[ News | Newsletters | Blogs | Lists | Media | Jobs ] HoneyDB
DarkReading
Name That Toon Contest
[An RX Global Event] Infosecurity Europe
With Complex Cloud Integrations, Small Errors Lead to Major Compromises
'The Com' Cyberattacks Support Violence & Sexploitation
Dutch Raid Fails to Dent Russian Bulletproof Host
Agentic AI Isn't Risky; the Way Orgs Deploy It Is
Focus on Cyber Insurance: How Quantifying Risk Is Reshaping Security
BTMOB RAT Spreads Across Brazil, LatAm via MaaS Model
Nordic CISOs Handle Rising Cyber Threats Remarkably Well
Ransomware Actors Show Up In Person to Steal Law Firm Data
Ars Technica
Fed up with vibe coders, dev sneaks data-nuking prompt injection into their code
Websites have a new way to spy on visitors: Analyzing their SSD activity
Millions of AI agents imperiled by critical vulnerability in open source package
US's big bet on quantum computing may not be entirely legal
Texas AG sues Meta over claims that WhatsApp doesn't provide end-to-end encryption
A hacker group is poisoning open source code at an unprecedented scale
US government takes $2 billion equity stake in nine quantum computing firms
Google publishes exploit code threatening millions of Chromium users
In stunning display of stupid, secret CISA credentials found in public GitHub repo
Zero-day exploit completely defeats default Windows 11 BitLocker protections
CyberScoop
House panel poised to hold hearing centered on AI impact on cyber
Google security engineer accused of turning confidential search trends into $1.2M win on Polymarket
Zapier fixes bug chain that researchers say risked widespread account takeover
OpenAI heralds cybersecurity, election interference safeguard plans for 2026 midterms
FBI warns US-based law firms to be on the lookout for cybercrime group that steals data in person
UK spy chief labels AI ‘unstoppable force’ with offensive, defensive ramifications for cyberspace
CrowdStrike disrupts Glassworm botnet that preyed on open-source supply chain
Apple open-sources quantum-resistant encryption code
White House charts new course for federal agencies and cybersecurity logging
Anthropic: Mythos finds more than 10,000 software flaws in first month
InfoSecurity Magazine
Silent Ransom Group Uses In-Person IT Impersonation to Breach Systems
Infosecurity Europe: CyCOS Project Expands to Support UK SMEs as CIISec Takes Over
Chinese Hackers Exploit Iran War to Target Maritime and Energy Companies
AI-Generated npm Malware Leaks Its Own GitHub Token
Attackers Move Past Typosquatting to Realistic Package Impersonation
Microsoft Condemns "Uncoordinated" Zero Day Disclosures
New Threat Actor Jinx-0164 Targets Crypto Developers on macOS
Infosecurity Europe: Cybersecurity Staff Prefer CISOs With Real Attack Response Experience, Study Reveals
GCHQ Chief Urges Action as AI Reshapes Cyber Threats
CrowdStrike, Google Take Down Glassworm Botnet
SecurityWeek
Gogs Zero-Day Exposes Servers to Remote Code Execution
California Sues 23andMe, Alleging It Failed to Protect User Data in 2023 Breach
Chrome 148 Update Patches 151 Vulnerabilities
Russia-Linked ‘GreyVibe’ Attackers Use AI to Supercharge Cyberattacks
Geordie Raises $30 Million for AI Security and Governance Platform
Carnival Data Breach Exposed 6 Million People
New BTMOB Android Malware Enables Full Device Takeover
Critical FortiClient EMS Vulnerability Exploited in Fresh Attacks
IBM and Red Hat Commit $5 Billion to Secure Open Source Supply Chains Under “Project Lightwell”
New Edamame Platform Aims to Catch AI Coding Agents Going Off the Rails
ZDNet
ExpressVPN blows away the competition on security audits - but what do they mean?
