[ News | Newsletters | Blogs | Lists | Media | Jobs ] HoneyDB
DarkReading
North Korea Uses ClickFix to Target macOS Users' Data
'Harmless' Global Adware Transforms Into an AV Killer
Two-Factor Authentication Breaks Free from the Desktop
Microsoft's Original Windows Secure Boot Certificate Is Expiring
6-Year Ransomware Campaign Targets Turkish Homes & SMBs
Critical MCP Integration Flaw Puts NGINX at Risk
Navigating the Unique Security Risks of Asia's Digital Supply Chain
Prepping for 'Q-Day': Why Quantum Risk Management Should Start Now
Audit: Big Tech Often Ignores CA Privacy Law Opt-Out Requests
Microsoft, Salesforce Patch AI Agent Data Leak Flaws
Ars Technica
“Negative” views of Broadcom driving thousands of VMware migrations, rival says
Iran-linked hackers disrupt operations at US critical infrastructure sites
Thousands of consumer routers hacked by Russia's military
OpenClaw gives users yet another reason to be freaked out about security
New Rowhammer attacks give complete control of machines running Nvidia GPUs
Quantum computers need vastly fewer resources than thought to break vital encryption
Google bumps up Q Day deadline to 2029, far sooner than previously thought
Self-propagating malware poisons open source software and wipes Iran-based machines
Widely used Trivy scanner compromised in ongoing supply-chain attack
Cloud service providers ask EU regulator to reinstate VMware partner program
CyberScoop
Officials seize 53 DDoS-for-hire domains in ongoing crackdown
Ghost breaches: How AI-mediated narratives have become a new threat vector
NIST narrows scope of CVE analysis to keep up with rising tide of vulnerabilities
Executive orders likely ahead in next steps for national cyber strategy
OpenAI expands Trusted Access for Cyber program with new GPT 5.4 Cyber model 
We’re only seeing the tip of the chip-smuggling iceberg
CISA cancels summer internships for cyber scholarship students amid DHS funding lapse
Microsoft drops its second-largest monthly batch of defects on record
Space Force official touts AI’s impact on cyber compliance
Black Basta’s playbook lives on as former affiliates launch fast-scale intrusion campaign
InfoSecurity Magazine
US Nationals Jailed for Operating Fake Remote Worker Laptop Farms for North Korea
APK Malformation Found in Thousands of Android Malware Samples
Cookeville Medical Center Notifies Patients After July 2025 Ransomware Attack
NIST Drops NVD Enrichment for Pre-March 2026 Vulnerabilities
Systemic Flaw in MCP Protocol Could Expose 150 Million Downloads
Automotive Ransomware Attacks Double in a Year
OpenAI Unveils GPT-5.4-Cyber for Improving Cyber Defense With AI
European Cybersecurity Agency ENISA Seeks Top-Tier Status in CVE Program
Signed Adware Operation Disables Antivirus Across 23,000 Hosts
Critical Nginx-ui MCP Flaw Actively Exploited in the Wild
SecurityWeek
Government Can’t Win the Cyber War Without the Private Sector
OpenAI Widens Access to Cybersecurity Model After Anthropic’s Mythos Reveal
Data Breach at Tennessee Hospital Affects 337,000
Artemis Emerges From Stealth With $70 Million in Funding
Splunk Enterprise Update Patches Code Execution Vulnerability
Microsoft Paid Out $2.3 Million at Zero Day Quest 2026 Hacking Contest
NIST Prioritizes NVD Enrichment for CVEs in CISA KEV, Critical Software
Cisco Patches Critical Vulnerabilities in Webex, ISE
Ransomware Hits Automotive Data Expert Autovista
Claude Code, Gemini CLI, GitHub Copilot Agents Vulnerable to Prompt Injection via Comments
ZDNet
I tried the new Gemini app for Mac - and it's better than the website in one big way
Google's Pixel 10 is now 30% off on Amazon for a limited time
How Google's updated AI Mode will ease your tab clutter when you search
Why this MagSafe battery pack is our readers' favorite model right now - especially at its price
