[ News | Newsletters | Blogs | Lists | Media | Jobs ] HoneyDB
DarkReading
ShinyHunters Claims Second Attack Against Instructure
After Replacing TeamPCP Malware, 'PCPJack' Steals Cloud Secrets
Has CISA Finally Found Its New Leader in Tom Parker?
AI-Driven Cyberattack on Mexico Couldn't Breach OT Systems
'TrustFall' Convention Exposes Claude Code Execution Risk
VoidStealer Malware Darts Past Google Chrome's Encryption
Instructure Breach Exposes Schools' Vendor Dependence
From Stuxnet to ChatGPT: 20 News Events That Shaped Cyber
Attacks Abuse Windows Phone Link to Steal Texts & Bypass 2FA
Middle East Cyber Battle Field Broadens — Especially in UAE
Ars Technica
Chaos erupts as cyberattack disrupts learning platform Canvas amid finals
Mozilla says 271 vulnerabilities found by Mythos have "almost no false positives"
Ars Asks: Share your shell and show us your tricked-out terminals!
Widely used Daemon Tools disk app backdoored in monthlong supply-chain attack
Why Reddit blocked my daily visit to its mobile website
GameStop offers $56 billion for eBay, struggles to explain how it'll pay for it
Ubuntu infrastructure has been down for more than a day
The most severe Linux threat to surface in years catches the world flat-footed
Why a recent supply-chain attack singled out security firms Checkmarx and Bitwarden
Open source package with 1 million monthly downloads stole user credentials
CyberScoop
Sen. Schumer seeks DHS plan on AI cyber coordination with state, local governments
ShinyHunters claims nearly 9,000 schools affected by Canvas data breach
Flaw in Claude’s Chrome extension allowed ‘any’ other plugin to hijack victims’ AI
Ivanti customers confront yet another actively exploited zero-day
Trump officials are steering a cybersecurity scholarship program toward AI
American duo sentenced for hosting laptop farms for North Korean IT workers
One House Democrat is pressing Commerce on the government’s spyware use
A DOD contractor’s API flaw exposed military course data and service member records
A critical Palo Alto PAN-OS zero-day is being exploited in the wild
CISA wants critical infrastructure to operate ‘weeks to months’ in isolation during conflict
InfoSecurity Magazine
Australian Cyber Security Centre Issues Alert Over ClickFix Attacks
PCPJack Campaign Boots TeamPCP Off Compromised Machines
Legacy Security Tools Are Failing Data Protection, Capital One Software Report Finds
Cline Kanban Flaw Lets Websites Hijack AI Coding Agents
OpenAI and Anthropic LLMs Used in Critical Infrastructure Cyber-Attack, Warns Dragos
Fake Claude AI Site Drops Beagle Backdoor on Windows Users
Daemon Tools Developer Confirms Software Was Trojanized
Researchers Spot Uptick in Use of Vercel for Phishing Campaigns
CloudZ Malware Abuses Phone Link to Steal SMS OTPs
CISA Urges Critical Infrastructure Providers to Make Plans to Remain Operational if hit by Cyber-Attack
SecurityWeek
In Other News: Train Hacker Arrested, PamDOORa Linux Backdoor, New CISA Director Frontrunner
Polish Security Agency Reports ICS Breaches at Five Water Treatment Plants
AI Firm Braintrust Prompts API Key Rotation After Data Breach
Cyberattack Hits Canvas System Used by Thousands of Schools as Finals Loom
‘PCPJack’ Worm Removes TeamPCP Infections, Steals Credentials
Ransomware Group Takes Credit for Trellix Hack
Vulnerability in Claude Extension for Chrome Exposes AI Agent to Takeover
Ivanti Patches EPMM Zero-Day Exploited in Targeted Attacks
Worries About AI’s Risks to Humanity Loom Over the Trial Pitting Musk Against OpenAI’s Leaders
Palo Alto Zero-Day Exploited in Campaign Bearing Hallmarks of Chinese State Hacking
ZDNet
Samsung watches can predict if you're about to faint - but there are big caveats
Best VPN services 2026: Expert tested and recommended
I lost my Roku remotes constantly until I found this simple fix
Don't connect your smart plug to these 5 household devices - an expert warns
Worried about the nationwide Canvas data breach? Take these 6 steps now
Windows rivals to MacBook Neo are arriving - but can you handle their shortcomings?
