Risk Discovery

DarkReading

'Djinn' Stealer Targets Cloud, AI Credentials

Vulnerabilities Expose Private Data in Indian Government Systems

Can Clothes Make You Invisible to Facial Recognition?

Iran, Russia, China Target Water Systems for Sabotage

Amazon Q VS Extension Flaw Leads to Cloud Credential Theft

Third-Party Breaches Teach Education Sector a Costly Lesson in Vendor Risk

AI Decline? Confidence in Autonomous Penetration Testing Falls

Cisco Adds NHI to Security Stack With Astrix, WideField Acquisitions

New Initiative Tackles Security for End-of-Life Open Source Software

AI Won't Wipe-Out Entry-Level Cybersecurity Jobs

Ars Technica

Notion killing Skiff-influenced email app since most users use AI agents instead

One-two punch delivered in global operation disrupts cybercrime "assembly line"

White House drastically shortens deadline for dropping quantum-vulnerable crypto

Oracle’s 21,000 layoffs help drive its debt-fueled AI investments

Following user outcry, AMD reinstates memory encryption in consumer CPUs

Microsoft discovers new lightweight backdoor that steals cryptocurrency

Apple patches high-severity eavesdropping vulnerability in Beats Studio Buds

Before SpaceX IPO, investors in China secretly acquired stakes

Massive breach spills credentials for thousands of sensitive networks

Tesco moving 40,000 server workloads off VMware amid Broadcom's “abusive conduct”

CyberScoop

Warner bill would create federally vetted list for secure, trustworthy AI agents

Supreme Court approves mail-in ballots that arrive after Election Day

Supreme Court delivers ‘major win’ for tech privacy in Chatrie ruling

What the post-quantum executive order really demands of CISOs

ATF cancels controversial commercial geolocation contract

FCC passes new cybersecurity rules for emergency systems, undersea cables

Federal court rules Trump election-focused executive order illegal

Russia uses Cellebrite to break into human rights activist’s phone, even after cancellation of contract

Minnesota man known as ‘Snoopy’ sentenced in DraftKings hack

Why patch directives only go so far

InfoSecurity Magazine

OpenAI Reveals GPT-5.6 Sol Cybersecurity Model, Restricts Early Access

Telegram-Based Millenium RAT Campaign Infects 60,000 Devices

US Federal Insurance Regulator Confirms Data Breach Via Oracle Flaw

Russian Hackers Accused of Destructive Cyber-Attack on Jaguar Land Rover

FBI Sounds Alarm Over Russian Intelligence Signal Phishing

China-Linked Hackers Strike Asian Critical Infrastructure with TinyRCT Backdoor

CMC Releases Analysis and Guidance for Education Sector After Canvas Data Breach

Cisco Vulnerability Exploited Months Before Disclosure, Google Warns

Twenty Million US IP Connections Used by Proxy Services

Trust in Automated AI Vulnerability Scanning Collapses to 9%, New Study Finds

SecurityWeek

WhatsApp Rolling Out Username Feature to Bolster Phone Number Privacy

Researchers Demo New Claude Code Attack Using Harmless-Looking Repositories to Hijack Developer Machines

Straiker Raises $64 Million for AI Security Platform

Insurance Regulators Group NAIC Hit in Oracle PeopleSoft Hack

‘DirtyClone’ Linux Kernel Vulnerability Leads to Root Access

OpenAI and Anthropic Limit New AI Models to Trump-Approved Customers During Cybersecurity Review

US Offers $10 Million Bounty for Russian State Hackers as Messaging App Attacks Evolve

OpenAI Unveils GPT-5.6 Sol as Its Most Advanced Cybersecurity AI

Chinese Framework Powers 200,000 Scam Sites

Amazon Q Flaw Enabled Cloud Credential Theft via Malicious Repositories

ZDNet

I always keep these 3 devices plugged into my power station - here's why

I replaced my iPhone battery at the Apple store for the first time ever - and learned a valuable lesson

I tried a Windows handheld PC, and its docking system made it my ideal travel companion

After testing Thread, Zigbee, and Matter, here's how I'm building my smart home differently

Internet down? 3 ways I use an old Android phone as a backup connection for my home router

