Risk Discovery

DarkReading

Digital Fraud at Industrial Scale: 2025 Wasn't Great

'Dark LLMs' Aid Petty Criminals, But Underwhelm Technically

Prompt Injections Loom Large Over ChatGPT's Atlas Browser

How Malware Authors Are Incorporating LLMs to Evade Detection

Enterprises Aren't Confident They Can Secure Non-Human Identities (NHIs)

Iran Exploits Cyber Domain to Aid Kinetic Strikes

Advanced Security Isn't Stopping Ancient Phishing Tactics

Cheap Hardware Module Bypasses AMD, Intel Memory Encryption

DPRK's FlexibleFerret Tightens macOS Grip

With Friends Like These: China Spies on Russian IT Orgs

Ars Technica

HP plans to save millions by laying off thousands, ramping up AI use

Crypto hoarders dump tokens as shares tumble

UK government will buy tech to boost AI sector in $130M growth push

Oops. Cryptographers cancel election results after losing decryption key.

How to know if your Asus router is one of thousands hacked by China-state hackers

Google tells employees it must double capacity every 6 months to meet AI demand

HP and Dell disable HEVC support built into their laptops’ CPUs

Massive Cloudflare outage was triggered by file that suddenly doubled in size

Critics scoff after Microsoft warns AI feature can infect machines and pilfer data

Tech giants pour billions into Anthropic as circular AI investments roll on

CyberScoop

Crisis24 shuts down emergency notification system in wake of ransomware attack

Congress calls on Anthropic CEO to testify on Chinese Claude espionage campaign

New legislation targets scammers that use AI to deceive

‘Stranger Things’ emerge when OT security is stuck in the past

Gainsight CEO downplays impact of attack that spread to Salesforce environments

Underground AI models promise to be hackers ‘cyber pentesting waifu’

Shai-Hulud worm returns stronger and more automated than ever before

New research finds that Claude breaks bad if you teach it to cheat

CISA alert draws attention to spyware’s targeting of messaging apps

This campaign aims to tackle persistent security myths in favor of better advice

HITBSecNews

Found on VirusTotal: The world’s first UEFI bootkit for Linux

OpenAI is at war with its own Sora video testers following brief public leak

North Korean hackers posing as IT workers steal over $1B in cyberattack

WhatsApp: NSO Group Operates Pegasus Spyware for Customers

Korea extradites Russian, Vietnamese suspects linked to $16M ransomware scheme

CISA Director Jen Easterly, in Place Since 2021, to Step Down

Man sick of crashes sues Intel for allegedly hiding CPU defects

North Korean hackers target cryptocurrency with malware

Law enforcement operation takes down 22,000 malicious IP addresses worldwide

Youth of today say passwords are old news, passkeys are the future

ZDNet

How much RAM does your PC actually need in 2025? A Windows and Mac expert weighs in

Best Cyber Monday Apple deals 2025: I'm tracking the best discounts on iPhones, iPads, and more

We found 100+ Cyber Monday deals up to 75% off: Shop Amazon, Best Buy, and more now

I found the 20 best Cyber Monday PS5 deals already available - catch them before the sale ends

I'm binging Cyber Monday streaming deals live as low as $3 on Peacock, Hulu, & HBO

These sleep earbuds drowned out noise to get me to bed

Amazon's best 2025 Cyber Monday deals are live: Shop my top sales on Apple, Oura, and Bose

These sleep earbuds keep bedtime distractions at bay - and they're on sale

I wore a smartwatch with a classy design - and can't go back to my Apple Watch

Shop these still live best AirPods deals for Cyber Monday 2025 - including the AirPods Pro 3

The Hacker News

CISA Adds Actively Exploited XSS Bug CVE-2021-26829 in OpenPLC ScadaBR to KEV

Legacy Python Bootstrap Scripts Create Domain-Takeover Risk in Multiple PyPI Packages

North Korean Hackers Deploy 197 npm Packages to Spread Updated OtterCookie Malware

Why Organizations Are Turning to RPAM

MS Teams Guest Access Can Remove Defender Protection When Users Join External Tenants

Bloody Wolf Expands Java-based NetSupport RAT Attacks in Kyrgyzstan and Uzbekistan

Microsoft to Block Unauthorized Scripts in Entra ID Logins with 2026 CSP Update

Webinar: Learn to Spot Risks and Patch Safely with Community-Maintained Tools

ThreatsDay Bulletin: AI Malware, Voice Bot Flaws, Crypto Laundering, IoT Attacks — and 20 More Stories

Gainsight Expands Impacted Customer List Following Salesforce Security Alert

BleepingComputer

Japanese beer giant Asahi says data breach hit 1.5 million people

Leak confirms OpenAI is preparing ads on ChatGPT for public roll out

Man behind in-flight Evil Twin WiFi attacks gets 7 years in prison

Microsoft: Windows updates make password login option invisible

Public GitLab repositories exposed more than 17,000 secrets

French Football Federation discloses data breach after cyberattack

Malicious LLMs empower inexperienced hackers with advanced tools

GreyNoise launches free scanner to check if you're part of a botnet

OpenAI discloses API customer data breach via Mixpanel vendor hack

New ShadowV2 botnet malware used AWS outage as a test opportunity

Cybersecurity Dive

Thanksgiving holiday weekend kicks off heightened threat environment for security teams

