[ News | Newsletters | Blogs | Lists | Media | Jobs ] HoneyDB
DarkReading
How the Story of a USB Penetration Test Went Viral
RMM Tools Fuel Stealthy Phishing Campaign
Exploit Cyber-Frenzy Threatens Millions via Critical cPanel Vulnerability
Silver Fox Springs Tax-Themed Attacks on Orgs in India, Russia
How Dark Reading Lifted Off the Launchpad in 2006
76% of All Crypto Stolen in 2026 Is Now in North Korea
If AI's So Smart, Why Does It Keep Deleting Production Databases?
Name That Toon: Mark of (Security) Progress
20 Years in Cyber: Dark Reading Marks Milestone With Month of Special Coverage
TeamPCP Hits SAP Packages With 'Mini Shai-Hulud' Attack
Ars Technica
Why Reddit blocked my daily visit to its mobile website
GameStop offers $56 billion for eBay, struggles to explain how it'll pay for it
Ubuntu infrastructure has been down for more than a day
The most severe Linux threat to surface in years catches the world flat-footed
Why a recent supply-chain attack singled out security firms Checkmarx and Bitwarden
Open source package with 1 million monthly downloads stole user credentials
Why are top university websites serving porn? It comes down to shoddy housekeeping.
In a first, a ransomware family is confirmed to be quantum-safe
Microsoft issues emergency update for macOS and Linux ASP.NET threat
Contrary to popular superstition, AES 128 is just fine in a post-quantum world
CyberScoop
‘Copy Fail’ is a real Linux security crisis wrapped in AI slop
A college student is suing a dating app that allegedly used her TikTok videos to target men in her dormitory
Why data centers now belong on the critical infrastructure list
US government, allies publish guidance on how to safely deploy AI agents
Former incident responders sentenced to 4 years in prison for committing ransomware attacks
FCC tightens KYC rules for telecoms, closes loophole for banned foreign services
Congress kicks the can down the road on surveillance law (again)
cPanel’s authentication bypass bug is being exploited in the wild, CISA warns
Two new extortion crews are speedrunning the Scattered Spider playbook
Everyone’s building AI agents. Almost nobody’s ready for what they do to identity.
InfoSecurity Magazine
Fake SSA Emails Drive Venomous#Helper Phishing Campaign
AI Adoption Outpaces Safety Policies, Leaving Organizations Exposed to Cyber Risk
NCSC Warns of an AI-Fuelled “Vulnerability Patch Wave”
Trellix Reveals Unauthorized Access to Source Code
Small Defense Firms Lack Network Data to Stop Nation-State Hackers, Analyst Says
OpenAI To Extend Cyber Program to Government Agencies
Anthropic Rolls Out Claude Security for AI Vulnerability Scanning
Two American Cybersecurity Workers Jailed for BlackCat Ransomware Attacks
Nine-Year-Old Zero-Day Flaw in Linux Kernel Discovered by AI-Equipped Security Researcher
Three Arrested for Hacking Over 610,000 Roblox Accounts
SecurityWeek
Hacker Conversations: Joey Melo on Hacking AI
Critical Bug Could Expose 300,000 Ollama Deployments to Information Theft
Critical Remote Code Execution Vulnerability Patched in Android
Critical, High-Severity Vulnerabilities Patched in Apache MINA, HTTP Server
Karakurt Ransomware Negotiator Sentenced to Prison
MetInfo, Weaver E-cology Vulnerabilities in Attackers’ Crosshairs
WhatsApp Discloses File Spoofing, Arbitrary URL Scheme Vulnerabilities
Cisco Moves to Acquire Astrix Security to Tackle Non-Human Identity Risks
Trellix Source Code Repository Breached
Cybersecurity M&A Roundup: 33 Deals Announced in April 2026
ZDNet
I've tested dozens of Sony headphones - these 4 tweaks get me the best sound quality
How I'm backing up my Samsung Messages before the service ends in July - local and cloud options
Bose's new home theater system is optimized for your various TV setups - but can it beat Sony?