I changed these Android Auto settings to limit what Gemini learns about me - here's why

Chrome vs. Edge vs. Firefox: I tested each browser's AI, but I'm only sticking with one

Six months later, this small gadget is my secret weapon against doomscrolling

What years of testing thermal cameras taught me about the problems hiding in plain sight

You can still buy last year's Sony Bravia OLED TV for $600 off - and I can't recommend it enough

The Hacker News

Malicious Perplexity Chrome Extension Intercepted Searches and Address Bar Input

WhatsApp is Finally Getting Usernames to Help Keep Phone Numbers Private

Mustang Panda Uses Zoho WorkDrive as Command Channel in Indian Government Attacks

⚡ Weekly Recap: Linux Kernel Flaws, AI Malware Tricks, Turla Backdoor, Infostealers and More

236,000 DCloud Uni-App Sites Used in Crypto Scams, Phishing, and Wallet Drainers

Why Post-Quantum Cryptography Starts With Credentials

Gamaredon Expands Ukraine Attacks with New Malware and Cloud Service Abuse

Microsoft Removes 119 Edge Extensions That Hid Malware in Images and Fonts

Public PoC Released for Critical libssh2 CVE-2026-55200 Client-Side SSH Flaw

Hijacked npm and Go Packages Use VS Code Tasks to Deploy Python Infostealer

BleepingComputer

Nissan discloses employee data breach linked to Oracle zero-day attacks

NAIC says public data stolen in ShinyHunters' PeopleSoft breach

WhatsApp rolls out usernames to help users hide their phone number

Microsoft extends Windows Server 2022 hotpatching until October 2027

U.S. offers $10 million for hackers targeting WhatsApp, Signal users

Agentic AI Has an Identity Problem and Attackers Know It

Critical SimpleHelp flaw exploited to deploy new stealer malware

Hackers now exploit critical Oracle E-Business flaw in attacks

Webinar: Why business email compromise attacks keep succeeding

US seizes hundreds of FIFA World Cup illegal streaming domains

gbhackers

Splunk Secure Gateway RCE Vulnerability Lets Low-Privileged Attackers Execute Arbitrary Code

STOCKSTAY Malware Uses WebSocket C2, RSA Encryption, and Environmental Keying for Stealth

Critical Hoppscotch Vulnerability Lets Attackers Overwrite JWT_SECRET and Forge Admin Tokens

ClawHavoc Attack Hits ClawHub With 1,184 Malicious Skills and 247,000 Installations

Langflow RCE Vulnerability Exploited to Deploy Monero Cryptominer on Exposed AI Servers

New Windows Injection Technique Hijacks Win32k Callback Dispatch to Execute Shellcode

Critical Dell Wyse Management Suite Vulnerabilities Let Attackers Execute Remote Code

FBI and CISA Warn Russian Hackers Stealing Verification Codes and Account PINs From Signal Users

AI-Generated Mythic Agents Challenge Static Signatures and Traditional Implant Detection

Critical Google Gemini CLI Flaw Lets Attackers Execute Code on Headless CI Platforms

Cybersecurity Dive

Insurance body confirms hackers posted Oracle PeopleSoft breach data

OpenAI voluntarily limits new AI models at government’s request

From mythos to reality: Why the 2026 state of pentesting report proves the need for programmatic defenses

Software, AI companies form alliance to tackle open-source security flaws

FCC requires emergency-alert distributors to secure their systems

AWS unveils agent security, data access tools

NIST offers security guidance for water utilities using remote-access tools

As cyber risk evolves, the insurance industry tightens guardrails

Microsoft, Europol lead global takedown of infostealer malware

Ransomware attacks grew in 2025 as traditional data breaches fell

Threatpost

Student Loan Breach Exposes 2.5M Records

Watering Hole Attacks Push ScanBox Keylogger

Tentacles of ‘0ktapus’ Threat Group Victimize 130 Firms

Ransomware Attacks are on the Rise

Cybercriminals Are Selling Access to Chinese Surveillance Cameras

Twitter Whistleblower Complaint: The TL;DR Version

Firewall Bug Under Active Attack Triggers CISA Warning

Fake Reservation Links Prey on Weary Travelers

iPhone Users Urged to Update to Patch 2 Zero-Days

Google Patches Chrome’s Fifth Zero-Day of the Year

The Register

Four years into Ukraine invasion, Russia turns influence-ops back to US and Europe

