[ News | Newsletters | Blogs | Lists | Media | Jobs ] HoneyDB
DarkReading
[Virtual Event] Anatomy of a Data Breach: What to Do if it Happens to You
Infosecurity Europe
Akamai Joins Growing Chorus of Vendors Betting Big on Secure Enterprise Browsers
Verizon DBIR: Healthcare Fends Off Increased Social Engineering Attacks
China's Webworm Uses Discord, Microsoft Graphs to Hack EU Governments
Google API Keys Remain Active After Deletion
AI Agents Are Shifting Identity Security Budget Dynamics
Chinese APTs Share Linux Backdoor in Central Asia Telco Attacks
Content Delivery Exploit Opens Websites to Brand Hijacking
Cyber Pros Can't Decide If AI Is a Good or a Bad Thing
Ars Technica
A hacker group is poisoning open source code at an unprecedented scale
US government takes $2 billion equity stake in nine quantum computing firms
Google publishes exploit code threatening millions of Chromium users
In stunning display of stupid, secret CISA credentials found in public GitHub repo
Zero-day exploit completely defeats default Windows 11 BitLocker protections
Cisco announces record revenue and 4,000 layoffs in the same day
Linux bitten by second severe vulnerability in as many weeks
Chaos erupts as cyberattack disrupts learning platform Canvas amid finals
Mozilla says 271 vulnerabilities found by Mythos have "almost no false positives"
Ars Asks: Share your shell and show us your tricked-out terminals!
CyberScoop
Alleged leader of Kimwolf, a sweeping botnet for cybercriminals, arrested in Canada
Lawmakers from both parties say CISA cuts have gone too far
Trump postpones executive order focused on AI security 
CISA chief frets about open-source vulnerabilities, delayed security improvements
European authorities take down prolific cybercrime VPN service
The readiness paradox: Why a false sense of cyber confidence is becoming a liability
Meet Rampart and Clarity, Microsoft’s new red team combo AI agents
GitHub says internal repositories were impacted in poisoned VS Code extension attack
CISA credential leak raises alarms, and Capitol Hill demands answers
Attackers hit vulnerabilities hard last year, making exploits the top entry point for breaches
InfoSecurity Magazine
Fake Gemini and Claude Code Sites Spread Infostealers Through SEO Poisoning
Apple Blocked $2.2bn in App Store Fraud in the Last Year
Cybercriminal VPN Dismantled in Europol Crackdown
GitHub Breach Traced to Malicious 'Nx Console' VS Code Extension
Three-Quarters of Firms Knowingly Ship Vulnerable Code
Nine-Year-Old Linux Kernel Flaw Leaks SSH Keys and Password Hashes
Grafana Labs Says Code Breach Stemmed from TanStack Attack
Android Malware Campaign Used Hundreds of Fake Apps to Silently Charge Users
Mini Shai-Hulud Hits Hundreds of npm Packages in AntV Ecosystem
China-Linked Webworm APT Evolves Tactics, Expands to European Targets
SecurityWeek
Drupal Vulnerability in Hacker Crosshairs Shortly After Disclosure
In Other News: Industrial Router Exploitation, CISA KEV Nomination Form, Gas Station Hacking
Canadian Man Arrested for Operating Kimwolf Botnet
‘First VPN’ Cybercrime Service Disrupted, Administrator Arrested
TrendAI Patches Apex One Zero-Day Exploited in the Wild
Grafana Says Codebase and Other Data Stolen via TanStack Supply Chain Attack
Cisco Patches Critical Vulnerability in Secure Workload
Ocean Emerges From Stealth With $28M for Agentic Email Security Platform
Apple Rejected 2 Million App Store Submissions in 2025 for Security and Fraud Prevention
Drupal Patches Highly Critical Vulnerability Exposing Websites to Hacking
ZDNet
Yes, you need a smart bird feeder in your life - and this one's on sale for Memorial Day
These are my favorite gadgets to add ambiance to your home, and they're all on sale
5 iPad accessories I'll never regret buying (including a $35 Apple Pencil alternative)
AT&T will give you the new Razr+ flip phone for under $5 a month - no trade-in required
Hundreds of readers preordered the Fitbit Air with this deal - here's why
Amazon just slashed the price of Meta Ray-Ban smart glasses - up to 25% off
7 WFH gadgets that are huge quality of life improvements
This Costco deal cuts the price of membership to $45 - here's how to get it
Lowe's just dropped its Memorial Day deals - I found the best ones
