[ News | Newsletters | Blogs | Lists | Media | Jobs ] HoneyDB
DarkReading
Ransomware Negotiator Pleads Guilty to BlackCat Scheme
Exploits Turn Windows Defender into Attacker Tool
Surge in Bomgar RMM Exploitation Demonstrates Supply Chain Risk
Google Fixes Critical RCE Flaw in AI-Based Antigravity Tool
Chinese APT Targets Indian Banks, Korean Policy Circles
Vercel Employee's AI Tool Access Led to Data Breach
Serial-to-IP Devices Hide Thousands of Old & New Bugs
WhatsApp Leaks User Metadata to Attackers
How NIST's Cutback of CVE Handling Impacts Cyber Teams
Tycoon 2FA Phishers Scatter, Adopt Device Code Phishing
Ars Technica
Contrary to popular superstition, AES 128 is just fine in a post-quantum world
US-sanctioned currency exchange says $15 million heist done by "unfriendly states"
Recent advances push Big Tech closer to the Q-Day danger zone
“Negative” views of Broadcom driving thousands of VMware migrations, rival says
Iran-linked hackers disrupt operations at US critical infrastructure sites
Thousands of consumer routers hacked by Russia's military
OpenClaw gives users yet another reason to be freaked out about security
New Rowhammer attacks give complete control of machines running Nvidia GPUs
Quantum computers need vastly fewer resources than thought to break vital encryption
Google bumps up Q Day deadline to 2029, far sooner than previously thought
CyberScoop
Former DigitalMint ransomware negotiator pleads guilty to extortion scheme
Scottish man pleads guilty to attack spree that created Scattered Spider’s notoriety
Lawmakers ponder terrorism designations, homicide charges over hospital ransomware attacks
Mythos can find the vulnerability. It can’t tell you what to do about it.
Vuln in Google’s Antigravity AI agent manager could escape sandbox, give attackers remote code execution
The FTC’s AI portfolio is about to get bigger
Vercel’s security breach started with malware disguised as Roblox cheats
Why the Axios attack proves AI is mandatory for supply chain security
Network ‘background noise’ may predict the next big edge-device vulnerability
The surveillance law Congress can’t quit — and can’t explain
InfoSecurity Magazine
UK Faces a Cyber ‘Perfect Storm’ Driven by Tech Advances and Nation State Threats, NCSC Warns
Trojanized Android App Fuels New Wave of NFC Fraud
The Gentlemen Ransomware Expands With Rapid Affiliate Growth
Unchecked AI Agents Cause Cybersecurity Incidents at Two Thirds of Firms
Vercel Confirms Cyber Incident After Sophisticated Attacker Exploits Third‑Party Tool
North Korean Blamed for $290m KelpDAO Crypto Heist
ZionSiphon Malware Targets Water Infrastructure Systems
Formbook Malware Campaign Uses Multiple Obfuscation Techniques to Avoid Detection
Attackers Exploit DVR Command Injection Flaw to Deploy Mirai-Based Botnet
NCSC Outlines Coordinated Plan to Boost NHS Cyber Resilience
SecurityWeek
Oracle Patches 450 Vulnerabilities With April 2026 CPU
Third US Security Expert Admits Helping Ransomware Gang
Dozens of Malicious Crypto Apps Land in Apple App Store
Unsecured Perforce Servers Expose Sensitive Data From Major Orgs
Progress Patches Multiple Vulnerabilities in MOVEit WAF, LoadMaster
Organizations Warned of Exploited Cisco, Kentico, Zimbra Vulnerabilities
Data Breaches at Healthcare Organizations in Illinois and Texas Affect 600,000
$290 Million Kelp DAO Crypto Heist Blamed on North Korea
Serial-to-IP Converter Flaws Expose OT and Healthcare Systems to Hacking
British Scattered Spider Hacker Pleads Guilty in the US
ZDNet
LG G6 vs. LG G5: I compared the latest OLED TV models, and it's a surprisingly tough choice
Why TVs look bright and vibrant in stores, but dull in your living room - and how to fix it
I saw Framework's new 'MacBook Pro for Linux users' and it may entice Windows fans, too
I'm putting Motorola above Samsung when it comes to flip phones - and won't think twice
I got an early look at ChatGPT Images 2.0, and it's impressive - with one exception
I compared Thread, Zigbee, and Matter - here's the best smart home setup for you
