Risk Discovery

DarkReading

The Critical Failure in Vulnerability Management

45 New Domains Linked to Salt Typhoon, UNC4841

How Has IoT Security Changed Over the Past 5 Years?

Critical SAP S/4HANA Vulnerability Under Attack, Patch Now

Anyone Using Agentic AI Needs to Understand Toxic Flows

Secretive MaaS Group 'TAG-150' Develops Novel 'CastleRAT'

Scammers Are Using Grok to Spread Malicious Links on X

Embracing the Next Generation of Cybersecurity Talent

Federal Cuts Put Local, State Agencies at Cyber-Risk

Sitecore Zero-Day Sparks New Round of ViewState Threats

Ars Technica

ChatGPT’s new branching feature is a good reminder that AI chatbots aren’t people

The number of mis-issued 1.1.1.1 certificates grows. Here’s the latest.

Microsoft open-sources Bill Gates’ 6502 BASIC from 1978

New AI model turns photos into explorable 3D worlds, with caveats

Mis-issued certificates for 1.1.1.1 DNS service pose a threat to the Internet

OpenAI announces parental controls for ChatGPT after teen suicide lawsuit

Zuckerberg’s AI hires disrupt Meta with swift exits and threats to leave

Google warns that mass data theft hitting Salesloft AI agent has grown bigger

High-severity vulnerability in Passwordstate credential manager. Patch now.

Unpacking Passkeys Pwned: Possibly the most specious research in decades

CyberScoop

Supreme Court blocks FTC commissioner Slaughter’s reinstatement

NYU team behind AI-powered malware dubbed ‘PromptLock’

AI can help track an ever-growing body of vulnerabilities, CISA official says

Sitecore zero-day vulnerability springs up from exposed machine key

Streameast, world’s largest pirated live sports network, shut down by Egyptian authorities

Cato Networks acquires AI security startup Aim Security

CISA guide seeks a unified approach to software ‘ingredients lists’

House panel approves cyber information sharing, grant legislation as expiration deadlines loom

FTC announces settlement with toy robot makers that tracked location of children

Google patches two Android zero-days, 120 defects total in September security update

HITBSecNews

Found on VirusTotal: The world’s first UEFI bootkit for Linux

OpenAI is at war with its own Sora video testers following brief public leak

North Korean hackers posing as IT workers steal over $1B in cyberattack

WhatsApp: NSO Group Operates Pegasus Spyware for Customers

Korea extradites Russian, Vietnamese suspects linked to $16M ransomware scheme

CISA Director Jen Easterly, in Place Since 2021, to Step Down

Man sick of crashes sues Intel for allegedly hiding CPU defects

North Korean hackers target cryptocurrency with malware

Law enforcement operation takes down 22,000 malicious IP addresses worldwide

Youth of today say passwords are old news, passkeys are the future

ZDNet

These potential Apple Watch Series 11 features would make me upgrade immediately

The best smart rings of 2025: I tested and found an obvious winner

New AirPods Pro tomorrow? These 3 features would be so worth upgrading for

Yes, you can run Windows apps on Linux - here are my top 5 ways

40+ Windows keyboard shortcuts that effectively improved my work productivity

How to watch Apple's iPhone 17 September event this week (and what to expect)

Apple iPhone 17 event live updates: The biggest rumors on AirPods, Apple Watch Series 11, more

These $15 accessories turned my AirPods into my ideal workout headphones

Every iPhone model compatible with iOS 26 (and which ones don't support the update)

Apple's iPhone 17 event invite has secret clues - my 3 biggest theories for what to expect

The Hacker News

GitHub Account Compromise Led to Salesloft Drift Breach Affecting 22 Companies

GPUGate Malware Uses Google Ads and Fake GitHub Commits to Target IT Firms

⚡ Weekly Recap: Drift Breach Chaos, Zero-Days Active, Patch Warnings, Smarter Threats & More

You Didn’t Get Phished — You Onboarded the Attacker

Noisy Bear Campaign Targeting Kazakhstan Energy Sector Outed as a Planned Phishing Test

Malicious npm Packages Impersonate Flashbots, Steal Ethereum Wallet Keys

CISA Orders Immediate Patch of Critical Sitecore Vulnerability Under Active Exploitation

TAG-150 Develops CastleRAT in Python and C, Expanding CastleLoader Malware Operations

SAP S/4HANA Critical Vulnerability CVE-2025-42957 Exploited in the Wild

Automation Is Redefining Pentest Delivery

BleepingComputer

Sports streaming piracy service with 123M yearly visits shut down

Hackers hijack npm packages with 2 billion weekly downloads in supply chain attack

Salesloft: March GitHub repo breach led to Salesforce data theft attacks

Action1 vs. Microsoft WSUS: A Better Approach to Modern Patch Management

Google to make it easier to access AI Mode as default

ChatGPT makes Projects feature free, adds a toggle to split chat

iCloud Calendar abused to send phishing emails from Apple’s servers

Czech cyber agency warns against Chinese tech in critical infrastructure

VirusTotal finds hidden malware phishing campaign in SVG files

AI-powered malware hit 2,180 GitHub accounts in “s1ngularity” attack

Cybersecurity Dive

Salesloft Drift integration restored after probe reveals months-long GitHub account compromise

