[ News | Newsletters | Blogs | Lists | Media | Jobs ] HoneyDB
DarkReading
It's Patch Tuesday for Microsoft and Not a Zero-Day In Sight
Hugging Face Packages Weaponized With a Single File Tweak
20 Leaders Who Built the CISO Era: 2 Decades of Change
Worm Redux: Fresh Mini Shai-Hulud Infections Bite Supply Chain
FCC Softens Ban on Foreign-Made Routers
Tech Can't Stop These Threats — Your People Can
'Dirty Frag' Exploit Poised to Blow Up on Enterprise Linux Distros
Hackers Use AI for Exploit Development, Attack Automation
Cyber Espionage Group Targets Aviation Firms to Steal Map Data
ShinyHunters Claims Second Attack Against Instructure
Ars Technica
Linux bitten by second severe vulnerability in as many weeks
Chaos erupts as cyberattack disrupts learning platform Canvas amid finals
Mozilla says 271 vulnerabilities found by Mythos have "almost no false positives"
Ars Asks: Share your shell and show us your tricked-out terminals!
Widely used Daemon Tools disk app backdoored in monthlong supply-chain attack
Why Reddit blocked my daily visit to its mobile website
GameStop offers $56 billion for eBay, struggles to explain how it'll pay for it
Ubuntu infrastructure has been down for more than a day
The most severe Linux threat to surface in years catches the world flat-footed
Why a recent supply-chain attack singled out security firms Checkmarx and Bitwarden
CyberScoop
‘Mini Shai-Hulud’ malware compromises hundreds of open-source packages in sprawling supply-chain attack
Major world economies spell out key elements of AI ‘ingredients list’
Microsoft addresses 137 vulnerabilities in May’s Patch Tuesday, including 13 rated critical
Google and Amnesty International teamed up to make it harder for spyware vendors to hide
AI is separating the companies built to scale from the ones built to sell
Instructure claims hackers returned stolen Canvas data after an extortion standoff
Google spotted an AI-developed zero-day before attackers could use it
The missing cybersecurity leader in small business
Sen. Schumer seeks DHS plan on AI cyber coordination with state, local governments
ShinyHunters claims nearly 9,000 schools affected by Canvas data breach
InfoSecurity Magazine
OpenAI Launches 'Daybreak' to Help Build Secure By Design Software
Mini Shai-Hulud Hits TanStack npm Packages
End‑to‑End Encrypted RCS Messaging Arrives Across iPhone and Android
Attackers Combine ClickFix With PySoxy Proxying to Maintain Persistence
Malicious Hugging Face Repository Typosquats OpenAI
South Staffordshire Water Fined £1m After Data Breach
TrickMo Variant Routes Android Trojan Traffic Through TON
Rushed Patches Follow Broken Embargo on New Linux Kernel Vulnerabilities
Fake Claude Code Page Pushes PowerShell Stealer at Devs
Hackers Observed Using AI to Develop Zero-Day for the First Time
SecurityWeek
Microsoft Patches 137 Vulnerabilities
Exaforce Raises $125 Million for Agentic SOC Platform
Adobe Patches 52 Vulnerabilities in 10 Products
White Circle Raises $11 Million for AI Control Platform
BWH Hotels Says Hackers Had Access to Reservation Data for 6 Months
Free OnlyFans Lure Used to Spread Cross-Platform CRPx0 Malware
Deal Reached With Hackers to Delete Data Stolen From the Canvas Educational Platform
West Pharmaceutical Services Hit by Disruptive Ransomware Attack
Apple Patches Dozens of Vulnerabilities in macOS, iOS
SAP Patches Critical S/4HANA, Commerce Vulnerabilities
ZDNet
I set up a $190 mesh Wi-Fi system at home, and it handled a dozen 4K video streams with ease
I kept losing my Roku TV remotes - until I discovered 3 easy and cost-effective fixes
I'm a lawn expert, and here's my favorite trick for finding your perfect robot mower
Your Android phone is getting agentic powers with Gemini Intelligence - here's how and when
Googlebook vs. Chromebook: Why I'm hopeful that both laptop brands can coexist
Google will let you watch YouTube videos on Android Auto now - is your car supported?
