# Security blogs

> Long-form, technical writeups. Slower than X but with IOCs, hashes, and full timelines.

## Tier 1 — read every post

These cover vibe-coding-relevant incidents consistently.

- **[Socket Blog](https://socket.dev/blog)** — npm/PyPI compromises, near-real-time.
- **[Snyk Blog](https://snyk.io/blog/)** — broad supply-chain + AI-tool coverage.
- **[StepSecurity Blog](https://www.stepsecurity.io/blog)** — GitHub Actions and CI supply-chain focus.
- **[Aikido Security Blog](https://www.aikido.dev/blog)** — fast, detailed package-compromise writeups.
- **[Checkmarx Zero Blog](https://checkmarx.com/blog/)** — strong on PyPI and language-ecosystem attacks.
- **[Wiz Blog](https://www.wiz.io/blog)** — research-heavy; supply-chain + cloud + AI.
- **[ReversingLabs Blog](https://www.reversinglabs.com/blog)** — package reversing + supply-chain.
- **[Palo Alto Networks Unit 42](https://unit42.paloaltonetworks.com/)** — broad threat intel, regular npm coverage.
- **[Microsoft Security Blog](https://www.microsoft.com/en-us/security/blog/)** — incident response writeups (Axios, Shai-Hulud 2.0).

## Tier 2 — read selectively, search when relevant

- **[Sysdig Blog](https://www.sysdig.com/blog)** — runtime threat detection, occasional supply-chain.
- **[Trellix Research](https://www.trellix.com/blogs/research/)** — supply-chain + APT writeups.
- **[Netskope Blog](https://www.netskope.com/blog)** — SaaS-side analysis.
- **[Elastic Security Labs](https://www.elastic.co/security-labs)** — detection content, useful for SIEM users.
- **[Orca Security](https://orca.security/resources/blog/)** — cloud + supply-chain.
- **[Truesec Hub](https://www.truesec.com/hub/blog)** — broad incident response coverage.
- **[Semgrep Blog](https://semgrep.dev/blog)** — SAST + occasional package compromise.

## AI-tool specific

- **[Anthropic Engineering](https://www.anthropic.com/engineering)** and **[Claude Code docs](https://code.claude.com/docs/en/security)** — first-party Claude Code security guidance.
- **[Cursor Changelog](https://www.cursor.com/changelog)** — Cursor releases with CVE notes.
- **[GitHub Security Lab](https://securitylab.github.com/)** — Copilot + GH ecosystem.
- **[Vercel Blog → security tag](https://vercel.com/blog)** — v0 and platform issues.
- **[Lovable Changelog](https://lovable.dev/changelog)** — track their fixes.
- **[Supabase Blog](https://supabase.com/blog)** — MCP, RLS, auth posts. Especially Paul Copplestone's posts.

## Independent / community

- **[Simon Willison's blog](https://simonwillison.net/)** — best ongoing commentary on LLM security, MCP, prompt injection. Coined "lethal trifecta."
- **[Lasso Security blog](https://www.lasso.security/blog)** — focused on LLM/AI security.
- **[Aim Security blog](https://www.aim.security/blog)** — AI/MCP attacks.
- **[Pomerium Blog](https://www.pomerium.com/blog)** — zero-trust + AI agent posts.
- **[Lakera Blog](https://www.lakera.ai/blog)** — prompt injection + LLM red-teaming.
- **[Trail of Bits Blog](https://blog.trailofbits.com/)** — high-signal security research.

## Aggregators worth bookmarking

- **[The Hacker News](https://thehackernews.com/)** — broad coverage, good for catching what you missed.
- **[Bleeping Computer](https://www.bleepingcomputer.com/)** — fast on breaking incidents.
- **[Dark Reading](https://www.darkreading.com/)** — broad enterprise security.
- **[SC Media](https://www.scworld.com/)** — quick news on AI security incidents.
- **[The Register](https://www.theregister.com/security/)** — sharp commentary, often first on AI-tool incidents.

## How to use this list

If you only want a daily 10-minute scan:
1. RSS-subscribe to Socket, Snyk, and StepSecurity.
2. Bookmark Simon Willison for weekend long reads.
3. Search the rest when an advisory in this repo cites them or when a name shows up on X.
