[ News | Newsletters | Blogs | Lists | Media | Jobs ] HoneyDB
DarkReading
Black Hat USA
Picking Up 'Skull Vibrations'? Could Be XR Headset Authentication
Source Code Leaks Highlight Lack of Supply Chain Oversight
CrowdStrike Next-Gen SIEM Can Now Ingest Microsoft Defender Telemetry
Geopolitics, AI, and Cybersecurity: Insights From RSAC 2026
Not Toying Around: Hasbro Attack May Take 'Weeks' to Remediate
Security Bosses Are All-In on AI. Here's Why
RSAC 2026: AI Dominates, But Community Remains Key to Security
Bank Trojan 'Casbaneiro' Worms Through Latin America
Ransomware Will Hit Hospitals. Rehearsals Are Key to Defense
Ars Technica
New Rowhammer attacks give complete control of machines running Nvidia GPUs
Quantum computers need vastly fewer resources than thought to break vital encryption
Google bumps up Q Day deadline to 2029, far sooner than previously thought
Self-propagating malware poisons open source software and wipes Iran-based machines
Widely used Trivy scanner compromised in ongoing supply-chain attack
Cloud service providers ask EU regulator to reinstate VMware partner program
Federal cyber experts called Microsoft's cloud a "pile of shit," approved it anyway
Researchers disclose vulnerabilities in IP KVMs from four manufacturers
Supply-chain attack using invisible code hits GitHub and other repositories
The who, what, and why of the attack that has shut down Stryker's Windows network
CyberScoop
House Dems decry confirmed ICE usage of Paragon spyware
Akira ransomware group can achieve initial access to data encryption in less than an hour
Lawmakers renew push for Labor Department-backed cyber apprenticeship grants
Medtech giant Stryker says it’s back up after Iranian cyberattack
European-Chinese geopolitical issues drive renewed cyberespionage campaign
White House executive order purports to limit mail-in voting, mandate federal voter lists 
Attack on axios software developer tool threatens widespread compromises
Researchers say credential-stealing campaign used AI to build evasion ‘at every stage’
Iranian hackers, Handala, claim to compromise FBI Director Kash Patel’s personal data
Security leaders say the next two years are going to be ‘insane’
InfoSecurity Magazine
New Phishing Platform Used in Credential Theft Campaigns Against C-Suite Execs
New 'Storm' Infostealer Remotely Decrypts Stolen Credentials
NCSC Issues Security Alert Over Hackers Targeting WhatsApp and Signal Accounts
Apple Expands iOS 18 Security Updates Amid DarkSword Threat
GitHub Used as Covert Channel in Multi-Stage Malware Campaign
Researchers Observe Sub-One-Hour Ransomware Attacks
Most CNI Firms Face Up to £5m in Downtime from OT Attacks
Google Introduces Android Dev Verification Amid Openness Debate
New Venom Stealer MaaS Platform Automates Continuous Data Theft
Chinese Hackers Target European Governments in Espionage Campaigns
SecurityWeek
TrueConf Zero-Day Exploited in Asian Government Attacks
In Other News: ChatGPT Data Leak, Android Rootkit, Water Facility Hit by Ransomware
Critical ShareFile Flaws Lead to Unauthenticated RCE
Mobile Attack Surface Expands as Enterprises Lose Control
React2Shell Exploited in Large-Scale Credential Harvesting Campaign
T-Mobile Sets the Record Straight on Latest Data Breach Filing
North Korean Hackers Drain $285 Million From Drift in 10 Seconds
Critical Vulnerability in Claude Code Emerges Days After Source Leak
Apple Rolls Out DarkSword Exploit Protection to More Devices
Cybersecurity M&A Roundup: 38 Deals Announced in March 2026
ZDNet
I drove over this AirTag alternative with my car, but it wouldn't crack - unlike others
I tested the Bloom Card to cut my screen time: It beats Brick on features and price, but it's easier to bypass
Do Apple's new AirPods Max 2 beat the AirPods Pro 3? I've tried both, here's my take
I turned to PrivacyBee to clean up my data - here's how it made me disappear
How to switch from ChatGPT to Gemini - without starting from scratch
I highly recommend this car charger for quick charging on the go - and it's cheap
