Risk Discovery

DarkReading

US Crypto Bust Offers Hope in Battle Against Cybercrime Syndicates

Fear the 'SessionReaper': Adobe Commerce Flaw Under Attack

Tired of Unpaid Toll Texts? Blame the 'Smishing Triad'

Mideast, African Hackers Target Gov'ts, Banks, Small Retailers

Lazarus Group Hunts European Drone Manufacturing Data

Pwn2Own Underscores Secure Development Concerns

The Best End User Security Awareness Programs Aren't About Awareness Anymore

It Takes Only 250 Documents to Poison Any AI Model

Too Many Secrets: Attackers Pounce on Sensitive Data Sprawl

WhatsApp Secures Ban on NSO Group After 6-Year Legal Battle

Ars Technica

Cache poisoning vulnerabilities found in 2 DNS resolving apps

NSO permanently barred from targeting WhatsApp users with Pegasus spyware

Nation-state hackers deliver malware from “bulletproof” blockchains

Ars Live recap: Is the AI bubble about to pop? Ed Zitron weighs in.

Thousands of customers imperiled after nation-state ransacks F5’s network

Anthropic’s Claude Haiku 4.5 matches May’s frontier model at fraction of cost

ChatGPT erotica coming soon with age verification, CEO says

Feds seize $15 billion from alleged forced labor scam built on “human suffering”

Nvidia sells tiny new computer that puts big AI on your desktop

OpenAI wants to stop ChatGPT from validating users’ political views

CyberScoop

Shifting from reactive to proactive: Cyber resilience amid nation-state espionage

North Korea’s Lazarus group attacked three companies involved in drone development

New York updates third-party risk guidance, adds AI provisions

Ex-L3Harris executive accused of selling trade secrets to Russia

Researchers track surge in high-level Smishing Triad activity

F5 vulnerability highlights weak points in DHS’s CDM program

Open letter calls for prohibition on superintelligent AI, highlighting growing mainstream concern

US ‘slipping’ on cybersecurity, annual Cyberspace Solarium Commission report concludes

Robocalling task force bill advances in Senate

Researchers uncover remote code execution flaw in abandoned Rust code library

HITBSecNews

Found on VirusTotal: The world’s first UEFI bootkit for Linux

OpenAI is at war with its own Sora video testers following brief public leak

North Korean hackers posing as IT workers steal over $1B in cyberattack

WhatsApp: NSO Group Operates Pegasus Spyware for Customers

Korea extradites Russian, Vietnamese suspects linked to $16M ransomware scheme

CISA Director Jen Easterly, in Place Since 2021, to Step Down

Man sick of crashes sues Intel for allegedly hiding CPU defects

North Korean hackers target cryptocurrency with malware

Law enforcement operation takes down 22,000 malicious IP addresses worldwide

Youth of today say passwords are old news, passkeys are the future

ZDNet

This $300 Android phone is the complete opposite of my Google Pixel - here's why I still love it

Microsoft said my PC was 'too old' to run Windows 11 - how I upgraded in 5 minutes anyway

Is this the best Apple Watch band yet? I've tested hundreds, and this one checks all the boxes

Finally, an airline-friendly power bank that charges my MacBook from 0 to 50% in record time

I put my Sony earbuds away within minutes of listening to this Bose pair - here's what sold me

Missed out on Meta Ray-Ban Display? Verizon is selling the smart glasses now, but act fast

My picks for the best robot vacuums for pet hair: Roomba, Eufy, Ecovacs, and more

The best Alexa devices of 2025: After testing dozens of them, these are worth your time

Not enough people are talking about this Windows laptop that checks all the boxes for me

Why open source may not survive the rise of generative AI

The Hacker News

APT36 Targets Indian Government with Golang-Based DeskRAT Malware Campaign

The Cybersecurity Perception Gap: Why Executives and Practitioners See Risk Differently

3,000 YouTube Videos Exposed as Malware Traps in Massive Ghost Network Operation

Self-Spreading 'GlassWorm' Infects VS Code Extensions in Widespread Supply Chain Attack

North Korean Hackers Lure Defense Engineers With Fake Jobs to Steal Drone Secrets

Secure AI at Scale and Speed — Learn the Framework in this Free Webinar

ThreatsDay Bulletin: $176M Crypto Fine, Hacking Formula 1, Chromium Vulns, AI Hijack & More

Why Organizations Are Abandoning Static Secrets for Managed Identities

“Jingle Thief” Hackers Exploit Cloud Infrastructure to Steal Millions in Gift Cards

Over 250 Magento Stores Hit Overnight as Hackers Exploit New Adobe Commerce Flaw

BleepingComputer

Amazon: This week’s AWS outage caused by major DNS failure

Fake LastPass death claims used to breach password vaults

How to reduce costs with self-service password resets

Mozilla: New Firefox extensions must disclose data collection practices

Windows Server emergency patches fix WSUS bug with PoC exploit

Hackers earn $1,024,750 for 73 zero-days at Pwn2Own Ireland

Toys “R” Us Canada warns customers' info leaked in data breach

HP pulls update that broke Microsoft Entra ID auth on some AI PCs

Meet the new Clippy: Microsoft unveils Copilot's "Mico" avatar

CISA warns of Lanscope Endpoint Manager flaw exploited in attacks

Cybersecurity Dive

North Korea led the world in nation-state hacking in Q2 and Q3

Climbing costs, skills loss and other AI warnings for CIOs

Burned-out security leaders view AI as double-edged sword

CISA’s international, industry and academic partnerships slashed

Jaguar Land Rover attack cost British economy $2.5 billion

AI security flaws afflict half of organizations

AI-fueled automation helps ransomware-as-a-service groups stand out from the crowd

