Risk Discovery

DarkReading

Unpatched 'PhantomRPC' Flaw in Windows Enables Privilege Escalation

20-Year-Old Malware Rewrites History of Cyber Sabotage

Parsing Agentic Offensive Security's Existential Threat

Helping Romance Scam Victims Requires a Proactive, Empathic Approach

US Busts Myanmar Ring Targeting US Citizens in Financial Fraud

Glasswing Secured the Code. The Rest of Your Stack Is Still on You

AI Phishing Is No. 1 With a Bullet for Cyberattackers

North Korea's Lazarus Targets macOS Users via ClickFix

Chinese APT Abuses Multiple Cloud Tools to Spy on Mongolia

Tropic Trooper APT Takes Aim at Home Routers, Japanese Targets

Ars Technica

Why are top university websites serving porn? It comes down to shoddy housekeeping.

In a first, a ransomware family is confirmed to be quantum-safe

Microsoft issues emergency update for macOS and Linux ASP.NET threat

Contrary to popular superstition, AES 128 is just fine in a post-quantum world

US-sanctioned currency exchange says $15 million heist done by "unfriendly states"

Recent advances push Big Tech closer to the Q-Day danger zone

“Negative” views of Broadcom driving thousands of VMware migrations, rival says

Iran-linked hackers disrupt operations at US critical infrastructure sites

Thousands of consumer routers hacked by Russia's military

OpenClaw gives users yet another reason to be freaked out about security

CyberScoop

Senators seek answers about hackers obtaining sensitive student data from ostensibly anonymous tip line

BlackFile actively extorting data-theft victims in retail and hospitality sector

Latest spy power reauthorization bill leaves critics unimpressed

Vercel attack fallout expands to more customers and third-party systems

US, UK agencies warn hackers were hiding on Cisco firewalls long after patches were applied

Dragos: Despite AI use, new malware targeting water plants is ‘hype’

Surveillance campaigns use commercial surveillance tools to exploit long-known telecom vulnerabilities

A dozen allied agencies say China is building covert hacker networks out of everyday routers

CISA director pick Sean Plankey withdraws his nomination

House Republicans roll out national privacy bill

InfoSecurity Magazine

US Sanctions Target Cambodian Scam Network Leaders

Utilities Tech Supplier Itron Discloses Cyber-Attack, Operations Unaffected

Widely Used Browser Extensions Selling User Data

Most Cybersecurity Professionals Feel Undervalued and Underpaid

Researchers Identify Fast16 Sabotage Malware That Pre-Dates Stuxnet

BlackFile Group Targets Retail and Hospitality with Vishing Attacks

UK Biobank Data Breach: Health Data of 500,000 Listed for Sale in China

AI Rush is Reviving Old Cybersecurity Mistakes, Mandiant VP Warns

Npm Supply Chain Malware Attack Targets Developers With Worm-Like Propagation

Google Favors General-Purpose Gemini Models Over Cybersecurity‑Specific AI

SecurityWeek

Incomplete Windows Patch Opens Door to Zero-Click Attacks

OpenSSH Flaw Allowing Full Root Shell Access Lurked for 15 Years

Malicious AI Prompt Injection Attacks Increasing, but Sophistication Still Low: Google

Energy and Water Management Firm Itron Hacked

UNC6692 Uses Email Bombing, Social Engineering to Deploy ‘Snow’ Malware

Easily Exploitable ‘Pack2TheRoot’ Linux Vulnerability Leads to Root Access

US Launches Sweeping Crackdown on Southeast Asia Cyberscams and Sanctions Cambodian Senator

Firefox Vulnerability Allows Tor User Fingerprinting

China-Linked APT GopherWhisper Abuses Legitimate Services in Government Attacks

Pre-Stuxnet Sabotage Malware ‘Fast16’ Linked to US-Iran Cyber Tensions

ZDNet

GitHub Copilot shifts to usage-based pricing June 1 - why that's no surprise

This LG portable projector comes with a free soundbar - and we highly recommend it