Data security gaps stymy enterprise AI plans

Marriott checks out AI agents amid technology transformation

Swiss Re warns of rate deterioration in cyber insurance

Researchers warn of zero-day vulnerability in SiteCore products

How the newest ISAC aims to help food and agriculture firms thwart cyberattacks

How Tampa General Hospital worked to quantify cyber risk

Cloudflare, Proofpoint say hackers gained access to Salesforce instances in attack spree

Palo Alto Networks, Zscaler customers impacted by supply chain attacks

FCC investigation could derail its own IoT security certification program

Threatpost

Student Loan Breach Exposes 2.5M Records

Watering Hole Attacks Push ScanBox Keylogger

Tentacles of ‘0ktapus’ Threat Group Victimize 130 Firms

Ransomware Attacks are on the Rise

Cybercriminals Are Selling Access to Chinese Surveillance Cameras

Twitter Whistleblower Complaint: The TL;DR Version

Firewall Bug Under Active Attack Triggers CISA Warning

Fake Reservation Links Prey on Weary Travelers

iPhone Users Urged to Update to Patch 2 Zero-Days

Google Patches Chrome’s Fifth Zero-Day of the Year

The Register

Salt Typhoon used dozens of domains, going back five years. Did you visit one?

PACER buckles under MFA rollout as courts warn of support delays

CISA sounds alarm over TP-Link wireless routers under attack

UK tech minister booted out in weekend cabinet reshuffle

The crazy, true story behind the first AI-powered ransomware

Shell to pay: Crims invade your PC with CastleRAT malware, now in C and Python

Critical, make-me-super-user SAP S/4HANA bug under active exploitation

Knock-on effects of software dev break-in hit schools trust

Attackers snooping around Sitecore, dropping malware via public sample keys

Boffins build automated Android bug hunting system

VentureBeat

TechCrunch

Signal introduces free and paid backup plans for your chats

Salesloft says Drift customer data thefts linked to March GitHub account hack

The growing debate over expanding age verification laws

X is now offering me end-to-end encrypted chat — you probably shouldn’t trust it yet

Venezuela’s president thinks American spies can’t hack Huawei phones

ICE reactivates contract with spyware maker Paragon

WhatsApp fixes ‘zero-click’ bug used to hack Apple users with spyware

TransUnion says hackers stole 4.4 million customers’ personal information

FBI says China’s Salt Typhoon hacked at least 200 US companies

US sanctions fraud network used by North Korean ‘remote IT workers’ to seek jobs and steal money

Network World Security

12 network observability certifications to boost IT operations skills

VMware Avi load balancer gains AI integration and post-quantum security

Red Sea cable cuts trigger latency for Azure, cloud services across Asia and the Middle East

Network discovery gets a boost from Intel-spinout Articul8

Intel: Latest news and insights

Google adds Gemini to its on-prem cloud for increased data protection

Cisco, Nvidia, VAST team to offer turnkey AI infrastructure components

Cato Networks acquires AI security startup Aim Security

Nvidia networking roadmap: Ethernet, InfiniBand, co-packaged optics will shape data center of the future

Inside the AI-optimized data center: Why next-gen infrastructure is nonnegotiable

Help Net Security

SentinelOne to acquire Observo AI, enhancing SIEM and security operations

Salesloft Drift data breach: Investigation reveals how attackers got in

Linux Kernel Runtime Guard hits 1.0.0 with major updates and broader support

Cybersecurity research is getting new ethics rules, here’s what you need to know

InterceptSuite: Open-source network traffic interception tool

Cyber defense cannot be democratized

Identity management was hard, AI made it harder

AI moves fast, but data security must move faster

Week in review: Several companies affected by the Salesloft Drift breach, Sitecore 0-day vulnerability

Attackers are exploiting critical SAP S/4HANA vulnerability (CVE-2025-42957)

InfoSecurity Magazine

Wealthsimple Confirms Data Breach After Supply Chain Attack

MostereRAT Targets Windows Users With Stealth Tactics

Remote Access Abuse Biggest Pre-Ransomware Indicator

Qualys, Tenable Latest Victims of Salesloft Drift Hack

GhostAction Supply Chain Attack Compromises 3000+ Secrets

SAP S/4HANA Users Urged to Patch Critical Exploited Bug

Bridgestone Confirms "Limited Cyber Incident" Impacting Facilities in North America

South Carolina School District Data Breach Affects 31,000 People

macOS Stealer Campaign Uses “Cracked” App Lures to Bypass Apple Security

US and 14 Allies Release Joint Guidance on Software Bill of Materials

© 2025 RiskDiscovery | Sponsored by: Deception Logic