[ News | Newsletters | Blogs | Lists | Media | Jobs ] HoneyDB
DarkReading
Black Hat USA
Automated Credential Harvesting Campaign Exploits React2Shell Flaw
Shadow AI in Healthcare Is Here to Stay
OWASP GenAI Security Project Gets Update, New Tools Matrix
Inconsistent Privacy Labels Don't Tell Users What They Are Getting
Apple Breaks Precedent, Patches DarkSword for iOS 18
Blast Radius of TeamPCP Attacks Expands Amid Hacker Infighting
Picking Up 'Skull Vibrations'? Could Be XR Headset Authentication
Claude Source Code Leak Highlights Big Supply Chain Missteps
Chainguard Unveils Factory 2.0 to Automate Hardening the Software Supply Chain
Ars Technica
OpenClaw gives users yet another reason to be freaked out about security
New Rowhammer attacks give complete control of machines running Nvidia GPUs
Quantum computers need vastly fewer resources than thought to break vital encryption
Google bumps up Q Day deadline to 2029, far sooner than previously thought
Self-propagating malware poisons open source software and wipes Iran-based machines
Widely used Trivy scanner compromised in ongoing supply-chain attack
Cloud service providers ask EU regulator to reinstate VMware partner program
Federal cyber experts called Microsoft's cloud a "pile of shit," approved it anyway
Researchers disclose vulnerabilities in IP KVMs from four manufacturers
Supply-chain attack using invisible code hits GitHub and other repositories
CyberScoop
Trump budget proposal would cut hundreds of millions more from CISA
Wyden warns Social Security chief: Trump’s voter database is ‘blatant voter suppression’
House Dems decry confirmed ICE usage of Paragon spyware
Akira ransomware group can achieve initial access to data encryption in less than an hour
Lawmakers renew push for Labor Department-backed cyber apprenticeship grants
Medtech giant Stryker says it’s back up after Iranian cyberattack
European-Chinese geopolitical issues drive renewed cyberespionage campaign
White House executive order purports to limit mail-in voting, mandate federal voter lists 
Attack on axios software developer tool threatens widespread compromises
Researchers say credential-stealing campaign used AI to build evasion ‘at every stage’
InfoSecurity Magazine
New Phishing Platform Used in Credential Theft Campaigns Against C-Suite Execs
New 'Storm' Infostealer Remotely Decrypts Stolen Credentials
NCSC Issues Security Alert Over Hackers Targeting WhatsApp and Signal Accounts
Apple Expands iOS 18 Security Updates Amid DarkSword Threat
GitHub Used as Covert Channel in Multi-Stage Malware Campaign
Researchers Observe Sub-One-Hour Ransomware Attacks
Most CNI Firms Face Up to £5m in Downtime from OT Attacks
Google Introduces Android Dev Verification Amid Openness Debate
New Venom Stealer MaaS Platform Automates Continuous Data Theft
Chinese Hackers Target European Governments in Espionage Campaigns
SecurityWeek
Google DeepMind Researchers Map Web Attacks Against AI Agents
Guardarian Users Targeted With Malicious Strapi NPM Packages
North Korean Hackers Target High-Profile Node.js Maintainers
Fortinet Rushes Emergency Fixes for Exploited Zero-Day
European Commission Confirms Data Breach Linked to Trivy Supply Chain Attack
TrueConf Zero-Day Exploited in Asian Government Attacks
In Other News: ChatGPT Data Leak, Android Rootkit, Water Facility Hit by Ransomware
Critical ShareFile Flaws Lead to Unauthenticated RCE
Mobile Attack Surface Expands as Enterprises Lose Control
React2Shell Exploited in Large-Scale Credential Harvesting Campaign
ZDNet
TP-Link Roam 7 review: How this travel router let me stop stressing about public Wi-Fi
The new MacBook Air M5 is already $150 off as it woos Windows users
I tried Peppermint Linux: How this bare-bones distro lets you build your ideal OS
I've used every Samsung Galaxy S26 model - here's why the Ultra is frustratingly the best
Your chatbot is playing a character - why Anthropic says that's dangerous
How much RAM does Linux really need in 2026? My sweet spot after decades of use
