Risk Discovery

DarkReading

GISEC GLOBAL 2026 – The Middle East & Africa’s Largest Cybersecurity Event

Feds: Pro-Russia Hactivists Target US Critical Infrastructure

Japanese Firms Suffer Long Tail of Ransomware Damage

Microsoft Fixes Exploited Zero Day in Light Patch Tuesday

Packer-as-a-Service Shanya Hides Ransomware, Kills EDR

Analysts Warn of Cybersecurity Risks in Humanoid Robots

Gemini Enterprise No-Click Flaw Exposes Sensitive Data

Apache Issues Max-Severity Tika CVE After Patch Miss

Exploitation Activity Ramps Up Against React2Shell

US Treasury Tracks $4.5B in Ransom Payments since 2013

Ars Technica

Operation Bluebird wants to relaunch “Twitter,” says Musk abandoned the name and logo

Meta offers EU users ad-light option in push to end investigation

In comedy of errors, men accused of wiping gov databases turned to an AI tool

Admins and defenders gird themselves against maximum-severity server vuln

Microsoft drops AI sales targets in half after salespeople miss their quotas

Fraudulent gambling network may actually be something more nefarious

OpenAI CEO declares “code red” as Gemini gains 200 million users in 3 months

Syntax hacking: Researchers discover sentence structure can bypass AI safety rules

HP plans to save millions by laying off thousands, ramping up AI use

Crypto hoarders dump tokens as shares tumble

CyberScoop

US charges hacker tied to Russian groups that targeted water systems and meat plants

The 10 key reforms that can close America’s cybersecurity gaps

Organizations can now buy cyber insurance that covers deepfakes

Microsoft’s last Patch Tuesday of 2025 addresses 57 defects, including one zero-day

Officials offer $10M reward for information on IRGC-linked leader and close associate

Is ransomware finally on the decline? Treasury data offers cautious hope

UK cyber agency warns LLMs will always be vulnerable to prompt injection

Defense bill addresses secure phones, AI training, cyber troop mental health

Attackers hit React defect as researchers quibble over proof

More evidence your AI agents can be turned against you

HITBSecNews

Found on VirusTotal: The world’s first UEFI bootkit for Linux

OpenAI is at war with its own Sora video testers following brief public leak

North Korean hackers posing as IT workers steal over $1B in cyberattack

WhatsApp: NSO Group Operates Pegasus Spyware for Customers

Korea extradites Russian, Vietnamese suspects linked to $16M ransomware scheme

CISA Director Jen Easterly, in Place Since 2021, to Step Down

Man sick of crashes sues Intel for allegedly hiding CPU defects

North Korean hackers target cryptocurrency with malware

Law enforcement operation takes down 22,000 malicious IP addresses worldwide

Youth of today say passwords are old news, passkeys are the future

ZDNet

This anti-theft tech bag stopped a pickpocketer in real time - how it works

How to clear your Android phone cache (and wipe out lag for good)

How to upgrade your 'incompatible' Windows 10 PC to Windows 11 now - for free

Zorin OS vs. AnduinOS: How to pick the right Windows-like Linux distro for you

8 most Windows-like Linux distros - if you're ready to ditch Microsoft

I asked ChatGPT to gently roast me based on my year in queries - and it was uncanny

Sick of AI in your search results? Try these 8 Google alternatives

This Alexa+ update can track deals and buy for you when the price drops - here's how

Finally, a Bluetooth speaker that brings the funk and chill (without breaking the bank)

Your Google Photos just got 4 huge video editing upgrades - what's new

The Hacker News

Three PCIe Encryption Weaknesses Expose PCIe 5.0+ Systems to Faulty Data Handling

Warning: WinRAR Vulnerability CVE-2025-6218 Under Active Attack by Multiple Threat Groups

Webinar: How Attackers Exploit Cloud Misconfigurations Across AWS, AI Models, and Kubernetes

Microsoft Issues Security Fixes for 56 Flaws, Including Active Exploit and Two Zero-Days

Fortinet, Ivanti, and SAP Issue Urgent Patches for Authentication and Code Execution Flaws

North Korea-linked Actors Exploit React2Shell to Deploy New EtherRAT Malware

Four Threat Clusters Using CastleLoader as GrayBravo Expands Its Malware Service Infrastructure

Storm-0249 Escalates Ransomware Attacks with ClickFix, Fileless PowerShell, and DLL Sideloading

How to Streamline Zero Trust Using the Shared Signals Framework

Google Adds Layered Defenses to Chrome to Block Indirect Prompt Injection Threats

BleepingComputer

Why a secure software development life cycle is critical for manufacturers

New Spiderman phishing service targets dozens of European banks

Ukrainian hacker charged with helping Russian hacktivist groups

SAP fixes three critical vulnerabilities across multiple products

Windows PowerShell now warns when running Invoke-WebRequest scripts

Microsoft releases Windows 10 KB5071546 extended security update

Microsoft December 2025 Patch Tuesday fixes 3 zero-days, 57 flaws

Fortinet warns of critical FortiCloud SSO login auth bypass flaws

Windows 11 KB5072033 & KB5071417 cumulative updates released

Ivanti warns of critical Endpoint Manager code execution flaw

Cybersecurity Dive

Majority of global firms plan to boost cyber spending in 2026

Initial access brokers involved in more attacks, including on critical infrastructure

