[ News | Newsletters | Blogs | Lists | Media | Jobs ] HoneyDB
DarkReading
Patch Now: Oracle's Fusion Middleware Has Critical RCE Flaw
Cyber OpSec Fail: Beast Gang Exposes Ransomware Server
Interlock Ransomware Targets Cisco Enterprise Firewalls
AI Conundrum: Why MCP Security Can't Be Patched Away
With Government's Role Uncertain, Businesses Unite to Combat Fraud
Native Launches With Security Control Plane for Multicloud
Post-Quantum Web Could be Safer, Faster
EU Sanctions Companies in China, Iran for Cyberattacks
C2 Implant 'SnappyClient' Targets Crypto Wallets
DarkSword: iPhone Exploit Kit Serves Spies & Thieves Alike
Ars Technica
Widely used Trivy scanner compromised in ongoing supply-chain attack
Cloud service providers ask EU regulator to reinstate VMware partner program
Federal cyber experts called Microsoft's cloud a "pile of shit," approved it anyway
Researchers disclose vulnerabilities in IP KVMs from four manufacturers
Supply-chain attack using invisible code hits GitHub and other repositories
The who, what, and why of the attack that has shut down Stryker's Windows network
14,000 routers are infected by malware that's highly resistant to takedowns
Feds take notice of iOS vulnerabilities exploited under mysterious circumstances
Amazon appears to be down, with over 20,000 reported problems
Trump gets data center companies to pledge to pay for power generation
CyberScoop
FBI, CISA issue PSA on Russian intelligence campaign to target messaging apps
Trio sentenced for facilitating North Korean IT worker scheme from their homes
Ubiquiti defect poses account takeover risk for UniFi Networking Application users
Justice Department disrupts botnet networks that hijacked 3 million devices
North Carolina tech worker found guilty of insider attack netting $2.5M ransom
Can Zero Trust survive the AI era?
Feds keep eyes peeled for Iran cyberattacks, respond to Stryker breach
Cisco’s latest vulnerability spree has a more troubling pattern underneath
U.S. robotics companies want federal help to keep Chinese robots out of America’s networks
Second iOS exploit kit now in use by suspected Russian hackers
InfoSecurity Magazine
CISA Orders US Government to Patch Maximum Severity Cisco Flaw
Operation Alice Takes Down 370,000+ Dark Web Sites
Hackers Exploit Critical Langflow Bug in Just 20 Hours
NCA Boss Warns That Teens Are Being “Radicalized” Into Cybercrime Online
Ransomware Affiliate Exposes Details of 'The Gentlemen' Operation
Financial Brands Targeted in Global Mobile Banking Malware Surge
FCA Updates Cyber Incident and Third-Party Reporting Rules
AWS Warns Hackers Have Abused Cisco Firewall Zero-Day Since January
UK: Regulation Drives Cyber Spending for Critical Infrastructure Orgs
New Ubuntu Flaw Enables Local Attackers to Gain Root Access
SecurityWeek
QNAP Patches Four Vulnerabilities Exploited at Pwn2Own 
Tycoon 2FA Fully Operational Despite Law Enforcement Takedown
Oracle Releases Emergency Patch for Critical Identity Manager Vulnerability
Critical Quest KACE Vulnerability Potentially Exploited in Attacks
In Other News: New Android Safeguards, Operation Alice, UK Toughens Cyber Reporting
3 Men Charged With Conspiring to Smuggle US Artificial Intelligence to China
Eclypsium Raises $25 Million for Device Supply Chain Security
US Confirms Handala Link to Iran Government Amid Takedown of Hackers’ Sites
Cape Raises $100 Million for Protection Against Cellular Security Threats
Navia Data Breach Impacts 2.7 Million
ZDNet
Samsung adopting AirDrop compatibility is exactly what Android needs right now
This hidden Windows 11 feature can help you spot battery issues early - how to find it
A month with Lenovo's premium ThinkPad made me rethink what a work laptop should be
I compared Verizon, T-Mobile, and AT&T 5G coverage on a road trip - and the winner surprised me
Samsung Galaxy S26 Ultra vs. iPhone 17 Pro Max: I compared the flagship phones, and this one wins
This Linux desktop runs like an app on your current desktop - and it's amazing
This USB-C accessory gave my iPhone and Android an unexpectedly useful superpower
How to disable ACR on your TV - and why doing so is critical for your privacy
I compared the best budget phones from Apple, Google, and Samsung - this model won it