Social engineering gains ground as preferred method of initial access

Top cybersecurity conferences to attend in 2026

Why security awareness training doesn’t work — and how to fix it

Threatpost

Student Loan Breach Exposes 2.5M Records

Watering Hole Attacks Push ScanBox Keylogger

Tentacles of ‘0ktapus’ Threat Group Victimize 130 Firms

Ransomware Attacks are on the Rise

Cybercriminals Are Selling Access to Chinese Surveillance Cameras

Twitter Whistleblower Complaint: The TL;DR Version

Firewall Bug Under Active Attack Triggers CISA Warning

Fake Reservation Links Prey on Weary Travelers

iPhone Users Urged to Update to Patch 2 Zero-Days

Google Patches Chrome’s Fifth Zero-Day of the Year

The Register

Microsoft drops surprise Windows Server patch before weekend downtime

Digital ID is now less about illegal working, more about rummaging through drawers

Shield AI shows off not-at-all-terrifying autonomous VTOL combat drone

Iran's MuddyWater wades into 100+ government networks in latest spying spree

Cyber exec with lavish lifestyle charged with selling secrets to Russia

Playtime’s over: Crooks swipe Toys R Us Canada customer data and dump it online

Trump's workforce cuts blamed as America's cyber edge dulls

Google nukes 3,000 YouTube videos that sowed malware disguised as cracked software

SpaceX pulls plug on 2,500 Starlink terminals tied to Myanmar fraud farms

This free IGA tool boosts your identity security

VentureBeat

Agentic AI security breaches are coming: 7 ways to make sure it's not your firm

Cisco warns enterprises: Without tapping machine data, your AI strategy is incomplete

Microsoft launches 'Hey Copilot' voice assistant and autonomous agents for all Windows 11 PCs

Visa just launched a protocol to secure the AI shopping boom — here’s what it means for merchants

Weaponized AI can dismantle patches in 72 hours — but Ivanti's kernel defense can help

MCP stacks have a 92% exploit probability: How 10 plugins became enterprise security's biggest blind spot

Stopping breaches at machine speed demands agents, not alerts

SOC teams face 51-second breach reality—Manual response times are officially dead

Why identity-first security is the first defense against sophisticated AI-powered social engineering

AI sharpens threat detection — but could it dull human analyst skills?

TechCrunch

US accuses former L3Harris cyber boss of stealing and selling secrets to Russian buyer

Sam Altman’s eye-scanning orb promises to prove humanity in the age of AI bots

Apple alerts exploit developer that his iPhone was targeted with government spyware

Amazon identifies the issue that broke much of the internet, says AWS is back to normal

Spyware maker NSO Group blocked from WhatsApp

Amazon’s Ring to partner with Flock, a network of AI cameras used by ICE, feds, and police

Cyber giant F5 Networks says government hackers had ‘long-term’ access to its systems, stole code and customer data

Satellites found exposing unencrypted data, including phone calls and some military comms

Homeland Security reassigns ‘hundreds’ of CISA cyber staffers to support Trump’s deportation crackdown

Spyware maker NSO Group confirms acquisition by US investors

Network World Security

Anthropic signs billion-dollar deal with Google Cloud

How Patmos set up an AI data center in 90 days

Extreme brings AI agent to Platform ONE for swift network diagnostics, troubleshooting

Google’s Quantum chip claims 13,000x speed advantage over supercomputers

Post outage, AWS adds automated incident reporting to its CloudWatch service

Inside Google’s multi-architecture revolution: Axion Arm joins x86 in production clusters

AI helps IT teams resolve incidents faster, report finds

Intel: Latest news and insights

Storage constraints add to AI data center bottleneck

AI’s dark side shows in Gartner’s top predictions for IT orgs

Help Net Security

Microsoft releases urgent fix for actively exploited WSUS vulnerability (CVE-2025-59287)

Microsoft blocks risky file previews in Windows File Explorer

What Microsoft’s 2025 report reveals about the new rules of engagement in cyberdefense

Smart helmet tech points to the future of fighting audio deepfakes

Building trust in AI: How to keep humans in control of cybersecurity

When AI writes code, humans clean up the mess

New infosec products of the week: October 24, 2025

Researchers expose large-scale YouTube malware distribution network

Wireshark 4.6.0 brings major updates for packet analysis and decryption

Lanscope Endpoint Manager vulnerability exploited in zero-day attacks (CVE-2025-61932)

InfoSecurity Magazine

New LockBit Ransomware Victims Identified by Security Researchers

Blitz Spear Phishing Campaign Targets NGOs Supporting Ukraine

Threat Actors Ramp Up Public App Exploits as ToolShell Gains Traction

Pakistani-Linked Hacker Group Targets Indian Government

Lazarus Group’s Operation DreamJob Targets European Defense Firms

Major Vulnerabilities Found in TP-Link VPN Routers

Lumma Stealer Vacuum Filled by Upgraded Vidar 2.0 Infostealer, Researchers Say

PhantomCaptcha Campaign Targets Ukraine Relief Organizations

MuddyWater Uses Compromised Mailboxes in Global Phishing Campaign

JLR Hack UK's Costliest Ever, Hitting Economy with £1.9bn Loss

© 2025 RiskDiscovery | Sponsored by: Deception Logic