Risk Discovery

DarkReading

EU Sanctions Companies in China, Iran for Cyberattacks

C2 Implant 'SnappyClient' Targets Crypto Wallets

DarkSword: iPhone Exploit Kit Serves Spies & Thieves Alike

'Claudy Day’ Trio of Flaws Exposes Claude Users to Data Theft

SideWinder Espionage Campaign Expands Across Southeast Asia

Researchers: Meta, TikTok Steal Personal & Financial Info When Users Click Ads

More Attackers Are Logging In, Not Breaking In

Clear Communication: The Missing Link in Cybersecurity Success

Less Lucrative Ransomware Market Makes Attackers Alter Methods

Hackers Target Cybersecurity Firm Outpost24 in 7-Stage Phish

Ars Technica

Federal cyber experts called Microsoft's cloud a "pile of shit," approved it anyway

Researchers disclose vulnerabilities in IP KVMs from four manufacturers

Supply-chain attack using invisible code hits GitHub and other repositories

The who, what, and why of the attack that has shut down Stryker's Windows network

14,000 routers are infected by malware that's highly resistant to takedowns

Feds take notice of iOS vulnerabilities exploited under mysterious circumstances

Amazon appears to be down, with over 20,000 reported problems

Trump gets data center companies to pledge to pay for power generation

Downdetector, Speedtest sold to IT service-provider Accenture in $1.2B deal

LLMs can unmask pseudonymous users at scale with surprising accuracy

CyberScoop

Feds keep eyes peeled for Iran cyberattacks, respond to Stryker breach

Cisco’s latest vulnerability spree has a more troubling pattern underneath

U.S. robotics companies want federal help to keep Chinese robots out of America’s networks

Second iOS exploit kit now in use by suspected Russian hackers

CISA official advises agencies not to get too hung up on who takes lead in critical infrastructure sectors

Trump administration isn’t pushing companies to conduct cyber offense, national cyber director says

Appeals court temporarily pauses order blocking Perplexity’s AI shopping agent on Amazon

It’s time to get serious about post-quantum security. Here’s where to start.

Zero lessons learned: Convicted scammer allegedly ran another athlete-focused phishing scam from federal prison

Washington is right: Cybercrime is organized crime. Now we need to shut down the business model

InfoSecurity Magazine

Ransomware Affiliate Exposes Details of 'The Gentlemen' Operation

Financial Brands Targeted in Global Mobile Banking Malware Surge

FCA Updates Cyber Incident and Third-Party Reporting Rules

AWS Warns Hackers Have Abused Cisco Firewall Zero-Day Since January

UK: Regulation Drives Cyber Spending for Critical Infrastructure Orgs

New Ubuntu Flaw Enables Local Attackers to Gain Root Access

Crypto Scam "ShieldGuard" Dismantled After Malware Discovery

AI-Enabled Adversaries Compress Time-to-Exploit Following Vulnerability Disclosure

Vidar Stealer 2.0 Exploits GitHub, Reddit to Deliver Malware via Fake Game Cheats

AI Issues Will Drive Half of Incident Response Efforts by 2028, Says Gartner

SecurityWeek

1stProtect Emerges From Stealth With $20 Million in Funding

Critical ScreenConnect Vulnerability Exposes Machine Keys

Privacy Platform Cloaked Raises $375M to Expand Enterprise Reach

Iran Readied Cyberattack Capabilities for Response Prior to Epic Fury

Marquis Data Breach Affects 672,000 Individuals

Security Firm Aura Discloses Data Breach Impacting 900,000 Records

Hacker Conversations: Ben Harris, From Unintentional Young Hacker to Intentional Adult CEO

Russian APT Exploits Zimbra Vulnerability Against Ukraine

Raven Emerges From Stealth With $20 Million in Funding

CISA Warns of Attacks Exploiting Recent SharePoint Vulnerability

ZDNet

Save big on gaming laptops, Switch 2 consoles, and more during Best Buy's Tech Fest sale

SSD prices have gone up, but this 8TB WD-Black option is 67% off at Best Buy right now

How to turn your old Android phone or iPhone into a security camera - in 4 easy steps

What is MoCA 2.5? How this low-cost networking can replace Wi-Fi and fix dead zones

6 reasons a minimal Linux install might be the smartest move you make

I tested NordVPN's free scam checker against a real threat in my inbox - here's how it did

