Risk Discovery

DarkReading

Mobile Applications: A Cesspool of Security Issues

How Organizations Can Leverage Cyber Insurance Effectively

Vehicles Face 45% More Attacks, 4 Times More Hackers

Phishing Kit Darcula Gets Lethal AI Upgrade

[Virtual Event] Anatomy of a Data Breach: And what to do if it happens to you

'SessionShark' ToolKit Evades Microsoft Office 365 MFA

Digital Twins Bring Simulated Security to the Real World

Max-Severity Commvault Bug Alarms Researchers

NFC-Powered Android Malware Enables Instant Cash-Outs

Gig-Work Platforms at Risk for Data Breaches, Fraud, Account Takeovers

Ars Technica

New study shows why simulated reasoning AI models don’t yet live up to their billing

FBI offers $10 million for information about Salt Typhoon members

In the age of AI, we must protect human creativity as a natural resource

New Android spyware is targeting Russian military personnel on the front lines

Annoyed ChatGPT users complain about bot’s relentlessly positive tone

Company apologizes after AI support agent invents policy that causes user uproar

OpenAI releases new simulated reasoning models with full tool access

Researchers claim breakthrough in fight against AI’s frustrating security hole

4chan has been down since Monday night after “pretty comprehensive own”

OpenAI continues naming chaos despite CEO acknowledging the habit

CyberScoop

House bill seeks better tech to combat financial fraud scams against elderly

SAP zero-day vulnerability under widespread active exploitation

CISA gets new No. 2: Madhu Gottumukkala

VulnCheck spotted 159 actively exploited vulnerabilities in first few months of 2025

AI speeds up analysis work for humans, two federal cyber officials say

Judge tosses citizenship provisions in Trump elections order

Attackers hit security device defects hard in 2024

10 key numbers from the 2024 FBI IC3 report

AI can help defenders stop nation-state threat actors at machine speed

Verizon discovers spike in ransomware and exploited vulnerabilities

HITBSecNews

Found on VirusTotal: The world’s first UEFI bootkit for Linux

OpenAI is at war with its own Sora video testers following brief public leak

North Korean hackers posing as IT workers steal over $1B in cyberattack

WhatsApp: NSO Group Operates Pegasus Spyware for Customers

Korea extradites Russian, Vietnamese suspects linked to $16M ransomware scheme

CISA Director Jen Easterly, in Place Since 2021, to Step Down

Man sick of crashes sues Intel for allegedly hiding CPU defects

North Korean hackers target cryptocurrency with malware

Law enforcement operation takes down 22,000 malicious IP addresses worldwide

Youth of today say passwords are old news, passkeys are the future

SecurityWeek

ZDNet

If we want a passwordless future, let's get our passkey story straight

Is your Roku TV spying on you? Probably, but here's how to put an end to it

Why the road from passwords to passkeys is long, bumpy, and worth it - probably

The best VPNs for streaming in 2025: Expert tested and reviewed

8 simple ways Mac users can better protect their privacy

The 4 VPNs I swear by for Linux - and why I trust them

Best antivirus for Mac in 2025: I tested your top software options

Biometrics vs. passcodes: What lawyers say if you're worried about warrantless phone searches

Tired of unsolicited nude pics? Google's new safety feature can help - how it works

New Google email scams are alarmingly convincing - how to spot them

The Hacker News

Storm-1977 Hits Education Clouds with AzureChecker, Deploys 200+ Crypto Mining Containers

ToyMaker Uses LAGTOY to Sell Access to CACTUS Ransomware Gangs for Double Extortion

North Korean Hackers Spread Malware via Fake Crypto Firms and Job Interview Lures

New Critical SAP NetWeaver Flaw Exploited to Drop Web Shell, Brute Ratel Framework

Why NHIs Are Security's Most Dangerous Blind Spot

Researchers Identify Rack::Static Vulnerability Enabling Data Breaches in Ruby Servers

DslogdRAT Malware Deployed via Ivanti ICS Zero-Day CVE-2025-0282 in Japan Attacks

Lazarus Hits 6 South Korean Firms via Cross EX, Innorix Flaws and ThreatNeedle Malware