I'm a devoted iPhone user but Android 17 is tempting me with its new video and social features
Android will hang up on banking scammers for you - how its new anti-spoofing feature works
First look at Googlebook: A premium Chromebook alternative for Android users
I overlooked this Sony headphone feature for years - Apple and Bose have nothing like it
The Hacker News
New Exim BDAT Vulnerability Exposes GnuTLS Builds to Potential Code Execution
RubyGems Suspends New Signups After Hundreds of Malicious Packages Are Uploaded
New TrickMo Variant Uses TON C2 and SOCKS5 to Create Android Network Pivots
Webinar: What the Riskiest SOC Alerts Go Unanswered - and How Radiant Security Can Help
Mini Shai-Hulud Worm Compromises TanStack, Mistral AI, Guardrails AI & More Packages
Why Agentic AI Is Security's Next Blind Spot
Instructure Reaches Ransom Agreement with ShinyHunters to Stop 3.65TB Canvas Leak
OpenAI Launches Daybreak for AI-Powered Vulnerability Detection and Patch Validation
iOS 26.5 Brings Default End-to-End Encrypted RCS Messaging Between iPhone and Android
TeamPCP Compromises Checkmarx Jenkins AST Plugin Weeks After KICS Supply Chain Attack
BleepingComputer
US govt seeks Instructure testimony on massive Canvas cyberattack
UK fines water supplier $1.3M for exposing data of 664k customers
Webinar: Fixing the gaps in network incident response
Signal adds security warnings for social engineering, phishing attacks
Microsoft releases Windows 10 KB5087544 extended security update
Fortinet warns of critical RCE flaws in FortiSandbox and FortiAuthenticator
Windows 11 KB5089549 & KB5087420 cumulative updates released
Microsoft May 2026 Patch Tuesday fixes 120 flaws, no zero-days
Škoda warns of customer data breach after online shop hack
Android 17 to expand banking scam call and privacy protections
gbhackers
Zoom Rooms and Workplace Flaws Expose Users to Elevated Access Attacks
Threat Actors Abuse Vercel AI Tools to Mass-Produce Realistic Phishing Sites
SAP Releases Patch for Critical SQL Injection Flaw in S/4HANA
Cushman and Wakefield Confirms Data Breach Impacting Over 310,000 Accounts
Vidar Stealer Campaign Evades EDR to Steal Credentials
Hackers Hijack Microsoft Teams Accounts to Spread ModeloRAT Malware
Open WebUI File Upload Vulnerability Enables 1-Click RCE Attack
North Korea Hackers Abuse Git Hooks to Deploy Cross-Platform Malware
Cline AI Agent Flaw Allows Attackers to Launch RCE Attacks
Fake TronLink Chrome Extension Steals Crypto Wallet Credentials
Cybersecurity Dive
Guardrail Technologies launches Traffic Light for Code & AI™; first security technology to verify & secure AI code and the people creating it
Identity takes center stage as a leading factor in enterprise cyberattacks
AI and an absent government: Takeaways from RSAC 2026
Second Canvas data breach causes major disruptions for schools, colleges
AI used to develop working zero-day exploit, researchers warn
New cybersecurity industry coalition aims to lead US critical infrastructure protection
Identity is the new perimeter as rapid NHI proliferation threatens visibility and control
Instructure confirms cybersecurity incident
Anthropic’s Claude used in attempted compromise of Mexican water utility
Businesses hide vast majority of ransomware attacks, report finds
Threatpost
Student Loan Breach Exposes 2.5M Records
Watering Hole Attacks Push ScanBox Keylogger
Tentacles of ‘0ktapus’ Threat Group Victimize 130 Firms
Ransomware Attacks are on the Rise
Cybercriminals Are Selling Access to Chinese Surveillance Cameras
Twitter Whistleblower Complaint: The TL;DR Version
Firewall Bug Under Active Attack Triggers CISA Warning
Fake Reservation Links Prey on Weary Travelers
iPhone Users Urged to Update to Patch 2 Zero-Days
Google Patches Chrome’s Fifth Zero-Day of the Year
The Register
Foxconn confirms cyberattack after ransomware crew claims it stole confidential Apple, Nvidia files
US bank reports itself after slinging customer data at 'unauthorized AI app'
Cache-poisoning caper turns TanStack npm packages toxic
Apple, Google drag cross-platform texting into the encrypted age
Japan’s PM orders cybersecurity review to stop Mythos going full CyberZilla
Double Canvas breach acknowledged as ShinyHunters sets new pay-or-leak deadline
Cookie thieves caught stealing dev secrets via fake Claude Code installers
Anthropic’s bug-hunting Mythos was greatest marketing stunt ever, says cURL creator
BWH Hotels guests warned after reservation data checks out with cybercrooks
Checkmarx tackles another TeamPCP intrusion as Jenkins plugin sabotaged
VentureBeat
Protect your enterprise now from the Shai-Hulud worm and npm vulnerability in 6 actionable steps
Running Claude Code or Claude in Chrome? Here's the audit matrix for every blind spot your security stack misses
AI agents are running hospital records and factory inspections. Enterprise IAM was never built for them.
