[ News | Newsletters | Blogs | Lists | Media | Jobs ] HoneyDB
DarkReading
[Virtual Event] Anatomy of a Data Breach: What to Do if it Happens to You
Infosecurity Europe
Patch Now: Critical Flaw in OT Robot OS Gives Attackers Control
Interpol's 'Operation Ramz' Pioneers Cross-Region Collabs in Middle East
What It'll Take to Make AI BOMs Usable in a Modern Security Program
What Will Make AI BOMs Real?
Verizon DBIR: Enterprises Face a Dangerous Vulnerability Glut
Windows Zero-Day Barrage Continues After Patch Tuesday
CISA Exposes Secrets, Credentials in 'Private' Repo
Stealer Spoofs Google, Microsoft & Apple, Then Backdoors macOS
Ars Technica
In stunning display of stupid, secret CISA credentials found in public GitHub repo
Zero-day exploit completely defeats default Windows 11 BitLocker protections
Cisco announces record revenue and 4,000 layoffs in the same day
Linux bitten by second severe vulnerability in as many weeks
Chaos erupts as cyberattack disrupts learning platform Canvas amid finals
Mozilla says 271 vulnerabilities found by Mythos have "almost no false positives"
Ars Asks: Share your shell and show us your tricked-out terminals!
Widely used Daemon Tools disk app backdoored in monthlong supply-chain attack
Why Reddit blocked my daily visit to its mobile website
GameStop offers $56 billion for eBay, struggles to explain how it'll pay for it
CyberScoop
GitHub says internal repositories were impacted in poisoned VS Code extension attack
CISA credential leak raises alarms, and Capitol Hill demands answers
Attackers hit vulnerabilities hard last year, making exploits the top entry point for breaches
Mini Shai-Hulud returns, compromising hundreds of npm packages
Microsoft disrupts cybercrime service that abused software verification systems en masse
AI might cut false positives, but it won’t stop the slop 
Interpol leads cybercrime crackdown across 13 countries in Middle East, North Africa
The Canvas breach proved that prevention is no longer enough
Former CISA nominee Sean Plankey named US CEO of defense startup
Colorado governor commutes prison sentence for election denier Tina Peters 
InfoSecurity Magazine
Android Malware Campaign Used Hundreds of Fake Apps to Silently Charge Users
Mini Shai-Hulud Hits Hundreds of npm Packages in AntV Ecosystem
China-Linked Webworm APT Evolves Tactics, Expands to European Targets
GitHub Confirms Breach of Internal Repositories Via Malicious VS Code Extension
Researchers Warn CypherLoc Scareware Has Targeted Millions of Users
Verizon DBIR: Vulnerability Exploits Overtake Credentials as Top Access Vector
Microsoft Takes Down Fox Tempest for Providing Ransomware-Enabling Signing Tool
AI Raises the Bar on Vulnerability Awareness and Secure-by-Design Software
Agentic AI Accelerates Software Builds and Mobile App Attacks
Grafana Labs Confirms Hackers Stole Source Code
SecurityWeek
Quantum Bridge Raises $8 Million for Quantum-Safe Key Distribution Solution
Microsoft Rolls Out Mitigations for ‘YellowKey’ BitLocker Bypass
AI-Powered App Attacks Are Faster, More Frequent and Harder to Stop
1Password Teams With OpenAI to Stop AI Coding Agents From Leaking Credentials
Anthropic Silently Patches Claude Code Sandbox Bypass
Over 320 NPM Packages Hit by Fresh Mini Shai-Hulud Supply Chain Attack
Caught Off Guard: Securing AI After It Hits Production
Real-World ICS Security Tales From the Trenches
Virtual Event Today: Threat Detection & Incident Response Summit
GitHub Confirms Hack Impacting 3,800 Internal Repositories
ZDNet
Linus Torvalds admits he has a 'love-hate relationship with AI'
You can get $1,500 off Samsung's 85-inch Frame Pro TV - but hurry
These 8 Kindle models just lost support, but that doesn't make them obsolete
How AI can trick you into making fake payments - 5 red flags
5 Memorial Day deals that are worth your time (including a Costco membership discount)
Google says AI agents spending your money is a 'more fun' way to shop
Ubuntu Core 26 offers an immutable Linux you can trust through 2041
51% of professionals say AI workslop lowers their productivity - stop it in 2 steps
I wore Google's Android XR glasses again - and my limit-testing should scare Meta and Apple
11 cheap gadgets we've found to be highly useful (and they're on sale)
The Hacker News
Microsoft Open-Sources RAMPART and Clarity to Secure AI Agents During Development
Microsoft Takes Down Malware-Signing Service Behind Ransomware Attacks
Webworm Deploys EchoCreep and GraphWorm Backdoors Using Discord and MS Graph API
Agent AI is Coming. Are You Ready?
