Risk Discovery

DarkReading

Embracing the Next Generation of Cybersecurity Talent

Federal Cuts Put Local, State Agencies at Cyber-Risk

Sitecore Zero-Day Sparks New Round of ViewState Threats

Bridgestone Americas Confirms Cyberattack

Chinese Hackers Game Google to Boost Gambling Sites

ISC2 Aims to Bridge DFIR Skill Gap with New Certificate

Phishing Empire Runs Undetected on Google, Cloudflare

Czech Warning Highlights China Stealing User Data

Blast Radius of Salesloft Drift Attacks Remains Uncertain

UltraViolet Expands AppSec Capabilities With Black Duck's Testing Business

Ars Technica

The number of mis-issued 1.1.1.1 certificates grows. Here’s the latest.

Microsoft open-sources Bill Gates’ 6502 BASIC from 1978

New AI model turns photos into explorable 3D worlds, with caveats

Mis-issued certificates for 1.1.1.1 DNS service pose a threat to the Internet

OpenAI announces parental controls for ChatGPT after teen suicide lawsuit

Zuckerberg’s AI hires disrupt Meta with swift exits and threats to leave

Google warns that mass data theft hitting Salesloft AI agent has grown bigger

High-severity vulnerability in Passwordstate credential manager. Patch now.

Unpacking Passkeys Pwned: Possibly the most specious research in decades

The personhood trap: How AI fakes human personality

CyberScoop

AI can help track an ever-growing body of vulnerabilities, CISA official says

Sitecore zero-day vulnerability springs up from exposed machine key

Streameast, world’s largest pirated live sports network, shut down by Egyptian authorities

Cato Networks acquires AI security startup Aim Security

CISA guide seeks a unified approach to software ‘ingredients lists’

House panel approves cyber information sharing, grant legislation as expiration deadlines loom

FTC announces settlement with toy robot makers that tracked location of children

Google patches two Android zero-days, 120 defects total in September security update

Court rules ‘fired’ FTC commissioners be reinstated — again

Salesloft Drift attacks hit Cloudflare, Palo Alto Networks, Zscaler

HITBSecNews

Found on VirusTotal: The world’s first UEFI bootkit for Linux

OpenAI is at war with its own Sora video testers following brief public leak

North Korean hackers posing as IT workers steal over $1B in cyberattack

WhatsApp: NSO Group Operates Pegasus Spyware for Customers

Korea extradites Russian, Vietnamese suspects linked to $16M ransomware scheme

CISA Director Jen Easterly, in Place Since 2021, to Step Down

Man sick of crashes sues Intel for allegedly hiding CPU defects

North Korean hackers target cryptocurrency with malware

Law enforcement operation takes down 22,000 malicious IP addresses worldwide

Youth of today say passwords are old news, passkeys are the future

ZDNet

College students can get Microsoft Copilot free for a year - here's how

Finally, a MagSafe battery pack with a built-in kickstand that isn't a joke

The one way millennials beat Gen Z in AI adoption

I tried Lenovo's rotating display laptop, and it's as wild as it is practical

Own a Samsung smartwatch? This 30-second routine will keep your device running like new

1Password vs. NordPass: I tested both password managers, and here's the best pick

This is the most underrated iOS 26 feature I've tested - and it works on the Apple Watch, too

I compared two of the best soundbars on the market, and Sonos has some serious competition

Linux Mint 22.2 'Zara' makes my favorite distro even better - what's new

Sick of Google's AI summaries? This free tool eliminates them - in one click

The Hacker News

TAG-150 Develops CastleRAT in Python and C, Expanding CastleLoader Malware Operations

SAP S/4HANA Critical Vulnerability CVE-2025-42957 Exploited in the Wild

Automation Is Redefining Pentest Delivery

VirusTotal Finds 44 Undetected SVG Files Used to Deploy Base64-Encoded Phishing Pages

Russian APT28 Deploys “NotDoor” Outlook Backdoor Against Companies in NATO Countries

GhostRedirector Hacks 65 Windows Servers Using Rungan Backdoor and Gamshen IIS Module

Cybercriminals Exploit X’s Grok AI to Bypass Ad Protections and Spread Malware to Millions

Simple Steps for Attack Surface Reduction

Google Fined $379 Million by French Regulator for Cookie Consent Violations

CISA Flags TP-Link Router Flaws CVE-2023-50224 and CVE-2025-9377 as Actively Exploited

BleepingComputer

Financial services firm Wealthsimple discloses data breach

Max severity Argo CD API flaw leaks repository credentials

Microsoft gives US students a free year of Microsoft 365 Personal

Don’t let outdated IGA hold back your security, compliance, and growth

Critical SAP S/4HANA vulnerability now exploited in attacks

Hackers exploited Sitecore zero-day flaw to deploy backdoors

Texas sues PowerSchool over breach exposing 62M students, 880k Texans

Chess.com discloses recent data breach via file transfer app

New TP-Link zero-day surfaces as CISA warns other flaws are exploited

France slaps Google with €325M fine for violating cookie regulations

Cybersecurity Dive

Marriott checks out AI agents amid technology transformation

Swiss Re warns of rate deterioration in cyber insurance

Researchers warn of zero-day vulnerability in SiteCore products

How the newest ISAC aims to help food and agriculture firms thwart cyberattacks

How Tampa General Hospital worked to quantify cyber risk

Cloudflare, Proofpoint say hackers gained access to Salesforce instances in attack spree