T-Mobile will give you a Google Pixel 10a for free - plus an extra gift
OpenAI's Codex Desktop can run your computer now - and has its own browser
Want to build a startup that gets acquired? This founder shares 5 proven tips
Google to pay $135M settlement to Android phone users - how to claim your share if you qualify
MacBook Neo vs. Surface: Why spiraling RAM prices are bruising Microsoft's PC business but not Apple's
Want to stand out on LinkedIn? Try this career strategist's top 3 tips for strengthening your profile
The Hacker News
Newly Discovered PowMix Botnet Hits Czech Workers Using Randomized C2 Traffic
ThreatsDay Bulletin: Defender 0-Day, SonicWall Brute-Force, 17-Year-Old Excel RCE and 15 More Stories
[Webinar] Find and Eliminate Orphaned Non-Human Identities in Your Environment
Cisco Patches Four Critical Identity Services, Webex Flaws Enabling Code Execution
Hidden Passenger? How Taboola Routes Logged-In Banking Sessions to Temu
Obsidian Plugin Abuse Delivers PHANTOMPULSE RAT in Targeted Finance, Crypto Attacks
UAC-0247 Targets Ukrainian Clinics and Government in Data-Theft Malware Campaign
n8n Webhooks Abused Since October 2025 to Deliver Malware via Phishing Emails
Actively Exploited nginx-ui Flaw (CVE-2026-33032) Enables Full Nginx Server Takeover
April Patch Tuesday Fixes Critical Flaws Across SAP, Adobe, Microsoft, Fortinet, and More
BleepingComputer
Operation PowerOFF identifies 75k DDoS users, takes down 53 domains
ZionSiphon malware designed to sabotage water treatment systems
New Microsoft Defender “RedSun” zero-day PoC grants SYSTEM privileges
Hackers exploit Marimo flaw to deploy NKAbuse malware from Hugging Face
Google expands Gemini AI use to fight malicious ads on its platform
New ATHR vishing platform uses AI voice agents for automated attacks
Most "AI SOCs" Are Just Faster Triage. That's Not Enough.
Cisco says critical Webex Services flaw requires customer action
Data breach at edtech giant McGraw Hill affects 13.5 million accounts
US nationals behind DPRK IT worker 'laptop farm' sent to prison
gbhackers
UAC-0247 Hits Hospitals, Governments With Browser and WhatsApp Data Theft
Fake ProtonVPN, game mod sites spread NWHStealer in new Windows malware campaign
Hackers Exploit n8n Webhooks to Spread Malware
Two U.S. Nationals Sentenced in $5 Million DPRK Remote Worker Laptop Farm Scheme
New PoC Exploit Published for Microsoft Defender 0-Day Flaw
Cisco FMC Zero-Day Among 31 High-Impact Vulnerabilities Exploited in March
Chrome Privacy Vulnerability Exposes Users via Fingerprinting and Header Leaks
Critical Cisco ISE Flaws Let Remote Attackers Execute Malicious Code
Cisco Webex Vulnerability Allows User Impersonation Attacks
Fake Adobe Reader Download Drops ScreenConnect via Fileless Loader
Cybersecurity Dive
CIOs fret over rising security concerns amid AI adoption
CISA cancels prestigious summer internships, citing government shutdown
NIST limits vulnerability analysis as CVE backlog swells
FCC exempts Netgear from foreign router ban
Medium-severity flaw in Microsoft SharePoint exploited
Brute-force cyberattacks originating in Middle East surge in Q1
FCC signals continued commitment to Cyber Trust Mark program
CISOs see gaps in their incident response playbooks
US, Indonesia shut down ‘sophisticated’ phishing kit
Stryker warns of earnings fallout from March cyberattack
Threatpost
Student Loan Breach Exposes 2.5M Records
Watering Hole Attacks Push ScanBox Keylogger
Tentacles of ‘0ktapus’ Threat Group Victimize 130 Firms
Ransomware Attacks are on the Rise
Cybercriminals Are Selling Access to Chinese Surveillance Cameras
Twitter Whistleblower Complaint: The TL;DR Version
Firewall Bug Under Active Attack Triggers CISA Warning
Fake Reservation Links Prey on Weary Travelers
