Risk Discovery

DarkReading

GISEC GLOBAL 2026 – The Middle East & Africa’s Largest Cybersecurity Event

‘Broadside’ Mirai Variant Targets Maritime Logistics Sector

Rust Code Delivers Better Security, Also Streamlines DevOps

India Rolls Back App Mandate Amid Surveillance Concerns

Threat Landscape Grows Increasingly Dangerous for Manufacturers

React2Shell Vulnerability Under Attack From China-Nexus Groups

CISOs Should Be Asking These Quantum Questions Today

How Agentic AI Can Boost Cyber Defense

A Tale of Two CISOs: Why An Engineering-Focused CISO Can Be a Liability

CISA Warns of 'Ongoing' Brickstorm Backdoor Attacks

Ars Technica

In comedy of errors, men accused of wiping gov databases turned to an AI tool

Admins and defenders gird themselves against maximum-severity server vuln

Microsoft drops AI sales targets in half after salespeople miss their quotas

Fraudulent gambling network may actually be something more nefarious

OpenAI CEO declares “code red” as Gemini gains 200 million users in 3 months

Syntax hacking: Researchers discover sentence structure can bypass AI safety rules

HP plans to save millions by laying off thousands, ramping up AI use

Crypto hoarders dump tokens as shares tumble

UK government will buy tech to boost AI sector in $130M growth push

Oops. Cryptographers cancel election results after losing decryption key.

CyberScoop

Attackers hit React defect as researchers quibble over proof

More evidence your AI agents can be turned against you

Bipartisan health care cybersecurity legislation returns to address a cornucopia of issues

Intellexa remotely accessed Predator spyware customer systems, investigation finds

Officials warn about expansive, ongoing China espionage threat riding on Brickstorm malware

Sen. Mark Kelly: Investing in safe, secure AI is key to U.S. dominance

Sean Plankey nomination to lead CISA appears to be over after Thursday vote

Five-page draft Trump administration cyber strategy targeted for January release

Twins with hacking history charged in insider data breach affecting multiple federal agencies

Developers scramble as critical React flaw threatens major apps

HITBSecNews

Found on VirusTotal: The world’s first UEFI bootkit for Linux

OpenAI is at war with its own Sora video testers following brief public leak

North Korean hackers posing as IT workers steal over $1B in cyberattack

WhatsApp: NSO Group Operates Pegasus Spyware for Customers

Korea extradites Russian, Vietnamese suspects linked to $16M ransomware scheme

CISA Director Jen Easterly, in Place Since 2021, to Step Down

Man sick of crashes sues Intel for allegedly hiding CPU defects

North Korean hackers target cryptocurrency with malware

Law enforcement operation takes down 22,000 malicious IP addresses worldwide

Youth of today say passwords are old news, passkeys are the future

ZDNet

Should you run Linux straight from a USB? I tried it, and here's my expert advice

The best Bluetooth trackers of 2025: Our top picks to keep tabs on your stuff

My favorite power bank for traveling just became irreplaceable with this durability upgrade

Forget burner phones - you can join this new carrier with just a ZIP code (no ID necessary)

This new Linux platform will let you update your next car at home - as soon as 2027

The 40 best products we tested in 2025: Editors' picks for phones, TVs, AI, and more

Not enough people are talking about this free Microsoft Office alternative with minimal AI

I'm a vinyl enthusiast, but this digital streaming app made me enjoy wireless audio just as much

I replaced Chrome with a local AI browser on my Pixel and it's almost too good to be free

Stop using ChatGPT for everything: The AI models I use for research, coding, and more (and which I avoid)

The Hacker News

⚡ Weekly Recap: USB Malware, React2Shell, WhatsApp Worms, AI IDE Bugs & More

How Can Retailers Cyber-Prepare for the Most Vulnerable Time of the Year?

Android Malware FvncBot, SeedSnatcher, and ClayRat Gain Stronger Data Theft Features

Sneeit WordPress RCE Exploited in the Wild While ICTBroadcast Bug Fuels Frost Botnet Attacks

MuddyWater Deploys UDPGangster Backdoor in Targeted Turkey-Israel-Azerbaijan Campaign

Researchers Uncover 30+ Flaws in AI Coding Tools Enabling Data Theft and RCE Attacks

Critical React2Shell Flaw Added to CISA KEV After Confirmed Active Exploitation

Zero-Click Agentic Browser Attack Can Delete Entire Google Drive Using Crafted Emails

Critical XXE Bug CVE-2025-66516 (CVSS 10.0) Hits Apache Tika, Requires Urgent Patch

Chinese Hackers Have Started Exploiting the Newly Disclosed React2Shell Vulnerability

BleepingComputer

How Agentic BAS AI Turns Threat Headlines Into Defense Strategies

OpenAI denies rolling out ads on ChatGPT paid plans

Portugal updates cybercrime law to exempt security researchers

React2Shell flaw exploited to breach 30 orgs, 77k IP addresses vulnerable

New wave of VPN login attempts targets Palo Alto GlobalProtect portals

Barts Health NHS discloses data breach after Oracle zero-day hack

FBI warns of virtual kidnapping scams using altered social media photos

A Practical Guide to Continuous Attack Surface Visibility

EU fines X $140 million over deceptive blue checkmarks

Cloudflare blames today's outage on React2Shell mitigations

Cybersecurity Dive

State-linked groups target critical vulnerability in React Server Components

China-nexus actor targets multiple US entities with Brickstorm malware

US, allies urge critical infrastructure operators to carefully plan and oversee AI use