Android's emergency alerts just got a major map upgrade - but change this setting first
How I pay less for gas: 5 apps I use to find the cheapest stations nearby
Google's Gemma 4 model goes fully open-source and unlocks powerful local AI - even on phones
New MIT jobs report: Why AI's work impact will roll in like a rising tide, not a crashing wave
The Hacker News
UNC1069 Social Engineering of Axios Maintainer Led to npm Supply Chain Attack
Why Third-Party Risk Is the Biggest Gap in Your Clients' Security Posture
New SparkCat Variant in iOS, Android Apps Steals Crypto Wallet Recovery Phrase Images
Drift Loses $285 Million in Durable Nonce Social Engineering Attack Linked to DPRK
Hackers Exploit CVE-2025-55182 to Breach 766 Next.js Hosts, Steal Credentials
Cisco Patches 9.8 CVSS IMC and SSM Flaws Allowing Remote System Compromise
ThreatsDay Bulletin: Pre-Auth Chains, Android Rootkits, CloudTrail Evasion & 10 More Stories
Researchers Uncover Mining Operation Using ISO Lures to Spread RATs and Crypto Miners
The State of Trusted Open Source Report
WhatsApp Alerts 200 Users After Fake iOS App Installed Spyware; Italian Firm Faces Action
BleepingComputer
Microsoft still working to fix Exchange Online mailbox access issues
Man admits to locking thousands of Windows devices in extortion plot
Microsoft now force upgrades unmanaged Windows 11 24H2 PCs
CERT-EU: European Commission hack exposes data of 30 EU entities
Claude Code leak used to push infostealer malware on GitHub
Drift loses $280 million North Korean hackers seize Security Council powers
Residential proxies evaded IP reputation checks in 78% of 4B sessions
Adversaries Exploit Vacant Homes to Intercept Mail in Hybrid Cybercrime
New Progress ShareFile flaws can be chained in pre-auth RCE attacks
Medtech giant Stryker fully operational after data-wiping attack
gbhackers
New Progress ShareFile Flaws Expose Servers to Unauthorized Remote Takeover
Microsoft Forces Unmanaged Windows 11 Devices to Upgrade to Version 24H2
Infrastructure Engineer Pleads Guilty to Locking 254 Windows Servers at Former Employer
Kimsuky Uses Malicious LNK Files to Drop Python Backdoor
CISA Includes TrueConf Security Flaw in KEV Catalog After Exploitation in the Wild
14,000+ F5 BIG-IP APM Instances Exposed Online as Attackers Exploit RCE Vulnerability
Axios npm compromise traced to targeted social engineering attack
Malicious Chrome Extension “ChatGPT Ad Blocker” Targets Users, Steals Conversations
Trusted Platforms Exploited to Steal Philippine Banking Credentials
AI Models Including Gemini 3 and Claude Haiku 4.5 Secretly Protected Other Models From Removal
Cybersecurity Dive
Critical flaw in F5 BIG-IP faces wide exploitation risk
Retail and hospitality CISOs expect budget growth, new AI headaches and opportunities
Cyberattack hits Hasbro, impacting orders and shipping
Axios open-source library targeted in sophisticated supply chain attack
Iran-linked actors target Middle Eastern city governments to undermine missile-strike responses
Cybersecurity risks shape AI adoption, but investment accelerates nonetheless
Iran actors’ claims raise questions about larger cyber threat to US, allies
‘Missed opportunity’: US government’s absence from RSAC Conference leaves stark void
Citrix NetScaler products confirmed to be under exploitation
Newly observed malware campaign likely combines AI and ClickFix
Threatpost
Student Loan Breach Exposes 2.5M Records
Watering Hole Attacks Push ScanBox Keylogger
Tentacles of ‘0ktapus’ Threat Group Victimize 130 Firms
Ransomware Attacks are on the Rise
Cybercriminals Are Selling Access to Chinese Surveillance Cameras
Twitter Whistleblower Complaint: The TL;DR Version
Firewall Bug Under Active Attack Triggers CISA Warning
Fake Reservation Links Prey on Weary Travelers
iPhone Users Urged to Update to Patch 2 Zero-Days
Google Patches Chrome’s Fifth Zero-Day of the Year
The Register
They thought they were downloading Claude Code source. They got a nasty dose of malware instead
The company's biggest security hole lived in the breakroom
AI recruiting biz Mercor says it was 'one of thousands' hit in LiteLLM supply-chain attack
