[ News | Newsletters | Blogs | Lists | Media | Jobs ] HoneyDB
DarkReading
After Replacing TeamPCP Malware, 'PCPJack' Steals Cloud Secrets
Has CISA Finally Found Its New Leader in Tom Parker?
World's First AI-Driven Cyberattack Couldn't Breach OT Systems
'TrustFall' Convention Exposes Claude Code Execution Risk
Yet Another Way to Bypass Google Chrome's Encryption Protection
Instructure Breach Exposes Schools' Vendor Dependence
From Stuxnet to ChatGPT: 20 News Events That Shaped Cyber
Attacks Abuse Windows Phone Link to Steal Texts & Bypass 2FA
Middle East Cyber Battle Field Broadens — Especially in UAE
Trellix Source Code Breach Highlights Growing Supply Chain Threats
Ars Technica
Mozilla says 271 vulnerabilities found by Mythos have "almost no false positives"
Ars Asks: Share your shell and show us your tricked-out terminals!
Widely used Daemon Tools disk app backdoored in monthlong supply-chain attack
Why Reddit blocked my daily visit to its mobile website
GameStop offers $56 billion for eBay, struggles to explain how it'll pay for it
Ubuntu infrastructure has been down for more than a day
The most severe Linux threat to surface in years catches the world flat-footed
Why a recent supply-chain attack singled out security firms Checkmarx and Bitwarden
Open source package with 1 million monthly downloads stole user credentials
Why are top university websites serving porn? It comes down to shoddy housekeeping.
CyberScoop
Ivanti customers confront yet another actively exploited zero-day
Trump officials are steering a cybersecurity scholarship program toward AI
American duo sentenced for hosting laptop farms for North Korean IT workers
One House Democrat is pressing Commerce on the government’s spyware use
A DOD contractor’s API flaw exposed military course data and service member records
A critical Palo Alto PAN-OS zero-day is being exploited in the wild
CISA wants critical infrastructure to operate ‘weeks to months’ in isolation during conflict
CISA boasts AI automation improvements to threat analysis, mission support
Latvian national sentenced for ransomware attacks run by former Conti leaders
‘Copy Fail’ is a real Linux security crisis wrapped in AI slop
InfoSecurity Magazine
PCPJack Campaign Boots TeamPCP Off Compromised Machines
Legacy Security Tools Are Failing Data Protection, Capital One Software Report Finds
Cline Kanban Flaw Lets Websites Hijack AI Coding Agents
OpenAI and Anthropic LLMs Used in Critical Infrastructure Cyber-Attack, Warns Dragos
Fake Claude AI Site Drops Beagle Backdoor on Windows Users
Daemon Tools Developer Confirms Software Was Trojanized
Researchers Spot Uptick in Use of Vercel for Phishing Campaigns
CloudZ Malware Abuses Phone Link to Steal SMS OTPs
CISA Urges Critical Infrastructure Providers to Make Plans to Remain Operational if hit by Cyber-Attack
Iran-Linked APT Posed as Chaos Ransomware Member in Espionage Campaign
SecurityWeek
‘PCPJack’ Worm Removes TeamPCP Infections, Steals Credentials
Ransomware Group Takes Credit for Trellix Hack
Vulnerability in Claude Extension for Chrome Exposes AI Agent to Takeover
Ivanti Patches EPMM Zero-Day Exploited in Targeted Attacks
Worries About AI’s Risks to Humanity Loom Over the Trial Pitting Musk Against OpenAI’s Leaders
Palo Alto Zero-Day Exploited in Campaign Bearing Hallmarks of Chinese State Hacking
Boost Security Raises $4 Million for SDLC Defense Platform
Claude Code OAuth Tokens Can Be Stolen Through Stealthy MCP Hijacking
Chrome 148 Rolls Out With 127 Security Fixes
Attackers Could Exploit AI Vision Models Using Imperceptible Image Changes
ZDNet
After using Lenovo's $2,600 Yoga, I'm taking premium Windows laptops seriously again
Roku apps loading slow? 9 quick fixes I try before blaming my Wi-Fi
Google Maps vs. Apple Maps: I compared two of the best navigation apps - here's my pick
I started clearing my Roku cache, and it fixed my biggest TV complaint
ReMarkable Paper Pure vs. Amazon Kindle Scribe: I've written on both E Ink tablets - this one wins
Lost your Roku remote? Here are four ways you can still control your TV
This TCL Mini LED TV is one of the best I've tested - and it's up to $2,000 off at Best Buy
Hundreds of readers bought this E Ink tablet - and I highly recommend it
Whoop vs. Fitbit Air: I compared Google's new fitness band to the industry favorite
