[ News | Newsletters | Blogs | Lists | Media | Jobs ] HoneyDB
DarkReading
[Virtual Event] Anatomy of a Data Breach: What to Do if it Happens to You
What Will Make AI BOMs Real?
Verizon DBIR: Enterprises Face a Dangerous Vulnerability Glut
Windows Zero-Day Barrage Continues After Patch Tuesday
CISA Exposes Secrets, Credentials in 'Private' Repo
Stealer Spoofs Google, Microsoft & Apple, Then Backdoors macOS
Looking Back, Looking Forward: Digesting a Dynamic Bouillabaisse of Cyber Evolution
Is 2026 the Year AI Bills of Materials Get Real?
Microsoft Exchange Zero-Day Under Attack, No Patch Available
'Claw Chain' Vulnerabilities Threaten OpenClaw Deployments
Ars Technica
In stunning display of stupid, secret CISA credentials found in public GitHub repo
Zero-day exploit completely defeats default Windows 11 BitLocker protections
Cisco announces record revenue and 4,000 layoffs in the same day
Linux bitten by second severe vulnerability in as many weeks
Chaos erupts as cyberattack disrupts learning platform Canvas amid finals
Mozilla says 271 vulnerabilities found by Mythos have "almost no false positives"
Ars Asks: Share your shell and show us your tricked-out terminals!
Widely used Daemon Tools disk app backdoored in monthlong supply-chain attack
Why Reddit blocked my daily visit to its mobile website
GameStop offers $56 billion for eBay, struggles to explain how it'll pay for it
CyberScoop
CISA credential leak raises alarms, and Capitol Hill demands answers
Attackers hit vulnerabilities hard last year, making exploits the top entry point for breaches
Mini Shai-Hulud returns, compromising hundreds of npm packages
Microsoft disrupts cybercrime service that abused software verification systems en masse
AI might cut false positives, but it won’t stop the slop 
Interpol leads cybercrime crackdown across 13 countries in Middle East, North Africa
The Canvas breach proved that prevention is no longer enough
Former CISA nominee Sean Plankey named US CEO of defense startup
Colorado governor commutes prison sentence for election denier Tina Peters 
Here’s how the FTC plans to enforce the Take It Down Act
InfoSecurity Magazine
Microsoft Takes Down Fox Tempest for Providing Ransomware-Enabling Signing Tool
AI Raises the Bar on Vulnerability Awareness and Secure-by-Design Software
Agentic AI Accelerates Software Builds and Mobile App Attacks
Grafana Labs Confirms Hackers Stole Source Code
Hackers Bypass Security Tools to Target Users Directly
Interpol Launches Sweeping Cybercrime Crackdown in MENA Region
The Infosecurity Europe Cyber Startup Competition: Meet the Finalists
NCSC Publishes Guidance on Securing Agentic AI Use
Security Researchers Find 47 Zero-Days at Pwn2Own Berlin
Bank of England, FCA and Treasury Raise Alarm Over Frontier AI
SecurityWeek
Verizon DBIR 2026: Vulnerability Exploitation Overtakes Credential Theft as Top Breach Vector
Drupal to Patch Highly Critical Vulnerability at Risk of Quick Exploitation
Microsoft Disrupts Malware-Signing Service Run by ‘Fox Tempest’ 
Legacy Windows Tool MSHTA Fuels Surge in Silent Malware Attacks
Unpatched ChromaDB Vulnerability Can Lead to Server Takeover
B1ack’s Stash Marketplace Gives Away 4.6 Million Stolen Credit Cards
Cyber Resilience is the New Business Continuity Plan
201 Arrested in Crackdown on Cybercrime in Middle East, North Africa
PoC Released for DirtyDecrypt Linux Kernel Vulnerability
Critical Vulnerability Exposes Industrial Robot Fleets to Hacking
ZDNet
These backyard solar panels saved me $20/mo on my power bill - here's my setup
Google I/O 2026 live: Our takes on Gemini 3.5, Spark, Android XR, and more
Kubuntu vs. Fedora KDE: Which KDE Plasma distro is right for you?
