[ News | Newsletters | Blogs | Lists | Media | Jobs ] HoneyDB
DarkReading
Iran Hacktivists Make Noise but Have Little Impact on War
Checkmarx KICS Code Scanner Targeted in Widening Supply Chain Hit
How AI Coding Tools Crushed the Endpoint Security Fortress
GitHub 'OpenClaw Deployer' Repo Delivers Trojan Instead
How a Large Bank Uses AI Digital Twins for Threat Hunting
Microsoft Proposes Better Identity, Guardrails for AI Agents
AI in the SOC: What Could Go Wrong?
Trivy Supply Chain Attack Targets CI/CD Secrets
Ransomware's New Era: Moving at AI Speed
CISOs Debate Human Role in AI-Powered Security
Ars Technica
Self-propagating malware poisons open source software and wipes Iran-based machines
Widely used Trivy scanner compromised in ongoing supply-chain attack
Cloud service providers ask EU regulator to reinstate VMware partner program
Federal cyber experts called Microsoft's cloud a "pile of shit," approved it anyway
Researchers disclose vulnerabilities in IP KVMs from four manufacturers
Supply-chain attack using invisible code hits GitHub and other repositories
The who, what, and why of the attack that has shut down Stryker's Windows network
14,000 routers are infected by malware that's highly resistant to takedowns
Feds take notice of iOS vulnerabilities exploited under mysterious circumstances
Amazon appears to be down, with over 20,000 reported problems
CyberScoop
DarkSword’s GitHub leak threatens to turn elite iPhone hacking into a tool for the masses
Experts warn of a ‘loud and aggressive’ extortion wave following Trivy hack
Critics call FCC router rule a ‘big swing’ that could create more supply chain uncertainty
Treasury asks whether terrorism risk insurance program should bolster cyber coverage
Russian access broker sentenced to over 6 years in prison for ransomware schemes
Experts insist Trump administration’s cyber strategy is already paying off
State officials, election experts question California sheriff’s seizure of ballots
FBI: Iranian hackers targeting opponents with Telegram malware
An AI-powered phishing campaign has compromised hundreds of organizations
The phone call is the new phishing email
InfoSecurity Magazine
RSA Conference: UK NCSC Head Urges Industry to Develop Vibe Coding Safeguards
Silver Fox Cyber Campaigns Show Shift Toward Dual Espionage
Citrix Urges Immediate Patching for Critical NetScaler Vulnerabilities
New Npm 'Ghost Campaign' Uses Fake Install Logs to Hide Malware
Former Ukrainian Foreign Minister Dmytro Kuleba to Address the New Cyber Frontline at Infosecurity Europe
Enterprise Cybersecurity Software Fails 20% of the Time, Warns Absolute Security
Russian Initial Access Broker Handed 81-Month Sentence
Handala Group Tied to Iranian Hack‑and‑Leak Operations, FBI Reveals
Most Cybersecurity Staff Don’t Know How Fast They Could Stop a Cyber-Attack on AI Systems
Tycoon2FA Phishing Service Resumes Activity Post-Takedown
SecurityWeek
DoE Publishes 5-Year Energy Security Plan
Why Agentic AI Systems Need Better Governance – Lessons from OpenClaw
Poland Faced a Surge in Cyberattacks in 2025, Including a Major Assault on the Energy Sector
RSAC 2026 Conference Announcements Summary (Day 1)
Extortion Group Claims It Hacked AstraZeneca
Chrome 146 Update Patches High-Severity Vulnerabilities
Webinar Today: Putting CIS Controls and Benchmarks into Practice
3.1 Million Impacted by QualDerm Data Breach
Iran Built a Vast Camera Network to Control Dissent. Israel Turned It Into a Targeting Tool
Critical Citrix NetScaler Vulnerability Poised for Exploitation, Security Firms Warn
ZDNet
I built an app for work in 5 minutes with Tasklet - and watched my no-code dreams come true
I tried the foldable phone that sets the standard for Samsung and Apple in 2026
Acer's new Swift laptop proves you can have too much of a good thing
Amazon Spring Sale live blog 2026: Real-time updates on the best deals
I recommend this air purifier to all pet parents, and it's $100 off
Amazon will give you a $100 gift card when you buy the Nothing Phone 4a Pro
