[ News | Newsletters | Blogs | Lists | Media | Jobs ] HoneyDB
DarkReading
Claude Mythos Fears Startle Japan's Financial Services Sector
Reverse Engineering With AI Unearths High-Severity GitHub Bug
AI Finds 38 Security Flaws in Electronic Health Record Platform
Vect 2.0 Ransomware Acts as Wiper, Thanks to Design Error
Lotus Wiper Attack Targets Venezuelan Energy Firms, Utilities
BlueNoroff Uses Fake Zoom Calls to Turn Victims Into Attack Lures
NSA Chief During Snowden Affair Shares Regrets, Reflections 13 Years Later
Feuding Ransomware Groups Leak Each Other's Data
Vidar Rises to Top of Chaotic Infostealer Market
Fresh Wave of GlassWorm VS Code Extensions Slices Through Supply Chain
Ars Technica
Why a recent supply-chain attack singled out security firms Checkmarx and Bitwarden
Open source package with 1 million monthly downloads stole user credentials
Why are top university websites serving porn? It comes down to shoddy housekeeping.
In a first, a ransomware family is confirmed to be quantum-safe
Microsoft issues emergency update for macOS and Linux ASP.NET threat
Contrary to popular superstition, AES 128 is just fine in a post-quantum world
US-sanctioned currency exchange says $15 million heist done by "unfriendly states"
Recent advances push Big Tech closer to the Q-Day danger zone
“Negative” views of Broadcom driving thousands of VMware migrations, rival says
Iran-linked hackers disrupt operations at US critical infrastructure sites
CyberScoop
Congress, industry ponder government posture for protecting data centers
Spy agency officials say job loss anxiety, moving fast ‘safely’ among top challenges in AI workforce overhaul
Federal CIO cautious on Anthropic’s Mythos despite planned rollout
Rep. Delia Ramirez takes over as top House cybersecurity Dem
U.S. companies hit with record fines for privacy in 2025
Chinese national extradited to US for pandemic-era Silk Typhoon attacks
Supreme Court justices skeptically question both sides in geofence surveillance case
Senators seek answers about hackers obtaining sensitive student data from ostensibly anonymous tip line
BlackFile actively extorting data-theft victims in retail and hospitality sector
Latest spy power reauthorization bill leaves critics unimpressed
InfoSecurity Magazine
Europol Busts Albanian Scam Call Centers in Major Online Fraud Case
Cyber is the Number One Global “People Risk,” Says Marsh
Cursor Extension Flaw Exposes Developer API Keys
Malicious npm Dependency Linked to AI Assisted Commit Targets Crypto Wallets
Researchers Track 2.9 Billion Compromised Credentials
Critical Flaw Turns Vect Ransomware into Data Destroying Wiper
A Quarter of Healthcare Organizations Report Medical Device Cyber-Attacks
Medtronic Confirms Data Breach After ShinyHunters Claims
Ransomware Turf War as 0APT and KryBit Groups Trade Blows
Chinese National Extradited Over Silk Typhoon Cyber Campaign
SecurityWeek
Critical cPanel & WHM Vulnerability Exploited as Zero-Day for Months
‘Copy Fail’ Logic Flaw in Linux Kernel Enables System Takeover
Sandhills Medical Says Ransomware Breach Affects 170,000
Fresh LiteLLM Vulnerability Exploited Shortly After Disclosure
Hundreds of Internet-Facing VNC Servers Expose ICS/OT
Checkmarx Confirms Data Stolen in Supply Chain Attack
Iranian Cyber Group Handala Targets US Troops in Bahrain
38 Vulnerabilities Found in OpenEMR Medical Software
Chrome 147, Firefox 150 Security Updates Rolling Out
Critical GitHub Vulnerability Exposed Millions of Repositories
ZDNet
The best cloud phone systems of 2026: Expert tested and reviewed
The case against an imminent software developer apocalypse
Privacy in the AI era is possible, says Proton's CEO, but one thing keeps him up at night
This simple Linux tweak fixes crashes automatically - and it costs me nothing
Windows changes are coming: Here's how to get a sneak peek at what's next
Eero Signal keeps your business online during internet outages
Motorola Razr Ultra (2026) vs. Samsung Galaxy Z Flip 7: I tried both, and there's a clear winner
Forget Samsung Galaxy S26 Ultra: I found alternatives that are nearly as good for less money
HP vs. Dell: I've tested dozens of laptops from both brands, and here's my advice
Our readers can't stop buying these 10 gadgets - and No. 4 really surprised us
The Hacker News
New Linux 'Copy Fail' Vulnerability Enables Root Access on Major Distributions