I tested Fedora Miracle: Why Linux needs a 'broken' flag for orphaned spins
I found an Incogni rival that's even better at wiping my data from the web
How I set up Claude Code in iTerm2 to launch all my AI coding projects in one click
I compared virtual RAM with real RAM on my Windows PC - here's what the numbers told me
The Hacker News
DPRK-Linked Hackers Use GitHub as C2 in Multi-Stage Attacks Targeting South Korea
Multi-OS Cyberattacks: How SOCs Close a Critical Risk in 3 Steps
⚡ Weekly Recap: Axios Hack, Chrome 0-Day, Fortinet Exploits, Paragon Spyware and More
How LiteLLM Turned Developer Machines Into Credential Vaults for Attackers
Qilin and Warlock Ransomware Use Vulnerable Drivers to Disable 300+ EDR Tools
BKA Identifies REvil Leaders Behind 130 German Ransomware Attacks
$285 Million Drift Hack Traced to Six-Month DPRK Social Engineering Operation
36 Malicious npm Packages Exploited Redis, PostgreSQL to Deploy Persistent Implants
Fortinet Patches Actively Exploited CVE-2026-35616 in FortiClient EMS
China-Linked TA416 Targets European Governments with PlugX and OAuth-Based Phishing
BleepingComputer
Microsoft links Medusa ransomware affiliate to zero-day attacks
Drift $280M crypto theft linked to 6-month in-person operation
CISA orders feds to patch exploited Fortinet EMS flaw by Friday
Why Simple Breach Monitoring is No Longer Enough
Traffic violation scams switch to QR codes in new phishing texts
New FortiClient EMS flaw exploited in attacks, emergency patch released
Hackers exploit React2Shell in automated credential theft campaign
Axios npm hack used fake Teams error fix to hijack maintainer account
Device code phishing attacks surge 37x as new kits spread online
LinkedIn secretly scans for 6,000+ Chrome extensions, collects data
gbhackers
Trojanized PyPI AI Proxy Steals Claude Prompt, Exfiltrates Data
Google Brings Lazy Loading to Media Files in New Chrome Release
Drift Protocol Hit in $286M Suspected North Korea-Linked Crypto Heist
GitHub-Backed Malware Spread via LNK Files in South Korea
Fake GitHub CI Update Steals Secrets and Tokens
North Korea’s Modular Malware Strategy Hides Attribution, Defies Takedowns
Critical Claude Code Flaw Silently Bypasses User-Configured Security Rules
Alleged REvil Leader ‘UNKN’ Identified by German Authorities in New Takedown Effort
Google’s Bug Bounty Program Hits Record $17 Million in 2025 Payouts
Apache Traffic Server Flaw Allowed Attackers to Trigger Denial-of-Service Attacks
Cybersecurity Dive
Hims & Hers says limited data stolen in social engineering attack
Critical flaw in FortiClient EMS under exploitation
Trump’s FY2027 budget again targets CISA
Researchers warn of critical flaws in Progress ShareFile
Government agencies see cyber threats as major barrier to tech improvements
Critical flaw in F5 BIG-IP faces wide exploitation risk
Retail and hospitality CISOs expect budget growth, new AI headaches and opportunities
Cyberattack hits Hasbro, impacting orders and shipping
Axios open-source library targeted in sophisticated supply chain attack
Iran-linked actors target Middle Eastern city governments to undermine missile-strike responses
Threatpost
Student Loan Breach Exposes 2.5M Records
Watering Hole Attacks Push ScanBox Keylogger
Tentacles of ‘0ktapus’ Threat Group Victimize 130 Firms
Ransomware Attacks are on the Rise
Cybercriminals Are Selling Access to Chinese Surveillance Cameras
Twitter Whistleblower Complaint: The TL;DR Version
Firewall Bug Under Active Attack Triggers CISA Warning
Fake Reservation Links Prey on Weary Travelers
iPhone Users Urged to Update to Patch 2 Zero-Days
Google Patches Chrome’s Fifth Zero-Day of the Year
The Register
Anthropic sure has a mess on its hands thanks to that Claude Code source leak
Researchers didn’t want to glamorize cybercrims. So they roasted them
Trump wants to take a battle axe to CISA again and slash $707M from budget
Hybrid work, expanded risk: what needs to change
They thought they were downloading Claude Code source. They got a nasty dose of malware instead
