[ News | Newsletters | Blogs | Lists | Media | Jobs ] HoneyDB
  [ privacy | malware | research | vendor ]
Wiz - Incidents
NCC Group Research
Threat Research - Sophos
Microsoft addresses 163 CVEs, 88 advisories for April Patch Tuesday
QEMU abused to evade detection and enable ransomware delivery
Adobe Reader zero-day vulnerability in active exploitation
We let OpenClaw loose on an internal network. Here’s what it found
Axios npm package compromised to deploy malware
Incident responders, s'il vous plait: Invites lead to odd malware events
Oracle vulnerability (CVE-2026-21992) impacts core products
NICKEL ALLEY strategy: Fake it 'til you make it
Android devices ship with firmware-level malware
March Patch Tuesday visits 15 product families
PortSwigger Research
Top 10 web hacking techniques of 2025
Top 10 web hacking techniques of 2025: call for nominations
The Fragile Lock: Novel Bypasses For SAML Authentication
Introducing HTTP Anomaly Rank
WebSocket Turbo Intruder: Unearthing the WebSocket Goldmine
Cookie Chaos: How to bypass __Host and __Secure cookie prefixes
Inline Style Exfiltration: leaking data with chained CSS conditionals
Beware the false false-positive: how to distinguish HTTP pipelining from request smuggling
HTTP/1.1 must die: the desync endgame
Repeater Strike: manual testing, amplified
Google Project Zero
AI Research - Sophos
Where AI in the SOC is actually delivering — and where it isn’t
Locking it down: A new technique to prevent LLM jailbreaks
Getting salty with LLMs: SophosAI unveils new defense against jailbreaking at CAMLIS 2025
Using AI to identify cybercrime masterminds
The sixth sense for cyber defense: Multimodal AI
DeepSpeed: a tuning tool for large language models
Sophos AI to present on how to defang malicious AI models at Black Hat Europe
SophosAI team presents three papers on AI applied to cybersecurity at CAMLIS
Political Manipulation with Massive AI Model-driven Misinformation and Microtargeting
SophosAI at Virus Bulletin ’24: Using multimodal AI as a “sixth sense” for cyber defense
Unit 42
Fracturing Software Security With Frontier AI Models
Threat Brief: Escalation of Cyber Risk Related to Iran (Updated April 17)
A Deep Dive Into Attempted Exploitation of CVE-2023-33538
Cracks in the Bedrock: Agent God Mode
Cracks in the Bedrock: Escaping the AWS AgentCore Sandbox
Understanding Current Threats to Kubernetes Environments
When an Attacker Meets a Group of Agents: Navigating Amazon Bedrock's Multi-Agent Applications
Threat Brief: Widespread Impact of the Axios Supply Chain Attack
Weaponizing the Protectors: TeamPCP’s Multi-Stage Supply Chain Attack on Security Infrastructure
Double Agents: Exposing Security Blind Spots in GCP Vertex AI
Talos Intelligence
[Podcast] It's not you, it's your printer: State-sponsored and phishing threats in 2025
Phishing and MFA exploitation: Targeting the keys to the kingdom
Bad Apples: Weaponizing native macOS primitives for movement and execution
Foxit, LibRaw vulnerabilities
The Q1 vulnerability pulse
PowMix botnet targets Czech workforce
More than pretty pictures: Wendy Bishop on visual storytelling in tech
The n8n n8mare: How threat actors are misusing AI workflow automation
Microsoft Patch Tuesday for April 2026 - Snort Rule and Prominent Vulnerabilities
State-sponsored threats: Different objectives, similar access paths
© 2026 RiskDiscovery | Sponsored by: Deception Logic