[ News | Newsletters | Blogs | Lists | Media | Jobs ] HoneyDB
DarkReading
'Zealot' Shows What AI's Capable of in Staged Cloud Attack
'The Gentlemen' Rapidly Rises to Ransomware Prominence
DPRK Fake Job Scams Self-Propagate in 'Contagious Interview'
Ransomware Negotiator Pleads Guilty to BlackCat Scheme
Exploits Turn Windows Defender Into Attacker Tool
Surge in Bomgar RMM Exploitation Demonstrates Supply Chain Risk
Google Fixes Critical RCE Flaw in AI-Based 'Antigravity' Tool
Chinese APT Targets Indian Banks, Korean Policy Circles
Vercel Employee's AI Tool Access Led to Data Breach
Serial-to-IP Devices Hide Thousands of Old & New Bugs
Ars Technica
Microsoft issues emergency update for macOS and Linux ASP.NET threat
Contrary to popular superstition, AES 128 is just fine in a post-quantum world
US-sanctioned currency exchange says $15 million heist done by "unfriendly states"
Recent advances push Big Tech closer to the Q-Day danger zone
“Negative” views of Broadcom driving thousands of VMware migrations, rival says
Iran-linked hackers disrupt operations at US critical infrastructure sites
Thousands of consumer routers hacked by Russia's military
OpenClaw gives users yet another reason to be freaked out about security
New Rowhammer attacks give complete control of machines running Nvidia GPUs
Quantum computers need vastly fewer resources than thought to break vital encryption
CyberScoop
CISA director pick Sean Plankey withdraws his nomination
House Republicans roll out national privacy bill
The Supreme Court is about to decide how far geofence warrants can go
The AI era demands a different kind of CISO
Former DigitalMint ransomware negotiator pleads guilty to extortion scheme
Scottish man pleads guilty to attack spree that created Scattered Spider’s notoriety
Lawmakers ponder terrorism designations, homicide charges over hospital ransomware attacks
Mythos can find the vulnerability. It can’t tell you what to do about it.
Vuln in Google’s Antigravity AI agent manager could escape sandbox, give attackers remote code execution
The FTC’s AI portfolio is about to get bigger
InfoSecurity Magazine
Cyber-Attacks Surge 63% Annually in Education Sector
Researchers Uncover 10 In-the-Wild Prompt Injection Payloads Targeting AI Agents
NCSC Backs Passkeys, Hailing a New Era of Sign-in
MacOS Native Tools Enable Stealthy Enterprise Attacks
NCSC Unveils SilentGlass, a Plug-In Device to Protect Monitors from Cyber-Attacks
UK Commits £90m for Cybersecurity and Pushes for ‘Resilience Pledge’
Surge in Silent Subject Phishing Attacks Targets VIP Users
Former Ransomware Negotiator Pleads Guilty to Working For BlackCat Cyber Gang
Researchers Uncover ProxySmart Software Powering 90+ SIM Farms
UK Faces a Cyber ‘Perfect Storm’ Driven by Tech Advances and Nation State Threats, NCSC Warns
SecurityWeek
The Behavioral Shift: Why Trusted Relationships Are the Newest Attack Surface
Luxury Cosmetics Giant Rituals Discloses Data Breach
AI Can Autonomously Hack Cloud Systems With Minimal Oversight: Researchers 
Apple Patches iOS Flaw Allowing Recovery of Deleted Chats
Recent Microsoft Defender Vulnerability Exploited as Zero-Day
After Bluesky, Mastodon Targeted in DDoS Attack
Most Serious Cyberattacks Against the UK Now From Russia, Iran and China, Cyber Chief Says
New Wiper Malware Targeted Venezuelan Energy Sector Prior to US Intervention 
Mirai Botnet Targets Flaw in Discontinued D-Link Routers
Are SBOMs Failing? Supply Chain Attacks Rise as Security Teams Struggle With SBOM Data
ZDNet
Sonos Era 300 vs. Denon Home 400: Why I'm pulling the plug on the more popular speaker
The best Amazon Fire TV Stick VPNs of 2026: Expert tested and reviewed
The best smart TV VPNs of 2026: Expert tested and reviewed
The best free VPNs of 2026: Expert tested and reviewed
Bose QuietComfort Ultra 2 vs. Samsung Galaxy Buds 4 Pro: I tried both, and this pair wins
The case for buying a MacBook Neo right now - especially for students
