Risk Discovery

DarkReading

[Dark Reading Virtual Event] Cybersecurity Outlook 2026

Deja Vu: Salesforce Customers Hacked Again, Via Gainsight

LINE Messaging Bugs Open Asian Users to Cyber Espionage

Cloudflare's One-Stop-Shop Convenience Takes Down Global Digital Economy

Hack the Hackers: 6 Laws for Staying Ahead of the Attackers

With AI Reshaping Entry-Level Cyber, What Happens to the Security Talent Pipeline?

Switching to Offense: US Makes Cyber Strategy Changes

Inside Iran's Cyber Objectives: What Do They Want?

Securing the Win: What Cybersecurity Can Learn From the Paddock

China's 'PlushDaemon' Hackers Infect Routers to Hijack Software Updates

Ars Technica

Oops. Cryptographers cancel election results after losing decryption key.

How to know if your Asus router is one of thousands hacked by China-state hackers

Google tells employees it must double capacity every 6 months to meet AI demand

HP and Dell disable HEVC support built into their laptops’ CPUs

Massive Cloudflare outage was triggered by file that suddenly doubled in size

Critics scoff after Microsoft warns AI feature can infect machines and pilfer data

Tech giants pour billions into Anthropic as circular AI investments roll on

Bonkers Bitcoin heist: 5-star hotels, cash-filled envelopes, vanishing funds

Google CEO: If an AI bubble pops, no one is getting out clean

5 plead guilty to laptop farm and ID theft scheme to land North Koreans US IT jobs

CyberScoop

Privacy group sues feds over talks with tech companies on ICE raid trackers

Legacy web forms are the weakest link in government data security

SEC drops case against SolarWinds tied to monumental breach

Hundreds of Salesforce customers hit by yet another third-party vendor breach

NSO Group argues WhatsApp injunction threatens existence, future U.S. government work

Top Senate Intel Dem warns of ‘catastrophic’ cyber consequences of Trump admin national security firings, politicization

Why Anna Gomez believes the FCC is letting telecoms off easy after Salt Typhoon

Palo Alto Networks to acquire observability firm Chronosphere for $3.35 billion

Five Eyes just made life harder for bulletproof hosting providers

Amazon warns of global rise in specialized cyber-enabled kinetic targeting

HITBSecNews

Found on VirusTotal: The world’s first UEFI bootkit for Linux

OpenAI is at war with its own Sora video testers following brief public leak

North Korean hackers posing as IT workers steal over $1B in cyberattack

WhatsApp: NSO Group Operates Pegasus Spyware for Customers

Korea extradites Russian, Vietnamese suspects linked to $16M ransomware scheme

CISA Director Jen Easterly, in Place Since 2021, to Step Down

Man sick of crashes sues Intel for allegedly hiding CPU defects

North Korean hackers target cryptocurrency with malware

Law enforcement operation takes down 22,000 malicious IP addresses worldwide

Youth of today say passwords are old news, passkeys are the future

ZDNet

Best early Black Friday laptop deals 2025: 20+ sales live now

Black Friday TV deals are live now with massive sales: Here are our 40+ top picks

Amazon's 2025 Black Friday deals are shockingly good: Shop some of my favorites up to 60% off

Best early Black Friday PlayStation deals 2025: 20 sales out now

I found the best early Black Friday streaming service and device deals

10 most popular phones this year, according to thousands of readers (and no.1 is bananas)

Own AirPods? I changed these 3 iPhone settings for an instant audio boost

This Apple Watch model is still my favorite - and it's the cheapest one you can buy new

Seriously, Verizon is giving away free Samsung 4K TVs for Black Friday - how to qualify

This do-it-all cable is a must-have travel item (and it's under $15 right now)

The Hacker News

China-Linked APT31 Launches Stealthy Cyberattacks on Russian IT Using Cloud Services

Matrix Push C2 Uses Browser Notifications for Fileless, Cross-Platform Phishing Attacks

CISA Warns of Actively Exploited Critical Oracle Identity Manager Zero-Day Vulnerability

Grafana Patches CVSS 10.0 SCIM Flaw Enabling Impersonation and Privilege Escalation

Google Brings AirDrop Compatibility to Android’s Quick Share Using Rust-Hardened Security

Why IT Admins Choose Samsung for Mobile Security

APT24 Deploys BADAUDIO in Years-Long Espionage Hitting Taiwan and 1,000+ Domains

SEC Drops SolarWinds Case After Years of High-Stakes Cybersecurity Scrutiny

Salesforce Flags Unauthorized Data Access via Gainsight-Linked OAuth Activity

ShadowRay 2.0 Exploits Unpatched Ray Flaw to Build Self-Spreading GPU Cryptomining Botnet

BleepingComputer

CISA warns Oracle Identity Manager RCE flaw is being actively exploited

Nvidia confirms October Windows updates cause gaming issues

Microsoft: Out-of-band update fixes Windows 11 hotpatch install loop

Grafana warns of max severity admin spoofing vulnerability

CrowdStrike catches insider feeding information to hackers

FCC rolls back cybersecurity rules for telcos, despite state-hacking risks

'Scattered Spider' teens plead not guilty to UK transport hack

Avast Makes AI-Driven Scam Defense Available for Free Worldwide

Google begins showing ads in AI Mode (AI answers)

Google exposes BadAudio malware used in APT24 espionage campaigns

Cybersecurity Dive

Startup firm called Factory disrupts campaign designed to hijack development platform

