
Direct Links | Infosec News Feeds
The San Francisco Beat
SFInfoSec aggregates the latest news, podcasts and books covering Cyber Security, Hacking, Infosec, Online Privacy, Cryptography, Threat Research and Vulnerability Disclosures from all the leading sources.
Threatpost The First Stop For Security News
- Student Loan Breach Exposes 2.5M Recordsby Nate Nelson on August 31, 2022 at 12:57 pm
2.5 million people were affected, in a breach that could spell more trouble […]
- Watering Hole Attacks Push ScanBox Keyloggerby Nate Nelson on August 30, 2022 at 4:00 pm
Researchers uncover a watering hole attack likely carried out by APT TA423, […]
- Tentacles of ‘0ktapus’ Threat Group Victimize 130 Firmsby Nate Nelson on August 29, 2022 at 2:56 pm
Over 130 companies tangled in sprawling phishing campaign that spoofed a […]
Krebs on Security In-depth security news and investigation
- Microsoft Patches a Record 570 Security Flawsby BrianKrebs on July 14, 2026 at 7:22 pm
Microsoft Corp. today released software updates to plug at least 570 security […]
- Lessons Learned from CISA’s Recent GitHub Leakby BrianKrebs on July 13, 2026 at 3:03 pm
The Cybersecurity and Infrastructure Security Agency (CISA) has issued a […]
- Felons, Fraudsters Flog Offensive Cybersecurity Startupby BrianKrebs on July 8, 2026 at 12:31 pm
A cybersecurity startup dangling millions of dollars to acquire zero-day […]
darkreading Public RSS feed
- Police Disrupt a €140M Cyber Fraud…by Nate Nelson on July 16, 2026 at 7:00 am
Iberian hackers carried out a variety of cyberattacks and laundered the […]
- Forgotten Bootloaders Expose Secure…by Jai Vijayan on July 15, 2026 at 9:19 pm
Nearly a dozen vulnerable and now revoked UEFI shim bootloaders remained […]
- Identity Attacks Overtake Exploits as…by Alexander Culafi on July 15, 2026 at 8:16 pm
Email attacks overtook exploits as the top ransomware root cause last year. […]
Blog RSS Feed Fortra Blog
- 3 Years In: How Is AI Doing? SANS Weighs Inby Katrina Thompson on December 15, 2025 at 8:09 am
It’s no secret that AI is “here.” It’s been here for three years now, […]
- What Is Log Management and Why you Need itby Anirudh Chand on November 24, 2025 at 6:00 am
It is arguable that log management forms the basis of modern cybersecurity. […]
- What Did We Learn from the NCSC’s 2025 Annual Review?by Josh Breaker-Rolfe on November 21, 2025 at 11:47 am
Earlier this year, the UK’s National Cyber Security Centre (NCSC) released […]
Security Latest Channel Description
- Here’s the Truth About Whether Meta’s NameTag Face Recognition Tech…by Andrew Couts on July 15, 2026 at 8:58 pm
Since WIRED reported on Meta’s NameTag face recognition system, company […]
- A Leak of San Francisco Police Drone Footage Exposes the New Reality of Urban…by Andy Greenberg, Dhruv Mehrotra on July 13, 2026 at 10:00 am
The SFPD’s exposure of hours of videos from drone platform Skydio reveals how […]
- AI Found a Root Bug in Linux That Everyone Missed for 15 Yearsby Dell Cameron, Lily Hay Newman on July 11, 2026 at 10:30 am
Plus: The Pentagon is training amateurs to become part of its hacker army, a […]
- A Video Screen That Is Also a Cameraby Bruce Schneier on July 15, 2026 at 11:04 am
Amazing: Researchers from ETH Zurich in Switzerland, however, managed to create […]
- Upcoming Speaking Engagementsby Bruce Schneier on July 14, 2026 at 4:04 pm
This is a current list of where and when I am scheduled to speak: I’m […]
- Vulnerability in FIFA’s Networkby Bruce Schneier on July 14, 2026 at 11:06 am
FIFA’s network was vulnerable to anyone with even minimal access.
GRAHAM CLULEY Cybersecurity keynote speaker
- Smashing Security podcast #476: Remote-control rickshaws and rogue book…by Graham Cluley on July 16, 2026 at 9:02 am
An app has appeared in India that lets anyone with a smartphone stop a passing […]
- The ransomware negotiator who was working for the other sideby Graham Cluley on July 14, 2026 at 7:54 am
When a company falls victim to a ransomware attack, it is not uncommon for it […]
- Invited to a “job interview” with Netflix or OpenAI? Beware! Your Google…by Graham Cluley on July 9, 2026 at 1:17 pm
Have you received an email from a recruiter at Adobe, Netflix, or OpenAI […]
Cyber Defense Magazine InfoSec Knowledge is Power
- Inside Microsoft’s Record-Breaking 622-Bug Releaseby Stevin on July 16, 2026 at 12:00 pm
Record-Breaking Fixes Tackle Two Exploited Zero-Days On July 14, 2026, […]
- Breaking the Knot: Marlinspike Capital Inverts the Cybersecurity Investment…by Stevin on July 15, 2026 at 4:40 pm
Marlinspike Co-Founder Neil Keegan and Vice President Nick Snoad sat down with […]
- Inside “Gold Eagle”: The White House’s New AI-Driven Clearinghouse for…by Stevin on July 15, 2026 at 12:00 pm
What is Gold Eagle? A new federal cybersecurity hub called Gold Eagle was […]
BleepingComputer BleepingComputer – All Stories
- Scattered Spider members behind TfL hack get five years in prisonby Sergiu Gatlan on July 16, 2026 at 12:31 pm
Two leading members of the Scattered Spider cybercrime collective were […]
- Windows 11 24H2 Home and Pro reach end of support in 90 daysby Sergiu Gatlan on July 16, 2026 at 11:59 am
Microsoft announced on Wednesday that systems running Windows 10 Enterprise […]
- CISA orders feds to patch actively exploited Oracle flaw by Saturdayby Sergiu Gatlan on July 16, 2026 at 10:56 am
CISA has ordered federal agencies to secure their systems by Saturday against […]
TechCrunch Startup and Technology News
- Apple Intelligence approved for launch in China with Alibaba and Baiduby Sarah Perez on July 16, 2026 at 1:17 pm
The deal, which was rumored to be in the works last year, marks an important […]
- Ultrahuman’s former hardware VP raises $5.5M for devices that control AI…by Ivan Mehta on July 16, 2026 at 11:30 am
Aina is going to pilot a new device in the coming weeks.