iPhone Users Urged to Update to Patch 2 Zero-Days
Google Patches Chrome’s Fifth Zero-Day of the Year
The Register
North Korea targets macOS users in latest heist
Americans who masterminded Nork IT worker fraud sentenced to 200 months behind bars
Git identity spoof fools Claude into giving bad code the nod
Textbook titan McGraw Hill on ransomware crew's reading list after 13.5M records exposed
Microsoft announces product it doesn't want you to buy: Extended security updates for old Exchange, and Skype for Biz
Server-room lock was nothing but a crock
Google Chrome lacks protection against one of the most basic and common ways to track users online
Nobody knows how many CVEs Anthropic's Project Glasswing has actually found
Patch these critical Fortinet sandbox bugs that let attackers bypass login, run commands over HTTP
Automotive data biz Autovista blames ransomware for service disruption
VentureBeat
Microsoft patched a Copilot Studio prompt injection. The data exfiltrated anyway
Frontier models are failing one in three production attempts — and getting harder to audit
43% of AI-generated code changes need debugging in production, survey finds
Five signs data drift is already undermining your security models
Your developers are already running AI locally: Why on-device inference is the CISO’s new blind spot
AI agent credentials live in the same box as untrusted code. Two new architectures show where the blast radius actually stops.
Mythos autonomously exploited vulnerabilities that survived 27 years of human review. Security teams need a new detection playbook
TechCrunch
European police email 75,000 people asking them to stop DDoS attacks
It’s not just you — Bluesky is (sorta) down
Two Americans sentenced for helping North Korea steal $5 million in fake IT worker scheme
Fashion retailer Express left customers’ personal data and order details exposed to the internet
Sweden blames Russian hackers for attempting ‘destructive’ cyberattack on thermal plant
Someone planted backdoors in dozens of WordPress plug-ins used in thousands of websites
Anthropic co-founder confirms the company briefed the Trump administration on Mythos
Adobe fixes PDF zero-day security bug that hackers have exploited for months
FBI announces takedown of phishing operation that targeted thousands of victims
Booking.com confirms hackers accessed customers’ data
Network World Security
AI shifts IT roles from operator to orchestrator
IBM unveils security services for thwarting agentic attacks, automating threat assessment
OpenAI pulls out of a second Stargate data center deal
Maine to put brakes on big data centers as AI expansion collides with power limits
Satellite backhaul service Globalstar has a new, rich owner amid challenging market conditions
Cisco just made moves to own the AI infrastructure stack
Data centers are moving inland, away from some traditional locations
2026 network outage report and internet health check
DNS security is often inadequate, and network engineers should get more involved
Curious about quantum? Check out training options from ISC2, IBM, AWS and more
Help Net Security
SC Magazine
The AI "Vulnpocolypse" Is Real? - PSW #922
Cisco patches critical bugs in Webex, ISE
Microsoft awards $2.3 million in Zero Day Quest hacking contest
NIST overhauls National Vulnerability Database operations amidst record CVE growth
Capsule Security launches with $7 million to secure AI agents
Sweden reports Russia-linked hackers targeted power plant
Apple iCloud deletion scam targets users with fake emails
Dark web forum hosts $10,000 article contest on vulnerability exploitation
PHP Composer vulnerabilities allow arbitrary command execution
6 steps to harden security programs for the Claude Mythos surge
© 2026 RiskDiscovery | Sponsored by: Deception Logic