Scaling agentic AI demands a strong data foundation - 4 steps to take first
I powered my 3,000-sq-ft home with an EcoFlow battery in a blackout - here's how it kept my AC on
5 Apple products explain my optimism for John Ternus as the next CEO
This Motorola phone deal comes with free Bluetooth trackers and earbuds - how it works
The Hacker News
Mustang Panda’s New LOTUSLITE Variant Targets India Banks, South Korea Policy Circles
Cohere AI Terrarium Sandbox Flaw Enables Root Code Execution, Container Escape
SystemBC C2 Server Reveals 1,570+ Victims in The Gentlemen Ransomware Operation
22 BRIDGE:BREAK Flaws Expose Thousands of Lantronix and Silex Serial-to-IP Converters
Ransomware Negotiator Pleads Guilty to Aiding BlackCat Attacks in 2023
5 Places where Mature SOCs Keep MTTR Fast and Others Waste Time
NGate Campaign Targets Brazil, Trojanizes HandyPay to Steal NFC Data and PINs
No Exploit Needed: How Attackers Walk Through the Front Door via Identity-Based Attacks
Google Patches Antigravity IDE Flaw Enabling Prompt Injection Code Execution
CISA Adds 8 Exploited Flaws to KEV, Sets April-May 2026 Federal Deadlines
BleepingComputer
Microsoft releases emergency patches for critical ASP.NET flaw
Over 1,300 Microsoft SharePoint servers vulnerable to spoofing attacks
French govt agency confirms breach as hacker offers to sell data
New Lotus data wiper used against Venezuelan energy, utility firms
Stopping Fraud at Each Stage of the Customer Journey Without Adding Friction
UK probes Telegram, teen chat sites over CSAM sharing concerns
CISA flags new SD-WAN flaw as actively exploited in attacks
Actively exploited Apache ActiveMQ flaw impacts 6,400 servers
Former ransomware negotiator pleads guilty to BlackCat attacks
NGate Android malware uses HandyPay NFC app to steal card data
gbhackers
Auraboros RAT Adds Live Audio, Keylogging, and Cookie Theft via Open C2 Panel
DinDoor Backdoor Exploits Deno and MSI Installers to Slip Past Detection
Namastex npm Packages Spread TeamPCP-Style CanisterWorm Malware
1,370+ Microsoft SharePoint Servers at Risk of Spoofing Attacks Found Exposed Online
Amazon, Anthropic Expand Alliance With 5GW Compute Push to Power Claude
French Authorities Confirm Data Breach Amid Hackers’ Data Leak Allegations
Hackers Tie Iranian Espionage to CastleRAT and ChainShell
Microsoft-Signed Binary Helps Deliver LOTUSLITE in India Spy Campaign
Microsoft Issues Emergency .NET 10.0.7 Update to Patch Elevation of Privilege Vulnerability
Exclusive Anthropic Cyber Tool Mythos Accessed by Unapproved Actors
Cybersecurity Dive
CISA urges security teams to view environments following axios compromise
Big banks seek to ease security worries as AI push accelerates
CISA confirms exploitation of 3 more Cisco networking device vulnerabilities
Stellantis teams with Microsoft to strengthen digital capabilities
Vulnerability exploitation surges often precede disclosure, offering possible early warnings
Vercel systems targeted after third-party tool compromised
Beyond IT: Cybersecurity is a strategic business risk
TP-Link routers face exploitation attempt linked to high-severity flaw
US joins nearly two dozen other countries in striking back against DDoS-for-hire platforms
CIOs fret over rising security concerns amid AI adoption
Threatpost
Student Loan Breach Exposes 2.5M Records
Watering Hole Attacks Push ScanBox Keylogger
Tentacles of ‘0ktapus’ Threat Group Victimize 130 Firms
Ransomware Attacks are on the Rise
Cybercriminals Are Selling Access to Chinese Surveillance Cameras
Twitter Whistleblower Complaint: The TL;DR Version
Firewall Bug Under Active Attack Triggers CISA Warning
Fake Reservation Links Prey on Weary Travelers
iPhone Users Urged to Update to Patch 2 Zero-Days
Google Patches Chrome’s Fifth Zero-Day of the Year
The Register
Oil crisis? What oil crisis? IT spending de-coupled from wider war shock
Mythos found 271 Firefox flaws – but none a human couldn’t spot
Nation-states want to cause harm, not just steal cash - stop handing your cyber defenses to the cheapest contractor
