[ News | Newsletters | Blogs | Lists | Media | Jobs ] HoneyDB
DarkReading
Black Hat USA
OWASP GenAI Security Project Gets Update, New Tools Matrix
Inconsistent Privacy Labels Don't Tell Users What They Are Getting
Apple Breaks Precedent, Patches DarkSword for iOS 18
Blast Radius of TeamPCP Attacks Expands Amid Hacker Infighting
Picking Up 'Skull Vibrations'? Could Be XR Headset Authentication
Claude Source Code Leak Highlights Big Supply Chain Missteps
Chainguard Unveils Factory 2.0 to Automate Hardening the Software Supply Chain
CrowdStrike Next-Gen SIEM Can Now Ingest Microsoft Defender Telemetry
Geopolitics, AI, and Cybersecurity: Insights From RSAC 2026
Ars Technica
OpenClaw gives users yet another reason to be freaked out about security
New Rowhammer attacks give complete control of machines running Nvidia GPUs
Quantum computers need vastly fewer resources than thought to break vital encryption
Google bumps up Q Day deadline to 2029, far sooner than previously thought
Self-propagating malware poisons open source software and wipes Iran-based machines
Widely used Trivy scanner compromised in ongoing supply-chain attack
Cloud service providers ask EU regulator to reinstate VMware partner program
Federal cyber experts called Microsoft's cloud a "pile of shit," approved it anyway
Researchers disclose vulnerabilities in IP KVMs from four manufacturers
Supply-chain attack using invisible code hits GitHub and other repositories
CyberScoop
Trump budget proposal would cut hundreds of millions more from CISA
Wyden warns Social Security chief: Trump’s voter database is ‘blatant voter suppression’
House Dems decry confirmed ICE usage of Paragon spyware
Akira ransomware group can achieve initial access to data encryption in less than an hour
Lawmakers renew push for Labor Department-backed cyber apprenticeship grants
Medtech giant Stryker says it’s back up after Iranian cyberattack
European-Chinese geopolitical issues drive renewed cyberespionage campaign
White House executive order purports to limit mail-in voting, mandate federal voter lists 
Attack on axios software developer tool threatens widespread compromises
Researchers say credential-stealing campaign used AI to build evasion ‘at every stage’
InfoSecurity Magazine
New Phishing Platform Used in Credential Theft Campaigns Against C-Suite Execs
New 'Storm' Infostealer Remotely Decrypts Stolen Credentials
NCSC Issues Security Alert Over Hackers Targeting WhatsApp and Signal Accounts
Apple Expands iOS 18 Security Updates Amid DarkSword Threat
GitHub Used as Covert Channel in Multi-Stage Malware Campaign
Researchers Observe Sub-One-Hour Ransomware Attacks
Most CNI Firms Face Up to £5m in Downtime from OT Attacks
Google Introduces Android Dev Verification Amid Openness Debate
New Venom Stealer MaaS Platform Automates Continuous Data Theft
Chinese Hackers Target European Governments in Espionage Campaigns
SecurityWeek
Guardarian Users Targeted With Malicious Strapi NPM Packages
North Korean Hackers Target High-Profile Node.js Maintainers
Fortinet Rushes Emergency Fixes for Exploited Zero-Day
European Commission Confirms Data Breach Linked to Trivy Supply Chain Attack
TrueConf Zero-Day Exploited in Asian Government Attacks
In Other News: ChatGPT Data Leak, Android Rootkit, Water Facility Hit by Ransomware
Critical ShareFile Flaws Lead to Unauthenticated RCE
Mobile Attack Surface Expands as Enterprises Lose Control
React2Shell Exploited in Large-Scale Credential Harvesting Campaign
T-Mobile Sets the Record Straight on Latest Data Breach Filing
ZDNet
How I set up Claude Code in iTerm2 to launch all my AI coding projects in one click
I compared virtual RAM with real RAM on my Windows PC - here's what the numbers told me
Why my Raspberry Pi boards suddenly cost as much as a laptop now - and I'm not surprised
This Bluetooth tracker has effectively replaced my AirTag with its enhanced durability alone
I tested the 'survival computer' that has all the offline utility you need - including AI
After using the MacBook Neo for weeks, switching to the Air has been refreshingly sweet
