[ News | Newsletters | Blogs | Lists | Media | Jobs ] HoneyDB
DarkReading
Google Fixes Critical RCE Flaw in AI-Based Antigravity Tool
Chinese APT Targets Indian Banks, Korean Policy Circles
Vercel Employee's AI Tool Access Led to Data Breach
Serial-to-IP Devices Hide Thousands of Old & New Bugs
WhatsApp Leaks User Metadata to Attackers
How NIST's Cutback of CVE Handling Impacts Cyber Teams
Tycoon 2FA Phishers Scatter, Adopt Device Code Phishing
Every Old Vulnerability Is Now an AI Vulnerability
Coast Guard's New Cybersecurity Rules Offer Lessons for CISOs
NIST Revamps CVE Framework to Focus on High-Impact Vulnerabilities
Ars Technica
Contrary to popular superstition, AES 128 is just fine in a post-quantum world
US-sanctioned currency exchange says $15 million heist done by "unfriendly states"
Recent advances push Big Tech closer to the Q-Day danger zone
“Negative” views of Broadcom driving thousands of VMware migrations, rival says
Iran-linked hackers disrupt operations at US critical infrastructure sites
Thousands of consumer routers hacked by Russia's military
OpenClaw gives users yet another reason to be freaked out about security
New Rowhammer attacks give complete control of machines running Nvidia GPUs
Quantum computers need vastly fewer resources than thought to break vital encryption
Google bumps up Q Day deadline to 2029, far sooner than previously thought
CyberScoop
Mythos can find the vulnerability. It can’t tell you what to do about it.
Vuln in Google’s Antigravity AI agent manager could escape sandbox, give attackers remote code execution
The FTC’s AI portfolio is about to get bigger
Vercel’s security breach started with malware disguised as Roblox cheats
Why the Axios attack proves AI is mandatory for supply chain security
Network ‘background noise’ may predict the next big edge-device vulnerability
The surveillance law Congress can’t quit — and can’t explain
US nationals sentenced for aiding North Korea’s tech worker scheme
Officials seize 53 DDoS-for-hire domains in ongoing crackdown
Ghost breaches: How AI-mediated narratives have become a new threat vector
InfoSecurity Magazine
The Gentlemen Ransomware Expands With Rapid Affiliate Growth
Unchecked AI Agents Cause Cybersecurity Incidents at Two Thirds of Firms
Vercel Confirms Cyber Incident After Sophisticated Attacker Exploits Third‑Party Tool
North Korean Blamed for $290m KelpDAO Crypto Heist
ZionSiphon Malware Targets Water Infrastructure Systems
Formbook Malware Campaign Uses Multiple Obfuscation Techniques to Avoid Detection
Attackers Exploit DVR Command Injection Flaw to Deploy Mirai-Based Botnet
NCSC Outlines Coordinated Plan to Boost NHS Cyber Resilience
Crypto Exchange Grinex Blames Western Spies for $13m Theft
Commercial AI Models Show Rapid Gains in Vulnerability Research
SecurityWeek
Third US Security Expert Admits Helping Ransomware Gang
Dozens of Malicious Crypto Apps Land in Apple App Store
Unsecured Perforce Servers Expose Sensitive Data From Major Orgs
Progress Patches Multiple Vulnerabilities in MOVEit WAF, LoadMaster
Organizations Warned of Exploited Cisco, Kentico, Zimbra Vulnerabilities
Data Breaches at Healthcare Organizations in Illinois and Texas Affect 600,000
$290 Million Kelp DAO Crypto Heist Blamed on North Korea
Serial-to-IP Converter Flaws Expose OT and Healthcare Systems to Hacking
British Scattered Spider Hacker Pleads Guilty in the US
Hackers Abuse QEMU for Defense Evasion
ZDNet
Samsung is ending Messages in July: 5 replacements I'd switch to now
Moonshot AI's new Kimi K2.6 swarms your complex tasks with 1,000 collaborating agents
I tested Surfshark's new Dausos VPN protocol - here's how it compares to WireGuard
I've tested every Razr and Galaxy Flip: 3 reasons Motorola crushes Samsung at foldables