Bloom Card vs. Brick: My verdict after trying both gadgets to cut screen time
The shadowy SIM farms behind those incessant scam texts - and how to stay safe
The best earbuds of 2026: Expert tested and reviewed
Google brings Auto Browse and Skills to Chrome Enterprise - and a new 'Gemini Summary'
The Hacker News
China-Linked GopherWhisper Infects 12 Mongolian Government Systems with Go Backdoors
Vercel Finds More Compromised Accounts in Context.ai-Linked Breach
Apple Fixes iOS Flaw That Let FBI Recover Deleted Signal Messages
Malicious KICS Docker Images and VS Code Extensions Hit Checkmarx Supply Chain
Self-Propagating Supply Chain Worm Hijacks npm Packages to Steal Developer Tokens
Harvester Deploys Linux GoGra Backdoor in South Asia Using Microsoft Graph API
Lotus Wiper Malware Targets Venezuelan Energy Systems in Destructive Attack
Toxic Combinations: When Cross-App Permissions Stack into Risk
Microsoft Patches Critical ASP.NET Core CVE-2026-40372 Privilege Escalation Bug
Mustang Panda’s New LOTUSLITE Variant Targets India Banks, South Korea Policy Circles
BleepingComputer
CISA orders feds to patch BlueHammer flaw exploited as zero-day
Apple fixes bug that let the FBI recover deleted Signal messages
New Mirai campaign exploits RCE flaw in EoL D-Link routers
Kyber ransomware gang toys with post-quantum encryption on Windows
Spain dismantles major $4.7M manga piracy platform, arrests four
Inside Caller-as-a-Service Fraud: The Scam Economy Has a Hiring Process
New npm supply-chain attack self-spreads to steal auth tokens
Microsoft Teams to get efficiency mode on PCs with limited resources
Microsoft traces Universal Print issues to Graph API code change
New GoGra malware for Linux uses Microsoft Graph API for comms
gbhackers
GitLab Fixes Flaws That Could Allow Attackers to Hijack User Sessions
Outlook Mailboxes Abused to Conceal Linux GoGra Backdoor Traffic
Malicious npm Package Hijacks Hugging Face for Malware Delivery
Outlook Mailboxes Used to Conceal Linux GoGra Backdoor Traffic
Attackers Exploit LMDeploy Flaw in the Wild Within 12 Hours of Advisory
North Korean Fake IT Workers Infiltrate Firms to Dodge Sanctions
Lazarus Lures Developers With Backdoored Coding Tests
Xinference PyPI Breach Exposes Developers to Cloud Credential Theft
Fake Wallpaper App, YouTube Channel Used to Spread notnullOSX Malware
Fake TradingView AI Site Spreads Needle Stealer Through Phony TradingClaw App
Cybersecurity Dive
Trump’s CISA director pick withdraws after tumultuous nomination
Microsoft SharePoint vulnerability widely exposed across multiple countries
Phishing — sometimes with AI’s help — topped initial-access methods in Q1, Cisco says
CISA urges security teams to view environments following axios compromise
Big banks seek to ease security worries as AI push accelerates
CISA confirms exploitation of 3 more Cisco networking device vulnerabilities
Stellantis teams with Microsoft to strengthen digital capabilities
Vulnerability exploitation surges often precede disclosure, offering possible early warnings
Vercel systems targeted after third-party tool compromised
Beyond IT: Cybersecurity is a strategic business risk
Threatpost
Student Loan Breach Exposes 2.5M Records
Watering Hole Attacks Push ScanBox Keylogger
Tentacles of ‘0ktapus’ Threat Group Victimize 130 Firms
Ransomware Attacks are on the Rise
Cybercriminals Are Selling Access to Chinese Surveillance Cameras
Twitter Whistleblower Complaint: The TL;DR Version
Firewall Bug Under Active Attack Triggers CISA Warning
Fake Reservation Links Prey on Weary Travelers
iPhone Users Urged to Update to Patch 2 Zero-Days
Google Patches Chrome’s Fifth Zero-Day of the Year
The Register
If malware via monitor cables is a matter of national security, this might be the gadget for you
Sharing isn’t caring if it’s an admin password
Pass the key, passwords have passed their sell-by date
Another npm supply chain worm is tearing through dev environments
