[ News | Newsletters | Blogs | Lists | Media | Jobs ] HoneyDB
DarkReading
Black Hat USA
Human vs AI: Debates Shape RSAC 2026 Cybersecurity Trends
Lies, Damned Lies, and Cybersecurity Metrics
Focusing on the People in Cybersecurity at RSAC 2026 Conference
AI-Assisted Supply Chain Attack Targets GitHub
Axios Attack Shows Social Complex Engineering Is Industrialized
Fortinet Issues Emergency Patch for FortiClient Zero-Day
Automated Credential Harvesting Campaign Exploits React2Shell Flaw
Shadow AI in Healthcare Is Here to Stay
OWASP GenAI Security Project Gets Update, New Tools Matrix
Ars Technica
OpenClaw gives users yet another reason to be freaked out about security
New Rowhammer attacks give complete control of machines running Nvidia GPUs
Quantum computers need vastly fewer resources than thought to break vital encryption
Google bumps up Q Day deadline to 2029, far sooner than previously thought
Self-propagating malware poisons open source software and wipes Iran-based machines
Widely used Trivy scanner compromised in ongoing supply-chain attack
Cloud service providers ask EU regulator to reinstate VMware partner program
Federal cyber experts called Microsoft's cloud a "pile of shit," approved it anyway
Researchers disclose vulnerabilities in IP KVMs from four manufacturers
Supply-chain attack using invisible code hits GitHub and other repositories
CyberScoop
‘GrafanaGhost’ bypasses Grafana’s AI defenses without leaving a trace
Fortinet customers confront actively exploited zero-day, with a full patch still pending
pcTattleTale stalkerware maker sentence includes fine, supervised release
Trump budget proposal would cut hundreds of millions more from CISA
Wyden warns Social Security chief: Trump’s voter database is ‘blatant voter suppression’
House Dems decry confirmed ICE usage of Paragon spyware
Akira ransomware group can achieve initial access to data encryption in less than an hour
Lawmakers renew push for Labor Department-backed cyber apprenticeship grants
Medtech giant Stryker says it’s back up after Iranian cyberattack
European-Chinese geopolitical issues drive renewed cyberespionage campaign
InfoSecurity Magazine
GrafanaGhost Exploit Bypasses AI Guardrails for Silent Data Exfiltration
Over $17bn Lost to Cyber Fraud in the Last Year, Warns FBI
Storm-1175 Exploits Flaws in High-Velocity Medusa Attacks
Fortinet Releases Emergency Patch After FortiClient EMS Bug Is Exploited
New Phishing Platform Used in Credential Theft Campaigns Against C-Suite Execs
New 'Storm' Infostealer Remotely Decrypts Stolen Credentials
NCSC Issues Security Alert Over Hackers Targeting WhatsApp and Signal Accounts
Apple Expands iOS 18 Security Updates Amid DarkSword Threat
GitHub Used as Covert Channel in Multi-Stage Malware Campaign
Researchers Observe Sub-One-Hour Ransomware Attacks
SecurityWeek
Severe StrongBox Vulnerability Patched in Android
GrafanaGhost: Attackers Can Abuse Grafana to Leak Enterprise Data
Webinar Today: Why Automated Pentesting Alone Is Not Enough
GPUBreach: Root Shell Access Achieved via GPU Rowhammer Attack 
Medusa Ransomware Fast to Exploit Vulnerabilities, Breached Systems
German Police Unmask REvil Ransomware Leader
White House Seeks to Slash CISA Funding by $707 Million
Wynn Resorts Says 21,000 Employees Affected by ShinyHunters Hack
Google DeepMind Researchers Map Web Attacks Against AI Agents
Guardarian Users Targeted With Malicious Strapi NPM Packages
ZDNet
How I calibrated my subwoofer placement for peak impact in awkward room setups
Asus' latest flagship laptop competes with the MacBook Air, but not how you'd think
I tested the AirPods Max 2, Sony XM6, and Bose Ultra 2: Why Bose is my top pick
LG G6 vs. Samsung S95H: I compared the best OLED TVs of 2026 and made a tough choice
I found Android Auto's hidden shortcut that automates any task in your car - and it's brilliant
Samsung's latest TV firmware update fixes the Chromecast issue for older models - finally