SEC drops civil fraud case against SolarWinds

Salesforce investigating campaign targeting customer environments connected to Gainsight app

FCC eliminates cybersecurity requirements for telecom companies

Researchers warn command injection flaw in Fortinet FortiWeb is under exploitation

FCC plan to scrap telecom cyber rules draws congressional backlash

US, allies sanction Russian bulletproof hosting firm

Record-breaking DDoS attack against Microsoft Azure mitigated

Trump’s cyber strategy will emphasize adversary deterrence, industry partnerships

Hackers increasingly target operational technology, with manufacturing sector bearing the brunt

Threatpost

Student Loan Breach Exposes 2.5M Records

Watering Hole Attacks Push ScanBox Keylogger

Tentacles of ‘0ktapus’ Threat Group Victimize 130 Firms

Ransomware Attacks are on the Rise

Cybercriminals Are Selling Access to Chinese Surveillance Cameras

Twitter Whistleblower Complaint: The TL;DR Version

Firewall Bug Under Active Attack Triggers CISA Warning

Fake Reservation Links Prey on Weary Travelers

iPhone Users Urged to Update to Patch 2 Zero-Days

Google Patches Chrome’s Fifth Zero-Day of the Year

The Register

ShinyHunters 'does not like Salesforce at all,' claims the crew accessed Gainsight 3 months ago

Four charged over alleged plot to smuggle Nvidia AI chips into China

Russia-linked crooks bought a bank for Christmas to launder cyber loot

ZTE Launches ZXCSec MAF security solution for large model

Google links Android’s Quick Share to Apple’s AirDrop, without Cupertino’s help

SEC drops SolarWinds lawsuit that painted a target on CISOs everywhere

Salesforce-linked data breach claims 200+ victims, has ShinyHunters’ fingerprints all over it

LLM-generated malware is improving, but don't expect autonomous attacks tomorrow

Fired techie admits sabotaging ex-employer, causing $862K in damage

TP-Link accuses rival Netgear of 'smear campaign' over alleged China ties

VentureBeat

For AI to succeed in the SOC, CISOs need to remove legacy walls now

Human-centric IAM is failing: Agentic AI requires a new identity control plane

How Anthropic's AI was jailbroken to become a weapon

Forrester: Gen AI is a chaos agent, models are wrong 60% of the time

How Anthropic's Claude cuts SOC investigation time from 5 hours to 7 minutes

CrowdStrike & Nvidia's open source AI gives enterprises the edge against machine-speed attacks

Meet Aardvark, OpenAI’s security agent for code analysis and patching

TechCrunch

CrowdStrike fires ‘suspicious insider’ who passed information to hackers

Google says hackers stole data from 200 companies following Gainsight breach

Despite Chinese hacks, Trump’s FCC votes to scrap cybersecurity rules for phone and internet companies

Salesforce says some of its customers’ data was accessed after Gainsight breach

How the classic anime ‘Ghost in the Shell’ predicted the future of cybersecurity 30 years ago

US, UK, and Australia sanction Russian ‘bulletproof’ web host used in ransomware attacks

Security startup Guardio nabs $80M from ION Crossover Partners

DoorDash confirms data breach affecting users’ phone numbers and physical addresses

MCP AI agent security startup Runlayer launches with 8 unicorns, $11M from Khosla’s Keith Rabois and Felicis

Surveillance tech provider Protei was hacked, its data stolen, and its website defaced

Network World Security

FCC reversal removes federal cyber safeguards targeting telecom weaknesses post-Salt Typhoon attacks

Gluware tackles AI agent coordination with Titan platform

Ransomware gangs seize a new hostage: your AWS S3 buckets

Nvidia chips sold out? Cut back on AI plans, or look elsewhere

What are TPUs? Your guide to tensor processing units and AI acceleration

Cisco initiative targets device security

Cisco, IBM team to build large-scale quantum networks

Server memory prices could double by 2026 as AI demand strains supply

Cobalt 200: Microsoft’s next-gen Arm CPU targets lower TCO for cloud workloads

NetOps teams struggle with AI readiness

Help Net Security

Salesforce Gainsight compromise: Early findings and customer guidance

New Onapsis platform updates enhance visibility and protection across SAP landscapes

Research shows identity document checks are missing key signals

What insurers really look at in your identity controls

How one quick AI check can leak your company’s secrets

Convenience culture is breaking personal security

New infosec products of the week: November 21, 2025

Salesforce investigates new incident echoing Salesloft Drift compromise

Security gap in Perplexity’s Comet browser exposed users to system-level attacks

Oligo delivers runtime-native security for models and agents

InfoSecurity Magazine

Cybercriminals Exploit Browser Push Notifications to Deliver Malware

New Gainsight Supply Chain Hack Could Affect Salesforce Customers

UNC2891 Money Mule Network Reveals Full Scope of ATM Fraud Operation

CISA Issues New Guidance on Bulletproof Hosting Threat

Supply Chain Breaches Impact Almost All Firms Globally, BlueVoyant Reveals

Gartner: 40% of Firms to Be Hit By Shadow AI Security Incidents

UK, US and Australia Sanction Russian Bulletproof Hoster Media Land

Europol Operation Disrupts $55m in Cryptocurrency For Piracy

Eternidade Stealer Trojan Fuels Aggressive Brazil Cybercrime

PlushDaemon Hackers Unleash New Malware in China-Aligned Spy Campaigns

© 2025 RiskDiscovery | Sponsored by: Deception Logic