Security blogs
Long-form, technical writeups. Slower than X but with IOCs, hashes, and full timelines.
Tier 1 — read every post
These cover vibe-coding-relevant incidents consistently.
- Socket Blog — npm/PyPI compromises, near-real-time.
- Snyk Blog — broad supply-chain + AI-tool coverage.
- StepSecurity Blog — GitHub Actions and CI supply-chain focus.
- Aikido Security Blog — fast, detailed package-compromise writeups.
- Checkmarx Zero Blog — strong on PyPI and language-ecosystem attacks.
- Wiz Blog — research-heavy; supply-chain + cloud + AI.
- ReversingLabs Blog — package reversing + supply-chain.
- Palo Alto Networks Unit 42 — broad threat intel, regular npm coverage.
- Microsoft Security Blog — incident response writeups (Axios, Shai-Hulud 2.0).
Tier 2 — read selectively, search when relevant
- Sysdig Blog — runtime threat detection, occasional supply-chain.
- Trellix Research — supply-chain + APT writeups.
- Netskope Blog — SaaS-side analysis.
- Elastic Security Labs — detection content, useful for SIEM users.
- Orca Security — cloud + supply-chain.
- Truesec Hub — broad incident response coverage.
- Semgrep Blog — SAST + occasional package compromise.
AI-tool specific
- Anthropic Engineering and Claude Code docs — first-party Claude Code security guidance.
- Cursor Changelog — Cursor releases with CVE notes.
- GitHub Security Lab — Copilot + GH ecosystem.
- Vercel Blog → security tag — v0 and platform issues.
- Lovable Changelog — track their fixes.
- Supabase Blog — MCP, RLS, auth posts. Especially Paul Copplestone's posts.
Independent / community
- Simon Willison's blog — best ongoing commentary on LLM security, MCP, prompt injection. Coined "lethal trifecta."
- Lasso Security blog — focused on LLM/AI security.
- Aim Security blog — AI/MCP attacks.
- Pomerium Blog — zero-trust + AI agent posts.
- Lakera Blog — prompt injection + LLM red-teaming.
- Trail of Bits Blog — high-signal security research.
Aggregators worth bookmarking
- The Hacker News — broad coverage, good for catching what you missed.
- Bleeping Computer — fast on breaking incidents.
- Dark Reading — broad enterprise security.
- SC Media — quick news on AI security incidents.
- The Register — sharp commentary, often first on AI-tool incidents.
How to use this list
If you only want a daily 10-minute scan: 1. RSS-subscribe to Socket, Snyk, and StepSecurity. 2. Bookmark Simon Willison for weekend long reads. 3. Search the rest when an advisory in this repo cites them or when a name shows up on X.