Linux io_uring PoC Rootkit Bypasses System Call-Based Threat Detection Tools

Automating Zero Trust in Healthcare: From Risk Scoring to Dynamic Policy Enforcement Without Network Redesign

BleepingComputer

Coinbase fixes 2FA log error making people think they were hacked

Brave's Cookiecrumbler tool taps community to help block cookie notices

DragonForce expands ransomware model with white-label branding scheme

WooCommerce admins targeted by fake security patches that hijack sites

Windows 11's Recall AI is now rolling out on Copilot+ PCs

Windows 11 KB5055627 update released with 30 new changes, fixes

Craft CMS RCE exploit chain used in zero-day attacks to steal data

Marks & Spencer pauses online orders after cyberattack

Mobile provider MTN says cyberattack compromised customer data

Windows "inetpub" security fix can be abused to block future updates

Cybersecurity Dive

Critical vulnerability in SAP NetWeaver under threat of active exploitation

CISA gets a deputy director as it braces for major layoffs

CISOs band together to urge world governments to harmonize cyber rules

Threat groups exploit resurgent vulnerabilities

BEC scams, investment fraud accounted for biggest cybercrime losses in 2024

AI impact on data breach outcomes remains ‘limited’: Verizon

State Department reorganization could imperil cyber diplomacy

Financial gain still drives majority of cyber threat activity

Banks gear up to boost cybersecurity, cloud and data spending

CISA’s Secure by Design initiative in limbo after key leaders resign

Threatpost

Student Loan Breach Exposes 2.5M Records

Watering Hole Attacks Push ScanBox Keylogger

Tentacles of ‘0ktapus’ Threat Group Victimize 130 Firms

Ransomware Attacks are on the Rise

Cybercriminals Are Selling Access to Chinese Surveillance Cameras

Twitter Whistleblower Complaint: The TL;DR Version

Firewall Bug Under Active Attack Triggers CISA Warning

Fake Reservation Links Prey on Weary Travelers

iPhone Users Urged to Update to Patch 2 Zero-Days

Google Patches Chrome’s Fifth Zero-Day of the Year

CISA News

CISA, DHS S&T, INL, LSU Help Energy Industry Partners Strengthen Incident Response and OT Cybersecurity

Statement from Matt Hartman on the CVE Program

CISA Statement on CVE Program

CISA and Partners Issue Fast Flux Cybersecurity Advisory

CISA Probationary Reinstatements

Statement on CISA's Red Team

CISA Calls For Action to Close the Software Understanding Gap

CISA Publishes Microsoft Expanded Cloud Log Implementation Playbook

CISA, JCDC, Government and Industry Partners Publish AI Cybersecurity Collaboration Playbook

CISA Releases New Sector Specific Goals for IT and Product Design

The Register

Samsung admits Galaxy devices can leak passwords through clipboard wormhole

Signalgate lessons learned: If creating a culture of security is the goal, America is screwed

Amid CVE funding fumble, 'we were mushrooms, kept in the dark,' says board member

More Ivanti attacks may be on horizon, say experts who are seeing 9x surge in endpoint scans

Oh, cool. Microsoft melts bug that froze Server 2025 Remote Desktop sessions

M&S stops online orders as 'cyber incident' issues worsen

Emergency patch for potential SAP zero-day that could grant full system control

Claims assistance firm fined for cold-calling people who put themselves on opt-out list

Darcula adds AI to its DIY phishing kits to help would-be vampires bleed victims dry

SSNs and more on 5.5M+ patients feared stolen from Yale Health

VentureBeat

Is that really your boss calling? Jericho Security raises $15M to stop deepfake fraud that’s cost businesses $200M in 2025 alone

Zencoder buys Machinet to challenge GitHub Copilot as AI coding assistant consolidation accelerates

Amazon’s SWE-PolyBench just exposed the dirty secret about your AI coding assistant

From friction to flow: Why Swissport scrapped its VPN maze for Cato’s SASE platform

Microsoft just launched powerful AI ‘agents’ that could completely transform your workday — and challenge Google’s workplace dominance