How to turn on Google's free VPN on your Pixel - it's worth your 30 seconds
The Hacker News
Microsoft Warns IRS Phishing Hits 29,000 Users, Deploys RMM Malware
Trivy Hack Spreads Infostealer via Docker, Triggers Worm and Kubernetes Wiper
Hackers Exploit CVE-2025-32975 (CVSS 10.0) to Hijack Unpatched Quest KACE SMA Systems
FBI Warns Russian Hackers Target Signal, WhatsApp in Mass Phishing Attacks
Oracle Patches Critical CVE-2026-21992 Enabling Unauthenticated RCE in Identity Manager
CISA Flags Apple, Craft CMS, Laravel Bugs in KEV, Orders Patching by April 3, 2026
Trivy Supply Chain Attack Triggers Self-Spreading CanisterWorm Across 47 npm Packages
Trivy Security Scanner GitHub Actions Breached, 75 Tags Hijacked to Steal CI/CD Secrets
Critical Langflow Flaw CVE-2026-33017 Triggers Attacks within 20 Hours of Disclosure
Google Adds 24-Hour Wait for Unverified App Sideloading to Reduce Malware and Scams
BleepingComputer
FBI warns of Handala hackers using Telegram in malware attacks
CISA orders feds to patch DarkSword iOS flaws exploited attacks
New KB5085516 emergency update fixes Microsoft account sign-in
VoidStealer malware steals Chrome master key via debugger trick
Trivy vulnerability scanner breach pushed infostealer via GitHub Actions
Google adds ‘Advanced Flow’ for safe APK sideloading on Android
Microsoft Azure Monitor alerts abused for callback phishing attacks
FBI links Signal phishing attacks to Russian intelligence services
Oracle pushes emergency fix for critical Identity Manager RCE flaw
Police take down 373,000 fake CSAM sites in Operation Alice
gbhackers
511,000+ End-of-Life IIS Instances Found Online, Raising Security Risks
MioLab MacOS Stealer Expands With ClickFix, Wallet Theft, Team APIs
Hackers Exploit Quest KACE SMA Flaw to Harvest Credentials
CISA Warns of Craft CMS Code Injection Flaw Exploited in Active Attacks
Oblivion RAT Masquerades as Play Store Update to Spy on Android Users
Critical QNAP QVR Pro Flaw Could Let Remote Attackers Access Systems
$30 IP-KVM Flaws Could Enable BIOS-Level Enterprise Network Attacks
Trivy Supply Chain Attack Spreads via Compromised Docker Hub Images
CanisterWorm Hijacks npm Publisher Accounts, Steals Tokens
CISA Issues Warning on Apple Vulnerabilities Exploited Through DarkSword iOS Chain
Cybersecurity Dive
Companies know AI is essential for cyber defense but aren’t yet seeing returns
US, allies move to dismantle four high-volume IoT botnets
DOJ confirms seizure of domains linked to Iran-backed threat actor
Water utilities need hands-on cybersecurity help, not just free guidance, pilot program finds
CISA urges organizations to harden endpoint security following Stryker attack
Threat groups target cyber-physical systems to disrupt critical infrastructure providers
Stryker begins restoring ordering, shipping systems after cyberattack
New research unpacks North Korea’s stealthy, sophisticated remote IT worker schemes
National cyber director expands on Trump administration’s vision for AI security, industry collaboration
Security teams might be overlooking wider threat to Cisco SD-WAN
Threatpost
Student Loan Breach Exposes 2.5M Records
Watering Hole Attacks Push ScanBox Keylogger
Tentacles of ‘0ktapus’ Threat Group Victimize 130 Firms
Ransomware Attacks are on the Rise
Cybercriminals Are Selling Access to Chinese Surveillance Cameras
Twitter Whistleblower Complaint: The TL;DR Version
Firewall Bug Under Active Attack Triggers CISA Warning
Fake Reservation Links Prey on Weary Travelers
iPhone Users Urged to Update to Patch 2 Zero-Days
Google Patches Chrome’s Fifth Zero-Day of the Year
The Register
Microsoft fixes broken Windows update days after vowing fewer broken updates
The drone swarm is coming, and NATO air defenses are too expensive to cope
Russians are posing as Signal support to launch phishing attacks
Cryptographers engage in war of words over RustSec bug reports and subsequent ban
UK police force presses pause on live facial recognition after study finds racial bias
Feds disrupt monster IoT botnets behind record-breaking DDoS attacks
Jaguar Land Rover's cyber bailout sets worrying precedent, watchdog warns
Starmer's digital ID reboot raises same old questions as its Blair-era ancestor
While you're here, could you go out of your way to do an impossible job?