I customized an Arch-based distro my way in under 5 minutes - and it's glorious
How I beat the $4 gas average in 2026: These 5 apps show you the cheapest station nearby
I let a smart planter maintain itself while I was away for 2 months - here's the result
How to clear your Android phone cache - and why it greatly improves performance
The Hacker News
How LiteLLM Turned Developer Machines Into Credential Vaults for Attackers
Qilin and Warlock Ransomware Use Vulnerable Drivers to Disable 300+ EDR Tools
BKA Identifies REvil Leaders Behind 130 German Ransomware Attacks
$285 Million Drift Hack Traced to Six-Month DPRK Social Engineering Operation
36 Malicious npm Packages Exploited Redis, PostgreSQL to Deploy Persistent Implants
Fortinet Patches Actively Exploited CVE-2026-35616 in FortiClient EMS
China-Linked TA416 Targets European Governments with PlugX and OAuth-Based Phishing
Microsoft Details Cookie-Controlled PHP Web Shells Persisting via Cron on Linux Servers
UNC1069 Social Engineering of Axios Maintainer Led to npm Supply Chain Attack
Why Third-Party Risk Is the Biggest Gap in Your Clients' Security Posture
BleepingComputer
Why Simple Breach Monitoring is No Longer Enough
Traffic violation scams switch to QR codes in new phishing texts
New FortiClient EMS flaw exploited in attacks, emergency patch released
Hackers exploit React2Shell in automated credential theft campaign
Axios npm hack used fake Teams error fix to hijack maintainer account
Device code phishing attacks surge 37x as new kits spread online
LinkedIn secretly scans for 6,000+ Chrome extensions, collects data
Hims & Hers warns of data breach after Zendesk support ticket breach
Die Linke German political party confirms data stolen by Qilin ransomware
Evolution of Ransomware: Multi-Extortion Ransomware Attacks
gbhackers
Trojanized PyPI AI Proxy Steals Claude Prompt, Exfiltrates Data
Google Brings Lazy Loading to Media Files in New Chrome Release
Drift Protocol Hit in $286M Suspected North Korea-Linked Crypto Heist
GitHub-Backed Malware Spread via LNK Files in South Korea
Fake GitHub CI Update Steals Secrets and Tokens
North Korea’s Modular Malware Strategy Hides Attribution, Defies Takedowns
Critical Claude Code Flaw Silently Bypasses User-Configured Security Rules
Alleged REvil Leader ‘UNKN’ Identified by German Authorities in New Takedown Effort
Google’s Bug Bounty Program Hits Record $17 Million in 2025 Payouts
Apache Traffic Server Flaw Allowed Attackers to Trigger Denial-of-Service Attacks
Cybersecurity Dive
Trump’s FY2027 budget again targets CISA
Researchers warn of critical flaws in Progress ShareFile
Government agencies see cyber threats as major barrier to tech improvements
Critical flaw in F5 BIG-IP faces wide exploitation risk
Retail and hospitality CISOs expect budget growth, new AI headaches and opportunities
Cyberattack hits Hasbro, impacting orders and shipping
Axios open-source library targeted in sophisticated supply chain attack
Iran-linked actors target Middle Eastern city governments to undermine missile-strike responses
Cybersecurity risks shape AI adoption, but investment accelerates nonetheless
Iran actors’ claims raise questions about larger cyber threat to US, allies
Threatpost
Student Loan Breach Exposes 2.5M Records
Watering Hole Attacks Push ScanBox Keylogger
Tentacles of ‘0ktapus’ Threat Group Victimize 130 Firms
Ransomware Attacks are on the Rise
Cybercriminals Are Selling Access to Chinese Surveillance Cameras
Twitter Whistleblower Complaint: The TL;DR Version
Firewall Bug Under Active Attack Triggers CISA Warning
Fake Reservation Links Prey on Weary Travelers
iPhone Users Urged to Update to Patch 2 Zero-Days
Google Patches Chrome’s Fifth Zero-Day of the Year
The Register
Anthropic sure has a mess on its hands thanks to that Claude Code source leak
Researchers didn’t want to glamorize cybercrims. So they roasted them
Trump wants to take a battle axe to CISA again and slash $707M from budget
Hybrid work, expanded risk: what needs to change
They thought they were downloading Claude Code source. They got a nasty dose of malware instead
