
Direct Links | Infosec News Feeds
The San Francisco Beat
SFInfoSec aggregates the latest news, podcasts and books covering Cyber Security, Hacking, Infosec, Online Privacy, Cryptography, Threat Research and Vulnerability Disclosures from all the leading sources.
Threatpost The First Stop For Security News
- Student Loan Breach Exposes 2.5M Recordsby Nate Nelson on August 31, 2022 at 12:57 pm
2.5 million people were affected, in a breach that could spell more trouble […]
- Watering Hole Attacks Push ScanBox Keyloggerby Nate Nelson on August 30, 2022 at 4:00 pm
Researchers uncover a watering hole attack likely carried out by APT TA423, […]
- Tentacles of ‘0ktapus’ Threat Group Victimize 130 Firmsby Nate Nelson on August 29, 2022 at 2:56 pm
Over 130 companies tangled in sprawling phishing campaign that spoofed a […]
Krebs on Security In-depth security news and investigation
- Felons, Fraudsters Flog Offensive Cybersecurity Startupby BrianKrebs on July 8, 2026 at 12:31 pm
A cybersecurity startup dangling millions of dollars to acquire zero-day […]
- FBI Seizes NetNut Proxy Platform, Popa Botnetby BrianKrebs on July 2, 2026 at 7:27 pm
The Federal Bureau of Investigation (FBI) said today it worked with industry […]
- Scattered Spider Hackers Plead Guilty on Day 1 of Trialby BrianKrebs on June 23, 2026 at 4:12 pm
Two men pleaded guilty in the United Kingdom this week to criminal charges […]
darkreading Public RSS feed
- As Global Conflicts Go Digital,…by Nate Nelson on July 9, 2026 at 2:31 pm
The fate of a Ukrainian tax software company shows how modern cyberwarfare can […]
- AI Gateways Offer Attackers the Keys to…by Jai Vijayan on July 9, 2026 at 1:01 pm
A cryptomining incident highlights how AI gateways can provide access to AI […]
- ‘GodDamn’ Ransomware Uses BYOVD to…by Nate Nelson on July 9, 2026 at 10:00 am
Microsoft signed a malicious kernel driver, and now it’s being used to kill […]
Blog RSS Feed Fortra Blog
- 3 Years In: How Is AI Doing? SANS Weighs Inby Katrina Thompson on December 15, 2025 at 8:09 am
It’s no secret that AI is “here.” It’s been here for three years now, […]
- What Is Log Management and Why you Need itby Anirudh Chand on November 24, 2025 at 6:00 am
It is arguable that log management forms the basis of modern cybersecurity. […]
- What Did We Learn from the NCSC’s 2025 Annual Review?by Josh Breaker-Rolfe on November 21, 2025 at 11:47 am
Earlier this year, the UK’s National Cyber Security Centre (NCSC) released […]
Security Latest Channel Description
- A Majority of European Lawmakers Voted Against Letting Big Tech Read Our…by Isabella Ward on July 9, 2026 at 1:55 pm
Companies will once again be allowed to scan citizens’ personal texts, […]
- Madison Square Garden Kept a List of Gay Celebritiesby Noah Shachtman, Maddy Varner on July 9, 2026 at 10:00 am
An MSG database tracked and categorized hundreds of celebs, famous Knicks […]
- OnlyFans Models Are Accidentally Making Hacked Government Websites Disappearby Matt Burgess on July 8, 2026 at 10:30 am
Scammers are hijacking government websites to upload ads for “leaked” […]
- The Language of AI Could Change How Humans Speakby Bruce Schneier on July 9, 2026 at 11:00 am
Because of the way they are trained, large language models capture only a slice […]
- Cybersecurity and the Gap Between Skill and Abilityby Bruce Schneier on July 8, 2026 at 11:03 am
Last week, national security agencies from the Five Eyes—that’s the rich, […]
- Google Is Suing Chinese Scammers Who Are Using Geminiby Bruce Schneier on July 7, 2026 at 10:43 am
Not sure this will have any effect, but I support the effort: According to […]
GRAHAM CLULEY Cybersecurity keynote speaker
- Invited to a “job interview” with Netflix or OpenAI? Beware! Your Google…by Graham Cluley on July 9, 2026 at 1:17 pm
Have you received an email from a recruiter at Adobe, Netflix, or OpenAI […]
- Smashing Security podcast #475: JadePuffer – the AI that ran a ransomware…by Graham Cluley on July 8, 2026 at 11:19 pm
A 15-year-old boy asked a chatbot for help – and cancelled nearly 47,000 anime […]
- Two arrested over credit card phishing – as the Netherlands is named…by Graham Cluley on July 7, 2026 at 12:56 pm
Two young men have been arrested in the Netherlands on suspicion of running a […]
BleepingComputer BleepingComputer – All Stories
- New Forg365 phishing platform uses AI to target Microsoft 365 accountsby Bill Toulas on July 9, 2026 at 2:39 pm
A new phishing-as-a-service (PhaaS) operation called Forg365 focuses on […]
- The Hidden Security Risks of Reduced Summer IT Coverageby Sponsored by Kaseya on July 9, 2026 at 2:02 pm
Security operations don’t slow down when IT teams take vacation, but staffing […]
- Microsoft to retire the OWA Light client in Exchange Serverby Sergiu Gatlan on July 9, 2026 at 11:00 am
Microsoft has announced plans to disable Outlook Web Access (OWA) Light, the […]
TechCrunch Startup and Technology News
- Block reaches $45M settlement with 46 states over Cash App fraud probeby Aisha Malik on July 9, 2026 at 3:16 pm
