Risk Discovery

DarkReading

Critical Flaw in Vibe-Coding Platform Base44 Exposes Apps

The Hidden Threat of Rogue Access

Supply Chain Attacks Spotted in GitHub Actions, Gravity Forms, npm

Root Evidence Bets on New Concept for Vulnerability Patch Management

Insurance Giant Allianz Life Grapples With Breach Affecting 'Majority' of Customers

Chaos Ransomware Rises as BlackSuit Gang Falls

Ghost Students Drain Money, Resources From Educational Sector

New Risk Index Helps Organizations Tackle Cloud Security Chaos

Sophisticated Shuyal Stealer Targets 19 Browsers, Demonstrates Advanced Evasion

How to Spot Malicious AI Agents Before They Strike

Ars Technica

OpenAI’s ChatGPT Agent casually clicks through “I am not a robot” verification test

Pro-Ukrainian hackers take credit for attack that snarls Russian flight travel

After BlackSuit is taken down, new ransomware group Chaos emerges

OpenAI’s most capable AI model, GPT-5, may be coming in August

Supply-chain attacks on open source software are getting out of hand

Two major AI coding tools wiped out user data after making cascading mistakes

Nvidia AI chips worth $1B smuggled to China after Trump export controls

Some VMware perpetual license owners are unable to download security patches

White House unveils sweeping plan to “win” global AI race through deregulation

OpenAI and partners are building a massive AI data center in Texas

CyberScoop

CISA says it will release telecom security report sought by Sen. Wyden to lift hold on Plankey nomination

Researchers flag flaw in Google’s AI coding assistant that allowed for ‘silent’ code exfiltration

Sen. Hassan wants to hear from SpaceX about scammers abusing Starlink

FBI alerts tie together threats of cybercrime, physical violence from The Com

Hundreds of registered data brokers ignore user requests around personal data

Microsoft’s software licensing playbook is a national security risk

US offers $15 million reward for info on North Korean nationals involved in global criminal network

Microsoft SharePoint attacks ensnare 400 victims, including federal agencies

Plankey vows to boot China from U.S. supply chain, advocate for CISA budget

Trump AI plan pushes critical infrastructure to use AI for cyber defense

HITBSecNews

Found on VirusTotal: The world’s first UEFI bootkit for Linux

OpenAI is at war with its own Sora video testers following brief public leak

North Korean hackers posing as IT workers steal over $1B in cyberattack

WhatsApp: NSO Group Operates Pegasus Spyware for Customers

Korea extradites Russian, Vietnamese suspects linked to $16M ransomware scheme

CISA Director Jen Easterly, in Place Since 2021, to Step Down

Man sick of crashes sues Intel for allegedly hiding CPU defects

North Korean hackers target cryptocurrency with malware

Law enforcement operation takes down 22,000 malicious IP addresses worldwide

Youth of today say passwords are old news, passkeys are the future

ZDNet

You can buy the M4 MacBook Air for its lowest price ever on Amazon right now

I ditched my Bluetooth speaker for this Victrola turntable system - and didn't miss a beat

Why I'm patiently waiting for the Samsung Z Fold 8 next year (even though the foldable is already great)

5 gadgets and accessories that leveled up my gaming setup (including a surprise console)

Why I still recommend NordVPN to most people in 2025 - especially with the latest update

I tested the most popular robot mower on the market - and it was a $5,000 crash out

I replaced my Samsung OLED TV with this Sony Mini LED model for a week - and didn't regret it

This new Contacts app update solves a problem we've all had on Android phones

5 Samsung bloatware apps you should uninstall from your Galaxy phone ASAP

iPadOS 26 is turning my iPad Air into the ultraportable laptop it was meant to be

The Hacker News

Wiz Uncovers Critical Access Bypass Flaw in AI-Powered Vibe Coding Platform Base44

PyPI Warns of Ongoing Phishing Campaign Using Fake Verification Emails and Lookalike Domain

Chaos RaaS Emerges After BlackSuit Takedown, Demanding $300K from U.S. Victims

How the Browser Became the Main Cyber Battleground

Cybercriminals Use Fake Apps to Steal Data and Blackmail Users Across Asia’s Mobile Networks

Why React Didn't Kill XSS: The New JavaScript Injection Playbook

CISA Adds PaperCut NG/MF CSRF Vulnerability to KEV Catalog Amid Active Exploitation

Hackers Breach Toptal GitHub, Publish 10 Malicious npm Packages With 5,000 Downloads

⚡ Weekly Recap — SharePoint Breach, Spyware, IoT Hijacks, DPRK Fraud, Crypto Drains and More