6 reasons why Firefox is the better browser for most users
OpenAI's new image watermarks make it easier to spot AI fakes - here's how
Google's new Omni AI tool will let you video clone yourself - I'm intrigued (and concerned)
Google's new AI Search box is here - along with agents and 5 more upgrades
Google overhauls its AI plans - which one should you now choose?
ZDNET Big Guessing Game: Official contest rules
I tested Sony's new premium headphones, and they define practical luxury for me
The Hacker News
Trapdoor Android Ad Fraud Scheme Hit 659 Million Daily Bid Requests Using 455 Apps
DirtyDecrypt PoC Released for Linux Kernel CVE-2026-31635 LPE Vulnerability
The New Phishing Click: How OAuth Consent Bypasses MFA
Drupal to Release Urgent Core Security Updates on May 20, Sites Told to Prepare
SEPPMail Secure E-Mail Gateway Vulnerabilities Enable RCE and Mail Traffic Access
Compromised Nx Console 18.95.0 Targeted VS Code Developers with Credential Stealer
Popular GitHub Action Tags Redirected to Imposter Commit to Steal CI/CD Credentials
Mini Shai-Hulud Pushes Malicious AntV npm Packages via Compromised Maintainer Account
INTERPOL Operation Ramz Disrupts MENA Cybercrime Networks with 201 Arrests
⚡ Weekly Recap: Exchange 0-Day, npm Worm, Fake AI Repo, Cisco Exploit and More
BleepingComputer
Max-severity flaw in ChromaDB for AI apps allows server hijacking
Cybercrime service disrupted for abusing Microsoft platform to sign malware
Discord rolls out end-to-end encryption on voice, video calls
FBI: Americans lost over $388 million to scams using crypto ATMs in 2025
Microsoft Self-Service Password Reset abused in Azure data theft attacks
Microsoft plans to improve Windows 11 driver quality in 2026
Microsoft blames macOS update for undismissible Teams location prompts
New Shai-Hulud malware wave compromises 600 npm packages
7-Eleven confirms data breach claimed by the ShinyHunters gang
Critical Microsoft Vulnerabilities Doubled: From Exposure to Escalation
gbhackers
Criminal IP Returns to Infosecurity Europe 2026 with Advanced AI-Driven TI & ASM
Two-Thirds of Nonhuman Accounts Are Unseen and Unmanaged, According to Orchid Security’s Identity Gap Report
VoidStealer Malware Targets Chrome Data Despite Built-In Browser Protections
UAC-0184 Uses Bitsadmin and HTA Files to Deliver Gated Malware
macOS Malware Abuses Fake Google Update for Persistence
Operation Ramz Dismantles 53 Servers Used in Scam and Malware Campaigns
Microsoft Edge Enhances Security by Preventing Password Loading at Startup
ShinyHunters Takes Responsibility for Attack on Learning Management Platform
What to Look for When Choosing an ASPM Platform 
Gentlemen Ransomware Targets Windows, Linux, NAS, BSD, and ESXi Systems
Cybersecurity Dive
Telecom sector launches its own private ISAC
Patch bypass allows hackers to exploit prior flaw in SonicWall SSL-VPN
Grafana Labs says hacker gained access to codebase through leaked token
How a government contest launched a revolution in AI-based bug hunting
Attackers exploit critical flaw in Cisco Catalyst SD-WAN Controller
MSPs need AI to fight AI-fueled cyberthreats: Guardz
More money is going to physical security, but it’s often CISOs that oversee it: EY
Frontier AI models reap rapid discovery of security vulnerabilities
West Pharmaceutical starts restoring operations after ransomware attack
Foxconn confirms cyberattack affecting some North American facilities
Threatpost
Student Loan Breach Exposes 2.5M Records
Watering Hole Attacks Push ScanBox Keylogger
Tentacles of ‘0ktapus’ Threat Group Victimize 130 Firms
Ransomware Attacks are on the Rise
Cybercriminals Are Selling Access to Chinese Surveillance Cameras
Twitter Whistleblower Complaint: The TL;DR Version
Firewall Bug Under Active Attack Triggers CISA Warning
Fake Reservation Links Prey on Weary Travelers
iPhone Users Urged to Update to Patch 2 Zero-Days
Google Patches Chrome’s Fifth Zero-Day of the Year
The Register
Microsoft shuts down illegal code-signing operation used by ransomware crims to mask their malware
America's top cyber-defense agency left a GitHub repo open with with passwords, keys, tokens – and incredibly obvious filenames
Clear your calendar, Drupal user: You have a critically urgent patch to install
Do fear the Reaper - stealer swipes macOS users' passwords, wallets, then backdoors them
Shai-Hulud copycat worm infects yet another npm package
Linux kernel flaw opens root-only files to unprivileged users
TanStack weighs invitation-only pull requests after supply chain attack
NGINX Rift attackers waste no time targeting exposed servers
Poland directs officials to ditch Signal in favor of 'secure' state-developed alternative
F-35 software delays leave UK buying time with US glide bombs
VentureBeat
Four AI supply-chain attacks in 50 days exposed the release pipeline red teams aren't covering
Agent authorization is broken — and authentication passing makes it worse
Protect your enterprise now from the Shai-Hulud worm and npm vulnerability in 6 actionable steps
Running Claude Code or Claude in Chrome? Here's the audit matrix for every blind spot your security stack misses
AI agents are running hospital records and factory inspections. Enterprise IAM was never built for them.