The company's biggest security hole lived in the breakroom
AI recruiting biz Mercor says it was 'one of thousands' hit in LiteLLM supply-chain attack
Amazon security boss: AI makes pentesting 40% more efficient
'People's Panel' to check if UK wants controversial Digital ID will cost £630K
UK manufacturers under cyber fire with 80% reporting attacks
VentureBeat
Closing the data security maturity gap: Embedding protection into enterprise workflows
OCSF explained: The shared data language security teams have been missing
In the wake of Claude Code's source code leak, 5 actions enterprise security leaders should take now
Hackers slipped a trojan into the code library behind most of the internet. Your team is probably affected
CrowdStrike, Cisco and Palo Alto Networks all shipped agentic SOC tools at RSAC 2026 — the agent behavioral baseline gap survived all three
OpenClaw has 500,000 instances and no enterprise kill switch
RSAC 2026 shipped five agent identity frameworks and left three critical gaps open
TechCrunch
Ticket savings of up to $500 this week for TechCrunch Disrupt 2026
Convicted spyware maker Bryan Fleming avoids jail at sentencing
After fighting malware for decades, this cybersecurity veteran is now hacking drones
Europe’s cyber agency blames hacking gangs for massive data breach and leak
Telehealth giant Hims & Hers says its customer support system was hacked
Money transfer app Duc exposed thousands of driver’s licenses and passports to the open web
ICE says it bought Paragon’s spyware to use in drug trafficking cases
De-fi platform Drift suspends deposits and withdrawals after millions in crypto stolen in hack
Apple releases security fix for older iPhones and iPads to protect against DarkSword attacks
WhatsApp notifies hundreds of users who installed a fake app made by government spyware maker
Network World Security
AI for IT stalls as network complexity rises
French government take Bull by horns for €404 million
CERT-EU blames Trivy supply chain attack for Europa.eu data breach
Cisco: Latest news and insights
Cisco fixes critical IMC auth bypass present in many products
Kyndryl service targets AI agent automation, security
Google Research touts memory-compression breakthrough for AI processing
Why can’t we have nice routers anymore?
Amazon Middle East datacenter suffers second drone hit as Iran steps up attacks
New tool on AWS makes it easier to develop quantum error correction
Help Net Security
Residential proxies make a mockery of IP-based defenses
Product showcase: Proton Authenticator is an end-to-end encrypted, open source 2FA app
IT talent looks the other way as wireless security incidents pile up
CISOs grapple with AI demands within flat budgets
Week in review: Axios npm supply chain compromise, critical FortiClient EMS bugs exploited
FortiClient EMS zero-day exploited, emergency hotfixes available (CVE-2026-35616)
Cisco IMC auth bypass vulnerability allows attackers to alter user passwords (CVE-2026-20093)
Windows Security app gets Secure Boot certificate status indicators as 2026 expiration approaches
Claude Code source leak exploited to spread malware
APERION releases SmartFlow SDK for secure, on-prem AI governance without cloud reliance
SC Magazine
Battling payment fraud with tokenization and executive interviews from RSAC 2026 - Brian Oh, Mickey Bresman, Ashish Jain, Thyaga Vasudevan, Jimmy White - ESW #453
Breaking the trade-off: Full email security without deployment friction
DexterBot, Darksword, Eviltokens, Tubular Bells, Claude, Drift, Gmail, Josh Marpet... - SWN #569
Stryker back online after cyberattack
Over 257K compromised in Texas hospital hack
Brokk purportedly hacked by Play ransomware, data leaked
Malicious LNK files, GitHub leveraged in South Korea-targeted malware campaign
Bogus installers facilitate RAT, cryptominer spread in long-running operation
Accelerated Akira ransomware intrusions examined
Multiple EU entities impacted by European Commission breach, CERT-EU says
© 2026 RiskDiscovery | Sponsored by: Deception Logic