GitHub Breached — Employee Device Hack Led to Exfiltration of 3,800+ Internal Repos
Typosquatting Is No Longer a User Problem. It's a Supply Chain Problem
Microsoft Releases Mitigation for YellowKey BitLocker Bypass CVE-2026-45585 Exploit
Grafana GitHub Breach Exposes Source Code via TanStack npm Attack
Trapdoor Android Ad Fraud Scheme Hit 659 Million Daily Bid Requests Using 455 Apps
DirtyDecrypt PoC Released for Linux Kernel CVE-2026-31635 LPE Vulnerability
BleepingComputer
Grafana breach caused by missed token rotation after TanStack attack
Identity Alone Isn't Enough: Why Device Security Has to Share the Load
Drupal critical update to fix bug with high exploitation risk
Exploit released for new PinTheft Arch Linux root escalation flaw
GitHub confirms breach of 3,800 repos via malicious VSCode extension
Microsoft shares mitigation for YellowKey Windows zero-day
GitHub investigates internal repositories breach claimed by TeamPCP
Max-severity flaw in ChromaDB for AI apps allows server hijacking
Cybercrime service disrupted for abusing Microsoft platform to sign malware
Discord rolls out end-to-end encryption on voice, video calls
gbhackers
Grafana GitHub Security Incident Reportedly Connected to TanStack npm Ransomware
Critical ExifTool Vulnerability Lets Hackers Compromise Macs via Malicious Images
Gremlin Stealer Hides C2 and Exfiltration Paths in Encrypted Resources
Microsoft DurableTask Python Client Targeted in TeamPCP Cyberattack
Old Breaches Resold as New Corporate Data Leaks
NVIDIA Triton Inference Server Flaw Raises Risk of Unauthorized Access
GraphWorm Malware Abuses Microsoft OneDrive for Stealthy C2 Operations
Fox Tempest Linked to Malware-Signing Service Abusing Microsoft Artifact Signing
Fake Tax Assessment Pages Spread Windows Malware
Pardus Linux Vulnerability Lets Local Attackers Gain Silent Root Access
Cybersecurity Dive
7-Eleven hit by data breach
Microsoft disrupts cybercrime operation that hid behind legitimate software
Compromised coding tool helped hackers breach thousands of GitHub repositories
Telecom sector launches its own private ISAC
Patch bypass allows hackers to exploit prior flaw in SonicWall SSL-VPN
Grafana Labs says hacker gained access to codebase through leaked token
How a government contest launched a revolution in AI-based bug hunting
Attackers exploit critical flaw in Cisco Catalyst SD-WAN Controller
MSPs need AI to fight AI-fueled cyberthreats: Guardz
More money is going to physical security, but it’s often CISOs that oversee it: EY
Threatpost
Student Loan Breach Exposes 2.5M Records
Watering Hole Attacks Push ScanBox Keylogger
Tentacles of ‘0ktapus’ Threat Group Victimize 130 Firms
Ransomware Attacks are on the Rise
Cybercriminals Are Selling Access to Chinese Surveillance Cameras
Twitter Whistleblower Complaint: The TL;DR Version
Firewall Bug Under Active Attack Triggers CISA Warning
Fake Reservation Links Prey on Weary Travelers
iPhone Users Urged to Update to Patch 2 Zero-Days
Google Patches Chrome’s Fifth Zero-Day of the Year
The Register
GitHub says internal repos exfiltrated after poisoned VS Code extension attack
London's police asked Big Tech for comms data over 700,000 times last year
Microsoft shuts down illegal code-signing operation used by ransomware crims to mask their malware
America's top cyber-defense agency left a GitHub repo open with with passwords, keys, tokens – and incredibly obvious filenames
Clear your calendar, Drupal user: You have a critically urgent patch to install
Do fear the Reaper - stealer swipes macOS users' passwords, wallets, then backdoors them
Shai-Hulud copycat worm infects yet another npm package
Linux kernel flaw opens root-only files to unprivileged users