AI tool poisoning exposes a major flaw in enterprise agent security
5,000 vibe-coded apps just proved shadow AI is the new S3 bucket crisis
TechCrunch
Discord enables end-to-end encrypted voice and video calling for every user
From teen hacker to Iron Dome researcher, this founder raised $28M to fight AI phishing
Hackers have compromised dozens of popular open source packages in an ongoing supply-chain attack
US cyber agency CISA exposed reams of passwords and cloud keys to the open web
NYC Health + Hospitals says hackers stole medical data and fingerprints during breach affecting at least 1.8 million people
Open source tool maker Grafana Labs says hackers stole its code, refuses to pay ransom
A hotel check-in system left a million passports and driver’s licenses open for anyone to see
US orders travelers on Air Force One to throw away gifts, pins, and burner phones after China trip
OpenAI says hackers stole some data after latest code security issue
A spyware investigator exposed Russian government hackers trying to hijack Signal accounts
Network World Security
Wireless security is a battle of AI vs. AI
Startup Bolt Graphics promises 5x performance over Nvidia’s best GPU
2026 network outage report and internet health check
AI, cybersecurity skills top IT pay premiums
Google opens TPUs to enterprises beyond its own cloud via Blackstone JV
How AI is transforming network incident response (and where it still falls short)
NetOps teams look to AI to automate Day 2 operations
Cisco warns of an actively exploited SD-WAN flaw with max severity
Digital twins reshape network and data center management
Network outages, power failures strain data center resiliency
Help Net Security
PureLogs infostealer is stealing credentials worldwide
Selector extends AI-driven observability into multi-cloud environments
LaunchDarkly adds real-time controls for AI agents in production
Canonical ships Ubuntu Core 26 with 15 years of security maintenance
New macOS infostealer impersonates Apple, Microsoft, and Google in a single attack chain
The end of unencrypted Discord calls is here
Babel Street targets AI-driven threats with new agentic investigation capabilities
iProov brings identity verification to video meetings to reduce fraud risks
Egnyte unveils Email Capture and AI features to unify fragmented data
Public Instagram posts provide raw material for AI phishing campaigns
SC Magazine
Torq acquires Jit.io to enhance AI-driven security operations
CISA contractor's public GitHub repo exposed sensitive government credentials
My Mother the Car, AI Slop, Nginx, Polyscope, Drupal, , GitHub, Aaran Leyland... - SWN #582
SASE manages your network access, but who manages your SASE?
Universal Robots patches critical 9.8 flaw in ‘cobots’ OS
Attack Surface Management Explained: Why You Don’t Know What You Own - WC #1
GitHub Actions workflow compromised to steal CI/CD credentials
A 6-step guide for responding to the Foxconn ransomware/supply chain incident
Edera and Minimus partner for end-to-end container security
Iran suspected in breaching automatic tank gauges at US gas stations
© 2026 RiskDiscovery | Sponsored by: Deception Logic