This is the lowest price on an M5 MacBook Air I've seen - and it launched a month ago
The best Android phones of 2026: Expert tested and reviewed
I tested Gemini on Android Auto and now I can't stop talking to it: 5 tasks it nails
I used a single power station to keep my off-grid cabin running - how it all worked out
The Hacker News
Over 1,000 Exposed ComfyUI Instances Targeted in Cryptomining Botnet Campaign
[Webinar] How to Close Identity Gaps in 2026 Before AI Exploits Enterprise Risk
The Hidden Cost of Recurring Credential Incidents
New GPUBreach Attack Enables Full CPU Privilege Escalation via GDDR6 Bit-Flips
China-Linked Storm-1175 Exploits Zero-Days to Rapidly Deploy Medusa Ransomware
Flowise AI Agent Builder Under Active CVSS 10.0 RCE Exploitation; 12,000+ Instances Exposed
Iran-Linked Password-Spraying Campaign Targets 300+ Israeli Microsoft 365 Organizations
DPRK-Linked Hackers Use GitHub as C2 in Multi-Stage Attacks Targeting South Korea
Multi-OS Cyberattacks: How SOCs Close a Critical Risk in 3 Steps
⚡ Weekly Recap: Axios Hack, Chrome 0-Day, Fortinet Exploits, Paragon Spyware and More
BleepingComputer
Why Your Automated Pentesting Tool Just Hit a Wall
German authorities identify REvil and GandCrab ransomware bosses
New GPUBreach attack enables system takeover via GPU rowhammer
Disgruntled researcher leaks “BlueHammer” Windows zero-day exploit
Microsoft fixes Classic Outlook bug causing email delivery issues
Microsoft removes Support and Recovery Assistant from Windows
Microsoft links Medusa ransomware affiliate to zero-day attacks
Drift $280M crypto theft linked to 6-month in-person operation
CISA orders feds to patch exploited Fortinet EMS flaw by Friday
Why Simple Breach Monitoring is No Longer Enough
gbhackers
CUPS Vulnerabilities Could Allow Remote Attackers to Achieve Root-Level Code Execution
BPFDoor Variants Hide with Stateless C2 and ICMP Relay Tactics
Windmill Developer Platform Flaws Expose Users to RCE Attacks, Proof-of-Concept Published
Kubernetes Flaws Let Hackers Jump From Containers to Cloud Accounts
GPUBreach Attack Could Lead to Full System Takeover and Root Shell Access
Fake Gemini npm Package Steals AI Tool Tokens
Hackers Exploit Next.js React2Shell Vulnerability, Breach 766 Hosts in 24 Hours
Tor-Backed ClickFix Campaign Drops Node.js RAT on Windows
Critical Android Flaw Allows Zero-Interaction Denial-of-Service Attacks
Attackers Exploit Flowise Injection Vulnerability as 15,000+ Instances Remain Exposed
Cybersecurity Dive
Hims & Hers says limited data stolen in social engineering attack
Critical flaw in FortiClient EMS under exploitation
Trump’s FY2027 budget again targets CISA
Researchers warn of critical flaws in Progress ShareFile
Government agencies see cyber threats as major barrier to tech improvements
Critical flaw in F5 BIG-IP faces wide exploitation risk
Retail and hospitality CISOs expect budget growth, new AI headaches and opportunities
Cyberattack hits Hasbro, impacting orders and shipping
Axios open-source library targeted in sophisticated supply chain attack
Iran-linked actors target Middle Eastern city governments to undermine missile-strike responses
Threatpost
Student Loan Breach Exposes 2.5M Records
Watering Hole Attacks Push ScanBox Keylogger
Tentacles of ‘0ktapus’ Threat Group Victimize 130 Firms
Ransomware Attacks are on the Rise
Cybercriminals Are Selling Access to Chinese Surveillance Cameras
Twitter Whistleblower Complaint: The TL;DR Version
Firewall Bug Under Active Attack Triggers CISA Warning
Fake Reservation Links Prey on Weary Travelers
iPhone Users Urged to Update to Patch 2 Zero-Days
Google Patches Chrome’s Fifth Zero-Day of the Year
The Register
Yahoo! Japan’s owner consolidating 164 OpenStack clusters into one
AI agents found vulns in this popular Linux and Unix print server
Attackers exploited this critical FortiClient EMS bug as a 0-day
Anthropic sure has a mess on its hands thanks to that Claude Code source leak
Researchers didn’t want to glamorize cybercrims. So they roasted them
