Risk Discovery

DarkReading

Name That Toon Contest

Malicious Notifications Could Trick Google Gemini Users

Global Stock Exchange Hit by Monthslong Email Campaign

Zoom CISO: AI as a Security Enabler, Not Role-Replacer

FBI-Flagged Phishing Kit Kali365 Expands Its Reach

DriveSurge Hijacks Thousands of Sites for ClickFix, FakeUpdate Attacks

China Uses Dual-Method Cyberattack on Czech Orgs

Securing AI Agents Before They Go Rogue Is Next to Impossible

[An RX Global Event] Infosecurity Europe

Beyond Assume-Breach: How AI-Native Security Will Reshape Enterprise Defense

Ars Technica

Dozens of Red Hat packages backdoored through its official NPM channel

Botnet of more than 17 million devices dismantled

Fed up with vibe coders, dev sneaks data-nuking prompt injection into their code

Websites have a new way to spy on visitors: Analyzing their SSD activity

Millions of AI agents imperiled by critical vulnerability in open source package

US's big bet on quantum computing may not be entirely legal

Texas AG sues Meta over claims that WhatsApp doesn't provide end-to-end encryption

A hacker group is poisoning open source code at an unprecedented scale

US government takes $2 billion equity stake in nine quantum computing firms

Google publishes exploit code threatening millions of Chromium users

CyberScoop

DOD wants to integrate cyber in all operations, and integrate security into AI

Trump administration releases scaled-back AI executive order

Anthropic expanding access to Project Glasswing

Attackers are exploiting Palo Alto Networks defect that initially flew under the radar

Tina Peters, convicted in election-security breach, emerges defiant and vows legal fight

USPS moving forward with mail-in ballot changes as courts weigh Trump’s election order

Election threats are focused on campaign systems, not voting machines

Tennessee man linked to 764 accused of series of crimes against children dating back to 2022

Federal audit reveals NIST’s NVD is plagued by poor planning and duplication

House panel poised to hold hearing centered on AI impact on cyber

InfoSecurity Magazine

Infosecurity Europe: Vulnerability Management Innovator Konvu Wins Cyber Startup Award

Trump Signs Order Inviting Voluntary Review of Frontier AI Models

Infosecurity Europe: How to Get Boards to Prioritize Cyber Risk Quantification

Anthropic Expands Mythos Access to 150 More Organizations

Infosecurity Europe: Patch Responsibility Remains Up for Grabs as AI Unearths Decades of Flaws

Infosecurity Europe: Execs Must Treat Cyber Threats as Statecraft, ISACA Expert Say

Infosecurity Europe: AI-Powered Cybercrime Tools Surge on Dark Web

Infosecurity Europe: NCSC Urges Immediate Action to Boost Resilience as Uncertainty Persists

Infosecurity Europe: Cybersecurity Teams Which Don’t Leverage AI are "Doomed to Fail"

Infosecurity Europe: Bayer Reinvents Security Awareness Training to Counter AI Threats

SecurityWeek

Kirki, Burst Statistics WordPress Plugin Flaws in Attackers’ Crosshairs

Security of 100 AI Agents Tested and Ranked – What You Need to Know

Hackers Target Global Stock Exchange in Espionage Operation

IMA Diligence Services Data Breach Impacts 525,000 People

Organizations Warned of Exploited Linux Kernel Vulnerability

‘HTTP/2 Bomb’ Exploit Knocks Web Servers Offline in Seconds

Microsoft Tries to Calm Legal Threat Fears After Zero-Day Disclosure Backlash

Trump Signs Executive Order That Invites Vetting of Top AI Models for National Security Risks

Two New Reports Offer Competing Explanations for Cybersecurity’s Growing Crisis

Exclusive: How One Line of Code Put Billions of Microsoft Android App Downloads at Risk

ZDNet

6 ways I use Spotlight to get more out of my Mac - beyond basic search

AT&T will give you a new Motorola Razr flip phone for under $5/month - how to qualify

The best early Prime Day smartwatch and smart ring deals I'd recommend

How to get your files off an Android phone with a broken screen - for free

How I used a $170 sports watch as my training coach to help me avoid injuries

I've tested a lot of tablets - these are the best tablet deals I found ahead of Prime Day