Lawmakers question White House on strategy for countering AI-fueled hacks

Critical vulnerabilities found in React and Next.js

CISA eliminates pay incentives as it changes how it retains top cyber talent

DDoS attack volume rises in Q3, fueled by Aisuru botnet

Leading surveillance camera vendor signs CISA’s product-security pledge

Fortinet FortiWeb flaws found in unsupported versions of web application firewall

Senators push to renew cyber grant program for state, local governments

Threatpost

Student Loan Breach Exposes 2.5M Records

Watering Hole Attacks Push ScanBox Keylogger

Tentacles of ‘0ktapus’ Threat Group Victimize 130 Firms

Ransomware Attacks are on the Rise

Cybercriminals Are Selling Access to Chinese Surveillance Cameras

Twitter Whistleblower Complaint: The TL;DR Version

Firewall Bug Under Active Attack Triggers CISA Warning

Fake Reservation Links Prey on Weary Travelers

iPhone Users Urged to Update to Patch 2 Zero-Days

Google Patches Chrome’s Fifth Zero-Day of the Year

The Register

UK moves to strengthen undersea cable defenses as Russian snooping ramps up

Home Office kept police facial recognition flaws to itself, UK data watchdog fumes

Barts Health seeks High Court block after Clop pillages NHS trust data

Block all AI browsers for the foreseeable future: Gartner

China’s first reusable rocket explodes, but its onboard Ethernet network flew

Apache warns of 10.0-rated flaw in Tika metadata ingestion tool

Death to one-time text codes: Passkeys are the new hotness in MFA

Crims using social media images, videos in 'virtual kidnapping' scams

Novel clickjacking attack relies on CSS and SVG

Cloudflare blames Friday outage on borked fix for React2shell vuln

VentureBeat

Anthropic vs. OpenAI red teaming methods reveal different security priorities for enterprise AI

AI models block 87% of single attacks, but just 8% when attackers persist

Hybrid cloud security must be rebuilt for an AI war it was never designed to fight

Prompt Security's Itamar Golan on why generative AI security requires building a category, not a feature

DeepSeek injects 50% more security bugs when prompted with Chinese political triggers

For AI to succeed in the SOC, CISOs need to remove legacy walls now

Human-centric IAM is failing: Agentic AI requires a new identity control plane

TechCrunch

Petco confirms security lapse exposed customers’ personal data

Sanctioned spyware maker Intellexa had direct access to government espionage victims, researchers say

‘End-to-end encrypted’ smart toilet camera is not actually end-to-end encrypted

Fintech firm Marquis alerts dozens of US banks and credit unions of a data breach after ransomware attack

After intense backlash, India pulls mandate to preinstall government app on smartphones

A data breach at analytics giant Mixpanel leaves a lot of open questions

India plans to verify and record every smartphone in circulation

European cops shut down crypto mixing website that helped launder 1.3B euros

Korea’s Coupang says data breach exposed nearly 34M customers’ personal information

Multiple London councils report disruption amid ongoing cyberattack

Network World Security

Chinese cyberspies target VMware vSphere for long-term persistence

IBM boosts DNS protection for multicloud operations

Andrew Wheeler of HPE Labs: Being a constant learner is key to being a good technologist

Cloudflare firewall reacts badly to React exploit mitigation

Network jobs watch: Hiring, skills and certification trends

CompTIA training targets workplace AI use

Timeline of HPE’s $14 billion Juniper acquisition

HPE CEO Neri highlights first fruits of Juniper takeover

With AI Factories, AWS aims to help enterprises scale AI while respecting data sovereignty

HPE loads up AI networking portfolio, strengthens Nvidia, AMD partnerships

Help Net Security

NinjaOne rolls out secure, compliant remote access for IT teams

Veza brings unified visibility and control to AI agents across the enterprise

Download: Evaluating Password Monitoring Vendors

December 2025 Patch Tuesday forecast: And it’s a wrap

NVIDIA research shows how agentic AI fails under attack

The Bastion: Open-source access control for complex infrastructure

How to tell if your password manager meets HIPAA expectations

Invisible IT is becoming the next workplace priority

CISOs are spending big and still losing ground

Week in review: React, Node.js flaw patched, ransomware intrusion exposes espionage foothold

InfoSecurity Magazine

React2Shell Under Active Exploitation by China-Nexus Hackers

Portugal Revises Cybercrime Law to Protect Security Researchers

UK ICO Demands “Urgent Clarity” on Facial Recognition Bias Claims

Barts Health Seeks High Court Ban After Oracle EBS Breach

React.js Hit by Maximum-Severity 'React2Shell' Vulnerability

China-Linked Warp Panda Targets North American Firms in Espionage Campaign

Louvre to Bolster Its Security, Issues €57m Public Tender

Predator Spyware Maker Intellexa Evades Sanctions, New Victims Identified

CISA and International Partners Issue Guidance for Secure AI in Infrastructure

Cyber Agencies Push for Digital Trust Amid AI Era with New Provenance Report

© 2025 RiskDiscovery | Sponsored by: Deception Logic