Risk Discovery

DarkReading

UNC6384 Targets European Diplomatic Entities With Windows Exploit

Ribbon Communications Breach Marks Latest Telecom Attack

Dark Reading Confidential: Cyber's Role in the Rapid Rise of Digital Authoritarianism

Zombie Projects Rise Again to Undermine Security

An 18-Year-Old Codebase Left Smart Buildings Wide Open

US Stands Out in Refusal to Sign UN Cybercrime Treaty

Critical Claroty Authentication Bypass Flaw Opened OT to Attack

LotL Attack Hides Malware in Windows Native AI Stack

Cloud Outages Highlight the Need for Resilient, Secure Infrastructure Recovery

Data Leak Outs Hacker Students of Iran's MOIS Training Academy

Ars Technica

Two Windows vulnerabilities, one a 0-day, are under active exploitation

ChatGPT maker reportedly eyes $1 trillion IPO despite major quarterly losses

After teen death lawsuits, Character.AI will restrict chats for under-18 users

NPM flooded with malicious packages downloaded more than 86,000 times

Nvidia hits record $5 trillion mark as CEO dismisses AI bubble concerns

New physical attacks are quickly diluting secure enclave defenses from Nvidia, AMD, and Intel

OpenAI data suggests 1 million users discuss suicide with ChatGPT weekly

Expert panel will determine AGI arrival in new Microsoft-OpenAI agreement

A single point of failure triggered the Amazon outage affecting millions

Cache poisoning vulnerabilities found in 2 DNS resolving apps

CyberScoop

Alleged 764 leader arrested in Arizona, faces life in prison

Ukrainian allegedly involved in Conti ransomware attacks faces up to 25 years in jail

Government and industry must work together to secure America’s cyber future

OpenAI releases ‘Aardvark’ security and patching model

CISA, NSA offer guidance to better protect Microsoft Exchange Servers

Cyber scholarship-for-service students say government has pulled rug on them, potentially burdening them with debt

Government watchdog sues DHS over election official’s records

Alleged 764 member faces up to 69 years in prison for string of suspected violent crimes

Ex-L3Harris exec pleads guilty to selling zero-day exploits to Russian broker

Open-source security group pulls out of U.S. grant, citing DEI restrictions

HITBSecNews

Found on VirusTotal: The world’s first UEFI bootkit for Linux

OpenAI is at war with its own Sora video testers following brief public leak

North Korean hackers posing as IT workers steal over $1B in cyberattack

WhatsApp: NSO Group Operates Pegasus Spyware for Customers

Korea extradites Russian, Vietnamese suspects linked to $16M ransomware scheme

CISA Director Jen Easterly, in Place Since 2021, to Step Down

Man sick of crashes sues Intel for allegedly hiding CPU defects

North Korean hackers target cryptocurrency with malware

Law enforcement operation takes down 22,000 malicious IP addresses worldwide

Youth of today say passwords are old news, passkeys are the future

ZDNet

Samsung Galaxy Buds 3 Pro vs. Apple AirPods Pro 3: I compared both, and this one wins

Wearing the Meta Ray-Bans' successor left me with two verdicts (and you'll want to hear both)

Are laser-powered tape measures legit? It took just minutes to make me a believer

My Sonos Arc Ultra faced an unexpected challenger - and the soundbar met its match

8 ways to help your teams build lasting responsible AI

Two Apple devices you really shouldn't buy this month (and 9 that are safe for now)

This AirPods hack is a game-changer for frequent flyers - how to find it in your iPhone settings

This premium Android phone is $150 off before Black Friday - act fast since this deal won't last

This tank of a phone has a built-in projector, but that's not why you should care about it

Thinking of buying an Arm-based Windows PC? These three issues might be dealbreakers

The Hacker News

ASD Warns of Ongoing BADCANDY Attacks Exploiting Cisco IOS XE Vulnerability

OpenAI Unveils Aardvark: GPT-5 Agent That Finds and Fixes Code Flaws Automatically

Nation-State Hackers Deploy New Airstalk Malware in Suspected Supply Chain Attack

