[ News | Newsletters | Blogs | Lists | Media | Jobs ] HoneyDB
  [ privacy | malware | research | vendor ]
Wiz - Incidents
NCC Group Research
Threat Research - Sophos
Adobe Reader zero-day vulnerability in active exploitation
We let OpenClaw loose on an internal network. Here’s what it found
Axios npm package compromised to deploy malware
Incident responders, s'il vous plait: Invites lead to odd malware events
Oracle vulnerability (CVE-2026-21992) impacts core products
NICKEL ALLEY strategy: Fake it 'til you make it
Android devices ship with firmware-level malware
March Patch Tuesday visits 15 product families
Initial access techniques used by Iran-based threat actors
Evil evolution: ClickFix and macOS infostealers
PortSwigger Research
Top 10 web hacking techniques of 2025
Top 10 web hacking techniques of 2025: call for nominations
The Fragile Lock: Novel Bypasses For SAML Authentication
Introducing HTTP Anomaly Rank
WebSocket Turbo Intruder: Unearthing the WebSocket Goldmine
Cookie Chaos: How to bypass __Host and __Secure cookie prefixes
Inline Style Exfiltration: leaking data with chained CSS conditionals
Beware the false false-positive: how to distinguish HTTP pipelining from request smuggling
HTTP/1.1 must die: the desync endgame
Repeater Strike: manual testing, amplified
Google Project Zero
AI Research - Sophos
Where AI in the SOC is actually delivering — and where it isn’t
Locking it down: A new technique to prevent LLM jailbreaks
Getting salty with LLMs: SophosAI unveils new defense against jailbreaking at CAMLIS 2025
Using AI to identify cybercrime masterminds
The sixth sense for cyber defense: Multimodal AI
DeepSpeed: a tuning tool for large language models
Sophos AI to present on how to defang malicious AI models at Black Hat Europe
SophosAI team presents three papers on AI applied to cybersecurity at CAMLIS
Political Manipulation with Massive AI Model-driven Misinformation and Microtargeting
SophosAI at Virus Bulletin ’24: Using multimodal AI as a “sixth sense” for cyber defense
Unit 42
Cracks in the Bedrock: Agent God Mode
Cracks in the Bedrock: Escaping the AWS AgentCore Sandbox
Understanding Current Threats to Kubernetes Environments
When an Attacker Meets a Group of Agents: Navigating Amazon Bedrock's Multi-Agent Applications
Threat Brief: Widespread Impact of the Axios Supply Chain Attack
Weaponizing the Protectors: TeamPCP’s Multi-Stage Supply Chain Attack on Security Infrastructure
Double Agents: Exposing Security Blind Spots in GCP Vertex AI
Threat Brief: March 2026 Escalation of Cyber Risk Related to Iran (Updated March 26)
Converging Interests: Analysis of Threat Clusters Targeting a Southeast Asian Government
Threat Brief: Recruiting Scheme Impersonating Palo Alto Networks Talent Acquisition Team
Talos Intelligence
[Video] The TTP Ep. 22: The Collapse of the Patch Window
The threat hunter’s gambit
From the field to the report and back again: How incident responders can use the Year in Review
New Lua-based malware “LucidRook” observed in targeted attacks against Taiwanese organizations
Talos Takes: 2025's ransomware trends and zombie vulnerabilities
The Trojan horse of cybercrime: Weaponizing SaaS notification pipelines
Year in Review: Vulnerabilities old and new and something React2
Do not get high(jacked) off your own supply (chain)
Axios NPM supply chain incident
The democratisation of business email compromise fraud
© 2026 RiskDiscovery | Sponsored by: Deception Logic