This is the one smart home product everyone should have, and it's on sale
Home Depot just cut the price of this popular 30-piece Milwaukee wrench set
Microsoft may finally remove its frustrating Windows 11 setup requirement
These Sony headphones are under $50 and punch above their weight - and they're on sale
The Hacker News
FCC Bans New Foreign-Made Routers Over Supply Chain and Cyber Risk Concerns
TeamPCP Backdoors LiteLLM Versions 1.82.7–1.82.8 via Trivy CI/CD Compromise
Tax Search Ads Deliver ScreenConnect Malware Using Huawei Driver to Disable EDR
5 Learnings from the First-Ever Gartner Market Guide for Guardian Agents
Hackers Use Fake Resumes to Steal Enterprise Credentials and Deploy Crypto Miner
The Hidden Cost of Cybersecurity Specialization: Losing Foundational Skills
Ghost Campaign Uses 7 npm Packages to Steal Crypto Wallets and Credentials
TeamPCP Hacks Checkmarx GitHub Actions Using Stolen CI Credentials
U.S. Sentences Russian Hacker to 6.75 Years for Role in $9M Ransomware Damage
Citrix Urges Patching Critical NetScaler Flaw Allowing Unauthenticated Data Leaks
BleepingComputer
PTC warns of imminent threat from critical Windchill, FlexPLM RCE bug
Popular LiteLLM PyPI package backdoored to steal credentials, auth tokens
FCC bans new routers made outside the USA over security risks
Firefox now has a free built-in VPN with 50GB monthly data limit
Microsoft fixes bug causing Classic Outlook sync issues with Gmail
Zero Trust: Bridging the Gap Between Authentication and Trust
HackerOne discloses employee data breach after Navia hack
Infinite Campus warns of breach after ShinyHunters claims data theft
Yanluowang ransomware access broker gets 81 months in prison
Dutch Ministry of Finance discloses breach affecting employees
gbhackers
AI-Driven ‘OpenClaw Trap’ Campaign Targets Developers and Gamers via Trojanized GitHub Repos
Kali Linux 2026.1 Launches With 8 New Hacking Tools for Penetration Testers
FCC Blocks New Foreign Consumer Router Models Citing Serious Security Risks
Five Malicious npm Packages Target Crypto Developers, Steal Wallet Keys via Telegram
Compromised LiteLLM Package With 95M Downloads Tied to TeamPCP, After Trivy & KICS Hacks
HackerOne Confirms Employee Data Stolen Following Linked Navia Hack
Google Authenticator’s Hidden Passkey Design May Expose New Passwordless Attack Vectors
Aqua Security’s Trivy Scanner Hit by Supply Chain Attack, Threatening Software Integrity
SQL Server Ransomware Attacks: How They Work and How to Harden Your Database
DarkSword Exploit Chain Leaked Online, Posing Risk to Millions of iPhones
Cybersecurity Dive
The CVE Program, a bedrock of global cyber defense, is teetering on the brink
Companies face difficult choices in blaming hackers for an attack
Cybercrime groups speed up initial access handoff through planning, coordination
FCC bans import of consumer-grade routers amid national security concerns
ISACs confront AI’s promise and peril for threat intelligence-sharing
AI poised to help low-skilled hackers in the near term
Lockheed Martin targeted in alleged breach by pro-Iran hacktivist
Stryker confirms cyberattack is contained and restoration underway
Network edge devices still widely used after reaching end-of-life status
Companies know AI is essential for cyber defense but aren’t yet seeing returns
Threatpost
Student Loan Breach Exposes 2.5M Records
Watering Hole Attacks Push ScanBox Keylogger
Tentacles of ‘0ktapus’ Threat Group Victimize 130 Firms
Ransomware Attacks are on the Rise
Cybercriminals Are Selling Access to Chinese Surveillance Cameras
Twitter Whistleblower Complaint: The TL;DR Version
Firewall Bug Under Active Attack Triggers CISA Warning
Fake Reservation Links Prey on Weary Travelers
iPhone Users Urged to Update to Patch 2 Zero-Days
Google Patches Chrome’s Fifth Zero-Day of the Year
The Register
Enterprise PCs are unreliable, unpatched, and unloved compared to Macs
EFF has a new boss to lead the fight against privacy-sucking forces of doom
1K+ cloud environments infected following Trivy supply chain attack