I found the easiest way to encrypt files on an Android phone - and it's free to do
T-Mobile will give you an iPhone 17 basically for free - here's how to get yours
Does Walmart price match? What to know about online and in-store price matching policies
The best mini gaming PCs of 2026: Expert tested and reviewed
Own a Sony TV? 3 quick settings I'd change to meaningfully improve the picture quality
Motorola Moto G (2026) review: Why I'd pick this $200 phone over competing models
The Hacker News
Ransomware Negotiator Pleads Guilty to Aiding BlackCat Attacks in 2023
5 Places where Mature SOCs Keep MTTR Fast and Others Waste Time
NGate Campaign Targets Brazil, Trojanizes HandyPay to Steal NFC Data and PINs
No Exploit Needed: How Attackers Walk Through the Front Door via Identity-Based Attacks
Google Patches Antigravity IDE Flaw Enabling Prompt Injection Code Execution
CISA Adds 8 Exploited Flaws to KEV, Sets April-May 2026 Federal Deadlines
SGLang CVE-2026-5760 (CVSS 9.8) Enables RCE via Malicious GGUF Model Files
⚡ Weekly Recap: Vercel Hack, Push Fraud, QEMU Abused, New Android RATs Emerge & More
Why Most AI Deployments Stall After the Demo
Anthropic MCP Design Vulnerability Enables RCE, Threatening AI Supply Chain
BleepingComputer
Stopping Fraud at Each Stage of the Customer Journey Without Adding Friction
UK probes Telegram, teen chat sites over CSAM sharing concerns
CISA flags new SD-WAN flaw as actively exploited in attacks
Actively exploited Apache ActiveMQ flaw impacts 6,400 servers
Former ransomware negotiator pleads guilty to BlackCat attacks
NGate Android malware uses HandyPay NFC app to steal card data
KelpDAO suffers $290 million heist tied to Lazarus hackers
China's Apple App Store infiltrated by crypto-stealing wallet apps
The Gentlemen ransomware now uses SystemBC for bot-powered attacks
Seiko USA website defaced as hacker claims customer data theft
gbhackers
AI-Powered NGate Malware Evades Detection Inside NFC Payment Apps
Claude Code, Gemini CLI, and GitHub Copilot Exposed to Prompt Injection via GitHub Comments
Apache Syncope RCE Vulnerability Detailed After Public Exploit Code Release
Microsoft spots Sapphire Sleet macOS attack using AppleScript and social engineering
PureRAT Hides PE Payloads in PNGs for Fileless Execution
GitHub Issue Alerts Exploited in OAuth Phishing Scam Targeting Developers
CISA Alerts Defenders to Exploited Cisco Catalyst SD-WAN Manager Security Flaws
6,000+ Publicly Exposed Apache ActiveMQ Instances Found Vulnerable to CVE-2026-34197
Gentlemen RaaS Hits Windows, Linux, and ESXi With New C-Based Locker
12 Fraudulent Browser Extensions Disguised as TikTok Downloaders Compromise 130K Users
Cybersecurity Dive
CISA confirms exploitation of 3 more Cisco networking device vulnerabilities
Stellantis teams with Microsoft to strengthen digital capabilities
Vulnerability exploitation surges often precede disclosure, offering possible early warnings
Vercel systems targeted after third-party tool compromised
Beyond IT: Cybersecurity is a strategic business risk
TP-Link routers face exploitation attempt linked to high-severity flaw
US joins nearly two dozen other countries in striking back against DDoS-for-hire platforms
CIOs fret over rising security concerns amid AI adoption
CISA cancels prestigious summer internships, citing government shutdown
NIST limits vulnerability analysis as CVE backlog swells
Threatpost
Student Loan Breach Exposes 2.5M Records
Watering Hole Attacks Push ScanBox Keylogger
Tentacles of ‘0ktapus’ Threat Group Victimize 130 Firms
Ransomware Attacks are on the Rise
Cybercriminals Are Selling Access to Chinese Surveillance Cameras
Twitter Whistleblower Complaint: The TL;DR Version
Firewall Bug Under Active Attack Triggers CISA Warning
Fake Reservation Links Prey on Weary Travelers