T-Mobile will give you $200 for switching to them - seriously

I tried this Bluetti power station with wheels - now every other charger feels outdated

Samsung Wallet just got a travel feature that I hope Google Wallet copies ASAP

6 MacOS settings I immediately change on every new Mac - and why

I used a $4 timer to reboot my router, and it actually made my internet faster

I tested ChatGPT Images 2.0 vs. Gemini Nano Banana to see which is better - this model wins

This machine is the only way to make nitro cold brew coffee at home - and it's on sale

Get a month of 5G Home Internet on T-Mobile and $300 cash back - here's how

The Hacker News

Checkmarx Confirms GitHub Repository Data Posted on Dark Web After March 23 Attack

⚡ Weekly Recap: Fast16 Malware, XChat Launch, Federal Backdoor, AI Employee Tracking & More

Mythos Changed the Math on Vulnerability Discovery. Most Teams Aren't Ready for the Remediation Side

PhantomCore Exploits TrueConf Vulnerabilities to Breach Russian Networks

Researchers Uncover 73 Fake VS Code Extensions Delivering GlassWorm v2 Malware

Fake CAPTCHA IRSF Scam and 120 Keitaro Campaigns Drive Global SMS, Crypto Fraud

Researchers Uncover Pre-Stuxnet ‘fast16’ Malware Targeting Engineering Software

CISA Adds 4 Exploited Flaws to KEV, Sets May 2026 Federal Deadline

FIRESTARTER Backdoor Hit Federal Cisco Firepower Device, Survives Security Patches

NASA Employees Duped in Chinese Phishing Scheme Targeting U.S. Defense Software

BleepingComputer

Alleged Silk Typhoon hacker extradited to US for cyberespionage

FTC: Americans lost over $2.1 billion to social media scams in 2025

PyPI package with 1.1M monthly downloads hacked to push infostealer

Home security giant ADT data breach affects 5.5 million people

Webinar: Spotting cyberattacks before they begin

Medtronic confirms breach after hackers claim 9 million records theft

Money launderer linked to $230M crypto heist gets 70 months in prison

Deepfake Voice Attacks are Outpacing Defenses: What Security Leaders Should Know

Microsoft says Outlook.com outage is causing sign‑in failures

American utility firm Itron discloses breach of internal IT network

gbhackers

New Malware Hides Behind Obfuscation and Staged Payloads

EU Proposes Forcing Google to Share Search Data With Rivals Under DMA

Fake YouTube Downloads Spread Vidar Malware to Steal Corporate Logins

Microsoft Releases Enterprise Policy Option to Disable Windows 11 Copilot

Fake Income Tax Notices Used to Spread Malware

Itron Discloses Data Breach After Hackers Access Internal Systems

Linux ELF Malware Generator Evades ML Detection With Semantic-Preserving Changes

Researchers Warn macOS textutil, KeePassXC Can Fuel Automation Attacks

North Korean Hackers Target Pharma Firms with Malware-Laced Excel Attacks

OpenClaw Flaws Expose Systems to Policy Bypass Attacks

Cybersecurity Dive

Major critical infrastructure supplier reports cyberattack

US, UK authorities warn that Firestarter backdoor malware survives patching

When security becomes the attack surface: Why endpoint protection must evolve

Hasbro expects March cyberattack to impact second-quarter revenue

AI-written software creates hassles for wary security teams

China disguises cyberattacks with ‘covert network’ botnets, US and allies warn

Iran-nexus threat groups refine attacks against critical infrastructure

Trump’s CISA director pick withdraws after tumultuous nomination

Microsoft SharePoint vulnerability widely exposed across multiple countries

Phishing — sometimes with AI’s help — topped initial-access methods in Q1, Cisco says