LiteLLM loses game of Trivy pursuit, gets compromised
HackerOne slams supplier for delayed breach notice after staff data exposed
Country that put backdoors into Cisco routers to spy on world bans foreign routers
Russian initial access broker who fed ransomware crews gets 81 months in US prison
Claude attacks were 'Rorschach test' for infosec community, scaring former NSA boss
Lightning-fast exploits make it essential to patch fast, ask questions later
Google unleashes Gemini AI agents on the dark web
VentureBeat
Meta's rogue AI agent passed every identity check — four gaps in enterprise IAM explain why
The authorization problem that could break enterprise AI
Nvidia's agentic AI stack is the first major platform to ship with security at launch, but governance gaps remain
OpenClaw can bypass your EDR, DLP and IAM without triggering a single alert
Anthropic and OpenAI just exposed SAST's structural blind spot with free tools
Enterprise identity was built for humans — not AI agents
Microsoft says ungoverned AI agents could become corporate 'double agents.' Its fix costs $99 a month.
TechCrunch
Crunchyroll confirms data breach after hacker claims unauthorized access
FCC bans import of new consumer routers made overseas, citing security risks
Insight Partners scrubs investment post about Delve amid ‘fake compliance’ allegations
Someone has publicly leaked an exploit kit that can hack millions of iPhones
Russian authorities block paywall removal site Archive.today
FBI says Iranian hackers are using Telegram to steal data in malware attacks
Federal immigration agents filmed making airport arrests as Trump calls in ICE to ease security line delays
Delve accused of misleading customers with ‘fake compliance’
A French Navy officer accidentally leaked the location of an aircraft carrier by logging his run on Strava
US accuses Iran’s government of operating hacktivist group that hacked Stryker
Network World Security
HPE bolsters hybrid mesh firewall platform
Forescout brings identity-driven segmentation to multi-vendor networks
2026 network outage report and internet health check
FCC bans foreign routers, putting enterprise network risk in focus
Cisco: Latest news and insights
Palo Alto updates security platform to discover AI agents
Nvidia: Latest news and insights
Cisco goes all in on agentic AI security
Cisco Talos 2025 year in review and lessons learned
Nvidia overhauls the data center for OpenClaw era
Help Net Security
Codenotary introduces AgentX for autonomous Linux infrastructure security
Spur Intelligence delivers deeper visibility into anonymized infrastructure
Tenable Hexa AI automates exposure management and security workflows
Barracuda strengthens cyber resilience with BarracudaONE platform updates
Google’s TurboQuant cuts AI memory use without losing accuracy
HPE enhances security to support AI and distributed enterprise environments
Training an AI agent to attack LLM applications like a real adversary
You don’t have to choose between BAS or automated pentesting, you shouldn’t
Why your phishing simulations aren’t building a security culture
Your security stack looks fine from the dashboard and that’s the problem
SC Magazine
P0 Security's Shashwat Sehgal on AI agents and the new identity risk to production systems
Delinea's Phil Calvin on redefining identity security for the agentic AI era
Legion's Ely Abramovich on goal-oriented AI investigations
BlueFlag Security's Raj Mallempati on why breaches start with identity
RSAC 2026 Trends: Agentic AI, AI Identity & The Future of Cybersecurity - RSAC26 #2
Sekoia.io's Georges Bossert on avoiding making SOCs faster at being wrong
Agentic AI and the Future of Threat Intelligence Operations - Sachin Jade - RSAC26 #2
Know Your AI Agents Through Visibility, Control, and Accountability - Matt Immler - RSAC26 #2
Zappsec's Rohan Ravindranath on zero trust that actually ships
X-PHY's Camellia Chan on hardware-enforced security for the age of AI agents
© 2026 RiskDiscovery | Sponsored by: Deception Logic