[ News | Newsletters | Blogs | Lists | Media | Jobs ] HoneyDB
DarkReading
Vercel Employee's AI Tool Access Led to Data Breach
Serial-to-IP Devices Hide Thousands of Old and New Bugs
WhatsApp Leaks User Metadata to Attackers
How NIST's Cutback of CVE Handling Impacts Cyber Teams
Tycoon 2FA Phishers Scatter, Adopt Device Code Phishing
Every Old Vulnerability Is Now an AI Vulnerability
Coast Guard's New Cybersecurity Rules Offer Lessons for CISOs
NIST Revamps CVE Framework to Focus on High-Impact Vulnerabilities
North Korea Uses ClickFix to Target macOS Users' Data
'Harmless' Global Adware Transforms Into an AV Killer
Ars Technica
US-sanctioned currency exchange says $15 million heist done by "unfriendly states"
Recent advances push Big Tech closer to the Q-Day danger zone
“Negative” views of Broadcom driving thousands of VMware migrations, rival says
Iran-linked hackers disrupt operations at US critical infrastructure sites
Thousands of consumer routers hacked by Russia's military
OpenClaw gives users yet another reason to be freaked out about security
New Rowhammer attacks give complete control of machines running Nvidia GPUs
Quantum computers need vastly fewer resources than thought to break vital encryption
Google bumps up Q Day deadline to 2029, far sooner than previously thought
Self-propagating malware poisons open source software and wipes Iran-based machines
CyberScoop
Vuln in Google’s Antigravity AI agent manager could escape sandbox, give attackers remote code execution
The FTC’s AI portfolio is about to get bigger
Vercel’s security breach started with malware disguised as Roblox cheats
Why the Axios attack proves AI is mandatory for supply chain security
Network ‘background noise’ may predict the next big edge-device vulnerability
The surveillance law Congress can’t quit — and can’t explain
US nationals sentenced for aiding North Korea’s tech worker scheme
Officials seize 53 DDoS-for-hire domains in ongoing crackdown
Ghost breaches: How AI-mediated narratives have become a new threat vector
NIST narrows scope of CVE analysis to keep up with rising tide of vulnerabilities
InfoSecurity Magazine
ZionSiphon Malware Targets Water Infrastructure Systems
Formbook Malware Campaign Uses Multiple Obfuscation Techniques to Avoid Detection
Attackers Exploit DVR Command Injection Flaw to Deploy Mirai-Based Botnet
NCSC Outlines Coordinated Plan to Boost NHS Cyber Resilience
Crypto Exchange Grinex Blames Western Spies for $13m Theft
Commercial AI Models Show Rapid Gains in Vulnerability Research
DDoS-For-Hire Services Disrupted by International Police Action in ‘Operation PowerOff’
US Nationals Jailed for Operating Fake Remote Worker Laptop Farms for North Korea
APK Malformation Found in Thousands of Android Malware Samples
Cookeville Medical Center Notifies Patients After July 2025 Ransomware Attack
SecurityWeek
Serial-to-IP Converter Flaws Expose OT and Healthcare Systems to Hacking
British Scattered Spider Hacker Pleads Guilty in the US
Hackers Abuse QEMU for Defense Evasion
Bluesky Disrupted by Sophisticated DDoS Attack
Senate Extends Surveillance Powers Until April 30 After Chaotic Votes in House
Half of the 6 Million Internet-Facing FTP Servers Lack Encryption
Next.js Creator Vercel Hacked
Hackers Fail to Exploit Flaw in Discontinued TP-Link Routers
Tycoon 2FA Loses Phishing Kit Crown Amid Surge in Attacks
White House Chief of Staff to Meet With Anthropic CEO Over Its New AI Technology
ZDNet
PrivacyBee review: An Incogni alternative that made data removal feel nearly effortless
I speed-tested Surfshark's new 'heavenly' Dausos VPN protocol - how it compares to WireGuard
How to easily encrypt files on an Android phone - and the free app I use to do it
Google Pixel phones have a useful voicemail feature that's hidden by default - how to enable it
The new Roku City screensaver game has me hooked - and it's free to play
There's a right way to wear your Apple Watch - and it affects your data
Apple's foldable iPhone hinges on one key feature for me - and it's not the hardware
T-Mobile is practically giving away the Apple Watch Series 11 - here's how to get one
I tested DJI's tiny 4K action camera for weeks - and now I'm ditching my GoPro for it
AirPods Pro 3 vs. Samsung Galaxy Buds 4 Pro: I listened to both pairs, and this one wins
The Hacker News
SGLang CVE-2026-5760 (CVSS 9.8) Enables RCE via Malicious GGUF Model Files
⚡ Weekly Recap: Vercel Hack, Push Fraud, QEMU Abused, New Android RATs Emerge & More
Why Most AI Deployments Stall After the Demo
Anthropic MCP Design Vulnerability Enables RCE, Threatening AI Supply Chain
Researchers Detect ZionSiphon Malware Targeting Israeli Water, Desalination OT Systems
Vercel Breach Tied to Context AI Hack Exposes Limited Customer Credentials
[Webinar] Eliminate Ghost Identities Before They Expose Your Enterprise Data
$13.74M Hack Shuts Down Sanctioned Grinex Exchange After Intelligence Claims
Mirai Variant Nexcorium Exploits CVE-2024-3721 to Hijack TBK DVRs for DDoS Botnet
Three Microsoft Defender Zero-Days Actively Exploited; Two Still Unpatched
BleepingComputer
KelpDAO suffers $290 million heist tied to Lazarus hackers
China's Apple App Store infiltrated by crypto-stealing wallet apps
The Gentlemen ransomware now uses SystemBC for bot-powered attacks
Seiko USA website defaced as hacker claims customer data theft
Microsoft: Teams increasingly abused in helpdesk impersonation attacks
The backup myth that is putting businesses at risk
British Scattered Spider hacker pleads guilty to crypto theft charges
Microsoft tests Windows Explorer speed, performance improvements
