[ News | Newsletters | Blogs | Lists | Media | Jobs ] HoneyDB
DarkReading
UNC6692 Combines Social Engineering, Malware, Cloud Abuse
Unpatched 'PhantomRPC' Flaw in Windows Enables Privilege Escalation
20-Year-Old Malware Rewrites History of Cyber Sabotage
Parsing Agentic Offensive Security's Existential Threat
Helping Romance Scam Victims Requires a Proactive, Empathic Approach
US Busts Myanmar Ring Targeting US Citizens in Financial Fraud
Glasswing Secured the Code. The Rest of Your Stack Is Still on You
AI Phishing Is No. 1 With a Bullet for Cyberattackers
North Korea's Lazarus Targets macOS Users via ClickFix
Chinese APT Abuses Multiple Cloud Tools to Spy on Mongolia
Ars Technica
Open source package with 1 million monthly downloads stole user credentials
Why are top university websites serving porn? It comes down to shoddy housekeeping.
In a first, a ransomware family is confirmed to be quantum-safe
Microsoft issues emergency update for macOS and Linux ASP.NET threat
Contrary to popular superstition, AES 128 is just fine in a post-quantum world
US-sanctioned currency exchange says $15 million heist done by "unfriendly states"
Recent advances push Big Tech closer to the Q-Day danger zone
“Negative” views of Broadcom driving thousands of VMware migrations, rival says
Iran-linked hackers disrupt operations at US critical infrastructure sites
Thousands of consumer routers hacked by Russia's military
CyberScoop
Chinese national extradited to US for pandemic-era Silk Typhoon attacks
Supreme Court justices skeptically question both sides in geofence surveillance case
Senators seek answers about hackers obtaining sensitive student data from ostensibly anonymous tip line
BlackFile actively extorting data-theft victims in retail and hospitality sector
Latest spy power reauthorization bill leaves critics unimpressed
Vercel attack fallout expands to more customers and third-party systems
US, UK agencies warn hackers were hiding on Cisco firewalls long after patches were applied
Dragos: Despite AI use, new malware targeting water plants is ‘hype’
Surveillance campaigns use commercial surveillance tools to exploit long-known telecom vulnerabilities
A dozen allied agencies say China is building covert hacker networks out of everyday routers
InfoSecurity Magazine
US Sanctions Target Cambodian Scam Network Leaders
Utilities Tech Supplier Itron Discloses Cyber-Attack, Operations Unaffected
Widely Used Browser Extensions Selling User Data
Most Cybersecurity Professionals Feel Undervalued and Underpaid
Researchers Identify Fast16 Sabotage Malware That Pre-Dates Stuxnet
BlackFile Group Targets Retail and Hospitality with Vishing Attacks
UK Biobank Data Breach: Health Data of 500,000 Listed for Sale in China
AI Rush is Reviving Old Cybersecurity Mistakes, Mandiant VP Warns
Npm Supply Chain Malware Attack Targets Developers With Worm-Like Propagation
Google Favors General-Purpose Gemini Models Over Cybersecurity‑Specific AI
SecurityWeek
Incomplete Windows Patch Opens Door to Zero-Click Attacks
OpenSSH Flaw Allowing Full Root Shell Access Lurked for 15 Years
Malicious AI Prompt Injection Attacks Increasing, but Sophistication Still Low: Google
Energy and Water Management Firm Itron Hacked
UNC6692 Uses Email Bombing, Social Engineering to Deploy ‘Snow’ Malware
Easily Exploitable ‘Pack2TheRoot’ Linux Vulnerability Leads to Root Access
US Launches Sweeping Crackdown on Southeast Asia Cyberscams and Sanctions Cambodian Senator
Firefox Vulnerability Allows Tor User Fingerprinting
China-Linked APT GopherWhisper Abuses Legitimate Services in Government Attacks
Pre-Stuxnet Sabotage Malware ‘Fast16’ Linked to US-Iran Cyber Tensions
ZDNet
My 5 favorite open source operating systems that aren't Linux
This hidden TV feature tracks your viewing - here's how to turn it off (no matter what brand)