Thinking about plug-in solar? It may be coming to your state soon
The Hacker News
First VPN Dismantled in Global Takedown Over Use by 25 Ransomware Groups
Ghostwriter Targets Ukraine Government Entities with Prometheus Phishing Malware
Megalodon GitHub Attack Targets 5,561 Repos with Malicious CI/CD Workflows
Making Vulnerable Drivers Exploitable Without Hardware - The BYOVD Perspective
Kimwolf DDoS Botnet Operator Arrested in Canada Over DDoS-for-Hire Attacks
CISA Adds Exploited Langflow and Trend Micro Apex One Vulnerabilities to KEV
Cisco Patches CVSS 10.0 Secure Workload REST API Flaw Enabling Data Access
Showboat Linux Malware Hits Middle East Telecom with SOCKS5 Proxy Backdoor
ThreatsDay Bulletin: Linux Rootkits, Router 0-Day, AI Intrusions, Scam Kits and 25 New Stories
Microsoft Warns of Two Actively Exploited Defender Vulnerabilities
BleepingComputer
Netherlands seizes 800 servers of hosting firm enabling cyberattacks
Former US execs plead guilty to aiding tech support scammers
Trend Micro warns of Apex One zero-day exploited in the wild
Drupal: Critical SQL injection flaw now targeted in attacks
Why Chargebacks are Just One Piece of the Fraud Puzzle
Ubiquiti patches three max severity UniFi OS vulnerabilities
US and Canada arrest and charge suspected Kimwolf botnet admin
Google accidentally exposed details of unfixed Chromium flaw
Apple blocked over $11 billion in App Store fraud in 6 years
Inside a Crypto Drainer: How to Spot it Before it Empties Your Wallet
gbhackers
Hackers Exploit Middle East Telecoms for Massive C2 Operations
Google’s Exploit Code Release Raises Concern Over Unfixed Chromium Security Bug
World Cup Phishing Surge: 203 Malicious IPs Detected
Russian Hackers Exploit RDP, VPNs, Supply Chains for Initial Access
CISA Adds Langflow Origin Validation Flaw to Known Exploited Vulnerabilities Catalog
Popular npm Package “art-template” Backdoored in Watering-Hole Attack
Hackers Use Six-Layer Persistence on FreePBX Systems
CISA Issues Alert on Exploited Microsoft Defender Zero-Day Vulnerabilities
Hackers Weaponize NF-e Invoice Lures to Deploy Banana RAT
Android Malware Secretly Signs Users Up for Premium Services
Cybersecurity Dive
Iran-linked hackers target key US, allied sectors with sophisticated spear-phishing messages
New York regulator calls for additional cyber mitigation amid heightened threat environment
CISA asks cybersecurity community to alert it to vulnerability exploitation
Grafana Labs links GitHub environment breach to TanStack npm supply chain attack
7-Eleven hit by data breach
Microsoft disrupts cybercrime operation that hid behind legitimate software
Compromised coding tool helped hackers breach thousands of GitHub repositories
Telecom sector launches its own private ISAC
Patch bypass allows hackers to exploit prior flaw in SonicWall SSL-VPN
Grafana Labs says hacker gained access to codebase through leaked token
Threatpost
Student Loan Breach Exposes 2.5M Records
Watering Hole Attacks Push ScanBox Keylogger
Tentacles of ‘0ktapus’ Threat Group Victimize 130 Firms
Ransomware Attacks are on the Rise
Cybercriminals Are Selling Access to Chinese Surveillance Cameras
Twitter Whistleblower Complaint: The TL;DR Version
Firewall Bug Under Active Attack Triggers CISA Warning
Fake Reservation Links Prey on Weary Travelers
iPhone Users Urged to Update to Patch 2 Zero-Days
Google Patches Chrome’s Fifth Zero-Day of the Year
The Register
Megalodon chums the waters in 5.5K+ GitHub repo poisonings
Techie claims Trump Mobile website was leaking thousands of people's data
Cisco used AI to write security incident reports, with mixed results
Dems slam Trump for making cybersecurity hold out the tin cup while splurging on ballroom and Jan. 6 'slush fund'
Threat hunters find Google API keys still usable 23 minutes after deletion
HackerOne takes an axe to its bug bounty rewards
Attackers spill plaintext passwords of 46k Myspace93 users after 2021 breach
Cisco serves up yet another perfect 10 bug with Secure Workload admin flaw
Microsoft storms RAMPART, adds Clarity to agentic AI safety
Zombie user account let hackers control the city’s water
VentureBeat
MFA verifies who logged in. It has no idea what they do next.
