[ News | Newsletters | Blogs | Lists | Media | Jobs ] HoneyDB
DarkReading
Black Hat USA
Inconsistent Privacy Labels Don't Tell Users What They Are Getting
Apple Breaks Precedent, Patches DarkSword for iOS 18
Blast Radius of TeamPCP Attacks Expands Amid Hacker Infighting
Picking Up 'Skull Vibrations'? Could Be XR Headset Authentication
Claude Source Code Leak Highlights Big Supply Chain Missteps
Chainguard Unveils Factory 2.0 to Automate Hardening the Software Supply Chain
CrowdStrike Next-Gen SIEM Can Now Ingest Microsoft Defender Telemetry
Geopolitics, AI, and Cybersecurity: Insights From RSAC 2026
Not Toying Around: Hasbro Attack May Take 'Weeks' to Remediate
Ars Technica
OpenClaw gives users yet another reason to be freaked out about security
New Rowhammer attacks give complete control of machines running Nvidia GPUs
Quantum computers need vastly fewer resources than thought to break vital encryption
Google bumps up Q Day deadline to 2029, far sooner than previously thought
Self-propagating malware poisons open source software and wipes Iran-based machines
Widely used Trivy scanner compromised in ongoing supply-chain attack
Cloud service providers ask EU regulator to reinstate VMware partner program
Federal cyber experts called Microsoft's cloud a "pile of shit," approved it anyway
Researchers disclose vulnerabilities in IP KVMs from four manufacturers
Supply-chain attack using invisible code hits GitHub and other repositories
CyberScoop
Trump budget proposal would cut hundreds of millions more from CISA
Wyden warns Social Security chief: Trump’s voter database is ‘blatant voter suppression’
House Dems decry confirmed ICE usage of Paragon spyware
Akira ransomware group can achieve initial access to data encryption in less than an hour
Lawmakers renew push for Labor Department-backed cyber apprenticeship grants
Medtech giant Stryker says it’s back up after Iranian cyberattack
European-Chinese geopolitical issues drive renewed cyberespionage campaign
White House executive order purports to limit mail-in voting, mandate federal voter lists 
Attack on axios software developer tool threatens widespread compromises
Researchers say credential-stealing campaign used AI to build evasion ‘at every stage’
InfoSecurity Magazine
New Phishing Platform Used in Credential Theft Campaigns Against C-Suite Execs
New 'Storm' Infostealer Remotely Decrypts Stolen Credentials
NCSC Issues Security Alert Over Hackers Targeting WhatsApp and Signal Accounts
Apple Expands iOS 18 Security Updates Amid DarkSword Threat
GitHub Used as Covert Channel in Multi-Stage Malware Campaign
Researchers Observe Sub-One-Hour Ransomware Attacks
Most CNI Firms Face Up to £5m in Downtime from OT Attacks
Google Introduces Android Dev Verification Amid Openness Debate
New Venom Stealer MaaS Platform Automates Continuous Data Theft
Chinese Hackers Target European Governments in Espionage Campaigns
SecurityWeek
TrueConf Zero-Day Exploited in Asian Government Attacks
In Other News: ChatGPT Data Leak, Android Rootkit, Water Facility Hit by Ransomware
Critical ShareFile Flaws Lead to Unauthenticated RCE
Mobile Attack Surface Expands as Enterprises Lose Control
React2Shell Exploited in Large-Scale Credential Harvesting Campaign
T-Mobile Sets the Record Straight on Latest Data Breach Filing
North Korean Hackers Drain $285 Million From Drift in 10 Seconds
Critical Vulnerability in Claude Code Emerges Days After Source Leak
Apple Rolls Out DarkSword Exploit Protection to More Devices
Cybersecurity M&A Roundup: 38 Deals Announced in March 2026
ZDNet
The 5 most surprising things our readers bought on Amazon this week (No. 1 is a great gadget)
I let Apple Music's new AI tool curate my playlists for 24 hours - and discovered new hits
You can use Google Meet with CarPlay now: How to join meetings safely in your car
I tested cheap monitors for the office - this $80 MSI is one of the few I'd actually recommend
I've worn the Oura Ring and Apple Watch for years: Here's which of two is more essential
How to pay less for gas: 5 free apps I use to find the lowest fuel prices nearby