iPhone Users Urged to Update to Patch 2 Zero-Days
Google Patches Chrome’s Fifth Zero-Day of the Year
The Register
Yet another ex-ransomware negotiator admits turning rogue after payoff from crimelords
AI-assisted intruders pwned Vercel via OAuth abuse and a pilfered employee account
Crook claims to leak 'video surveillance footage' of companies
Met police trials snoop tech platform in push to cuff more London shoplifters
Adaptavist Group breach spawns imposter emails as ransomware crew claims mega-haul
Panasonic creates device-locked QR codes to speed facial biometric capture
Iran claims US used backdoors to knock out networking equipment during war
Vibe coding upstart Lovable denies data leak, cites 'intentional behavior,' then throws HackerOne under the bus
Claude Desktop changes app access settings for browsers you don't even have installed yet
Scot becomes second Scattered Spider-linked crook to plead guilty in US
VentureBeat
Three AI coding agents leaked secrets through a single prompt injection. One vendor's system card predicted it
Adversaries hijacked AI security tools at 90+ organizations. The next wave has write access to the firewall
Most enterprises can't stop stage-three AI agent threats, VentureBeat survey finds
Microsoft patched a Copilot Studio prompt injection. The data exfiltrated anyway
Frontier models are failing one in three production attempts — and getting harder to audit
43% of AI-generated code changes need debugging in production, survey finds
Five signs data drift is already undermining your security models
TechCrunch
With US spy laws set to expire, lawmakers are split over protecting Americans from warrantless surveillance
North Korean hackers blamed for $290M crypto theft
Mastodon says its flagship server was hit by a DDoS attack
App host Vercel says it was hacked and customer data stolen
Palantir posts mini-manifesto denouncing inclusivity and ‘regressive’ cultures
Man who hacked US Supreme Court filing system sentenced to probation
Hackers are abusing unpatched Windows security flaws to hack into organizations
Bluesky confirms DDoS attack is cause of continued app outages
European police email 75,000 people asking them to stop DDoS attacks
Two Americans sentenced for helping North Korea steal $5 million in fake IT worker scheme
Network World Security
Azure SRE Agent flaw lets outsiders silently eavesdrop on enterprise cloud operations
Amazon’s $5B Anthropic bet is really about compute, not just cash
Cloudflare wants to rebuild the network for the age of AI agents
AI fuels wireless talent shortage
Flawed Cisco update threatens to stop APs from getting further patches
IPv6 may briefly have accounted for more than half of internet traffic
Broadcom’s Facebook friend will help train it to accelerate AI workloads
Data centers are costing local governments billions
Equinix offering targets automated AI-centric network operations
AI shifts IT roles from operator to orchestrator
Help Net Security
SC Magazine
Seiko USA website defaced, customer data breach claimed
The CISO role has always been brutal. Here is what makes some survive it.
GreyNoise finds attacker activity surges before vulnerability disclosures
The Human Aspect of Red Teams - Brian Fox, Tom Tovar, T. Gwyddon 'Data' Owen - ASW #379
Anthropic CEO, White House chief of staff convene on Claude Mythos
Attempted exploitation of vulnerability impacting EoL TP-Link routers discovered
Multiple other companies purportedly breached by ShinyHunters, over 9M record leak warned
Nearly $300M stolen from Kelp DAO cross-chain bridge heist
Trojanized TestDisk installer, Microsoft binary tapped for illicit ScreenConnect deployment
Tycoon 2FA relinquishes crown to similar PhaaS platforms
© 2026 RiskDiscovery | Sponsored by: Deception Logic