Flying soon? American Airlines has new portable battery rules - what to know before you go
Dell vs. Lenovo: I've tested dozens of laptops from both brands, and here's my pick
After using Lenovo's $2,600 Yoga, I'm taking premium Windows laptops seriously again
Roku apps loading slow? 9 quick fixes I try before blaming my Wi-Fi
The Hacker News
cPanel, WHM Release Fixes for Three New Vulnerabilities — Patch Now
TCLBANKER Banking Trojan Targets Financial Platforms via WhatsApp and Outlook Worms
Fake Call History Apps Stole Payments From Users After 7.3 Million Play Store Downloads
One Click, Total Shutdown: The "Patient Zero" Webinar on Killing Stealth Breaches
Quasar Linux RAT Steals Developer Credentials for Software Supply Chain Compromise
One Missed Threat Per Week: What 25M Alerts Reveal About Low-Severity Risk
New Linux PamDOORa Backdoor Uses PAM Modules to Steal SSH Credentials
Linux Kernel Dirty Frag LPE Exploit Enables Root Access Across Major Distributions
Ivanti EPMM CVE-2026-6973 RCE Under Active Exploitation Grants Admin-Level Access
PCPJack Credential Stealer Exploits 5 CVEs to Spread Worm-Like Across Cloud Systems
BleepingComputer
NVIDIA confirms GeForce NOW data breach affecting Armenian users
Why More Analysts Won’t Solve Your SOC’s Alert Problem
Trellix source code breach claimed by RansomHouse hackers
CISA gives feds four days to patch Ivanti flaw exploited as zero-day
Zara data breach exposed personal information of 197,000 people
Former govt contractor convicted for wiping dozens of federal databases
New Linux 'Dirty Frag' zero-day gives root on all major distros
Canvas login portals hacked in mass ShinyHunters extortion campaign
New TCLBanker malware self-spreads over WhatsApp and Outlook
New PCPJack worm steals credentials, cleans TeamPCP infections
gbhackers
Vidar Infostealer Campaign Steals Passwords, Cookies, Crypto Wallets, and Device Data
NVIDIA Confirms GeForce Data Breach Exposed Users’ Personal Data
Pam Backdoor Targets Linux Systems to Steal SSH Credentials
Modular RAT Campaign Steals Credentials and Captures Screenshots
Fake OpenClaw Installer Targets Crypto Wallets and Password Managers
Cline Kanban WebSocket Vulnerability Enables Malicious Sites to Take Over AI Coding Agents
ZiChatBot Malware Abuses Zulip APIs for Stealthy C2 Operations
Fake Moustache Fools Age Checks, Sparks Online Safety Act Fears
Trellix Investigates RansomHouse Breach Claims Involving Source Code Repository
Critical Vulnerability in Rancher Fleet Enables Full Cluster-Admin Privileges
Cybersecurity Dive
Instructure confirms cybersecurity incident
Anthropic’s Claude used in attempted compromise of Mexican water utility
Businesses hide vast majority of ransomware attacks, report finds
Palo Alto Networks warns state-linked cluster behind zero-day exploitation
Businesses eager but unprepared for AI to transform their security strategies
Iran-sponsored threat group behind false flag social engineering campaign
NIST will test three major tech firms’ frontier AI models for cybersecurity risks
Trellix investigating breach of source code repository
CISA urges critical infrastructure firms to ‘fortify’ before it’s too late
Critical vulnerability in cPanel leads to widespread exploitation
Threatpost
Student Loan Breach Exposes 2.5M Records
Watering Hole Attacks Push ScanBox Keylogger
Tentacles of ‘0ktapus’ Threat Group Victimize 130 Firms
Ransomware Attacks are on the Rise
Cybercriminals Are Selling Access to Chinese Surveillance Cameras
Twitter Whistleblower Complaint: The TL;DR Version
Firewall Bug Under Active Attack Triggers CISA Warning
Fake Reservation Links Prey on Weary Travelers
iPhone Users Urged to Update to Patch 2 Zero-Days