This is the gaming laptop that makes desktops obsolete for me
How I prep my solar power stations for weather emergencies - before it's too late
I tried different Android Auto weather apps - these 3 are best for storm nerds like me
5 best practices for migrating to a new CRM
This Lenovo laptop I tested rivals the MacBook Air in ways Windows PCs once struggled in
4 Android Auto developer settings that make driving so much easier - how to enable them
Sony's most premium ANC headphones yet made luxury audio click for me
AI Model Release Tracker: Opus 4.8's misalignment rates similar to Claude Mythos Preview
Perplexity launches Bumblebee: How its new read-only dev scanner differs from Chainguard
The Hacker News
New Russian-Linked GREYVIBE Targets Ukraine with AI-Powered Cyberattacks
What 2,000 Exposed Vibe-Coded Apps Reveal About the Limits of Most Security Stacks
Malicious Sicoob NuGet Steals Banking Credentials as npm Packages Target Cloud Secrets
Kimsuky Deploys HTTPSpy, Expands Arsenal with HelloDoor and VS Code Tunnels
Critical Gogs RCE Vulnerability Lets Any Authenticated User Execute Arbitrary Code
Threat Actors Exploit Critical FortiClient EMS Flaw to Deploy Credential Stealer
Microsoft Slams Public Zero-Day Disclosures Amid GitHub Researcher Account Removal
ThreatsDay Bulletin: Claude Security Plugin, Azure Priv-Esc, Kali365 MFA Bypass, FIFA Scams +15 More
New AI Usage Report: Enterprise AI Risk Is Heavily Concentrated Among a Small Group of AI "Power users"
JINX-0164 Targets Cryptocurrency Firms with Fake Recruiter Lures and macOS Malware
BleepingComputer
Dutch govt disrupts malware botnet with 17 million infected devices
Google Chrome adds session cookie theft protection for all users
Man sent to prison for selling data of 7 millions elderly Americans
US charges Google security engineer with Polymarket insider trading
Charter Communications data breach affects 4.9 million accounts
Anthropic confirms Claude Mythos-class models will roll out to the public
GreyVibe hackers use ChatGPT, Gemini to power cyberattacks
BTMOB Android malware service generates custom phishing payloads
FBI warns of fake FIFA websites running World Cup fraud schemes
Hackers exploit FortiClient EMS flaw to push infostealer malware
gbhackers
Ransomware Abuses SYSTEM Task to Encrypt Drives with Elevated Privileges
JINX-0164 Uses LinkedIn Lures to Deploy Custom macOS Malware
GREYVIBE Threat Actors Use ChatGPT and Google Gemini to Scale Cyberattack Operations
Malicious NuGet Package Disguised as Sicoob SDK Exfiltrates Banking Passwords
Trusted Dev Tools Abused to Steal Code and Secrets
Typosquatted npm Packages Steal Cloud and CI/CD Secrets
GitLab Patches Multiple Duo AI, DoS, and Authorisation Vulnerabilities
Fake Adobe Document Cloud Pages Spread ScreenConnect Malware
Samba Security Flaw Lets Attackers Execute Code Remotely
Zapocalypse Attack Lets Threat Actors Hijack Zapier Accounts
Cybersecurity Dive
How CISOs can manage sovereign-cloud security risks
IBM’s new $5B initiative will help enterprises rapidly patch open-source vulnerabilities
Enterprise data is creeping its way into shadow AI tools
Coordinated operation takes down Glassworm botnet
Leading AI models are more vulnerable to malicious prompts than vendors claim
Iranian government, not hacktivist group, breached LA Metro system, security firm says
FBI warns about PhaaS platform used to access Microsoft 365 environments
Iran-linked hackers target key US, allied sectors with sophisticated spear-phishing messages
New York regulator calls for additional cyber mitigation amid heightened threat environment
CISA asks cybersecurity community to alert it to vulnerability exploitation
Threatpost
Student Loan Breach Exposes 2.5M Records
Watering Hole Attacks Push ScanBox Keylogger
Tentacles of ‘0ktapus’ Threat Group Victimize 130 Firms
Ransomware Attacks are on the Rise
Cybercriminals Are Selling Access to Chinese Surveillance Cameras
Twitter Whistleblower Complaint: The TL;DR Version
Firewall Bug Under Active Attack Triggers CISA Warning
Fake Reservation Links Prey on Weary Travelers
iPhone Users Urged to Update to Patch 2 Zero-Days
Google Patches Chrome’s Fifth Zero-Day of the Year
The Register
Dutch cops wrest 17M devices from mystery botnet's clutches
ChatGPT blindly trusts browser content, turning the page into a payload
Russia-linked threat group put ChatGPT to work from lure to payload
ShinyHunters adds Charter to trophy shelf after 4.9M customer records leak
Troops’ phones gave away location data to foreign adversaries
Disgruntled 0-day hunter 'humiliated' by Microsoft pledges 'bone shattering drop' as Redmond calls cops
Snowflake buys Natoma to help freeze out rogue agents
Microsoft tests the 15-character limit of Windows Server admins' patience
Carnival confirms ShinyHunters cruised off with 6M customer records after April breach
Company CEO flooded file share with smut, called for help after he deleted it
VentureBeat
DataGrail report finds your vendor may be sending data to AI models you never approved
The attack dominating financial services doesn't steal passwords. It resets MFA and steals the token.