The company's biggest security hole lived in the breakroom
AI recruiting biz Mercor says it was 'one of thousands' hit in LiteLLM supply-chain attack
Amazon security boss: AI makes pentesting 40% more efficient
'People's Panel' to check if UK wants controversial Digital ID will cost £630K
UK manufacturers under cyber fire with 80% reporting attacks
VentureBeat
AI agents that automatically prevent, detect and fix software issues are here as NeuBird AI launches Falcon, FalconClaw
Closing the data security maturity gap: Embedding protection into enterprise workflows
OCSF explained: The shared data language security teams have been missing
In the wake of Claude Code's source code leak, 5 actions enterprise security leaders should take now
Hackers slipped a trojan into the code library behind most of the internet. Your team is probably affected
CrowdStrike, Cisco and Palo Alto Networks all shipped agentic SOC tools at RSAC 2026 — the agent behavioral baseline gap survived all three
OpenClaw has 500,000 instances and no enterprise kill switch
TechCrunch
Watch this video of how a job interviewer exposes a North Korean fake IT worker
North Korea’s hijack of one of the web’s most used open source projects was likely weeks in the making
Ticket savings of up to $500 this week for TechCrunch Disrupt 2026
Convicted spyware maker Bryan Fleming avoids jail at sentencing
After fighting malware for decades, this cybersecurity veteran is now hacking drones
Europe’s cyber agency blames hacking gangs for massive data breach and leak
Telehealth giant Hims & Hers says its customer support system was hacked
Money transfer app Duc exposed thousands of driver’s licenses and passports to the open web
ICE says it bought Paragon’s spyware to use in drug trafficking cases
De-fi platform Drift suspends deposits and withdrawals after millions in crypto stolen in hack
Network World Security
Two New England states say no to new data centers
AI for IT stalls as network complexity rises
French government take Bull by horns for €404 million
CERT-EU blames Trivy supply chain attack for Europa.eu data breach
Cisco: Latest news and insights
Cisco fixes critical IMC auth bypass present in many products
Kyndryl service targets AI agent automation, security
Google Research touts memory-compression breakthrough for AI processing
Why can’t we have nice routers anymore?
Amazon Middle East datacenter suffers second drone hit as Iran steps up attacks
Help Net Security
Residential proxies make a mockery of IP-based defenses
Product showcase: Proton Authenticator is an end-to-end encrypted, open source 2FA app
IT talent looks the other way as wireless security incidents pile up
CISOs grapple with AI demands within flat budgets
Week in review: Axios npm supply chain compromise, critical FortiClient EMS bugs exploited
FortiClient EMS zero-day exploited, emergency hotfixes available (CVE-2026-35616)
Cisco IMC auth bypass vulnerability allows attackers to alter user passwords (CVE-2026-20093)
Windows Security app gets Secure Boot certificate status indicators as 2026 expiration approaches
Claude Code source leak exploited to spread malware
APERION releases SmartFlow SDK for secure, on-prem AI governance without cloud reliance
SC Magazine
MCP isn't a protocol problem. It's an identity crisis nobody is treating.
German authorities identify alleged leader of GandCrab and REvil ransomware gangs
Scammers use fake traffic violation texts with QR codes for phishing
5 email threats to watch as identity and AI attacks evolve  
LinkedIn accused of covert browser extension scanning in 'BrowserGate' report
N-able report highlights shift to proactive risk management in SOC operations
SparkCat malware returns on app stores, targeting cryptocurrency users
Malicious Chrome extension steals ChatGPT conversations
Former engineer pleads guilty to server extortion plot
Qilin ransomware group targets German political party Die Linke, threatens data leak
© 2026 RiskDiscovery | Sponsored by: Deception Logic