Your TV may be tracking your viewing data - here's how to stop it (beyond disabling ACR)
Windows 11 Home vs. Windows 11 Pro: I found the differences that truly matter
Why YouTube with ads just isn't worth it for me anymore - even if it's free
Samsung Galaxy Buds 4 Pro vs. AirPods Pro 3: Why it's no longer about brand loyalty for me
The Hacker News
China-Linked TA416 Targets European Governments with PlugX and OAuth-Based Phishing
Microsoft Details Cookie-Controlled PHP Web Shells Persisting via Cron on Linux Servers
UNC1069 Social Engineering of Axios Maintainer Led to npm Supply Chain Attack
Why Third-Party Risk Is the Biggest Gap in Your Clients' Security Posture
New SparkCat Variant in iOS, Android Apps Steals Crypto Wallet Recovery Phrase Images
Drift Loses $285 Million in Durable Nonce Social Engineering Attack Linked to DPRK
Hackers Exploit CVE-2025-55182 to Breach 766 Next.js Hosts, Steal Credentials
Cisco Patches 9.8 CVSS IMC and SSM Flaws Allowing Remote System Compromise
ThreatsDay Bulletin: Pre-Auth Chains, Android Rootkits, CloudTrail Evasion & 10 More Stories
Researchers Uncover Mining Operation Using ISO Lures to Spread RATs and Crypto Miners
BleepingComputer
LinkedIn secretely scans for 6,000+ Chrome extensions, collects data
Hims & Hers warns of data breach after Zendesk support ticket breach
Die Linke German political party confirms data stolen by Qilin ransomware
Evolution of Ransomware: Multi-Extortion Ransomware Attacks
Microsoft still working to fix Exchange Online mailbox access issues
Man admits to locking thousands of Windows devices in extortion plot
Microsoft now force upgrades unmanaged Windows 11 24H2 PCs
CERT-EU: European Commission hack exposes data of 30 EU entities
Claude Code leak used to push infostealer malware on GitHub
Drift loses $280 million as North Korean hackers seize Security Council powers
gbhackers
New Progress ShareFile Flaws Expose Servers to Unauthorized Remote Takeover
Microsoft Forces Unmanaged Windows 11 Devices to Upgrade to Version 24H2
Infrastructure Engineer Pleads Guilty to Locking 254 Windows Servers at Former Employer
Kimsuky Uses Malicious LNK Files to Drop Python Backdoor
CISA Includes TrueConf Security Flaw in KEV Catalog After Exploitation in the Wild
14,000+ F5 BIG-IP APM Instances Exposed Online as Attackers Exploit RCE Vulnerability
Axios npm compromise traced to targeted social engineering attack
Malicious Chrome Extension “ChatGPT Ad Blocker” Targets Users, Steals Conversations
Trusted Platforms Exploited to Steal Philippine Banking Credentials
AI Models Including Gemini 3 and Claude Haiku 4.5 Secretly Protected Other Models From Removal
Cybersecurity Dive
Trump’s FY2027 budget again targets CISA
Researchers warn of critical flaws in Progress ShareFile
Government agencies see cyber threats as major barrier to tech improvements
Critical flaw in F5 BIG-IP faces wide exploitation risk
Retail and hospitality CISOs expect budget growth, new AI headaches and opportunities
Cyberattack hits Hasbro, impacting orders and shipping
Axios open-source library targeted in sophisticated supply chain attack
Iran-linked actors target Middle Eastern city governments to undermine missile-strike responses
Cybersecurity risks shape AI adoption, but investment accelerates nonetheless
Iran actors’ claims raise questions about larger cyber threat to US, allies
Threatpost
Student Loan Breach Exposes 2.5M Records
Watering Hole Attacks Push ScanBox Keylogger
Tentacles of ‘0ktapus’ Threat Group Victimize 130 Firms
Ransomware Attacks are on the Rise
Cybercriminals Are Selling Access to Chinese Surveillance Cameras
Twitter Whistleblower Complaint: The TL;DR Version
Firewall Bug Under Active Attack Triggers CISA Warning
Fake Reservation Links Prey on Weary Travelers
iPhone Users Urged to Update to Patch 2 Zero-Days
Google Patches Chrome’s Fifth Zero-Day of the Year
The Register
Trump wants to take a battle axe to CISA again and slash $707M from budget
Hybrid work, expanded risk: what needs to change
They thought they were downloading Claude Code source. They got a nasty dose of malware instead