Amazon security boss: AI makes pentesting 40% more efficient
'People's Panel' to check if UK wants controversial Digital ID will cost £630K
UK manufacturers under cyber fire with 80% reporting attacks
Don't open that WhatsApp message, Microsoft warns
Iran targets M365 accounts with password-spraying attacks
Supply chain blast: Top npm package backdoored to drop dirty RAT on dev machines
OpenAI patches ChatGPT flaw that smuggled data over DNS
VentureBeat
In the wake of Claude Code's source code leak, 5 actions enterprise security leaders should take now
Hackers slipped a trojan into the code library behind most of the internet. Your team is probably affected
CrowdStrike, Cisco and Palo Alto Networks all shipped agentic SOC tools at RSAC 2026 — the agent behavioral baseline gap survived all three
OpenClaw has 500,000 instances and no enterprise kill switch
RSAC 2026 shipped five agent identity frameworks and left three critical gaps open
Meta's rogue AI agent passed every identity check — four gaps in enterprise IAM explain why
The authorization problem that could break enterprise AI
TechCrunch
Telehealth giant Hims & Hers says its customer support system was hacked
Money transfer app Duc exposed thousands of driver’s licenses and passports to the open web
ICE says it bought Paragon’s spyware to use in drug trafficking cases
De-fi platform Drift suspends deposits and withdrawals after millions in crypto stolen in hack
Apple releases security fix for older iPhones and iPads to protect against DarkSword attacks
WhatsApp notifies hundreds of users who installed a fake app made by government spyware maker
Hasbro says it was hacked, and may take ‘several weeks’ to recover
Mercor says it was hit by cyberattack tied to compromise of open source LiteLLM project
North Korean hackers blamed for hijacking popular Axios open source project to spread malware
Health data giant CareCloud says hackers accessed patients’ medical records
Network World Security
Cisco fixes critical IMC auth bypass present in many products
Kyndryl service targets AI agent automation, security
Google Research touts memory-compression breakthrough for AI processing
Why can’t we have nice routers anymore?
Amazon Middle East datacenter suffers second drone hit as Iran steps up attacks
New tool on AWS makes it easier to develop quantum error correction
IBM, Arm team up to bring Arm software to IBM Z mainframes
No joke: data centers are warming the planet
Vim and GNU Emacs: Claude Code helpfully found zero-day exploits for both
OpenStack Gazpacho is a dish best served cold for hot cloud networks
Help Net Security
Cisco IMC auth bypass vulnerability allows attackers to alter user passwords (CVE-2026-20093)
Windows Security app gets Secure Boot certificate status indicators as 2026 expiration approaches
Claude Code source leak exploited to spread malware
APERION releases SmartFlow SDK for secure, on-prem AI governance without cloud reliance
Trivy supply chain attack enabled European Commission cloud breach
Microsoft releases open-source toolkit to govern autonomous AI agents
Which messaging app takes the most limited approach to permissions on Android?
Click, wait, repeat: Digital trust erodes one login at a time
New infosec products of the month: March 2026
AWS, Wasabi, Cloudflare, and Backblaze go head-to-head in new cloud storage test
SC Magazine
Highly evasive spear-phishing campaign targeting senior execs ‘neutralizes’ MFA
Actively exploited Chrome zero-day patched
Ransomware intrusion compromises North Dakota water treatment facility
Americans' passports purportedly stolen in hacktivist attack against Dubai airport
Third-party hack affirmed by Nissan after Everest ransomware assertions
Massive Cisco breach claimed by ShinyHunters
Drift Protocol estimated to have lost $285M in crypto heist
Global Microsoft device code phishing facilitated by novel EvilTokens kit
New Chinese cyberespionage campaigns strike Europe
When detection isn't enough: The limits of EDR
© 2026 RiskDiscovery | Sponsored by: Deception Logic