Email Security Is Stuck in the Antivirus Era: Why It Needs a Modern Approach

BleepingComputer

Minnesota activates National Guard after St. Paul cyberattack

Russian airline Aeroflot grounds dozens of flights after cyberattack

Hackers exploit SAP NetWeaver bug to deploy Linux Auto-Color malware

Microsoft Edge now an 'AI-powered browser' with Copilot Mode

French telecom giant Orange discloses cyberattack

FBI seizes $2.4M in Bitcoin from new Chaos ransomware operation

How attackers are still phishing "phishing-resistant" authentication

Lovense sex toy app flaw leaks private user email addresses

Tea app leak worsens with second database exposing user chats

Flaw in Gemini CLI AI coding assistant allowed stealthy code execution

Cybersecurity Dive

FBI, CISA warn about Scattered Spider’s evolving tactics

Ransomware attacks against oil and gas firms surge

Research shows LLMs can conduct sophisticated attacks without humans

Allianz Life discloses massive data breach linked to supply-chain attack

Emerging cybersecurity needs: What the market is telling us

Philadelphia Indemnity Insurance discloses June data breach

Treasury sanctions North Koreans involved in IT-worker schemes

Senators push CISA director nominee on election security, agency focus

What we know about the Microsoft SharePoint attacks

Trump AI plan calls for cybersecurity assessments, threat info-sharing

Threatpost

Student Loan Breach Exposes 2.5M Records

Watering Hole Attacks Push ScanBox Keylogger

Tentacles of ‘0ktapus’ Threat Group Victimize 130 Firms

Ransomware Attacks are on the Rise

Cybercriminals Are Selling Access to Chinese Surveillance Cameras

Twitter Whistleblower Complaint: The TL;DR Version

Firewall Bug Under Active Attack Triggers CISA Warning

Fake Reservation Links Prey on Weary Travelers

iPhone Users Urged to Update to Patch 2 Zero-Days

Google Patches Chrome’s Fifth Zero-Day of the Year

The Register

Raspberry Pi RP2350 A4 update fixes old bugs and dares you to break it again

War Games: MoD asks soldiers with 1337 skillz to compete in esports

Microsoft spotlights Apple bug patched in March as SharePoint exploits continue

Security pros are drowning in threat-intel data and it's making everything more dangerous

Majority of 1.4M customers caught in Allianz Life data heist

Aeroflot aeroflops over 'IT issues' after attackers claim year-long compromise

US spy satellite agency breached, but insists no classified secrets spilled

Congress tries to outlaw AI that jacks up prices based on what it knows about you

Blame a leak for Microsoft SharePoint attacks, researcher insists

Senator to Google: Give us info from telco Salt Typhoon probes

VentureBeat

ChatGPT just got smarter: OpenAI’s Study Mode helps students learn step-by-step

Sparrow raises $35M Series B to automate the employee leave management nightmare

How E2B became essential to 88% of Fortune 100 companies and raised $21 million

CoSyn: The open-source tool that’s making GPT-4V-level vision AI accessible to everyone

SecurityPal combines AI and experts in Nepal to speed enterprise security questionnaires by 87X or more

Early Anthropic hire raises $15M to insure AI agents and help startups deploy safely

Anthropic researchers discover the weird AI problem: Why thinking longer makes models dumber

Crowdstrike’s massive cyber outage 1-year later: lessons enterprises can learn to improve security

Google DeepMind makes AI history with gold medal win at world’s toughest math competition

How OpenAI’s red team made ChatGPT agent into an AI fortress

TechCrunch

Google won’t say if UK secretly demanded a backdoor for user data

Tea app disables DMs after second data breach exposed over a million private messages

Telecom giant Orange warns of disruption amid ongoing cyberattack

Sex toy maker Lovense caught leaking users’ email addresses and exposing accounts to takeovers

Trump’s cybersecurity cuts putting nation at risk, warns New York cyber chief

Flights grounded as Russia’s largest airline Aeroflot hacked and systems ‘destroyed’

Dating safety app Tea breached, exposing 72,000 user images

Allianz Life says ‘majority’ of customers’ personal data stolen in cyberattack

Google took a month to shut down Catwatchful, a phone spyware operation hosted on its servers

Cybercrime forum Leak Zone publicly exposed its users’ IP addresses

Network World Security

Network jobs watch: Hiring, skills and certification trends

Multi-cloud migration startup FluidCloud emerges from stealth

2025 global network outage report and internet health check

Cisco donates AI agent tech to Linux Foundation

Huawei showcases CloudMatrix 384 AI system to rival Nvidia’s flagship

Nvidia: Latest news and insights

AI chip startup FuriosaAI strikes deal with LG with enterprise customers in mind

AI will drive more workforce expansion for tech pros than reduction, Linux Foundation reports

Sysadmins ready for AI, but skepticism abounds

AI Project Stargate struggles to get off the ground

Help Net Security

Fighting AI with AI: How Darwinium is reshaping fraud defense

Darwinium launches AI tools to detect and disrupt adversarial threats

Beyond Passwords: A Guide to Advanced Enterprise Security Protection

Intruder launches GregAI to deliver AI-powered, contextual security workflow management

Cyware expands Intelligence Suite to streamline CTI program deployment and operations

Varonis unveils Next-Gen Database Activity Monitoring for agentless database security and compliance

Booz Allen Hamilton launches Vellox Reverser to accelerate AI-powered malware analysis

Why behavioral intelligence is becoming the bank fraud team’s best friend

Ransomware will thrive until we change our strategy

The final frontier of cybersecurity is now in space

InfoSecurity Magazine

French Telco Orange Hit by Cyber-Attack

Critical Authentication Flaw Identified in Base44 Vibe Coding Platform

Auto-Color Backdoor Malware Exploits SAP Vulnerability

CISA Warns of Exploited Critical Vulnerabilities in Cisco Identity Services Engine

FBI Seizes $2.4m in Crypto from Chaos Ransomware Gang

Charity Fined After Destroying “Irreplaceable” Records

Pro-Ukraine Hacktivists Ground Dozens of Aeroflot Flights

Critical Flaws in WordPress Plugin Leave 10,000 Sites Vulnerable

New Scattered Spider Tactics Target VMware vSphere Environments

Third-Party Breach Impacts Majority of Allianz Life US Customers

© 2025 RiskDiscovery | Sponsored by: Deception Logic