The best data removal services of 2026: Delete yourself from the internet

Incogni review: The easiest way to remove myself from the internet took just seconds

I wore the Whoop 5.0 for a month - it combines the best of the Oura Ring and Apple Watch

Bose just gave me a compelling reason to put my AirPods Pro away for good

The Hacker News

ThreatsDay Bulletin: FortiGate RaaS, Citrix Exploits, MCP Abuse, LiveChat Phish & More

New Perseus Android Banking Malware Monitors Notes Apps to Extract Sensitive Data

How Ceros Gives Security Teams Visibility and Control in Claude Code

DarkSword iOS Exploit Kit Uses 6 Flaws, 3 Zero-Days for Full Device Takeover

CISA Warns of Zimbra, SharePoint Flaw Exploits; Cisco Zero-Day Hit in Ransomware Attacks

OFAC Sanctions DPRK IT Worker Network Funding WMD Programs Through Fake Remote Jobs

Interlock Ransomware Exploits Cisco FMC Zero-Day CVE-2026-20131 for Root Access

Critical Unpatched Telnetd Flaw (CVE-2026-32746) Enables Unauthenticated Root RCE

Claude Code Security and Magecart: Getting the Threat Model Right

9 Critical IP KVM Flaws Enable Unauthenticated Root Access Across Four Vendors

BleepingComputer

Bitrefill blames North Korean Lazarus group for cyberattack

FBI seizes Handala data leak site after Stryker cyberattack

Russian hackers exploit Zimbra flaw in Ukrainian govt attacks

7 Ways to Prevent Privilege Escalation via Password Resets

Max severity Ubiquiti UniFi flaw may allow account takeover

CISA urges US orgs to secure Microsoft Intune systems after Stryker breach

New ‘Perseus’ Android malware checks user notes for secrets

Critical Microsoft SharePoint flaw now exploited in attacks

Aura confirms data breach exposing 900,000 marketing contacts

CISA orders feds to patch Zimbra XSS flaw exploited in attacks

gbhackers

CISO Whisperer Names 11 Vendors Leading the Shift from Tools to Outcomes at RSA Conference 2026

CISA Calls on Organizations to Strengthen Microsoft Intune Security After Stryker Incident

Claude Vulnerabilities Allow Data Exfiltration and Malicious Redirect Attacks

Fake Tools and CDNs Power New “Vibe-Coded” Malware Campaign

Pyronut Package Backdoors Telegram Bots With RCE

OpenWebUI Servers Targeted in Attacks Using AI Payloads to Steal Data

Horabot Returns in Mexico, Spreading via Phishing and Email Worm Attacks

CISA Adds Exploited Zimbra Collaboration Suite Flaw to Warning List

Open VSX Extension Delivers RAT and Stealer via GitHub Downloader

Iran-Linked Botnet Exposed After Open Directory Leak Reveals 15-Node Relay Network

Cybersecurity Dive

Water utilities need hands-on cybersecurity help, not just free guidance, pilot program finds

CISA urges organizations to harden endpoint security following Stryker attack

Threat groups target cyber-physical systems to disrupt critical infrastructure providers

Stryker begins restoring ordering, shipping systems after cyberattack

New research unpacks North Korea’s stealthy, sophisticated remote IT worker schemes

National cyber director expands on Trump administration’s vision for AI security, industry collaboration

Security teams might be overlooking wider threat to Cisco SD-WAN

Telus Digital confirms hack as ShinyHunters claims credit for massive data theft

Stryker attack raises concerns about role of device management tool

Robotics firm Intuitive Surgical says cyberattack compromised business, customer data

Threatpost

Student Loan Breach Exposes 2.5M Records

Watering Hole Attacks Push ScanBox Keylogger

Tentacles of ‘0ktapus’ Threat Group Victimize 130 Firms

Ransomware Attacks are on the Rise

Cybercriminals Are Selling Access to Chinese Surveillance Cameras

Twitter Whistleblower Complaint: The TL;DR Version

Firewall Bug Under Active Attack Triggers CISA Warning

Fake Reservation Links Prey on Weary Travelers

iPhone Users Urged to Update to Patch 2 Zero-Days

Google Patches Chrome’s Fifth Zero-Day of the Year

The Register

Lock down Microsoft Intune, feds warn after Stryker attack

Okta made a nightmare micromanager for your AI agents

State snoops and spyware vendors planting info-stealing malware on iPhones, Google warns