Unknown attackers exploit yet another critical SharePoint bug
VentureBeat
Meta's rogue AI agent passed every identity check — four gaps in enterprise IAM explain why
The authorization problem that could break enterprise AI
Nvidia's agentic AI stack is the first major platform to ship with security at launch, but governance gaps remain
OpenClaw can bypass your EDR, DLP and IAM without triggering a single alert
Anthropic and OpenAI just exposed SAST's structural blind spot with free tools
Enterprise identity was built for humans — not AI agents
Microsoft says ungoverned AI agents could become corporate 'double agents.' Its fix costs $99 a month.
TechCrunch
Delve accused of misleading customers with ‘fake compliance’
A French Navy officer accidentally leaked the location of an aircraft carrier by logging his run on Strava
US accuses Iran’s government of operating hacktivist group that hacked Stryker
Cyberattack on vehicle breathalyzer company leaves drivers stranded across the US
FBI seizes pro-Iranian hacking group’s websites after destructive Stryker hack
CISA urges companies to secure Microsoft Intune systems after hackers mass-wipe Stryker devices
Consumer-focused privacy company Cloaked raises $375M as it expands to enterprise
FBI is buying location data to track US citizens, director confirms
Marquis says over 672,000 people had personal and financial data stolen in ransomware attack
Russians caught stealing personal data from Ukrainians with new advanced iPhone hacking tools
Network World Security
Nvidia: Latest news and insights
Nvidia overhauls the data center for OpenClaw era
Nile adds microsegmentation and native NAC to its secure NaaS platform
IDC: Dell leads server market driven by AI infrastructure needs
Cloud providers seek to shape European sovereignty legislation
Telnet vulnerability opens door to remote code execution as root
Nvidia joins push for data centers in space
Versa extends SASE platform with Inbound SSE and Secure Enterprise Browser
OpenAI’s $50B AWS deal puts its Microsoft alliance to the test
Lenovo bolsters hybrid AI platform with Nvidia GPUs
Help Net Security
Oracle issues emergency fix for pre-auth RCE in Identity Manager (CVE-2026-21992)
Proofpoint unifies email, data, and AI security to reduce enterprise blind spots
Zluri addresses expanding identity attack surface across SaaS, cloud, and AI
Russian hackers go after high-value targets through Signal
Zero Networks Kubernetes Access Matrix exposes hidden access paths and blast radius
Booz Allen’s Vellox brings AI vs. AI defense to protect critical infrastructure and national security
Your AI agents are moving sensitive data. Do you know where?
Plumber: Open-source scanner of GitLab CI/CD pipelines for compliance gaps
NIST updates its DNS security guidance for the first time in over a decade
Week in review: ScreenConnect servers open to attack, exploited Microsoft SharePoint flaw
SC Magazine
Entangled migrations: PQC, QKD, and US–PRC risk postures for critical infrastructure
Can AI help critical infrastructure, the state of the cyber market, and weekly news - Kara Sprague, Mike Privette - ESW #451
Critical Langflow RCE vulnerability exploited within 20 hours
AI enables sophisticated, high-volume attacks, says DC3 official
Microsoft urges federal hands-on assistance for water sector
The Gentlemen ransomware gang's inner workings leaked
Russian APT weaponizes critical Zimbra bug in Ukraine-targeted intrusions
Iranian cyberattacks ahead of US, Israel strikes discovered
US disrupts Handala hacktivist websites
SpyCloud report reveals surge in exposed API keys and machine identities
© 2026 RiskDiscovery | Sponsored by: Deception Logic