Trump wants to take a battle axe to CISA again and slash $707M from budget
Hybrid work, expanded risk: what needs to change
They thought they were downloading Claude Code source. They got a nasty dose of malware instead
The company's biggest security hole lived in the breakroom
AI recruiting biz Mercor says it was 'one of thousands' hit in LiteLLM supply-chain attack
VentureBeat
AI agents that automatically prevent, detect and fix software issues are here as NeuBird AI launches Falcon, FalconClaw
Closing the data security maturity gap: Embedding protection into enterprise workflows
OCSF explained: The shared data language security teams have been missing
In the wake of Claude Code's source code leak, 5 actions enterprise security leaders should take now
Hackers slipped a trojan into the code library behind most of the internet. Your team is probably affected
CrowdStrike, Cisco and Palo Alto Networks all shipped agentic SOC tools at RSAC 2026 — the agent behavioral baseline gap survived all three
OpenClaw has 500,000 instances and no enterprise kill switch
TechCrunch
Trump administration plans to cut cybersecurity agency’s budget by $700 million
Watch this video of how a job interviewer exposes a North Korean fake IT worker
North Korea’s hijack of one of the web’s most used open source projects was likely weeks in the making
Ticket savings of up to $500 this week for TechCrunch Disrupt 2026
Convicted spyware maker Bryan Fleming avoids jail at sentencing
After fighting malware for decades, this cybersecurity veteran is now hacking drones
Europe’s cyber agency blames hacking gangs for massive data breach and leak
Telehealth giant Hims & Hers says its customer support system was hacked
Money transfer app Duc exposed thousands of driver’s licenses and passports to the open web
ICE says it bought Paragon’s spyware to use in drug trafficking cases
Network World Security
Nvidia’s SchedMD acquisition puts open-source AI scheduling under scrutiny
Cisco: AI simplifies wireless operations but also taxes legacy Wi-Fi networks
Hyperscaler backlogs show growing demand for AI infrastructure
Two New England states say no to new data centers
AI for IT stalls as network complexity rises
French government take Bull by horns for €404 million
CERT-EU blames Trivy supply chain attack for Europa.eu data breach
Cisco: Latest news and insights
Cisco fixes critical IMC auth bypass present in many products
Kyndryl service targets AI agent automation, security
Help Net Security
Acronis MDR by TRU brings 24/7 managed detection and response to MSPs
Cloudflare moves up its post-quantum deadline as researchers narrow the path to Q-Day
AI-enabled device code phishing campaign exploits OAuth flow for account takeover
GitHub Copilot CLI gets a second-opinion feature built on cross-model review
Comp AI: The open-source way to get compliant with SOC 2, ISO 27001, HIPAA and GDPR
OpenAI opens applications for an external AI safety research fellowship
The case for fixing CWE weakness patterns instead of patching one bug at a time
How Mimecast brings enterprise-grade email protection to API deployment
Google study finds LLMs are embedded at every stage of abuse detection
Residential proxies make a mockery of IP-based defenses
SC Magazine
How phishing changed in 2025 and what to expect in 2026 and beyond
North Korea recruits Iranian workers for IT job fraud
AppSec News Roundup on Claude Code Leak, Axios NPM Compromise, Secure Design - Idan Plotnik, Raj Mallempati - ASW #377
Audit finds governance, cybersecurity weaknesses in FAA systems
CISA to get significant budget cuts under Trump's fiscal 2027 budget
Thousands of European tourist sites impacted by ticketing platform breach
Cyber incident disrupts Massachusetts' emergency communications center
Alleged Adobe helpdesk system breach reported
Data breach notice clarified by T-Mobile
Total takeover of Nvidia GPU-based devices possible with novel Rowhammer attacks
© 2026 RiskDiscovery | Sponsored by: Deception Logic