Murder, she wrote: Ex-FBI chief wants some ransomware crims charged with homicide
More Cisco SD-WAN bugs battered in attacks
macOS ClickFix attacks deliver AppleScript stealers to snarf credentials, wallets
Yet another ex-ransomware negotiator admits turning rogue after payoff from crimelords
AI-assisted intruders pwned Vercel via OAuth abuse and a pilfered employee account
Crook claims to leak 'video surveillance footage' of companies
Met police trials snoop tech platform in push to cuff more London shoplifters
VentureBeat
Vercel breach exposes the OAuth gap most security teams cannot detect, scope or contain
Three AI coding agents leaked secrets through a single prompt injection. One vendor's system card predicted it
Adversaries hijacked AI security tools at 90+ organizations. The next wave has write access to the firewall
Most enterprises can't stop stage-three AI agent threats, VentureBeat survey finds
Microsoft patched a Copilot Studio prompt injection. The data exfiltrated anyway
Frontier models are failing one in three production attempts — and getting harder to audit
43% of AI-generated code changes need debugging in production, survey finds
TechCrunch
Ransomware negotiator pleads guilty to helping ransomware gang
With US spy laws set to expire, lawmakers are split over protecting Americans from warrantless surveillance
North Korean hackers blamed for $290M crypto theft
Mastodon says its flagship server was hit by a DDoS attack
App host Vercel says it was hacked and customer data stolen
Palantir posts mini-manifesto denouncing inclusivity and ‘regressive’ cultures
Man who hacked US Supreme Court filing system sentenced to probation
Hackers are abusing unpatched Windows security flaws to hack into organizations
Bluesky confirms DDoS attack is cause of continued app outages
European police email 75,000 people asking them to stop DDoS attacks
Network World Security
SUSE bets automated migration can break VMware’s grip on virtualization
How Zero Networks is closing the network enforcement gap for AI agents
Azure SRE Agent flaw lets outsiders silently eavesdrop on enterprise cloud operations
Amazon’s $5B Anthropic bet is really about compute, not just cash
Cloudflare wants to rebuild the network for the age of AI agents
AI fuels wireless talent shortage
Flawed Cisco update threatens to stop APs from getting further patches
IPv6 may briefly have accounted for more than half of internet traffic
Broadcom’s Facebook friend will help train it to accelerate AI workloads
Data centers are costing local governments billions
Help Net Security
PentAGI: Open-source autonomous AI penetration testing system
Apple Intelligence flaw kept stolen tokens reusable on another device
Shadow AI, deepfakes, and supply chain compromise are rewriting the financial sector threat playbook
Thunderbird 150 arrives with encrypted message search and OpenPGP improvements
VirtualBox 7.2.8 is out with Linux kernel 7.0 support and crash fixes
Ransomware negotiator admits role in attacks he was hired to resolve
Scattered Spider hacker pleads guilty to stealing $8 million in cryptocurrency
Ivanti Neurons AI automates IT operations, reducing manual work and security risk
Silobreaker Mimir adds agentic AI to intelligence workflows with governance and transparency
OpenAI’s Chronicle feature lets Codex read your screen, raising privacy concerns
SC Magazine
Guilt admitted by British hacker in $8M crypto theft scheme
House OKs short-term renewal for surveillance program
Report: FTP protocol security gaps expose millions of systems
Several flaws found in serial-to-IP converters used in critical sectors
Over 400K records allegedly stolen from major Dutch webshop Bol, data leaked
France confirms identity document agency hack
Major Kelp DAO cross-chain bridge theft attributed to North Korean hackers
Over 130K users' browser data siphoned by illicit TikTok downloader extensions
Crypto stealing wallet apps proliferate in Apple App Store
Microsoft Teams, Quick Assist weaponized in helpdesk spoofing intrusions
© 2026 RiskDiscovery | Sponsored by: Deception Logic