Ransomware crims abused Cisco 0-day weeks before disclosure, says Amazon security boss

North Korea's 100,000-strong fake IT worker army rake in $500M a year for Kim Jong Un

Britain's satellite-watching gap to be plugged with £17.5M eyeball in Cyprus

Iran's cyberattack against med tech firm is 'just the beginning'

Linux Foundation kicks off effort to shield FOSS maintainers from AI slop bug reports

Japan to allow ‘proactive cyber-defense’ from October 1st

World~~Coin~~'s newest pitch: Scan your eyeballs to prove AI agents really represent you

VentureBeat

The authorization problem that could break enterprise AI

Nvidia's agentic AI stack is the first major platform to ship with security at launch, but governance gaps remain

OpenClaw can bypass your EDR, DLP and IAM without triggering a single alert

Anthropic and OpenAI just exposed SAST's structural blind spot with free tools

Enterprise identity was built for humans — not AI agents

Microsoft says ungoverned AI agents could become corporate 'double agents.' Its fix costs $99 a month.

Pentagon vendor cutoff exposes the AI dependency map most enterprises never built

TechCrunch

FBI seizes pro-Iranian hacking group’s websites after destructive Stryker hack

CISA urges companies to secure Microsoft Intune systems after hackers mass-wipe Stryker devices

Consumer-focused privacy company Cloaked raises $375M as it expands to enterprise

FBI is buying location data to track US citizens, director confirms

Marquis says over 672,000 people had personal and financial data stolen in ransomware attack

Russians caught stealing personal data from Ukrainians with new advanced iPhone hacking tools

Apple rolls out first ‘background security’ update for iPhones, iPads, and Macs to fix Safari bug

Stryker says it’s restoring systems after pro-Iran hackers wiped thousands of employee devices

Wiz investor unpacks Google’s $32B acquisition

The FBI is investigating malware hidden inside games hosted on Steam

Network World Security

Cloud providers seek to shape European sovereignty legislation

Telnet vulnerability opens door to remote code execution as root

Nvidia joins push for data centers in space

Versa extends SASE platform with Inbound SSE and Secure Enterprise Browser

OpenAI’s $50B AWS deal puts its Microsoft alliance to the test

Lenovo bolsters hybrid AI platform with Nvidia GPUs

Fortinet’s AI-driven defense for a machine-speed era

Microsoft’s laser-free cable tech promises to slash AI data center networking power bills

Beyond the fan: Crossing the liquid cooling rubicon

USAT to Distribute Digital Dollars to Thousands During St. Patrick’s Day Celebration in Times Square

Help Net Security

Intezer AI SOC removes MDR limits with autonomous triage and optimization

DarkSword: Researchers uncover another iOS exploit kit

Flare Foretrace helps employees detect and fix identity risks to strengthen enterprise security

4chan shrugs off UK regulator, refuses to pay £520,000 in fines over online safety violations

Versa Secure Enterprise Browser delivers browser-native security for enterprise apps

Nagomi Security expands into agent-driven exposure elimination with Agentic Exposure Ops

Cobalt adds continuous pentesting AI capabilities to scale offensive security and real-world risk

Discern deploys six AI agents to streamline security analysis, prioritization, and remediation

Entro Security AGA brings governance and control to enterprise AI agents and access

Komodor unveils Klaudia AI extensibility framework to power multi-agent incident resolution

SC Magazine

Vibe Hacking has arrived – and we have to figure out how to stop it

Beast Ransomware’s toolkit revealed by exposed directory

FAA seeks info to boost air traffic systems' cyber, quantum defenses

Secure by design AI pushed by US government

Inaugural Energy Department cyber strategy's release imminent

Significant security flaws flagged in LangSmith, SGLang

VulnCheck: Threat of high-severity Cisco SD-WAN bug potentially missed

Major Verizon retailer's customer records reportedly stolen, offered for sale

Medusa ransomware purportedly hits University of Mississippi Medical Center, New Jersey county

Novel font-rendering attack prevents AI assistants from detecting illicit code

© 2026 RiskDiscovery | Sponsored by: Deception Logic