Google Patches Chrome’s Fifth Zero-Day of the Year
The Register
Worm rubs out competitor's malware, then takes control
'Dirty Frag' Linux flaw one-ups CopyFail with no patches and public root exploit
Meta U-turns on encryption push for Instagram as DMs go plaintext
Hackers ate my homework: Educational SaaS Canvas down after cyberattack
Meta fights Ofcom over how many billions count as billions
Mozilla boasts Mythos boosted Firefox bug cull
Anthropic response to 1-click pwn: Shouldn't have clicked 'ok'
60% of MD5 password hashes are crackable in under an hour
The network password was a key plot point in one of the most famous movies of all time
Arctic Wolf kicks 250 employees out of the pack to save money for AI
VentureBeat
5,000 vibe-coded apps just proved shadow AI is the new S3 bucket crisis
An AI agent rewrote a Fortune 50 security policy. Here's how to govern AI agents before one does the same.
Anthropic Skill scanners passed every check. The malicious code rode in on a test file.
One command turns any open-source repo into an AI agent backdoor. OpenClaw proved no supply-chain scanner has a detection category for it
Microsoft takes Agent 365 out of preview as shadow AI becomes an enterprise threat
200,000 MCP servers expose a command execution flaw that Anthropic calls a feature
Claude Code, Copilot and Codex all got hacked. Every attacker went for the credential, not the model.
TechCrunch
Poland says hackers breached water treatment plants, and the US is facing the same threat
US defense contractor who sold hacking tools to Russian broker ordered to pay $10M to former employers
Hackers deface school login pages after claiming another Instructure hack
Hackers hack victims hacked by other hackers
How Anthropic’s Mythos has rewritten Firefox’s approach to cybersecurity
Police arrest SMS blaster crew that sent malicious messages to thousands across Toronto
2 days left: Get 50% off a second pass to TechCrunch Disrupt 2026
DOJ says ransomware gang tapped into Russian government databases
AI evaluation startup Braintrust confirms breach, tells every customer to rotate sensitive keys
Some kids are bypassing age-verification checks with a fake mustache
Network World Security
Help Net Security
Dirty Frag: Unpatched Linux vulnerability delivers root access
Ivanti EPMM vulnerability exploited in zero-day attacks (CVE-2026-6973)
Google is turning Android Studio into a policy watchdog
Helping North Korean IT remote workers is becoming a fast track to prison
Snyk integrates Claude to advance AI-native application security
Avantra’s new AI can diagnose SAP failures in seconds
Securonix launches AI threat research agent and ThreatWatch validation tool
OpenAI tunes GPT-5.5-Cyber for more permissive security workflows
Transilience AI unveils Security Operating System for cloud remediation
Object First Fleet Manager simplifies distributed backup storage
SC Magazine
Canvas, Shai-Hulud, QuasarRat, 0Days, Anthropic, Aaran Leyland, and EU Compliance! - SWN #579
Federal agencies ordered to patch Ivanti EPMM zero-day in 3 days
'Dirty Frag' Linux zero-day exposes most distributions to LPE
Google Chrome silently downloads large AI model, raising privacy concerns
Australian organizations warned of Vidar Stealer malware campaign using ClickFix technique
Microsoft Edge password saving practice raises security concerns
California man sentenced to over 6 years for role in $250 million cryptocurrency heist
U.S. oil and gas sector faces OT security challenges post-Operation Epic Fury
US military data exposed in leaky directory despite CISA notification
DDoS attacks surge during Milano Cortina 2026 Winter Games
© 2026 RiskDiscovery | Sponsored by: Deception Logic