Americans can’t spot a deepfake, and that’s a business crisis, not just a consumer problem
GitHub confirms 3,800 internal repos stolen through poisoned VS Code extension as supply chain worm hits Microsoft’s Python SDK
Four AI supply-chain attacks in 50 days exposed the release pipeline red teams aren't covering
Agent authorization is broken — and authentication passing makes it worse
Protect your enterprise now from the Shai-Hulud worm and npm vulnerability in 6 actionable steps
Running Claude Code or Claude in Chrome? Here's the audit matrix for every blind spot your security stack misses
TechCrunch
Kash Patel’s clothing brand website shut down after reports it was hacked
Trump Mobile confirms it exposed customers’ personal data, including phone numbers and home addresses
Law enforcement shuts down VPN service used by two dozen ransomware gangs
Scammers are abusing an internal Microsoft account to send spam links
Customers say Trump Mobile is leaking their personal information
GitHub says hackers stole data from thousands of internal repositories
Discord enables end-to-end encrypted voice and video calling for every user
From teen hacker to Iron Dome researcher, this founder raised $28M to fight AI phishing
Hackers have compromised dozens of popular open source packages in an ongoing supply-chain attack
US cyber agency CISA exposed reams of passwords and cloud keys to the open web
Network World Security
IBM plans $2B quantum chip foundry; government will pay half
Cisco: AI traffic is radically reshaping WANs
xAI-Anthropic deal signals the rise of AI compute as a standalone business
Critical vulnerability in Cisco Secure Workload rated at maximum severity
Cisco’s new certs are a wake-up call for AI-era network engineers
Microsoft plans significant update to Windows Secure Boot
Forward launches Predict to take the guesswork out of network changes
Network jobs watch: Hiring, skills and certification trends
Nvidia: Latest news and insights
Riverbed expands autonomous AI capabilities for Aternity platform
Help Net Security
$20 per zero-day is already the WordPress plugin reality
Deleted Google API keys keep working for up to 23 minutes, researchers warn
Kore.ai unveils AI-native platform for enterprise multiagent systems
Suspected KimWolf botnet admin arrested over DDoS-for-hire operation
Versa extends zero trust principles to AI agents and MCP workflows
GitLab 19.0 adds AI workflows, secrets management, and self-hosted model support
Proton Pass adds monitored credential sharing for AI agents
Keepnet contributes voice and SMS phishing data to the 2026 Verizon DBIR
CISA’s new KEV nomination form opens reporting to vendors and researchers
Microsoft 365 users targeted by new phishing threat that bypasses MFA
SC Magazine
Facebook scam targets users over 40 with fake Aldi meat box offers
State officials urge Congress to reauthorize cybersecurity grant program
7 identity security best practice for the Agentic AI era
Trapdoor ad fraud campaign used hundreds of Android apps
‘Underminr’ exploitation poses similar risks to domain fronting, researchers say
Wahlap data leak exposes 18.9 million records from WeChat mini-program ecosystem
Deleted Google API keys remain active for up to 23 minutes, study finds
New Linux malware 'Showboat' targets Middle East telecom provider
'First VPN' service used by cybercriminals dismantled in international operation
Nvidia releases driver updates to fix 14 critical vulnerabilities
© 2026 RiskDiscovery | Sponsored by: Deception Logic