Risk Discovery

DarkReading

Critical Bugs in Chaos Mesh Enable Cluster Takeover

Self-Replicating 'Shai-hulud' Worm Targets NPM Packages

'Vane Viper' Threat Group Tied to PropellerAds, Commercial Entities

Innovative FileFix Phishing Attack Proves Plenty Potent

Emerging Yurei Ransomware Claims First Victims

SecurityScorecard Buys AI Automation Capabilities, Boosts Vendor Risk Management

'HybridPetya' Ransomware Bypasses Secure Boot

KillSec Ransomware Hits Brazilian Healthcare Software Provider

FBI Warns of Threat Actors Hitting Salesforce Customers

Building Resilient IT Infrastructure From the Start

Ars Technica

ChatGPT may soon require ID verification from adults, CEO says

Millions turn to AI chatbots for spiritual guidance and confession

Modder injects AI dialogue into 2002’s Animal Crossing using memory hack

OpenAI and Microsoft sign preliminary deal to revise partnership terms

35 percent of VMware workloads expected to migrate elsewhere by 2028

Senator blasts Microsoft for making default Windows vulnerable to “Kerberoasting”

Developers joke about “coding like cavemen” as AI service suffers major outage

Microsoft ends OpenAI exclusivity in Office, adds rival Anthropic

Claude’s new AI file-creation feature ships with security risks built in

SAP warns of high-severity vulnerabilities in multiple products

CyberScoop

Microsoft seizes hundreds of phishing sites tied to massive credential theft operation

BreachForums founder resentenced to three years in prison

Senators, FBI Director Patel clash over cyber division personnel, arrests

Apple addresses dozens of vulnerabilities in latest software for iPhones, iPads and Macs

Check Point acquires AI security firm Lakera in push for enterprise AI protection

Top AI companies have spent months working with US, UK governments on model safety

When ‘minimal impact’ isn’t reassuring: lessons from the largest npm supply chain compromise

SonicWall firewalls targeted by fresh Akira ransomware surge

DHS watchdog finds mismanagement in critical cyber talent program

CISA work not ‘degraded’ by Trump administration cuts, top agency official says

HITBSecNews

Found on VirusTotal: The world’s first UEFI bootkit for Linux

OpenAI is at war with its own Sora video testers following brief public leak

North Korean hackers posing as IT workers steal over $1B in cyberattack

WhatsApp: NSO Group Operates Pegasus Spyware for Customers

Korea extradites Russian, Vietnamese suspects linked to $16M ransomware scheme

CISA Director Jen Easterly, in Place Since 2021, to Step Down

Man sick of crashes sues Intel for allegedly hiding CPU defects

North Korean hackers target cryptocurrency with malware

Law enforcement operation takes down 22,000 malicious IP addresses worldwide

Youth of today say passwords are old news, passkeys are the future

ZDNet

Hisense's giant 136-inch TV probably won't even fit in your home, but you can get it for $20,000 off

Samsung's Health app might be getting an AI health coach - what we know

Best early Amazon Prime Day deals 2025: Our 35+ favorite sales ahead of October

How Google's new AI model protects user privacy without sacrificing performance

This popular Android Auto feature might be coming back - here's why

ChatGPT will verify your age soon, in attempt to protect teen users

The best Samsung phones of 2025: Expert tested and reviewed

Buy a Samsung Galaxy S25 FE and score a $100 Best Buy gift card - here's how

Your iPhone has an entirely new screenshot editor with AI tools - how to get it now (or revert back)

Is iOS 26 draining your iPhone battery faster? Here's why - and what you can do

The Hacker News

Chaos Mesh Critical GraphQL Flaws Enable RCE and Full Kubernetes Cluster Takeover

SlopAds Fraud Ring Exploits 224 Android Apps to Drive 2.3 Billion Daily Ad Bids

New FileFix Variant Delivers StealC Malware Through Multilingual Phishing Site

Apple Backports Fix for CVE-2025-43300 Exploited in Sophisticated Spyware Attack

Securing the Agentic Era: Introducing Astrix's AI Agent Control Plane

Phoenix RowHammer Attack Bypasses Advanced DDR5 Memory Protections in 109 Seconds

Self-Replicating Worm Hits 180+ npm Packages to Steal Credentials in Latest Supply Chain Attack

Mustang Panda Deploys SnakeDisk USB Worm to Deliver Yokai Backdoor on Thailand IPs

6 Browser-Based Attacks Security Teams Need to Prepare For Right Now

⚡ Weekly Recap: Bootkit Malware, AI-Powered Attacks, Supply Chain Breaches, Zero-Days & More