- Meta now alerts parents if their teen discussed suicide or self-harm with its…by Aisha Malik on July 16, 2026 at 11:00 am
The updates come as Meta and other tech companies are facing scrutiny from […]
The Hacker News Most trusted, widely-read independent cybersecurity news source for everyone; supported by hackers and IT professionals — Send TIPs to [email protected]
- New TELEPUZ Malware Spreads via ClickFix to Steal Data and Run Commandsby [email protected] (The Hacker News) on July 16, 2026 at 12:50 pm
Cybersecurity researchers have called attention to a new modular malware called […]
- New ClickLock macOS Stealer Kills Apps Every 210ms Until Victims Type Their…by [email protected] (The Hacker News) on July 16, 2026 at 12:33 pm
ClickLock Stealer, a new macOS infostealer, answers a victim’s refusal by […]
- 20+ Hijacked Government Websites Became
an Attack Channelby [email protected] (The Hacker News) on July 16, 2026 at 11:58 am
More than 20 Brazilian government websites were hijacked and turned into […]
The DFIR Report Actionable Cyber Threat Intelligence
- From Bing Search to Ransomware: Bumblebee and AdaptixC2 Deliver Akiraby editor on June 29, 2026 at 1:07 pm
Key Takeaways This case was first reported to customers in a threat brief released in July 2025 and in a public flash alert in August 2025 in partnership with Swisscom B2B CSIRT, which observed another intrusion tied to the same campaign. This report contains data from both intrusions. We plan to release a DFIR Labs The post From Bing Search to Ransomware: Bumblebee and AdaptixC2 Deliver Akira appeared first on The DFIR Report.
- Flash Alert: EtherRat and TukTuk C2 End in The Gentleman Ransomwareby editor on May 11, 2026 at 2:05 pm
The EtherRAT malware family was first reported by Sysdig back in December 2025. At that time, the initial access vector was exploitation of CVE-2025-55182 (React2Shell) targeting Linux servers. In March 2026, a Windows variant campaign was reported by Atos, with their investigation showing evidence of activity going back to the previous December. In April, we The post Flash Alert: EtherRat and TukTuk C2 End in The Gentleman Ransomware appeared first on The DFIR Report.
- Bissa Scanner Exposed: AI-Assisted Mass Exploitation and Credential Harvestingby editor on April 22, 2026 at 2:51 pm
Key Takeaways We identified an exposed server that provided unusual visibility into a large-scale, multi-victim exploitation and collection operation. Artifacts on the host showed that Claude Code and OpenClaw were embedded in the operator’s day-to-day workflow, supporting troubleshooting, orchestration, and refinement of the collection pipeline. This AI-assisted workflow resulted in the modular platform Bissa scanner The post Bissa Scanner Exposed: AI-Assisted Mass Exploitation and Credential Harvesting appeared first on The DFIR Report.
Biz & IT – Ars Technica Serving the Technologist since 1998. News, reviews, and analysis.
- Sheetz is quitting VMware, migrating 11,000 virtual machinesby Scharon Harding on July 15, 2026 at 9:41 pm
The convenience store chain will use StorMagic instead.
- Windows 0-day drops the same day Microsoft releases record number of patchesby Dan Goodin on July 15, 2026 at 7:59 pm
HiveLegacy is a “powerful primitive” that’s likely capable of other nefarious […]
- Microsoft’s Secure Boot has been broken for a decade and no one noticed until…by Dan Goodin on July 14, 2026 at 10:20 pm
Old and forgotten “shims” Microsoft failed to revoke have made Secure Boot […]
Websec Cybersecurity Blog Expert insights, trends, research findings, and best practices from Websec security team to help you strengthen your organization’s security posture.
- A Comparison Between the Real User ID and the Effective User ID is not Enough to Prevent Privilege Escalationby Websec Security Team on October 3, 2023 at 7:39 pm
In Unix-like systems, processes have a real and effective user ID determining their access permissions. While usually identical, they can differ in situations like when the setuid bit is activated in executables.
- Websec DevSecOps Webinarby Websec Security Team on August 29, 2022 at 12:00 am
Roberto Salgado and Kobalt.io’s Miki Fukushima are hosting a free webinar on September 20, 2022 covering why application security matters, the shift to developer-first security, and a practical roadmap for embedding security into DevSecOps.
- CVE-2022-21404: Another story of developers fixing vulnerabilities unknowingly because of CodeQLby Websec Security Team on May 19, 2022 at 6:18 pm
How CodeQL may help reduce false negatives within Open-Source projects. Taking a look into a deserialization vulnerability within Oracle Helidon (CVE-2022-21404).



