Threatpost

Student Loan Breach Exposes 2.5M Records

Watering Hole Attacks Push ScanBox Keylogger

Tentacles of ‘0ktapus’ Threat Group Victimize 130 Firms

Ransomware Attacks are on the Rise

Cybercriminals Are Selling Access to Chinese Surveillance Cameras

Twitter Whistleblower Complaint: The TL;DR Version

Firewall Bug Under Active Attack Triggers CISA Warning

Fake Reservation Links Prey on Weary Travelers

iPhone Users Urged to Update to Patch 2 Zero-Days

Google Patches Chrome’s Fifth Zero-Day of the Year

The Register

Medical and utility tech companies hacked by digital intruders

Trump's Golden Dome gets $3.2BN of contractors and an AI sprinkle

Cybersec is a thankless job: expanding workload and shrinking pay packet

Burglar alarm biz burgled: ADT confirms cyber intrusion after ShinyHunters extortion attempt

Microsoft updates the Windows Update Experience: You can hit pause now

ICO chief John Edwards steps back as workplace probe quietly unfolds

Anthropic's magic code-sniffer: More Swiss cheese than cheddar, for now

Google Cloud Next proves what we suspected: Everything is AI now

AI's not going to kill open source code security

Crime crew impersonates help desk, abuses Microsoft Teams to steal your data

VentureBeat

CVSS scored these two Palo Alto CVEs as manageable. Chained, they gave attackers root access to 13,000 devices.

85% of enterprises are running AI agents. Only 5% trust them enough to ship.

Vercel breach exposes the OAuth gap most security teams cannot detect, scope or contain

Three AI coding agents leaked secrets through a single prompt injection. One vendor's system card predicted it

Adversaries hijacked AI security tools at 90+ organizations. The next wave has write access to the firewall

Most enterprises can't stop stage-three AI agent threats, VentureBeat survey finds

Microsoft patched a Copilot Studio prompt injection. The data exfiltrated anyway

TechCrunch

Hacker who allegedly carried out cyberattacks for China is extradited to US

Critical infrastructure giant Itron says it was hacked

Another spyware maker caught distributing fake Android snooping apps

Trump’s pick to run US cyber agency CISA asks to drop out

Vercel says some of its customers’ data was stolen prior to its recent hack

Surveillance vendors caught abusing access to telcos to track people’s phone locations, researchers say

France confirms data breach at government agency that manages citizens’ IDs

Apple fixes bug that cops used to extract deleted chat messages from iPhones

Cosmetics giant Rituals confirms data breach of customer membership records

UK government says 100 countries have spyware that can hack people’s phones

Network World Security

Nvidia’s ‘AI insurance policy’ balances immediate and future AI approaches

Top network and data center events of 2026

Meta’s compute grab continues with agreement to deploy tens of millions of AWS Graviton cores

Cirrascale to offer on-prem Google Gemini models

Space data-center news: Roundup of extraterrestrial AI endeavors

Network jobs watch: Hiring, skills and certification trends

Cisco switch aimed at building practical quantum networks

How AI is reshaping copper, fiber networking

40% of data center projects will be late this year, study finds

It’s the end of set-and-forget security

Help Net Security

SC Magazine

Medtronic says cyberattack did not disrupt its operations

Operating at the speed of the adversary

Firefox and Tor Browser vulnerability allowed hidden identifiers

Governance and compliance are still the biggest barriers to AI success

Rethinking Security from the OS Up in the Age of AI and more RSAC 2026 Interviews - Craig Sanderson, Sachin Jade, Travis Wong, Phil Calvin, Karen Heart - ESW #456

‘AiFrame’ browser attacks continue with fake authenticator, converter extensions

Scylla &Charybdis, Kyber, Trigonia, Namastex, GitHub, Crypto, Cables, Aaran Leyland - SWN #575

Controlling AI at machine speed: Detecting risk, protecting systems, and reversing mistakes

UNC6692 impersonates help desk employees to drop SNOW malware via Teams

Cambodian senator, others hit with US sanctions over scam allegations

© 2026 RiskDiscovery | Sponsored by: Deception Logic