ThreatPost

Hacker Noon #Security

AI Can Outsmart You, and Cybercriminals Know It

Pangea Founder & CEO, Oliver Friedrichs, Answers 10 Questions for Every Startup Founder

Deepfake Porn is Ruining Lives—Can Blockchain Help Stop It?

The TechBeat: How to Scale AI Infrastructure With Kubernetes and Docker (2/19/2025)

Securing Multi-Cloud Environments: Challenges, Solutions, and Best Practices

Intruder Enhances Free Vulnerability Intelligence Platform ‘Intel’ With AI-Generated CVE Description

NakamotoDEX Launches Decentralized Exchange with Bitcoin-Backed Security On The Stacks Blockchain

The Stupidest Requests on the Dark Web Come from Regular People

Valentine Special: Hot or Not? The Unbalanced Scale of Modern Dating

How Software Quality Assurance (SQA) Turns Chaos Into Clean, Reliable Software

Breaking the Chain: How Scribe Security is Redefining Software Supply Chain Protection

Hide and Seek in Memory: Outsmarting Sneaky Malware with Data Magic

digitalmunition

Control C

Wired - Security

A Signal Update Fends Off a Phishing Technique Used in Russian Espionage

Elon Musk’s DOGE Is Being Sued Under the Privacy Act: What to Know

The Official DOGE Website Launch Was a Security Mess

Top US Election Security Watchdog Forced to Stop Election Security Work

The Loneliness Epidemic Is a Security Crisis

China’s Salt Typhoon Spies Are Still Hacking Telecoms—Now by Exploiting Cisco Routers

A Hacker Group Within Russia’s Notorious Sandworm Unit Is Breaching Western Networks

The Murky Ad-Tech World Powering Surveillance of US Military Personnel

US Funding Cuts Are Helping Criminals Get Away With Child Abuse and Human Trafficking

The Rise of the Drone Boats

UK Secret Order Demands That Apple Give Access to Users’ Encrypted Data

ACLU Warns DOGE’s ‘Unchecked’ Access Could Violate Federal Law

Elttam

Abusing Amazon VPC CNI plugin for Kubernetes

PwnAssistant - Controlling /home’s via a Home Assistant RCE

Krebs on Security

How Phished Data Turns into Apple & Google Wallets

Teen on Musk’s DOGE Team Graduated from ‘The Com’

Experts Flag Security, Privacy Risks in DeepSeek AI App

Who’s Behind the Seized Forums ‘Cracked’ & ‘Nulled’?

FBI, Dutch Police Disrupt ‘Manipulaters’ Phishing Gang

Infrastructure Laundering: Blending in with the Cloud

A Tumultuous Week for Federal Cybersecurity Efforts

Chinese Innovations Spawn Wave of Toll Phishing Via SMS

Microsoft: Happy 2025. Here’s 161 Security Updates

A Day in the Life of a Prolific Voice Phishing Crew

U.S. Army Soldier Arrested in AT&T, Verizon Extortions

Happy 15th Anniversary, KrebsOnSecurity!

Naked Security

Sophos Firewall v21 MR1 is now available

Scalable Vector Graphics files pose a novel phishing threat

Sophos Acquires Secureworks

Update: Cybercriminals still not fully on board the AI train (yet)

Beyond the hype: The business reality of AI for cybersecurity

Schneier on Security

Device Code Phishing

Story About Medical Device Security

Atlas of Surveillance

Friday Squid Blogging: Squid the Care Dog

AI and Civil Service Purges

Trusted Execution Environments

Pairwise Authentication of Humans

UK Is Ordering Apple to Break Its Own Encryption

Friday Squid Blogging: The Colossal Squid

Screenshot-Reading Malware

AIs and Robots Should Sound Robotic

On Generative AI Security

Linux Security

Understanding openSUSE Tumbleweed's Shift from AppArmor to SELinux

Open Source AI: Risks & Mitigation Strategies for Security Admins

The Role of Regulation in Open Source AI Development

Confronting a New RCE Security Flaw in Nvidia Container Toolkit for Linux

Balancing Security with Transparency in Open-Source AI

ClatScope: Streamlining OSINT for Security and Linux Admins

Transparency in AI: How Open-Source LLMs Can Prevent Hidden Vulnerabilities

CISA Warns of Exploited Linux Kernel Bug in UVC Driver

Seven-Year-Old RCE Linux Kernel Vuln Threatens Full Systems Compromise

Tails 6.12: An Essential Privacy, Security, and Reliability Upgrade

Firefox 135 Released: Key Updates & Advanced Browser Protection Features

Infrastructure as Code (IaC) Security: Best Practices and Strategies

Security in Mainstream Media

Google News Hacking

Google Cyber Security

New Web Inject Attack Campaigns Targeting MacOS Users To Deploy FrigidStealer Malware - CybersecurityNews