10 secret Netflix codes I use to find hidden movies (and how to enter them) - it's easy
The Hacker News
Linux Kernel Dirty Frag LPE Exploit Enables Root Access Across Major Distributions
Ivanti EPMM CVE-2026-6973 RCE Under Active Exploitation Grants Admin-Level Access
PCPJack Credential Stealer Exploits 5 CVEs to Spread Worm-Like Across Cloud Systems
One Click, Total Shutdown: The "Patient Zero" Webinar on Killing Stealth Breaches
PAN-OS RCE Exploit Under Active Use Enabling Root Access and Espionage
ThreatsDay Bulletin: Edge Plaintext Passwords, ICS 0-Days, Patch-or-Die Alerts and 25+ New Stories
Day Zero Readiness: The Operational Gaps That Break Incident Response
PyPI Packages Deliver ZiChatBot Malware via Zulip APIs on Windows and Linux
vm2 Node.js Library Vulnerabilities Enable Sandbox Escape and Arbitrary Code Execution
Mirai-Based xlabs_v1 Botnet Exploits ADB to Hijack IoT Devices for DDoS Attacks
BleepingComputer
Former govt contractor convicted for wiping dozens of federal databases
New Linux 'Dirty Frag' zero-day gives root on all major distros
Canvas login portals hacked in mass ShinyHunters extortion campaign
New TCLBanker malware self-spreads over WhatsApp and Outlook
New PCPJack worm steals credentials, cleans TeamPCP infections
Australia warns of ClickFix attacks pushing Vidar Stealer malware
Ivanti warns of new EPMM flaw exploited in zero-day attacks
The Browser Is Breaking Your DLP: How Data Slips Past Modern Controls
Americans sentenced for running 'laptop farms' for North Korea
Crypto gang member gets 6.5 years for role in $230 million heist
gbhackers
ZiChatBot Malware Abuses Zulip APIs for Stealthy C2 Operations
Fake Moustache Fools Age Checks, Sparks Online Safety Act Fears
Trellix Investigates RansomHouse Breach Claims Involving Source Code Repository
Critical Vulnerability in Rancher Fleet Enables Full Cluster-Admin Privileges
Hackers Use Morse Code to Trick Grok and Bankrbot, Steal $200K in Crypto Tokens
Signed Logitech Installer Abused to Drop TCLBANKER Banking Trojan
423 Firefox Flaws Fixed as Browser Gains Support for Claude, Mythos, and More
New Infostealer Campaign Abuses GitHub Releases to Hide Malware Payloads
PCPJack Worm Targets Docker, Kubernetes, Redis, and MongoDB Credentials
PoC Exploit Released for Dirty Frag Linux Kernel Vulnerability
Cybersecurity Dive
Businesses hide vast majority of ransomware attacks, report finds
Palo Alto Networks warns state-linked cluster behind zero-day exploitation
Businesses eager but unprepared for AI to transform their security strategies
Iran-sponsored threat group behind false flag social engineering campaign
NIST will test three major tech firms’ frontier AI models for cybersecurity risks
Trellix investigating breach of source code repository
CISA urges critical infrastructure firms to ‘fortify’ before it’s too late
Critical vulnerability in cPanel leads to widespread exploitation
New MOVEit vulnerabilities prompt urgent patch warning
How OpenClaw’s agent skills become an attack surface
Threatpost
Student Loan Breach Exposes 2.5M Records
Watering Hole Attacks Push ScanBox Keylogger
Tentacles of ‘0ktapus’ Threat Group Victimize 130 Firms
Ransomware Attacks are on the Rise
Cybercriminals Are Selling Access to Chinese Surveillance Cameras
Twitter Whistleblower Complaint: The TL;DR Version
Firewall Bug Under Active Attack Triggers CISA Warning
Fake Reservation Links Prey on Weary Travelers
iPhone Users Urged to Update to Patch 2 Zero-Days
Google Patches Chrome’s Fifth Zero-Day of the Year
The Register
Mozilla boasts Mythos boosted Firefox bug cull
Anthropic response to 1-click pwn: Shouldn't have clicked 'ok'
60% of MD5 password hashes are crackable in under an hour
The network password was a key plot point in one of the most famous movies of all time
Arctic Wolf kicks 250 employees out of the pack to save money for AI
1 in 8 employees totally cool with selling work credentials
Iran cybersnoops still LARPing as ransomware crooks in espionage ops
UK age-gating plans risk breaking the internet, privacy groups warn
India orders infosec red alert in case Mythos sparks crime spree
ServiceNow clears agents for landing with new AI control tower
VentureBeat
Anthropic Skill scanners passed every check. The malicious code rode in on a test file.