Google Maps vs. Apple Maps: I've tried two of the best navigation apps - and this one wins
Trojan abuses Microsoft Phone Link app to steal your passwords
The best mobile antivirus software of 2026: Expert tested and reviewed
What you'll pay for AI agents will be wildly variable and unpredictable
Forget the soundbar: How I upgraded my TV audio with spare Bluetooth speakers
Android phone slow? I changed 2 developer settings for an instant speed boost
This wearable gadget effectively soothes my migraines and headaches, and it's under $50
The Hacker News
The Back Door Attackers Know About — and Most Security Teams Still Haven’t Closed
MetInfo CMS CVE-2026-29014 Exploited for Remote Code Execution Attacks
We Scanned 1 Million Exposed AI Services. Here's How Bad the Security Actually Is
ScarCruft Hacks Gaming Platform to Deploy BirdCall Malware on Android and Windows
Weaver E-cology RCE Flaw CVE-2026-22679 Actively Exploited via Debug API
Microsoft Details Phishing Campaign Targeting 35,000 Users Across 26 Countries
Phishing Campaign Hits 80+ Orgs Using SimpleHelp and ScreenConnect RMM Tools
Progress Patches Critical MOVEit Automation Bug Enabling Authentication Bypass
⚡ Weekly Recap: AI-Powered Phishing, Android Spying Tool, Linux Exploit, GitHub RCE & More
2026: The Year of AI-Assisted Attacks
BleepingComputer
The EOL Blind Spot in Your CVE Feed: What SCA Tools Don't Check.
Vimeo data breach exposes personal information of 119,000 people
Google now offers up to $1.5 million for some Android exploits
Karakurt extortion gang ‘cold case’ negotiator gets 8.5 years in prison
CloudZ malware abuses Microsoft Phone Link to steal SMS and OTPs
ScarCruft hackers push BirdCall Android malware via game platform
Weaver E-cology critical bug exploited in attacks since March
Amazon SES increasingly abused in phishing to evade detection
Backdoored PyTorch Lightning package drops credential stealer
Trellix discloses data breach after source code repository hack
gbhackers
Hackers Abuse DAEMON Tools Distribution Channel to Deliver Malicious Payloads
ScarCruft Targets Gaming Platform With Windows, Android Backdoors
Silver Fox Uses Fake Tax Notices to Drop ValleyRAT and ABCDoor Backdoor
Critical Weaver E-cology RCE Exploit Raises Alarm for Enterprise Systems
Cisco Acquisition of Astrix Security Signals to Strengthen on Non-Human Identity Security
Cerberus Stalkerware Hits Google Play, Abuses Accessibility and Firebase for Remote Control
WhatsApp Security Flaw Enables Malicious URL Execution Through Instagram Reels
Education Sector Hit by Espionage, Phishing, and Supply Chain Attacks
Code of Conduct Phish Hits 35,000 Users in Multi-Stage AiTM Attack
Qualcomm Chipset Vulnerabilities Raise Alarm Over Remote Code Execution Risk
Cybersecurity Dive
Critical vulnerability in cPanel leads to widespread exploitation
New MOVEit vulnerabilities prompt urgent patch warning
How OpenClaw’s agent skills become an attack surface
White House questions tech industry on defensive AI use, cybersecurity resilience
As email phishing evolves, malicious attachments decline and QR codes surge
US and allies urge ‘careful adoption’ of AI agents
PwC partners with Google Cloud to take on the managed security market
US agencies promote zero-trust practices for operational technology networks
CISA adds Microsoft, ConnectWise vulnerabilities to active exploitation catalog
State CISOs losing confidence in ability to manage cyber risks
Threatpost
Student Loan Breach Exposes 2.5M Records
Watering Hole Attacks Push ScanBox Keylogger
Tentacles of ‘0ktapus’ Threat Group Victimize 130 Firms
Ransomware Attacks are on the Rise
Cybercriminals Are Selling Access to Chinese Surveillance Cameras
Twitter Whistleblower Complaint: The TL;DR Version
Firewall Bug Under Active Attack Triggers CISA Warning
Fake Reservation Links Prey on Weary Travelers
iPhone Users Urged to Update to Patch 2 Zero-Days
Google Patches Chrome’s Fifth Zero-Day of the Year
The Register
Real estate giant confirms vishing incident as ShinyHunters and Qilin both come knocking
ShinyHunters claims dump puts 119K Vimeo emails in the wild
Romance scammers turn sweet talk into £102M payday
NHS to close-source hundreds of GitHub repos over AI, security concerns
Microsoft's bad obsession is showing up in shabby services and slipshod software. Here's proof
Singapore boffins get diverse SIEMs singing in harmony with agentic rule translation
Kids say they can beat age checks by drawing on a fake mustache
Shadow IT has given way to shadow AI. Enter AI-BOMs
If the vote you rocked, your personal info can be grokked
Five Eyes spook shops warn rapid rollouts of agentic AI are too risky
VentureBeat
Microsoft takes Agent 365 out of preview as shadow AI becomes an enterprise threat
200,000 MCP servers expose a command execution flaw that Anthropic calls a feature
Claude Code, Copilot and Codex all got hacked. Every attacker went for the credential, not the model.