Anthropic's super-scary bug hunting model Mythos is shaping up to be a nothingburger
Google unleashes even more AI security agents to fight the baddies
France's 'Secure' ID agency probes breach as crooks claim 19M records
Scotland Yard can keep using live facial recognition on people in London, say judges
Oil crisis? What oil crisis? IT spending de-coupled from wider war shock
Mythos found 271 Firefox flaws – but none a human couldn’t spot
VentureBeat
Vercel breach exposes the OAuth gap most security teams cannot detect, scope or contain
Three AI coding agents leaked secrets through a single prompt injection. One vendor's system card predicted it
Adversaries hijacked AI security tools at 90+ organizations. The next wave has write access to the firewall
Most enterprises can't stop stage-three AI agent threats, VentureBeat survey finds
Microsoft patched a Copilot Studio prompt injection. The data exfiltrated anyway
Frontier models are failing one in three production attempts — and getting harder to audit
43% of AI-generated code changes need debugging in production, survey finds
TechCrunch
France confirms data breach at government agency that manages citizens’ IDs
Apple fixes bug that cops used to extract deleted chat messages from iPhones
Cosmetics giant Rituals confirms data breach of customer membership records
UK government says 100 countries have spyware that can hack people’s phones
Ransomware negotiator pleads guilty to helping ransomware gang
With US spy laws set to expire, lawmakers are split over protecting Americans from warrantless surveillance
North Korean hackers blamed for $290M crypto theft
Mastodon says its flagship server was hit by a DDoS attack
App host Vercel says it was hacked and customer data stolen
Palantir posts mini-manifesto denouncing inclusivity and ‘regressive’ cultures
Network World Security
How AI is changing copper, fiber networking
Almost 40% of data center projects will be late this year, 2027 looks no better
It’s the end of set-and-forget security
2026 network outage report and internet health check
Google bets on workload-specific TPUs with 8t and 8i launch
SUSE bets automated migration can break VMware’s grip on virtualization
How Zero Networks is closing the network enforcement gap for AI agents
Azure SRE Agent flaw lets outsiders silently eavesdrop on enterprise cloud operations
Amazon’s $5B Anthropic bet is really about compute, not just cash
Cloudflare wants to rebuild the network for the age of AI agents
Help Net Security
If cyber espionage via HDMI worries you, NCSC built a device to stop it
Apple fixes iPhone bug that let FBI retrieve deleted Signal messages(CVE-2026-28950)
GopherWhisper APT group hides command and control traffic in Slack and Discord
OpenAI tackles a bad habit people have when interacting with AI
A year in, Zoom’s CISO reflects on balancing security and business
Scenario: Open-source framework for automated AI app red-teaming
GDPR works, but only where someone enforces it
Ransomware, fraud, and lawsuits drive cyber insurance claims to new peaks
Google’s Workspace Intelligence promises privacy while running on your data
Cyberattack on French government agency triggers phishing alert
SC Magazine
AI-driven attacks target governments, cloud agents, supply chains
Ex-ransomware negotiator admits involvement in multi-million dollar extortion scheme
Forward-looking approach in combating AI cyber threats urged by Fed nominee
Critical Microsoft vulnerabilities surge as total flaw prevalence declines
Cyberattacks increasingly caused by unchecked AI agents
Agoda refutes claims of massive data breach
Almost 600K reportedly impacted by separate US healthcare breaches
Over 6,400 Apache ActiveMQ servers at risk of ongoing attacks
Extensive Citizens Financial Group, Frost Bank breaches claimed by Everest ransomware
Misconfigured Perforce servers remain widespread, threaten sensitive data exposure
© 2026 RiskDiscovery | Sponsored by: Deception Logic