77% of IT managers say their AI agents are out of control - 5 ways to rein in yours
GitHub Copilot shifts to usage-based pricing June 1 - why that's no surprise
This LG portable projector comes with a free soundbar - and we highly recommend it
T-Mobile will give you $200 for switching to them - seriously
I tried this Bluetti power station with wheels - now every other charger feels outdated
Samsung Wallet just got a travel feature that I hope Google Wallet copies ASAP
6 MacOS settings I immediately change on every new Mac - and why
I used a $4 timer to reboot my router, and it actually made my internet faster
The Hacker News
Checkmarx Confirms GitHub Repository Data Posted on Dark Web After March 23 Attack
⚡ Weekly Recap: Fast16 Malware, XChat Launch, Federal Backdoor, AI Employee Tracking & More
Mythos Changed the Math on Vulnerability Discovery. Most Teams Aren't Ready for the Remediation Side
PhantomCore Exploits TrueConf Vulnerabilities to Breach Russian Networks
Researchers Uncover 73 Fake VS Code Extensions Delivering GlassWorm v2 Malware
Fake CAPTCHA IRSF Scam and 120 Keitaro Campaigns Drive Global SMS, Crypto Fraud
Researchers Uncover Pre-Stuxnet ‘fast16’ Malware Targeting Engineering Software
CISA Adds 4 Exploited Flaws to KEV, Sets May 2026 Federal Deadline
FIRESTARTER Backdoor Hit Federal Cisco Firepower Device, Survives Security Patches
NASA Employees Duped in Chinese Phishing Scheme Targeting U.S. Defense Software
BleepingComputer
Robinhood account creation flaw abused to send phishing emails
GlassWorm malware attacks return via 73 OpenVSX "sleeper" extensions
Canada arrests three for operating “SMS blaster” device in Toronto
Alleged Silk Typhoon hacker extradited to US for cyberespionage
FTC: Americans lost over $2.1 billion to social media scams in 2025
PyPI package with 1.1M monthly downloads hacked to push infostealer
Home security giant ADT data breach affects 5.5 million people
Webinar: Spotting cyberattacks before they begin
Medtronic confirms breach after hackers claim 9 million records theft
Money launderer linked to $230M crypto heist gets 70 months in prison
gbhackers
Claude Opus 4.6-Powered AI Coding Agent Wipes Production Database in 9 Seconds
Fake Document Reader App Hits 10K Downloads, Spreads Anatsa Malware
New Malware Hides Behind Obfuscation and Staged Payloads
EU Proposes Forcing Google to Share Search Data With Rivals Under DMA
Fake YouTube Downloads Spread Vidar Malware to Steal Corporate Logins
Microsoft Releases Enterprise Policy Option to Disable Windows 11 Copilot
Fake Income Tax Notices Used to Spread Malware
Itron Discloses Data Breach After Hackers Access Internal Systems
Linux ELF Malware Generator Evades ML Detection With Semantic-Preserving Changes
Researchers Warn macOS textutil, KeePassXC Can Fuel Automation Attacks
Cybersecurity Dive
Major critical infrastructure supplier reports cyberattack
US, UK authorities warn that Firestarter backdoor malware survives patching
When security becomes the attack surface: Why endpoint protection must evolve
Hasbro expects March cyberattack to impact second-quarter revenue
AI-written software creates hassles for wary security teams
China disguises cyberattacks with ‘covert network’ botnets, US and allies warn
Iran-nexus threat groups refine attacks against critical infrastructure
Trump’s CISA director pick withdraws after tumultuous nomination
Microsoft SharePoint vulnerability widely exposed across multiple countries
Phishing — sometimes with AI’s help — topped initial-access methods in Q1, Cisco says
Threatpost
Student Loan Breach Exposes 2.5M Records
Watering Hole Attacks Push ScanBox Keylogger
Tentacles of ‘0ktapus’ Threat Group Victimize 130 Firms
Ransomware Attacks are on the Rise