State attorneys general said they found that Block misled users by falsely […]
- Anthropic’s new Claude feature is quietly selling you on AIby Sarah Perez on July 9, 2026 at 2:53 pm
Claude’s new Reflect dashboard doesn’t just visualize how you use AI. It […]
- Anthropic, OpenAI, and SpaceX are bigger than the last 25 years of tech exitsby Russell Brandom on July 9, 2026 at 2:51 pm
Three big AI IPOs are set to generate more value than all the U.S. VC-backed […]
The Hacker News Most trusted, widely-read independent cybersecurity news source for everyone; supported by hackers and IT professionals — Send TIPs to [email protected]
- AI Attacks Move in Minutes. Join This Webinar on Building a Defense That Keeps…by [email protected] (The Hacker News) on July 9, 2026 at 12:26 pm
AI has changed how fast attacks move. Work that once took an attacker days now […]
- Summer of Clearinghousesby [email protected] (The Hacker News) on July 9, 2026 at 11:00 am
Everyone seems to have announced a clearinghouse over the past few weeks. We […]
- GodDamn Ransomware Uses PoisonX Driver to Disable Endpoint Defensesby [email protected] (The Hacker News) on July 9, 2026 at 10:43 am
Cybersecurity researchers have flagged a new ransomware family called GodDamn […]
The DFIR Report Actionable Cyber Threat Intelligence
- From Bing Search to Ransomware: Bumblebee and AdaptixC2 Deliver Akiraby editor on June 29, 2026 at 1:07 pm
Key Takeaways This case was first reported to customers in a threat brief released in July 2025 and in a public flash alert in August 2025 in partnership with Swisscom B2B CSIRT, which observed another intrusion tied to the same campaign. This report contains data from both intrusions. We plan to release a DFIR Labs The post From Bing Search to Ransomware: Bumblebee and AdaptixC2 Deliver Akira appeared first on The DFIR Report.
- Flash Alert: EtherRat and TukTuk C2 End in The Gentleman Ransomwareby editor on May 11, 2026 at 2:05 pm
The EtherRAT malware family was first reported by Sysdig back in December 2025. At that time, the initial access vector was exploitation of CVE-2025-55182 (React2Shell) targeting Linux servers. In March 2026, a Windows variant campaign was reported by Atos, with their investigation showing evidence of activity going back to the previous December. In April, we The post Flash Alert: EtherRat and TukTuk C2 End in The Gentleman Ransomware appeared first on The DFIR Report.
- Bissa Scanner Exposed: AI-Assisted Mass Exploitation and Credential Harvestingby editor on April 22, 2026 at 2:51 pm
Key Takeaways We identified an exposed server that provided unusual visibility into a large-scale, multi-victim exploitation and collection operation. Artifacts on the host showed that Claude Code and OpenClaw were embedded in the operator’s day-to-day workflow, supporting troubleshooting, orchestration, and refinement of the collection pipeline. This AI-assisted workflow resulted in the modular platform Bissa scanner The post Bissa Scanner Exposed: AI-Assisted Mass Exploitation and Credential Harvesting appeared first on The DFIR Report.
Biz & IT – Ars Technica Serving the Technologist since 1998. News, reviews, and analysis.
- Google pays $250K for Linux vulnerability allowing guest VM escapesby Dan Goodin on July 8, 2026 at 7:01 pm
Both vulnerabilities allow untrusted users to gain root privileges.
- Aussie gov’t tells volunteers to throw out thousands of functioning test routersby Scharon Harding on July 8, 2026 at 6:10 pm
But the devices could “easily be reflashed.”
- US rare earths flow to Asia as domestic demand is slow to emergeby Camilla Hodgson in London on July 8, 2026 at 1:26 pm
Miners backed by Trump admin sell to Japan, South Korea despite push to develop […]
Websec Cybersecurity Blog Expert insights, trends, research findings, and best practices from Websec security team to help you strengthen your organization’s security posture.
- A Comparison Between the Real User ID and the Effective User ID is not Enough to Prevent Privilege Escalationby Websec Security Team on October 3, 2023 at 7:39 pm
In Unix-like systems, processes have a real and effective user ID determining their access permissions. While usually identical, they can differ in situations like when the setuid bit is activated in executables.
- Websec DevSecOps Webinarby Websec Security Team on August 29, 2022 at 12:00 am
Roberto Salgado and Kobalt.io’s Miki Fukushima are hosting a free webinar on September 20, 2022 covering why application security matters, the shift to developer-first security, and a practical roadmap for embedding security into DevSecOps.
- CVE-2022-21404: Another story of developers fixing vulnerabilities unknowingly because of CodeQLby Websec Security Team on May 19, 2022 at 6:18 pm
How CodeQL may help reduce false negatives within Open-Source projects. Taking a look into a deserialization vulnerability within Oracle Helidon (CVE-2022-21404).

