AI tool poisoning exposes a major flaw in enterprise agent security
5,000 vibe-coded apps just proved shadow AI is the new S3 bucket crisis
An AI agent rewrote a Fortune 50 security policy. Here's how to govern AI agents before one does the same.
Anthropic Skill scanners passed every check. The malicious code rode in on a test file.
TechCrunch
Google launches new Android security feature to help uncover spyware attacks
US bank discloses security lapse after sharing customer data with AI app
Exaforce raises $125M Series B to build AI for catching and stopping cyberattacks as they happen
Instructure strikes deal with hackers who breached it twice
Poland says hackers breached water treatment plants, and the US is facing the same threat
US defense contractor who sold hacking tools to Russian broker ordered to pay $10M to former employers
Hackers deface school login pages after claiming another Instructure hack
Hackers hack victims hacked by other hackers
How Anthropic’s Mythos has rewritten Firefox’s approach to cybersecurity
Police arrest SMS blaster crew that sent malicious messages to thousands across Toronto
Network World Security
HPE revamps private cloud stack for enterprises rethinking VMware
Versa takes aim at fragmented enterprise security with CSPM, orchestration update, and AI agent controls
Red Hat opens Ansible to AI agents, within limits
2026 network outage report and internet health check
Network jobs watch: Hiring, skills and certification trends
Red Hat offers endless Linux support — for a fee
Red Hat: Sovereignty is more than just compliance
Linux kernel maintainers suggest a ‘kill switch’ to protect systems until a zero-day vulnerability is patched
Tech job postings hit three-year high as AI demand fuels hiring rebound
HPE memory server targets compute-heavy and agentic AI workloads
Help Net Security
Microsoft May 2026 Patch Tuesday: Many fixes, but no zero-days
SAP unveils Autonomous Enterprise for AI-driven business operations
Exaforce raises $125 million to respond to AI-powered attacks
Stealthy hackers exploit cPanel flaw in active backdoor campaign (CVE-2026-41940)
ThreatDown ITDR prevents credential-based attacks
Amazon Quick authorization bypass let users reach blocked AI chat agents
Veeam Intelligent ResOps unifies data context and recovery
Instructure took a risky approach to recover stolen Canvas data
General Motors to pay $12.75 million over driver data sales
Download: The IT and security field guide to AI adoption
SC Magazine
Fighting fire with fire: Defending against Mythos-powered cyberattacks
Tomato, JDownloader, TempPCP, Bad Vibes, Dirty Frag, Giedi Prime, Aaran Leyland... - SWN #580
‘Mini’ Shai-Hulud attack compromises hundreds of npm, PyPI packages
Incident Response Tabletop Exercises: How CISOs Build Cyber Resilience Before Breach - WC #1
5 ways to defend against vibe hacking
Apple and Google roll out end-to-end encrypted RCS messaging
New GhostLock tool abuses Windows API to block file access
Frame Security launches with $50 million to combat AI-driven social engineering
Linux maintainer proposes runtime killswitch for vulnerabilities
Threat actor Mr_Rot13 exploits critical cPanel flaw to deploy Filemanager backdoor
© 2026 RiskDiscovery | Sponsored by: Deception Logic