CVSS scored these two Palo Alto CVEs as manageable. Chained, they gave attackers root access to 13,000 devices.
85% of enterprises are running AI agents. Only 5% trust them enough to ship.
Vercel breach exposes the OAuth gap most security teams cannot detect, scope or contain
Three AI coding agents leaked secrets through a single prompt injection. One vendor's system card predicted it
TechCrunch
4 days left: Get 50% off a second TechCrunch Disrupt 2026 pass to make more deals faster
US government warns of severe CopyFail bug affecting major versions of Linux
Hackers are mass-exploiting the cPanel bug to gain control of thousands of websites
US healthcare marketplaces shared citizenship and race data with ad tech giants
5 days only: Bring a partner or colleague and get 50% off a second TechCrunch Disrupt 2026 pass
Ubuntu services hit by outages after DDoS attack
Hackers are actively exploiting a bug in cPanel, used by millions of websites
After dissing Anthropic for limiting Mythos, OpenAI restricts access to Cyber, too
Dental practice software maker fixes bug that exposed patients’ medical records
Sri Lanka discloses another missing payment, days after hackers stole $2.5M from its finance ministry
Network World Security
Broadcom bets big on VMware Cloud Foundation 9.1
IBM unveils its blueprint to help enterprises run AI at the core of their business
Ruckus Networks on the move again, this time acquired by Belden for $1.85 billion
AMD and Intel partner to deliver AI performance advancement
Cisco grabs Astrix to secure AI agents
Beyond the pitch: A look at Atlético Madrid’s connected stadium
StarlingX 12.0 is right on time for mixed-hardware edge deployments
Cisco nerds out: May the Fourth be with your AI assistant
Memory shortage and cost surge push enterprises toward the cloud
Extreme Networks: Memory advantage, Wi-Fi 7 and competitive flux drive momentum
Help Net Security
Download: Secure Foundations for AI Workloads on AWS
Conti ransomware gang member sentenced to 102 months in prison
VIAVI CyberFlood CF1000 pushes 400G validation for multi-terabit AI data centers
Oracle rolls out monthly security patch updates
Microsoft: Phishing campaign used fake compliance notices to compromise employee accounts
Anomali ThreatStream Next-Gen speeds threat response across workflows
North Korean hackers trojanize gaming platform to spy on ethnic Koreans in China
Meta adds proof-based security to encrypted backups
Can your coding style predict whether your code is vulnerable?
One in four MCP servers opens AI agent security to code execution risk
SC Magazine
CISA reportedly considers 3-day patch deadline for KEV flaws
Keeping Up With the OWASP GenAI Project - Scott Clinton - ASW #381
Instructure confirms data breach, ShinyHunters claims responsibility
Chinese-linked Salt Typhoon suspected in Italy's Sistemi Informativi breach
Microsoft Defender false positives trigger DigiCert certificate alerts
Telegram mini apps used in large-scale crypto scams and malware distribution
New ConsentFix v3 attack automates Microsoft Azure account hijacking
Copy Fail bug added to CISA's list of known exploited vulnerabilities
Beyond Claude Mythos: Securing critical systems when the grace period hits zero
Instructure investigates cybersecurity incident impacting Canvas platform
© 2026 RiskDiscovery | Sponsored by: Deception Logic