Why I'm sticking with Firefox as my browser - after years of using Chrome, Edge, and Safari

How AI agents will transform your customer service - despite 3 hurdles

The best rechargeable batteries of 2026: Expert recommended

The first settings I immediately change on every new iPhone - and why

The Hacker News

One-Click GitHub Dev Attack Lets Attackers Steal Full GitHub OAuth Tokens

Shrinking the IAM Attack Surface through Identity Visibility and Intelligence Platforms (IVIP)

Beyond the Zero-Day: See Your Network Like an Attacker | Webinar with HD Moore

Unpatched Windows Search URI Vulnerability Lets Attackers Steal NTLMv2 Hashes

New HTTP/2 Bomb Vulnerability Allows Remote DoS on NGINX, Apache, IIS, Envoy & Cloudflare

Weedhack Attacks Minecraft Users, CountLoader Hits 86K, Miners Spread via Pirated Content

Google June 2026 Android Update Patches 124 Flaws, One Actively Exploited

Gamaredon Exploits WinRAR to Deliver GammaWorm and GammaSteel Against Ukraine

Oracle WebLogic CVE-2024-21182 Added to KEV Catalog After Active Exploitation

AI-Driven Exploitation is Destroying Vulnerability Management. Here’s How to Handle It.

BleepingComputer

What 345 Days of Untested Exposure Looks Like at a Bank

Acer working to patch max severity zero-days in Wave 7 routers

Police dismantles 9 crime groups in illegal streaming crackdown

Google adds Android protection against AI deepfake scam calls

VS Code zero-day lets hackers steal GitHub tokens in one click

Microsoft's Coreutils project brings Linux commands to Windows

OpenAI upgrades GPT-5.5, as it plans to retire legacy ChatGPT models

Critical Kirki flaw exploited to hijack WordPress admin accounts

Over 116,000 Minecraft systems infected in WeedHack malware campaign

AI-built ransomware toolkit automates EDR evasion, AD discovery

gbhackers

Error 524 Decoy Campaign Uses Brand Impersonation to Phish Mobile Users

Gentlemen Ransomware Exploits Fortinet Flaws, AI, and Custom C2 Tools

WordPress Plugin Flaw Opens Door to Privilege Escalation Attacks Across 500,000+ Sites

Expiring Microsoft Secure Boot Keys May Block DBX Updates on Legacy Devices

Critical Apache ActiveMQ Vulnerability Exposes Systems to Security Header Injection Attacks

38% of GitHub Actions Workflows Exposed to Script Injection Risks

Ivanti ITSM Flaw Could Allow Attackers to Escalate to Admin Access

Hackers Leverage AI-Powered Tools to Streamline Active Directory Compromise

HazyBeacon Campaign Abuses AWS for Stealthy C2 Communications

Windows Search URI Handler Vulnerability Exposes NTLMv2 Hashes to Remote Attackers

Cybersecurity Dive

Trump signs EO seeking early government access to powerful AI models

Dozens of Red Hat npm packages targeted in supply chain attack

Anthropic shares Mythos with 150 more organizations, including critical infrastructure operators

Turning tension into collaboration: How CIOs and CISOs can lead together

Without strong governance, companies put credit ratings at risk in AI era

CISA adds critical Palo Alto Networks firewall flaw to KEV as company, researchers warn of exploitation

How Canva scaled to 260+M users while elevating security and productivity

Top 4 data security best practices for the AI-enabled enterprise

CISA urges security teams to check for software development compromises

How CISOs can manage sovereign-cloud security risks

Threatpost

Student Loan Breach Exposes 2.5M Records

Watering Hole Attacks Push ScanBox Keylogger

Tentacles of ‘0ktapus’ Threat Group Victimize 130 Firms

Ransomware Attacks are on the Rise

Cybercriminals Are Selling Access to Chinese Surveillance Cameras

Twitter Whistleblower Complaint: The TL;DR Version

Firewall Bug Under Active Attack Triggers CISA Warning

Fake Reservation Links Prey on Weary Travelers

iPhone Users Urged to Update to Patch 2 Zero-Days

Google Patches Chrome’s Fifth Zero-Day of the Year

The Register

UK banks offered access to OpenAI’s GPT-5.5 amid exclusion from Anthropic’s Glasswing expansion