Cybercriminals Are Selling Access to Chinese Surveillance Cameras
Twitter Whistleblower Complaint: The TL;DR Version
Firewall Bug Under Active Attack Triggers CISA Warning
Fake Reservation Links Prey on Weary Travelers
iPhone Users Urged to Update to Patch 2 Zero-Days
Google Patches Chrome’s Fifth Zero-Day of the Year
The Register
Ongoing supply-chain attack 'explicitly targeting' security, dev tools
Medical and utility tech companies admit digital breakins
Trump's Golden Dome gets $3.2B of contractors and an AI sprinkle
Cybersec is a thankless job: expanding workload and shrinking pay packet
Burglar alarm biz burgled: ADT confirms cyber intrusion after ShinyHunters extortion attempt
Microsoft updates the Windows Update Experience: You can hit pause now
ICO chief John Edwards steps back as workplace probe quietly unfolds
Anthropic's magic code-sniffer: More Swiss cheese than cheddar, for now
Google Cloud Next proves what we suspected: Everything is AI now
AI's not going to kill open source code security
VentureBeat
CVSS scored these two Palo Alto CVEs as manageable. Chained, they gave attackers root access to 13,000 devices.
85% of enterprises are running AI agents. Only 5% trust them enough to ship.
Vercel breach exposes the OAuth gap most security teams cannot detect, scope or contain
Three AI coding agents leaked secrets through a single prompt injection. One vendor's system card predicted it
Adversaries hijacked AI security tools at 90+ organizations. The next wave has write access to the firewall
Most enterprises can't stop stage-three AI agent threats, VentureBeat survey finds
Microsoft patched a Copilot Studio prompt injection. The data exfiltrated anyway
TechCrunch
Hacker who allegedly carried out cyberattacks for China is extradited to US
Critical infrastructure giant Itron says it was hacked
Another spyware maker caught distributing fake Android snooping apps
Trump’s pick to run US cyber agency CISA asks to drop out
Vercel says some of its customers’ data was stolen prior to its recent hack
Surveillance vendors caught abusing access to telcos to track people’s phone locations, researchers say
France confirms data breach at government agency that manages citizens’ IDs
Apple fixes bug that cops used to extract deleted chat messages from iPhones
Cosmetics giant Rituals confirms data breach of customer membership records
UK government says 100 countries have spyware that can hack people’s phones
Network World Security
Nvidia’s ‘AI insurance policy’ balances immediate and future AI approaches
Top network and data center events of 2026
Meta’s compute grab continues with agreement to deploy tens of millions of AWS Graviton cores
Cirrascale to offer on-prem Google Gemini models
Space data-center news: Roundup of extraterrestrial AI endeavors
Network jobs watch: Hiring, skills and certification trends
Cisco switch aimed at building practical quantum networks
How AI is reshaping copper, fiber networking
40% of data center projects will be late this year, study finds
It’s the end of set-and-forget security
Help Net Security
SC Magazine
Tropic Trooper targets Chinese speakers with SumatraPDF trojan and VS Code tunnels
Thousands of Zimbra servers vulnerable to actively exploited flaw
LMDeploy vulnerability exploited, highlighting AI infrastructure risks
Pack2TheRoot flaw allows Linux privilege escalation
Fast16 malware: Pre-Stuxnet sabotage tool discovered
UK government's digital ID panel seeks public input
French police arrest hacker 'HexDex' for alleged widespread data theft
BlackFile hackers target retail, hospitality with vishing and data extortion
CrowdStrike and Tenable address critical vulnerabilities in security products
US accuses China of industrial-scale AI model theft
© 2026 RiskDiscovery | Sponsored by: Deception Logic