Relyance AI builds ‘x-ray vision’ for company data: Cuts AI compliance time by 80% while solving trust crisis

VentureBeat spins out GamesBeat, accelerates enterprise AI mission

Identity as the new perimeter: NOV’s approach to stopping the 79% of attacks that are malware-free

Google’s Gemini 2.5 Flash introduces ‘thinking budgets’ that cut AI costs by 600% when turned down

OpenAI launches o3 and o4-mini, AI models that ‘think with images’ and use tools autonomously

TechCrunch

4chan is back online, says it’s been ‘starved of money’

Government officials are kind of bad at the internet

The TechCrunch Cyber Glossary

Data breach at Connecticut’s Yale New Haven Health affects over 5 million

Speak at TechCrunch Disrupt 2025: Applications now open

Blue Shield of California shared the private health data of millions with Google for years

Endor Labs, which builds tools to scan AI-generated code for vulnerabilities, lands $93M

Cynomi cinches $37M for its AI-based ‘virtual CISO’ for SMB cybersecurity

Tech resilience, breakout startups, and banking reinvented: The big conversations at StrictlyVC London in May

Marks & Spencer confirms cybersecurity incident amid ongoing disruption

Network World Security

Proof-of-concept bypass shows weakness in Linux security tools, claims Israeli vendor

Lenovo targets AI workloads with massive storage update

AI plus digital twins could be the pairing enterprises need

TCS launches SovereignSecure Cloud aligned with India’s data localization needs

As clock ticks, vendors slowly patch critical flaw in AMI MegaRAC BMC firmware

Asia-Pacific hits 50% IPv6 capability

Slowdown in AWS data center leasing plans poses little threat to CIOs

TSMC targets AI acceleration with A14 process and ‘System on Wafer-X’

Your old servers may now be worth mining for rare earth elements

Cloudbrink pushes SASE boundaries with 300 Gbps data center throughput

Help Net Security

GoSearch: Open-source OSINT tool for uncovering digital footprints

Ransomware attacks are getting smarter, harder to stop

Most critical vulnerabilities aren’t worth your attention

Week in review: MITRE ATT&CK v17.0 released, PoC for Erlang/OTP SSH bug is public

Rack Ruby vulnerability could reveal secrets to attackers (CVE-2025-27610)

Detectify Asset Classification and Scan Recommendations improves vulnerability testing

Rubrik Identity Resilience protects vulnerable authentication infrastructure

BreachLock AEV simulates real attacks to validate and prioritize exposures

Dashlane introduces Omnix for AI-powered credential protection

LastPass Secure Access Experiences simplifies access management

SC Magazine

BSides SF: Using AI to spot shadow patches in open-source software

Microsoft Office 365 MFA targeted by ‘SessionShark’ phishing kit

Beating the AI Game, Ripple, Numerology, Darcula, Special Guests from Hidden Layer... - Malcolm Harkins, Kasimir Schulz - SWN #471

SAP patches zero day rated 10.0 in NetWeaver

Identity and Access Management to steal the spotlight at RSAC 2025

Navigating the 8D city: Why multi-dimensional network security is no longer optional

Consolidated global cyber regulations sought by CISO coalition

South Korea: Unauthorized user data transfer conducted by DeepSeek

Actively exploited CVEs rise in Q1, report finds

Significant reduction in March ransomware incidence a potential ruse

InfoSecurity Magazine

Law Enforcement Crackdowns Drive Novel Ransomware Affiliate Schemes

SAP Fixes Critical Vulnerability After Evidence of Exploitation

M&S Shuts Down Online Orders Amid Ongoing Cyber Incident

Security Experts Flag Chrome Extension Using AI Engine to Act Without User Input

US Data Breach Lawsuits Total $155M Amid Cybersecurity Failures

Popular LLMs Found to Produce Vulnerable Code by Default

ELENOR-corp Ransomware Targets Healthcare Sector

Blue Shield of California Data Breach Affects 4.7 Million Members

Highest-Risk Security Flaw Found in Commvault Backup Solutions

Verizon DBIR: Small Businesses Bearing the Brunt of Ransomware Attacks

© 2024 RiskDiscovery | Sponsored by: Deception Logic