Microsoft pulls service update causing Teams launch failures
Microsoft releases emergency updates to fix Windows Server issues
gbhackers
Gh0st RAT, CloverPlus Hit Victims in Dual-Malware Campaign
Intel Utility Hijacked in AppDomain Attack to Launch Malware
Anthropic MCP Hit by Critical Vulnerability Enabling Remote Code Execution
North Korea-Linked UNC1069 Hacks Crypto Pros via Fake Meetings
Iran’s MOIS Tied to Coordinated Cyber Campaign Using Multiple Hacker Personas
TBK DVR Vulnerability CVE-2024-3721 Exploited to Spread Nexcorium DDoS Malware
iTerm2 Flaw Turns SSH Escape Sequences Into Arbitrary Code Execution
Microsoft-Signed Malware Built With FUD Crypt Packs Persistence and C2
MiningDropper Spreads Infostealers, RATs, Banking Malware on Android
Windows 11 Dev Build Introduces Improved Secure Boot Oversight and Storage Security
Cybersecurity Dive
Stellantis teams with Microsoft to strengthen digital capabilities
Vulnerability exploitation surges often precede disclosure, offering possible early warnings
Vercel systems targeted after third-party tool compromised
Beyond IT: Cybersecurity is a strategic business risk
TP-Link routers face exploitation attempt linked to high-severity flaw
US joins nearly two dozen other countries in striking back against DDoS-for-hire platforms
CIOs fret over rising security concerns amid AI adoption
CISA cancels prestigious summer internships, citing government shutdown
NIST limits vulnerability analysis as CVE backlog swells
FCC exempts Netgear from foreign router ban
Threatpost
Student Loan Breach Exposes 2.5M Records
Watering Hole Attacks Push ScanBox Keylogger
Tentacles of ‘0ktapus’ Threat Group Victimize 130 Firms
Ransomware Attacks are on the Rise
Cybercriminals Are Selling Access to Chinese Surveillance Cameras
Twitter Whistleblower Complaint: The TL;DR Version
Firewall Bug Under Active Attack Triggers CISA Warning
Fake Reservation Links Prey on Weary Travelers
iPhone Users Urged to Update to Patch 2 Zero-Days
Google Patches Chrome’s Fifth Zero-Day of the Year
The Register
Vibe coding upstart Lovable denies data leak, cites 'intentional behavior,' then throws HackerOne under the bus
Claude Desktop changes app access settings for browsers you don't even have installed yet
Scot becomes second Scattered Spider-linked crook to plead guilty in US
Microsoft releases Windows Server update fix to fix its April update fixes
Next.js developer Vercel warns of customer credential compromise
Just like phishing for gullible humans, prompt injecting AIs is here to stay
I meant to do that! AI vendors shrug off responsibility for vulns
CISA tells feds to patch 13-year-old Apache ActiveMQ bug under active attack
Opsec oopsie: Dutch navy frigate location outed by mailing it a Bluetooth tracker
Locked-out iPhone user tells The Reg that Apple is scrambling to fix character flaw passcode bug
VentureBeat
Most enterprises can't stop stage-three AI agent threats, VentureBeat survey finds
Microsoft patched a Copilot Studio prompt injection. The data exfiltrated anyway
Frontier models are failing one in three production attempts — and getting harder to audit
43% of AI-generated code changes need debugging in production, survey finds
Five signs data drift is already undermining your security models
Your developers are already running AI locally: Why on-device inference is the CISO’s new blind spot
AI agent credentials live in the same box as untrusted code. Two new architectures show where the blast radius actually stops.
TechCrunch
North Korean hackers blamed for $290M crypto theft
Mastodon says its flagship server was hit by a DDoS attack
App host Vercel says it was hacked and customer data stolen
Palantir posts mini-manifesto denouncing inclusivity and ‘regressive’ cultures
Man who hacked US Supreme Court filing system sentenced to probation
Hackers are abusing unpatched Windows security flaws to hack into organizations
With US spy laws set to expire, lawmakers are split over protecting Americans from warrantless surveillance
Bluesky confirms DDoS attack is cause of continued app outages
European police email 75,000 people asking them to stop DDoS attacks
Two Americans sentenced for helping North Korea steal $5 million in fake IT worker scheme
Network World Security
Cloudflare wants to rebuild the network for the age of AI agents
AI fuels wireless talent shortage
Flawed Cisco update threatens to stop APs from getting further patches
IPv6 may briefly have accounted for more than half of internet traffic
Broadcom’s Facebook friend will help train it to accelerate AI workloads
Data centers are costing local governments billions
Equinix offering targets automated AI-centric network operations
AI shifts IT roles from operator to orchestrator
IBM unveils security services for thwarting agentic attacks, automating threat assessment
OpenAI pulls out of a second Stargate data center deal
Help Net Security
SC Magazine
Privilege risk is in the lifecycle: A CISO discussion on modernizing identity control
Vercel incident falls short of a supply chain attack — for now
AI code reviewer fooled by spoofed developer identity
Payouts King ransomware abuses QEMU for hidden VMs and backdoors
Express website vulnerability exposed customer order details
Your SOC, not the vendor's: Why the AI SOC has to be customizable, not a black box
Fiverr faces scrutiny over exposed user files
Man sentenced for hacking U.S. Supreme Court and government systems
How AI can help networks develop ‘pocket presence’
AI vulnerability discovery and the case for systems security engineering
© 2026 RiskDiscovery | Sponsored by: Deception Logic