The company's biggest security hole lived in the breakroom
AI recruiting biz Mercor says it was 'one of thousands' hit in LiteLLM supply-chain attack
Amazon security boss: AI makes pentesting 40% more efficient
'People's Panel' to check if UK wants controversial Digital ID will cost £630K
UK manufacturers under cyber fire with 80% reporting attacks
Don't open that WhatsApp message, Microsoft warns
Iran targets M365 accounts with password-spraying attacks
VentureBeat
In the wake of Claude Code's source code leak, 5 actions enterprise security leaders should take now
Hackers slipped a trojan into the code library behind most of the internet. Your team is probably affected
CrowdStrike, Cisco and Palo Alto Networks all shipped agentic SOC tools at RSAC 2026 — the agent behavioral baseline gap survived all three
OpenClaw has 500,000 instances and no enterprise kill switch
RSAC 2026 shipped five agent identity frameworks and left three critical gaps open
Meta's rogue AI agent passed every identity check — four gaps in enterprise IAM explain why
The authorization problem that could break enterprise AI
TechCrunch
Europe’s cyber agency blames hacking gangs for massive data breach and leak
Telehealth giant Hims & Hers says its customer support system was hacked
Money transfer app Duc exposed thousands of driver’s licenses and passports to the open web
ICE says it bought Paragon’s spyware to use in drug trafficking cases
De-fi platform Drift suspends deposits and withdrawals after millions in crypto stolen in hack
Apple releases security fix for older iPhones and iPads to protect against DarkSword attacks
WhatsApp notifies hundreds of users who installed a fake app made by government spyware maker
Hasbro says it was hacked, and may take ‘several weeks’ to recover
Mercor says it was hit by cyberattack tied to compromise of open source LiteLLM project
North Korean hackers blamed for hijacking popular Axios open source project to spread malware
Network World Security
French government take Bull by horns for €404 million
CERT-EU blames Trivy supply chain attack for Europa.eu data breach
Cisco: Latest news and insights
Cisco fixes critical IMC auth bypass present in many products
Kyndryl service targets AI agent automation, security
Google Research touts memory-compression breakthrough for AI processing
Why can’t we have nice routers anymore?
Amazon Middle East datacenter suffers second drone hit as Iran steps up attacks
New tool on AWS makes it easier to develop quantum error correction
IBM, Arm team up to bring Arm software to IBM Z mainframes
Help Net Security
Cisco IMC auth bypass vulnerability allows attackers to alter user passwords (CVE-2026-20093)
Windows Security app gets Secure Boot certificate status indicators as 2026 expiration approaches
Claude Code source leak exploited to spread malware
APERION releases SmartFlow SDK for secure, on-prem AI governance without cloud reliance
Trivy supply chain attack enabled European Commission cloud breach
Microsoft releases open-source toolkit to govern autonomous AI agents
Which messaging app takes the most limited approach to permissions on Android?
Click, wait, repeat: Digital trust erodes one login at a time
New infosec products of the month: March 2026
AWS, Wasabi, Cloudflare, and Backblaze go head-to-head in new cloud storage test
SC Magazine
Breaking the trade-off: Full email security without deployment friction
DexterBot, Darksword, Eviltokens, Tubular Bells, Claude, Drift, Gmail, Josh Marpet... - SWN #569
Stryker back online after cyberattack
Over 257K compromised in Texas hospital hack
Brokk purportedly hacked by Play ransomware, data leaked
Malicious LNK files, GitHub leveraged in South Korea-targeted malware campaign
Bogus installers facilitate RAT, cryptominer spread in long-running operation
Accelerated Akira ransomware intrusions examined
Multiple EU entities impacted by European Commission breach, CERT-EU says
Threat actors impersonate CERT-UA, distribute AGEWHEEZE malware
© 2026 RiskDiscovery | Sponsored by: Deception Logic