'Dumbass' criminal breaks the 'first rule of ransomware club'

Cisco sings Mythos' praises - but doesn't say how many bugs the model uncovered

Russian spy agency says foreign spies turned officials' smartphones into surveillance devices

Microsoft reaches for olive branch after public dustup with 0-day researcher

Claude celebrates Anthropic's stock market float with blockbuster ... outage

Northern Ireland cops issue PSA after official phone number spoofed by scammers

Shai-Hulud malware worms Red Hat npm package versions downloaded 80K times a week

Election interlopers register 5K+ domains, hope to catch some voting phish

GTA cheat service Atlas Menu hacked as attacker alleges screenshot spying

VentureBeat

Microsoft launches MXC, an OS-level sandbox for AI agents, with OpenAI and Nvidia already on board

Zip’s new AI agents want to stop your finance team from uploading contracts into personal ChatGPT accounts

Anthropic’s browser agent got hijacked 31.5% of the time before safeguards engaged

AI doesn't break security. Complexity does

Claude Mythos exposed a hard truth: Your enterprise patching process is way too slow

DataGrail report finds your vendor may be sending data to AI models you never approved

The attack dominating financial services doesn't steal passwords. It resets MFA and steals the token.

TechCrunch

The worst hacks and breaches of 2026 (so far)

Cyera eyes $12B valuation at 80x ARR multiple despite operating losses

Password manager Dashlane says hackers stole some customers’ password vaults

Anthropic scales Claude Mythos to critical infrastructure in 15+ countries

Hackers hijacked Instagram accounts by tricking Meta AI support chatbot into granting access

Grand Theft Auto V cheat service gets hacked, exposing thousands of gamers

Microsoft under fire for threatening security researcher with criminal investigation

Final 24 hours to save up to $410 on your TechCrunch Disrupt 2026 ticket

Hackers are trying to steal Signal users’ backups in new wave of widespread attacks

A security lapse at prison pay phone service Pay Tel publicly exposed over 300K callers’ driver’s licenses

Network World Security

Netskope introduces AI Command Center to monitor and secure enterprise AI sprawl

Cisco Live: The network is back, and AI rewrote the rules

2026 network outage report and internet health check

Cisco brings agentic ops platform and security overhaul to Cisco Live

Attackers exploit Palo Alto GlobalProtect flaw days after disclosure

FTC broadens Microsoft probe to cloud, AI, and software bundling

Can Chinese memory maker CXMT help relieve the memory shortage?

Broadcom, Samsung team for wireless SoC

Intel focuses on power efficiency and cost with new chip designs

Cisco: Latest news and insights

Help Net Security

Simplify security management with CIS SecureSuite Platform

Autonomous AI-driven worm can reason its way through corporate networks

Malware campaign targeting Minecraft users infects over 116,000 systems

Only 11% of production agents pass the AI agent security bar

New Android feature promises to spot deepfake scam calls

Microsoft Scout agent opens a new category of always-on Autopilots

Anthropic expands Project Glasswing to 150 organizations in more than 15 countries

Critical Start expands MDR capabilities with multi-agent AI system

MazeBolt brings AI-generated attack simulation to DDoS security testing

Netskope adds AI asset discovery and AISecOps agent to AI security portfolio

SC Magazine

Anthropic grants Mythos access to 150 more organizations, plans wider release

Scaling to $100M as the Security Weekly Index Hits an All Time High - Joshua Gould - BSW #450

ENISA NIS360 2026 report shows uneven cybersecurity improvements across EU critical sectors

Russian hackers exploit WinRAR vulnerability for data theft

Most organizations that miss 24-hour patch window report breaches

Google releases June Android security patches addressing 124 vulnerabilities, including 1 zero-day

SideCopy group targets Afghanistan's Ministry of Finance with Xeno RAT

CISA orders agencies to patch critical Oracle WebLogic Server vulnerability

Sectigo launches AI-powered server for certificate lifecycle management

DriveSurge actor uses ClickFix and FakeUpdates to distribute malware via compromised websites

© 2026 RiskDiscovery | Sponsored by: Deception Logic