One command turns any open-source repo into an AI agent backdoor. OpenClaw proved no supply-chain scanner has a detection category for it
Microsoft takes Agent 365 out of preview as shadow AI becomes an enterprise threat
200,000 MCP servers expose a command execution flaw that Anthropic calls a feature
Claude Code, Copilot and Codex all got hacked. Every attacker went for the credential, not the model.
CVSS scored these two Palo Alto CVEs as manageable. Chained, they gave attackers root access to 13,000 devices.
85% of enterprises are running AI agents. Only 5% trust them enough to ship.
TechCrunch
Hackers deface school login pages after claiming another Instructure hack
Hackers hack victims hacked by other hackers
How Anthropic’s Mythos has rewritten Firefox’s approach to cybersecurity
Police arrest SMS blaster crew that sent malicious messages to thousands across Toronto
2 days left: Get 50% off a second pass to TechCrunch Disrupt 2026
DOJ says ransomware gang tapped into Russian government databases
AI evaluation startup Braintrust confirms breach, tells every customer to rotate sensitive keys
Some kids are bypassing age-verification checks with a fake mustache
Kaspersky suspects Chinese hackers planted a backdoor into Daemon Tools in ‘widespread’ attack
Hackers steal students’ data during breach at education tech giant Instructure
Network World Security
Gluware’s Titan rises to meet Mythos network vulnerability challenge
AMD launches AI-targeted PCIe cards for current servers
Supply constraints, optical advances dominate Arista’s Q1
Lumen advances cloud networking vision with $475M Alkira buy
HPE bolsters autonomous network operations for Mist, Aruba Central
Netskope launches AI agents for SOC and NOC automation
Intel, behind in AI chips, bets on quantum and neuromorphic processors
Switch storm coming: Gartner forecasts price hikes, long lead times for enterprise data center switches
Extreme moves toward autonomous networking with advanced AI agent, management tools
2026 network outage report and internet health check
Help Net Security
Google is turning Android Studio into a policy watchdog
Helping North Korean IT remote workers is becoming a fast track to prison
Snyk integrates Claude to advance AI-native application security
Avantra’s new AI can diagnose SAP failures in seconds
Securonix launches AI threat research agent and ThreatWatch validation tool
OpenAI tunes GPT-5.5-Cyber for more permissive security workflows
Transilience AI unveils Security Operating System for cloud remediation
Object First Fleet Manager simplifies distributed backup storage
May 2026 Patch Tuesday forecast: AI starts driving security industry changes
Roblox chat moderation gets bypassed by leet speak and code words
SC Magazine
Getting Rid of Your VPN - Rob Allen - PSW #925
Beyond the inbox: Why your domain and social media are the next front lines
Palo Alto Networks says patch for exploited PAN-OS firewall bug forthcoming
Lesson from Mythos Preview: double-down on the fundamentals  
The hidden risk in hybrid IT: Fragmented vulnerability management
Iranian threat group used Chaos ransomware as a ‘false flag,’ researchers say
Most security pros say managing identity has become a major challenge
Microsoft Copilot Security Risks: How to Fix Data Oversharing with AI Governance - WC #1
Trusted third-party connections are the new front door for attackers 
Major AI companies to share models with Commerce Department for security testing
© 2026 RiskDiscovery | Sponsored by: Deception Logic