Palo Alto Networks, Zscaler customers impacted by supply chain attacks

FCC investigation could derail its own IoT security certification program

Federal, state officials investigating ransomware attack targeting Nevada

US, allies warn China-linked actors still targeting critical infrastructure

Threatpost

Student Loan Breach Exposes 2.5M Records

Watering Hole Attacks Push ScanBox Keylogger

Tentacles of ‘0ktapus’ Threat Group Victimize 130 Firms

Ransomware Attacks are on the Rise

Cybercriminals Are Selling Access to Chinese Surveillance Cameras

Twitter Whistleblower Complaint: The TL;DR Version

Firewall Bug Under Active Attack Triggers CISA Warning

Fake Reservation Links Prey on Weary Travelers

iPhone Users Urged to Update to Patch 2 Zero-Days

Google Patches Chrome’s Fifth Zero-Day of the Year

The Register

Knock-on effects of software dev break-in hit schools trust

Attackers snooping around Sitecore, dropping malware via public sample keys

Boffins build automated Android bug hunting system

China-aligned crew poisons Windows servers to manipulate Google results

Enterprises sticking with Windows 10 could shell out billions for continued support

Sainsbury's eyes up shoplifters with live facial recognition

France fines Google, SHEIN for undercooked cookie policies that led to crummy privacy

US puts $10M bounty on three Russians accused of attacking critical infrastructure

Congressional panel throws cyber threat intel-sharing, funding a lifeline

Android drops mega patch bomb - 120 fixes, two already exploited

VentureBeat

TechCrunch

Venezuela’s president thinks American spies can’t hack Huawei phones

ICE reactivates contract with spyware maker Paragon

WhatsApp fixes ‘zero-click’ bug used to hack Apple users with spyware

TransUnion says hackers stole 4.4 million customers’ personal information

FBI says China’s Salt Typhoon hacked at least 200 US companies

US sanctions fraud network used by North Korean ‘remote IT workers’ to seek jobs and steal money

DOGE uploaded live copy of Social Security database to ‘vulnerable’ cloud server, says whistleblower

Security researcher maps hundreds of TeslaMate servers spilling Tesla vehicle data

A new security flaw in TheTruthSpy phone spyware is putting victims at risk

Developer gets prison time for sabotaging former employer’s network with a ‘kill switch’

Network World Security

Network discovery gets a boost from Intel-spinout Articul8

Google adds Gemini to its on-prem cloud for increased data protection

Cisco, Nvidia, VAST team to offer turnkey AI infrastructure components

Cato Networks acquires AI security startup Aim Security

Nvidia networking roadmap: Ethernet, InfiniBand, co-packaged optics will shape data center of the future

Inside the AI-optimized data center: Why next-gen infrastructure is nonnegotiable

For many NFL teams, a new season means infrastructure modernization

2025 global network outage report and internet health check

SAP data sovereignty service lets customers run cloud workloads inside their data centers

Alibaba Cloud tweaks software for networking efficiency gains

Help Net Security

Attackers are exploiting critical SAP S/4HANA vulnerability (CVE-2025-42957)

Stealthy attack serves poisoned web pages only to AI agents

DigitalOcean adds Single Sign-On to help businesses centralize user access

Hirsch Velocity 3.9 turns security into business value

September 2025 Patch Tuesday forecast: The CVE matrix

How to reclaim control over your online shopping data

File security risks rise as insiders, malware, and AI challenges converge

Smart ways CISOs can do more with less

Connected cars are smart, convenient, and open to cyberattacks

Google fixes actively exploited Android vulnerabilities (CVE-2025-48543, CVE-2025-38352)

InfoSecurity Magazine

Bridgestone Confirms "Limited Cyber Incident" Impacting Facilities in North America

South Carolina School District Data Breach Affects 31,000 People

macOS Stealer Campaign Uses “Cracked” App Lures to Bypass Apple Security

US and 14 Allies Release Joint Guidance on Software Bill of Materials

61% of US Companies Hit by Insider Data Breaches

GhostRedirector Emerges as New China-Aligned Threat Actor

North Korean Hackers Exploit Threat Intel Platforms For Phishing

CMS Provider Sitecore Patches Exploited Critical Zero Day

Scattered Spider-Linked Group Claims JLR Cyber-Attack

Threat Actors Abuse Hexstrike-AI Tool to Accelerate Exploitation

© 2025 RiskDiscovery | Sponsored by: Deception Logic