Anonymous researcher drops 0-day 'exploitarium' repo

AI may be good at finding security vulnerabilities, but it can't beat human stupidity

Microsoft keeps Windows Server 2022 hotpatching alive into 2027

Nissan says Oracle PeopleSoft break-in may have spilled payroll records, SSNs

It's looking like a hot, messy summer for security teams as AI finds countless previously hidden vulns

Even the Secret Service won't use company-issued phones

Amazon Q flaw let booby-trapped Git repos execute code, swipe cloud creds

Miasma campaign poisons 20-plus npm packages, hunts for developer secrets

Security boss thought MFA would be too much security

VentureBeat

The attack that hijacked Claude Code came through Sentry. Datadog, PagerDuty, and Jira have the same exposure.

Prompt injection is exploiting enterprise AI's biggest design flaws by targeting agents, RAG pipelines and model routers

Autonomous security agents need complete data. Here's how to check if yours is ready.

Frontier AI is rewriting the economics of software supply chain security

Visa will offer an inside look at Project Glasswing and how the most powerful agentic models are changing enterprise security at VB Transform 2026

7,000 Langflow servers are under attack. LangGraph and LangChain have the same holes

Copilot searched your mailbox. LiteLLM handed out admin keys. Run this 5-check audit before your stack is next

TechCrunch

In major privacy win, Supreme Court rules geofence warrants are protected by privacy rights

Russian hackers were behind $2.5B hack of Jaguar Land Rover: Report

Polymarket says hackers stole users’ funds

Hacked Klue says criminals are deleting stolen customer data, but now other hackers are making threats

Cellebrite said it cut off Russia, but Russia used its tools anyway

New website names and shames companies that still don’t offer passkeys to users

Klue says hackers stole credential from 2022 that led to customer data breaches

Password manager maker LastPass says hackers stole customer support case data during Klue breach

Tata Electronics, a major tech supplier to Apple and Tesla, confirms data breach

A new unpatchable flaw in Apple chips opens the door to an iPhone jailbreak

Network World Security

Aggressive federal PQE timeline prompts warnings for enterprises

You can’t build sovereign infrastructure with Broadcom, says CISPE

Presidential order addresses quantum computing gaps

Researchers cast new doubt on Microsoft’s quantum computing advance

IBM unveils sub-1 nanometer chip with nearly 100 billion transistors

Qualcomm’s $3.9 billion purchase of Modular aims to change the data center dynamic

IBM, Red Hat, Palo Alto team to secure open-source software

Break legacy lock-in: Strategic options for enterprises facing the vSphere 8 deadline

Attackers exploit Cisco Unified CM flaw weeks after patch release

Upscale AI readies Skyhammer scale-up networking tech, raises new funding

Help Net Security

JSP webshells being dropped on unpatched PTC Windchill instances

PrivacyHawk Enterprise helps organizations find shadow IT and minimize third-party cyber risk

Mozilla warns of indirect prompt injection risk in AI coding agents

GPT-5.6 gets better at cybersecurity

DarkMoon: Open-source AI pentesting platform

Sycophantic chatbots and the harms that build over many chats

Companies keep bolting AI onto their products, and the security bill is coming due

Most teams accept higher risk for faster AI database work

Week in review: Fortibleed campaign’s impact on orgs, Cisco Unified CM flaw exploited

Proof’s x401 establishes an open protocol for AI agent identity and authorization

SC Magazine

Nissan confirms employee data exposed in Oracle PeopleSoft cyberattack

Microsoft dismantles StegoAd campaign using malicious Edge extensions

Supreme Court limits geofence search warrants, bolsters privacy rights

Arcova launches integrated data center development service

Microsoft extends Windows Server 2022 hotpatching to 2027

Researchers discover new class of weak RSA keys in the wild

Trump signs executive order to accelerate US quantum computing strategy

Why CISOs need to rethink governance in the AI era

AI adoption outpaces governance, creating risks for businesses

Canadian hacker sentenced for Texas Republican Party website defacement

© 2026 RiskDiscovery | Sponsored by: Deception Logic