China-Linked Hackers Exploit Windows Shortcut Flaw to Target European Diplomats

China-Linked Tick Group Exploits Lanscope Zero-Day to Hijack Corporate Systems

The MSP Cybersecurity Readiness Guide: Turning Security into Growth

CISA and NSA Issue Urgent Guidance to Secure WSUS and Microsoft Exchange Servers

Eclipse Foundation Revokes Leaked Open VSX Tokens Following Wiz Discovery

CISA Flags VMware Zero-Day Exploited by China-Linked Hackers in Active Attacks

A New Security Layer for macOS Takes Aim at Admin Errors Before Hackers Do

BleepingComputer

Google confirms AI search will have ads, but they may look different

Windows 11 Build 26220.7051 released with “Ask Copilot” feature

China-linked hackers exploited Lanscope flaw as a zero-day in attacks

Windows 11 tests shared Bluetooth audio support, but only for AI PCs

‘We got hacked’ emails threaten to leak University of Pennsylvania data

Microsoft Edge gets scareware sensor for faster scam detection

Australia warns of BadCandy infections on unpatched Cisco devices

Why password controls still matter in cybersecurity

Alleged Meduza Stealer malware admins arrested after hacking Russian org

CISA: High-severity Linux flaw now exploited by ransomware gangs

Cybersecurity Dive

Windows Server Update Service exploitation ensnares at least 50 victims

CISA, NSA unveil best-practices guide to address ongoing Exchange Server risks

FCC will vote to scrap telecom cybersecurity requirements

CISA updates guidance and warns security teams on WSUS exploitation

Canadian authorities warn of hacktivists targeting exposed ICS devices

AI risks pack a punch, but governance provides a buffer

AI adoption outpaces corporate governance, security controls

Google probes exploitation of critical Windows service CVE

F5 expects nation-state hack to curb revenues

Conduent says data breach originally began with 2024 intrusion

Threatpost

Student Loan Breach Exposes 2.5M Records

Watering Hole Attacks Push ScanBox Keylogger

Tentacles of ‘0ktapus’ Threat Group Victimize 130 Firms

Ransomware Attacks are on the Rise

Cybercriminals Are Selling Access to Chinese Surveillance Cameras

Twitter Whistleblower Complaint: The TL;DR Version

Firewall Bug Under Active Attack Triggers CISA Warning

Fake Reservation Links Prey on Weary Travelers

iPhone Users Urged to Update to Patch 2 Zero-Days

Google Patches Chrome’s Fifth Zero-Day of the Year

The Register

Russia finally bites the cybercrooks it raised, arresting suspected Meduza infostealer devs

Attackers dig up $11M in Garden Finance crypto exploit

Resilience, not sovereignty, defines OpenStack's next chapter

NHS left with sick PCs as suppliers resist Windows 11 treatment

Europe preps Digital Euro to enter circulation in 2029

Suspected Chinese snoops weaponize unpatched Windows flaw to spy on European diplomats

Proton trains new service to expose corporate infosec cover-ups

Docker Compose vulnerability opens door to host-level writes – patch pronto

Invisible npm malware pulls a disappearing act – then nicks your tokens

Cyberpunks mess with Canada's water, energy, and farm systems

VentureBeat

CrowdStrike & NVIDIA’s open source AI gives enterprises the edge against machine-speed attacks

Meet Aardvark, OpenAI’s security agent for code analysis and patching

Security's AI dilemma: Moving faster while risking more

Fortanix and NVIDIA partner on AI security platform for highly regulated industries

Your IT stack is the enemy: How 84% of attacks evade detection by turning trusted tools against you

When your AI browser becomes your enemy: The Comet security disaster

Agentic AI security breaches are coming: 7 ways to make sure it's not your firm

Cisco warns enterprises: Without tapping machine data, your AI strategy is incomplete

Microsoft launches 'Hey Copilot' voice assistant and autonomous agents for all Windows 11 PCs

Visa just launched a protocol to secure the AI shopping boom — here’s what it means for merchants

TechCrunch

Hackers threaten to leak data after breaching University of Pennsylvania to send mass emails

Government hackers breached telecom giant Ribbon for months before getting caught

WhatsApp adds passkey protection to end-to-end encrypted backups

Former L3Harris Trenchant boss pleads guilty to selling zero-day exploits to Russian broker

TechCrunch Disrupt 2025: Day 3

CEO of spyware maker Memento Labs confirms one of its government customers was caught using its malware

LG Uplus is latest South Korean telco to confirm cybersecurity incident

Tata Motors confirms it fixed security flaws, which exposed company and customer data

CyDeploy wants to create a replica of a company’s system to help it test updates before pushing them out — catch it at Disrupt 2025

The glaring security risks with AI browser agents

Network World Security

Wolfgang Wendt: “I like to describe IBM as an ‘older start-up'”

Agentic AI: What now, what next?

AMD to build two more supercomputers at Oak Ridge National Labs

Strengthening security with a converged security and networking platform

Nvidia GTC news you need to know

What’s the most malicious TLD? Cloudflare reveals surprising risks, usage patterns

AWS opens giant data center for AI training

Samsung’s memory ramp-up may ease AI and cloud upgrade concerns

Oracle’s cloud strategy an increasingly risky bet

Broadcom refuses to backtrack on huge VMware price increases, claims European cloud watchdog

Help Net Security

Week in review: WSUS vulnerability exploited to drop Skuld infostealer, PoC for BIND 9 DNS flaw published

Unpatched Windows vulnerability continues to be exploited by APTs (CVE-2025-9491)

CISA and partners take action as Microsoft Exchange security risks mount

ImmuniWeb Continuous now enables always-on, AI-powered security testing

Shadow AI: New ideas emerge to tackle an old problem in new form

AI chatbots are sliding toward a privacy crisis

You can’t audit how AI thinks, but you can audit what it does

Passwordless adoption moves from hype to habit

The secret to audit success? Think like your auditor

Infosec products of the month: October 2025

InfoSecurity Magazine

Conduent Data Breach Impacts Over 10.5 Million Individuals

Chinese-Linked Hackers Exploit Windows Flaw to Spy on Belgian and Hungarian Diplomats

Facial Recognition Firm Clearview AI Hit with Criminal Complaint in Austria

Critical Flaws Found in Elementor King Addons Affect 10,000 Sites

Threat Actors Utilize AdaptixC2 for Malicious Payload Delivery

Shadow AI: One In Four Employees Use Unapproved AI Tools, Research Finds

Proton Claims 300 Million Records Compromised So Far This Year

Defense Contractor Boss Pleads Guilty to Selling Zero-Day Exploits to Russia

Chrome to Make HTTPS Mandatory by Default in 2026

Npm Malware Uses Invisible Dependencies to Infect Dozens of Packages

© 2025 RiskDiscovery | Sponsored by: Deception Logic