Ransomware peaked in 2023 prior to law enforcement actions

Major drug research company confirms cyberattack compromised employee and partner data

State-linked groups target critical vulnerability in React Server Components

China-nexus actor targets multiple US entities with Brickstorm malware

US, allies urge critical infrastructure operators to carefully plan and oversee AI use

Lawmakers question White House on strategy for countering AI-fueled hacks

Critical vulnerabilities found in React and Next.js

CISA eliminates pay incentives as it changes how it retains top cyber talent

Threatpost

Student Loan Breach Exposes 2.5M Records

Watering Hole Attacks Push ScanBox Keylogger

Tentacles of ‘0ktapus’ Threat Group Victimize 130 Firms

Ransomware Attacks are on the Rise

Cybercriminals Are Selling Access to Chinese Surveillance Cameras

Twitter Whistleblower Complaint: The TL;DR Version

Firewall Bug Under Active Attack Triggers CISA Warning

Fake Reservation Links Prey on Weary Travelers

iPhone Users Urged to Update to Patch 2 Zero-Days

Google Patches Chrome’s Fifth Zero-Day of the Year

The Register

Protecting value at risk - the role of a risk operations center

Crisis in Icebergen: How NATO crafts stories to sharpen cyber skills

Microsoft reports 7.8-rated zero day, plus 56 more in December Patch Tuesday

How to answer the door when the AI agents come knocking

Porsche panic in Russia as pricey status symbols forget how to car

As humanoid robots enter the mainstream, security pros flag the risk of botnets on legs

UK to Europe: The time to counter Russia's information war machine is now

UK finally vows to look at 35-year-old Computer Misuse Act

Whitehall rejects £1.8B digital ID price tag – but won't say what it will cost

Researchers spot 700 percent increase in hypervisor ransomware attacks

VentureBeat

Anthropic vs. OpenAI red teaming methods reveal different security priorities for enterprise AI

AI models block 87% of single attacks, but just 8% when attackers persist

Hybrid cloud security must be rebuilt for an AI war it was never designed to fight

Prompt Security's Itamar Golan on why generative AI security requires building a category, not a feature

DeepSeek injects 50% more security bugs when prompted with Chinese political triggers

For AI to succeed in the SOC, CISOs need to remove legacy walls now

Human-centric IAM is failing: Agentic AI requires a new identity control plane

TechCrunch

Petco takes down Vetco website after exposing customers’ personal information

FTC upholds ban on stalkerware founder Scott Zuckerman

Petco’s security lapse affected customers’ SSNs, driver’s licenses, and more

Petco confirms security lapse exposed customers’ personal data

Sanctioned spyware maker Intellexa had direct access to government espionage victims, researchers say

‘End-to-end encrypted’ smart toilet camera is not actually end-to-end encrypted

Fintech firm Marquis alerts dozens of US banks and credit unions of a data breach after ransomware attack

After intense backlash, India pulls mandate to preinstall government app on smartphones

A data breach at analytics giant Mixpanel leaves a lot of open questions

India plans to verify and record every smartphone in circulation

Network World Security

Most significant networking acquisitions of 2025

Aviz Networks launches enterprise-grade community SONiC distribution

2025 global network outage report and internet health check

US approves Nvidia H200 exports to China, raising questions about enterprise GPU supply

Spotlight: Making the most of multicloud

Intel: Latest news and insights

AI-driven network management gains enterprise trust

Intel decides to keep networking business after all

Short memory supply forces Micron to abandon consumer market, prioritize enterprise

How can Arm gain enterprise acceptance?

Help Net Security

Backslash secures MCP servers from data leakage, prompt injection, and privilege abuse

BigID Activity Explorer enhances visibility for insider risk investigation

Apptega Policy Manager streamlines policy creation and compliance oversight

Protecto Vault adds API-first protection for safer AI agent workflows

Skyhigh Security debuts dashboard for unified data visibility and compliance

Henkel CISO on the messy truth of monitoring factories built across decades

The hidden dynamics shaping who produces influential cybersecurity research

UTMStack: Open-source unified threat management platform

LLMs are everywhere in your stack and every layer brings new risk

Building SOX compliance through smarter training and stronger password practices

InfoSecurity Magazine

ClickFix Social Engineering Sparks Rise of CastleLoader Attacks

Pro-Russia Hackers Target US Critical Infrastructure in New Wave

Google Fixes Zero Click Gemini Enterprise Flaw That Exposed Corporate Data

Log4Shell Downloaded 40 Million Times in 2025

Microsoft Fixes Three Zero-Days in Final Patch Tuesday of 2025

React2Shell Exploit Campaigns Tied to North Korean Cyber Intrusion Tactics

Malicious VS Code Extensions Deploy Advanced Infostealer

DeadLock Ransomware Uses BYOVD to Evade Security Measures

UK NCSC Raises Alarms Over Prompt Injection Attacks

Gartner Calls For Pause on AI Browser Use

© 2025 RiskDiscovery | Sponsored by: Deception Logic