TanStack weighs invitation-only pull requests after supply chain attack
NGINX Rift attackers waste no time targeting exposed servers
VentureBeat
GitHub confirms 3,800 internal repos stolen through poisoned VS Code extension as supply chain worm hits Microsoft’s Python SDK
Four AI supply-chain attacks in 50 days exposed the release pipeline red teams aren't covering
Agent authorization is broken — and authentication passing makes it worse
Protect your enterprise now from the Shai-Hulud worm and npm vulnerability in 6 actionable steps
Running Claude Code or Claude in Chrome? Here's the audit matrix for every blind spot your security stack misses
AI agents are running hospital records and factory inspections. Enterprise IAM was never built for them.
AI tool poisoning exposes a major flaw in enterprise agent security
TechCrunch
Customers say Trump Mobile is leaking their personal information
GitHub says hackers stole data from thousands of internal repositories
Discord enables end-to-end encrypted voice and video calling for every user
From teen hacker to Iron Dome researcher, this founder raised $28M to fight AI phishing
Hackers have compromised dozens of popular open source packages in an ongoing supply-chain attack
US cyber agency CISA exposed reams of passwords and cloud keys to the open web
NYC Health + Hospitals says hackers stole medical data and fingerprints during breach affecting at least 1.8 million people
Open source tool maker Grafana Labs says hackers stole its code, refuses to pay ransom
A hotel check-in system left a million passports and driver’s licenses open for anyone to see
US orders travelers on Air Force One to throw away gifts, pins, and burner phones after China trip
Network World Security
Nvidia: Latest news and insights
Riverbed expands autonomous AI capabilities for Aternity platform
Cisco: Latest news and insights
Selector targets the network visibility gap in multi-cloud infrastructure
Top network and data center events of 2026
AI reshapes cybersecurity workforce priorities as IT teams brace for new risks
Wireless security is a battle of AI vs. AI
Startup Bolt Graphics promises 5x performance over Nvidia’s best GPU
2026 network outage report and internet health check
AI, cybersecurity skills top IT pay premiums
Help Net Security
Webworm APT targets European government organizations with new backdoors
Verizon DBIR: Vulnerability exploitation is the dominant initial access vector
NanoCo lands $12 million seed funding, launches enterprise assistant built on NanoClaw
FBI: $388 million lost in crypto ATM scams in 2026
ArmorCode gives security teams AI workers for exposure and remediation
Novata uses AI to map risk across portfolios and supply chains
TeamPCP breached GitHub’s internal codebase via poisoned VS Code extension
Trust3 AI focuses on AI agent risks with MCP Security layer
Encryption Consulting launches CertSecure Manager v3.3 with zero-touch certificate renewals
Darwinium updates mobile SDKs to detect remote access scam activity
SC Magazine
Discord implements end-to-end encryption for voice and video calls
The AiTM problem nobody's architecture actually solves
FBI warns of surge in crypto ATM scam losses, exceeding $388 million
Max-severity vulnerability in ChromaDB allows unauthenticated remote code execution
Drupal releases emergency security update amid exploit concerns
Huawei zero-day flaw reportedly caused Luxembourg telecom outage
Storm-2949 actor targets Microsoft 365 and Azure environments
Microsoft to phase out SMS authentication for account recovery
Microsoft disrupts Fox Tempest malware-signing service
Microsoft addresses Windows Update failures in restricted environments
© 2026 RiskDiscovery | Sponsored by: Deception Logic