BleepingComputer

BreachForums hacking forum admin resentenced to three years in prison

Microsoft rolls out Copilot Chat to Microsoft 365 Office apps

Google nukes 224 Android malware apps behind massive ad fraud campaign

Self-propagating supply chain attack hits 187 npm packages

Microsoft: WMIC will be removed after Windows 11 25H2 upgrade

Team-Wide VMware Certification: Your Secret Weapon for Security

Jaguar Land Rover extends shutdown after cyberattack by another week

Apple backports zero-day patches to older iPhones and iPads

New FileFix attack uses steganography to drop StealC malware

Webinar: Your browser is the breach — securing the modern web edge

Cybersecurity Dive

Jaguar Land Rover extends production delay following cyberattack

Context is key in a world of identity-based attacks and alert fatigue

Schools are getting better at navigating ransomware attacks, Sophos finds

CISA audit sparks debate about cybersecurity pay incentives

FBI warns about 2 campaigns targeting Salesforce instances

CISA pledges robust support for funding, further development of CVE program

Researchers warn VoidProxy phishing platform can bypass MFA

UK cyber leader calls for shift in focus toward continuity of critical services

How the retail sector teams up to defend against cybercrime

Senior NSC official said US needs to embrace offensive cyber

Threatpost

Student Loan Breach Exposes 2.5M Records

Watering Hole Attacks Push ScanBox Keylogger

Tentacles of ‘0ktapus’ Threat Group Victimize 130 Firms

Ransomware Attacks are on the Rise

Cybercriminals Are Selling Access to Chinese Surveillance Cameras

Twitter Whistleblower Complaint: The TL;DR Version

Firewall Bug Under Active Attack Triggers CISA Warning

Fake Reservation Links Prey on Weary Travelers

iPhone Users Urged to Update to Patch 2 Zero-Days

Google Patches Chrome’s Fifth Zero-Day of the Year

The Register

Microsoft blocks bait for ‘fastest-growing’ 365 phish kit, seizes 338 domains

Criminals broke into the system Google uses to share info with cops

Apple 0-day likely used in spy attacks affected devices as old as iPhone 8

Self-propagating worm fuels latest npm supply chain compromise

FileFix attacks use fake Facebook security alerts to trick victims into running infostealers

JLR stuck in neutral as losses skyrocket amid cyberattack cleanup

China slaps 1-hour deadline on reporting serious cyber incidents

Careless engineer stored recovery codes in plaintext, got whole org pwned

Security begins with visibility: How IGA brings hidden access risks to light

Former FinWise employee may have accessed nearly 700K customer records

VentureBeat

TechCrunch

Samsung patches zero-day security flaw used to hack into its customers’ phones

Kering, owner of Gucci, Balenciaga, and other luxury brands, confirms hack

Israel announces seizure of $1.5M from crypto wallets tied to Iran

By popular demand: 10 extra exhibit tables open at TechCrunch Disrupt 2025

Here’s the tech powering ICE’s deportation crackdown

Apple’s latest iPhone security feature just made life more difficult for spyware makers

France says Apple notified victims of new spyware attacks

Kids in the UK are hacking their own schools for dares and notoriety

Vibe coding? Meet vibe security

Jaguar Land Rover says data stolen in disruptive cyberattack

Network World Security

IT professionals share biggest frustrations, wishes on IT Pro Day

Power shortages are the only thing slowing the data center market

Arista continues to defy expectations, build enterprise momentum

2025 global network outage report and internet health check

China’s strike on Nvidia threatens global AI supply chains, sparking enterprise concerns

Arista touts liquid cooling, optical tech to reduce power consumption for AI networking

Network and cloud implications of agentic AI

There are 121 AI processor companies. How many will succeed?

F5 to acquire CalypsoAI for advanced AI security capabilities

HomeLM: A foundation model for ambient AI

Help Net Security

Self-replicating worm hits 180+ npm packages in (largely) automated supply chain attack

Sentra enables organizations to leverage Copilot without compromising security

Neon Cyber exits stealth with Workforce Cybersecurity Platform

Digital.ai brings expert-level cryptography to any developer team

Ransomware attackers used incorrectly stored recovery codes to disable EDR agents

N-able strengthens backup threat protection

GitHub adds post-quantum protection for SSH access

Salt Security secures AI agent actions across enterprise APIs

Building security that protects customers, not just auditors

Google introduces VaultGemma, a differentially private LLM built for secure data handling

InfoSecurity Magazine

Fifteen Ransomware Gangs “Retire,” Future Unclear

Gucci and Alexander McQueen Hit by Customer Data Breach

Chinese AI Villager Pen Testing Tool Hits 11,000 PyPI Downloads

UK: Tax Refund-Themed Phishing Slows in 2025

JLR Extends Production Halt After Cyber-Attack

API Threats Surge to 40,000 Incidents in 1H 2025

FinWise Bank Warns of Insider Data Breach

HybridPetya Mimics NotPetya, Adds UEFI Compromise

SEO Poisoning Targets Chinese Users with Fake Software Sites

AI-Forged Military IDs Used in North Korean Phishing Attack

© 2025 RiskDiscovery | Sponsored by: Deception Logic