Venture capital firm Insight Partners confirms cyberattack - SC Media

Most MSPs Juggle Too Many Security Tools: How to Protect Without Complexity - Channel E2E

How federal rules on cybersecurity breach transparency for businesses were challenged in court in 2024 - Baker City Herald

3 Cybersecurity Firms Safeguarding the Digital Realm - TradingView

TENB: 3 Cybersecurity Firms Safeguarding the Digital Realm - StockNews.com

Russian CryptoBytes Hackers Exploiting Windows Machines To Deploy UxCryptor Ransomware - CybersecurityNews

How federal rules on cybersecurity breach transparency for businesses were challenged in court in 2024 - AOL

How federal rules on cybersecurity breach transparency for businesses were challenged in court in 2024 - WOKV

KnowBe4 Recognized on CRN's 2025 Security 100 List . - Yahoo Finance

How federal rules on cybersecurity breach transparency for businesses were challenged in court in 2024 - WSB Radio

Securing data at rest on Edge devices with layered protection - Breaking Defense

Thirsty for more

Slashdot

US Army Soldier Pleads Guilty To AT&T and Verizon Hacks

France Runs Fusion Reactor For Record 22 Minutes

Nikola Files for Bankruptcy With Plans To Sell Assets, Wind Down

Apple Launches the iPhone 16E, With In-House Modem and Support For AI

DZone Security

Enhancing Security in JavaScript

Cloud Security Is a Data Problem

USA PATRIOT Act vs SecNumCloud: Which Model for the Future?

Top 5 GRC Certifications for Cybersecurity Professionals

Secrets Security Is the Most Important Issue For Mobile Apps

Securing Kubernetes in Production With Wiz

Security Controls in the Android Operating System (OS)

A View on Understanding Non-Human Identities Governance

Community Over Code Keynotes Stress Open Source's Vital Role

AI Regulation in the U.S.: Navigating Post-EO 14110

Keycloak and Docker Integration: A Step-by-Step Tutorial

Data Governance Essentials: Policies and Procedures (Part 6)

DZone

How to Use Terraform Import Block for Importing Resources

Yes! I Can Finally Run My .NET Application on Heroku!

Data Pattern Automation With AI and Machine Learning

The Impact of Edge Computing on Mobile App Development

Build Scalable GenAI Applications in the Cloud: From Data Preparation to Deployment

Observability and DevTool Platforms for AI Agents

Agentic Workflows for Unlocking User Engagement Insights

Streamline Microservices Development With Dapr and Amazon EKS

The Recursive Prerequisite [Comic]

Building Intelligent Microservices With Go and AWS AI Services

Data Privacy and Governance in Real-Time Data Streaming

Dive Into Tokenization, Attention, and Key-Value Caching

Hacker News (YCombinator)

Minuteman III test showcases readiness of U.S. nuclear force's deterrent

One Head, Two Brains (2015)

Growing Mozilla – and evolving our leadership

GPT4 level intelligence fell 1000x in 18 months

Can I ethically use LLMs?

Kids Love Landline Phones

Building a Bitcoin Exchange with FOSS BTC Pay Server

Physical attractiveness outweighs intelligence in partner selection

Physical attractiveness outweighs intelligence in decision making

Typst 0.13 is out now

An inside look at NSA tactics, techniques and procedures from China's lens

National Science Foundation fires roughly 10% of its workforce

Reddit - Cyberpunk

Reddit - Security CTF

Reddit - Sysadmin

Lobste.rs

Practical Alloy: A hands-on guide to formal software design

Typst 0.13 is out now: Experimental HTML export, semantic paragraphs, and more

modview: Effortlessly visualize mod graph with all external dependencies for your Go projects

When Imperfect Systems are Good, Actually: Bluesky’s Lossy Timelines

GymTok: Breaking TLS Using the Alt-Svc Header

So you want better debug info?

A collection of code examples from prominent open-source projects (2021)

Multiple Vulnerabilities in U-Boot

An open source FPGA toolchain for a large European space-grade FPGA

The secret maze of Debian images

Testing concurrent code with testing/synctest - The Go Programming Language

Relaxed Radix Balanced Trees | Peter Horne-Khan

Hackaday

FLOSS Weekly Episode 821: Rocky Linux

Retrotechtacular: Yamming CRT Yokes

Be Careful What You Ask For: Voice Control

In a World Without USB…

MIT Demonstrates Fully 3D Printed, Active Electronic Components

Belfry OpenSCAD Library (BOSL2) Brings Useful Parts and Tools Aplenty

Vacuum Forming With 3D Printed Moulds And Sheets

A Unique Linear Position Sensor Using Magnetostriction

Auto-Download Your Kindle Books Before February 26th Deadline

Let There Be Light: The Engineering of Optical HDMI

Hackaday Europe 2025: Speakers, Lightning Talks, and More!

Series Hybrid Semi-Trucks: It Works for Locomotives So Why Not?

Ars Technica

Wired