Gainsight CEO promises transparency as it responds to compromise of Salesforce integration

Microsoft tightens cloud login process to prevent common attack

CISA urges mobile security as it warns of sophisticated spyware attacks

Russia-aligned hackers target US company in attack linked to Ukraine war effort

Hackers steal sensitive data from major banking industry vendor

Gainsight says additional applications put on hold after Salesforce customers breached

Startup firm called Factory disrupts campaign designed to hijack development platform

SEC drops civil fraud case against SolarWinds

Salesforce investigating campaign targeting customer environments connected to Gainsight app

Threatpost

Student Loan Breach Exposes 2.5M Records

Watering Hole Attacks Push ScanBox Keylogger

Tentacles of ‘0ktapus’ Threat Group Victimize 130 Firms

Ransomware Attacks are on the Rise

Cybercriminals Are Selling Access to Chinese Surveillance Cameras

Twitter Whistleblower Complaint: The TL;DR Version

Firewall Bug Under Active Attack Triggers CISA Warning

Fake Reservation Links Prey on Weary Travelers

iPhone Users Urged to Update to Patch 2 Zero-Days

Google Patches Chrome’s Fifth Zero-Day of the Year

The Register

PostHog admits Shai-Hulud 2.0 was its biggest ever security bungle

Brit telco Brsk confirms breach as bidding begins for 230K+ customer records

GrapheneOS bails on OVHcloud over France's privacy stance

TryHackMe races to add women to Christmas cyber challenge roster after backlash

OBR drags in cyber bigwig after Budget leak blunder

UK digital ID plan gets a price tag at last – £1.8B

Korean web giant Naver acquired crypto exchange Upbit, which reported a $30m heist a day later

Zendesk users targeted as Scattered Lapsus$ Hunters spin up fake support sites

OpenAI cuts off Mixpanel after analytics leak exposes API users

FCC sounds alarm after emergency tones turned into potty-mouthed radio takeover

VentureBeat

Prompt Security's Itamar Golan on why generative AI security requires building a category, not a feature

DeepSeek injects 50% more security bugs when prompted with Chinese political triggers

For AI to succeed in the SOC, CISOs need to remove legacy walls now

Human-centric IAM is failing: Agentic AI requires a new identity control plane

How Anthropic's AI was jailbroken to become a weapon

Forrester: Gen AI is a chaos agent, models are wrong 60% of the time

How Anthropic's Claude cuts SOC investigation time from 5 hours to 7 minutes

TechCrunch

Multiple London councils report disruption amid ongoing cyberattack

Bug in jury systems used by several US states exposed sensitive personal data

DOGE days are over as Trump disbands Elon Musk’s team of federal cost-cutters

US banks scramble to assess data theft after hackers breach financial tech firm

CrowdStrike fires ‘suspicious insider’ who passed information to hackers

Google says hackers stole data from 200 companies following Gainsight breach

Despite Chinese hacks, Trump’s FCC votes to scrap cybersecurity rules for phone and internet companies

Salesforce says some of its customers’ data was accessed after Gainsight breach

How the classic anime ‘Ghost in the Shell’ predicted the future of cybersecurity 30 years ago

US, UK, and Australia sanction Russian ‘bulletproof’ web host used in ransomware attacks

Network World Security

Spotlight: Making the most of multicloud

AWS adds a DNS resiliency feature to make its US East region resilient to outages

El Capitan extends its supercomputer lead; top 10 lineup unchanged

Network jobs watch: Hiring, skills and certification trends

HP to slash up to 6,000 jobs as component costs and AI reshape operations

Microsoft loses two senior AI infrastructure leaders as data center pressures mount

What is Edge AI? When the cloud isn’t close enough

Networks, AI, and metaversing

2025 global network outage report and internet health check

Fluent Bit vulnerabilities could enable full cloud takeover

Help Net Security

Week in review: Fake “Windows Update” fuels malware, Salesforce details Gainsight breach

Social data puts user passwords at risk in unexpected ways

New observational auditing framework takes aim at machine learning privacy leaks

Why password management defines PCI DSS success

Fragmented tooling slows vulnerability management

Infosec products of the month: November 2025

Detego DFIR Platform centralizes evidence, workflows, and real-time case insights

Clover raises $36 million to scale product security through AI-native design

Hottest cybersecurity open-source tools of the month: November 2025

Your critical infrastructure is running out of time

InfoSecurity Magazine

Threat Actors Exploit Calendar Subscriptions for Phishing and Malware Delivery

Three Black Friday Scams to Watch Out For This Year

French Football Federation Suffers Data Breach

FCC Warns of Hackers Hijacking Radio Equipment For False Alerts

Bloody Wolf Threat Actor Expands Activity Across Central Asia

Asahi Confirms 1.5 Million Customers Affected in Major Cyber-Attack

OpenAI Warns of Mixpanel Data Breach Impacting API Users

Fraud Fears But No Breach Spike Expected This Festive Season

Scattered Lapsus$ Hunters Take Aim At Zendesk Users

Key Provisions of the UK Cyber Resilience Bill Revealed

© 2025 RiskDiscovery | Sponsored by: Deception Logic