Valid certificates, stolen accounts: how attackers broke npm's last trust signal
Americans can’t spot a deepfake, and that’s a business crisis, not just a consumer problem
MFA verifies who logged in. It has no idea what they do next.
GitHub confirms 3,800 internal repos stolen through poisoned VS Code extension as supply chain worm hits Microsoft’s Python SDK
Four AI supply-chain attacks in 50 days exposed the release pipeline red teams aren't covering
TechCrunch
Final 24 hours to save up to $410 on your TechCrunch Disrupt 2026 ticket
Hackers are trying to steal Signal users’ backups in new wave of widespread attacks
A security lapse at prison pay phone service Pay Tel publicly exposed over 300K callers’ driver’s licenses
US says troops were targeted with location data, as senator warns ad industry is a ‘national security threat’
UK Visa Portal exposed thousands of applicants’ passports and selfies — then called the lawyers on us
CrowdStrike and Google take down botnet used by hackers to target open source software developers
TechCrunch Disrupt 2026 Early Bird ticket savings end in 3 days
Dutch government blocks US company from acquisition, citing ‘risk to public interest’
Ghost hackers: the cybersecurity mystery that nobody has solved
Iranian hackers blamed for breach of Los Angeles transit system that took weeks to recover
Network World Security
Zero trust isn’t broken, but most companies are doing it wrong
As AI datacenter memory becomes hot commodity, SK Hynix makes it cooler
Cisco research finds standard AI safety benchmarks miss the real threat
Cisco redefines ‘job-ready’ for network engineers with its certification overhaul
2026 network outage report and internet health check
IBM plans $2B quantum chip foundry; government will pay half
Cisco: AI traffic is radically reshaping WANs
xAI-Anthropic deal signals the rise of AI compute as a standalone business
Critical vulnerability in Cisco Secure Workload rated at maximum severity
Cisco’s new certs are a wake-up call for AI-era network engineers
Help Net Security
Dutch police disrupts botnet composed of 17 million devices
New infostealer reaches enterprise devices through FortiClient EMS vulnerability
Websites can spy on user activity by analyzing SSD behavior
LinkedIn-themed phishing abuses Adobe’s A/B testing platform
Microsoft 365 Copilot redesign brings context and actions into one workspace
Anthropic launches Claude Opus 4.8, prepares Mythos-class models for all customers
Netskope extends data localization capabilities with NewEdge updates
Claroty targets cyber-physical system risks with AI-powered security agent
Humanix expands detection to identify live violations of security procedures
The behavioral signals that sharpen Trojan malware detection
SC Magazine
‘Claude Code install’ search result leads to ClickFix infostealer attack
Linux Supply Chain How-To - PSW #928
IBM, Red Hat launch Project Lightwell to secure open-source software
5 ways to mount a strong defense in the AI era
Wireless Attacks on AI Data Centers: The Hidden Threat No One Is Watching - WC #1
Man arrested in Netherlands for hacking Ajax football club
Cisco study finds major frontier models susceptible to multi-turn prompt injection attacks
OWASP launches FinBot to help developers secure AI agents
XM Cyber expands platform to enforce least-privilege access
High-severity Starlette vulnerability 'BadHost' could expose sensitive data
© 2026 RiskDiscovery | Sponsored by: Deception Logic