Google Fixes CVSS 10 Gemini CLI CI RCE and Cursor Flaws Enable Code Execution
SAP-Related npm Packages Compromised in Credential-Stealing Supply Chain Attack
New Wave of DPRK Attacks Uses AI-Inserted npm Malware, Fake Firms, and RATs
Webinar: How to Automate Exposure Validation to Match the Speed of AI Attacks
What to Look for in an Exposure Management Platform (And What Most of Them Get Wrong)
Critical cPanel Authentication Vulnerability Identified — Update Your Server Immediately
CISA Adds Actively Exploited ConnectWise and Windows Flaws to KEV
LiteLLM CVE-2026-42208 SQL Injection Exploited within 36 Hours of Disclosure
Researchers Discover Critical GitHub CVE-2026-3854 RCE Flaw Exploitable via Single Git Push
BleepingComputer
Official SAP npm packages compromised to steal credentials
Popular WordPress redirect plugin hid dormant backdoor for years
Hackers exploit RCE flaws in Qinglong task scheduler for cryptomining
Hackers arrested for hijacking and selling 610,000 Roblox accounts
cPanel, WHM emergency update fixes critical auth bypass bug
European police dismantles €50 million crypto investment fraud ring
Learning from the Vercel breach: Shadow AI & OAuth sprawl
GitHub fixes RCE flaw that gave access to millions of private repos
CISA orders feds to patch Windows flaw exploited as zero-day
Microsoft says backend change broke Teams Free chat and calls
gbhackers
PoC Disclosed for Critical Root ASUSTOR ADM RCE Flaw
OpenAI Unveils Cyber Defense Roadmap Focused on AI-Powered Security
Attackers Exploit cPanel Authentication Bypass 0-Day After PoC Release
Jenkins Plugin Updates Fix Path Traversal and Stored XSS Bugs
Backdoored WordPress Plugin Abuses Remote Update Checker for Silent Code Delivery
Qinglong Task Scheduler RCE Flaws Exploited in the Wild
Compromised SAP npm Packages Found Harvesting Developer and CI/CD Secrets
SonicWall SonicOS Flaw Lets Attackers Bypass Access Controls and Crash Firewalls
ProFTPD SQL Injection Flaw Opens Door To Remote Code Execution Attacks
Linux Kernel 0-Day “Copy Fail” Grants Root Access Across Major Distros Since 2017
Cybersecurity Dive
CISA adds Microsoft, ConnectWise vulnerabilities to active exploitation catalog
State CISOs losing confidence in ability to manage cyber risks
‘Fundamental tension’ undermines manufacturers’ cybersecurity
North Korea-linked actor targets Web3 execs in social-engineering campaign
Major critical infrastructure supplier reports cyberattack
US, UK authorities warn that Firestarter backdoor malware survives patching
When security becomes the attack surface: Why endpoint protection must evolve
Hasbro expects March cyberattack to impact second-quarter revenue
AI-written software creates hassles for wary security teams
China disguises cyberattacks with ‘covert network’ botnets, US and allies warn
Threatpost
Student Loan Breach Exposes 2.5M Records
Watering Hole Attacks Push ScanBox Keylogger
Tentacles of ‘0ktapus’ Threat Group Victimize 130 Firms
Ransomware Attacks are on the Rise
Cybercriminals Are Selling Access to Chinese Surveillance Cameras
Twitter Whistleblower Complaint: The TL;DR Version
Firewall Bug Under Active Attack Triggers CISA Warning
Fake Reservation Links Prey on Weary Travelers
iPhone Users Urged to Update to Patch 2 Zero-Days
Google Patches Chrome’s Fifth Zero-Day of the Year
The Register
What type of 'C2 on a sleep cycle' do they leave behind? Novel Chinese spy group found in critical networks in Poland, Asia
Bug of the year (so far): Nasty cPanel vulnerability probably exploited as a 0-day
Britain's £6B armoured sickener Ajax cleared for duty despite injuring troops
Finance company stores DB credentials in helpfully labeled spreadsheet
Linux cryptographic code flaw offers fast route to root
Researchers move in the right direction, develop powerful GPS interference alarm
Microsoft's patch for a 0-day exploited by Russian spies fell short. Another Windows flaw is under attack
Legacy TLS tour continues with Exchange Online blocking old versions from July 2026
CISA flags data-theft bug in NSA-built OT networking tool
GitHub: Zounds, a genuinely helpful AI-assisted bug report that isn't total slop! Here, Wiz, take this wad of cash
VentureBeat
CVSS scored these two Palo Alto CVEs as manageable. Chained, they gave attackers root access to 13,000 devices.
85% of enterprises are running AI agents. Only 5% trust them enough to ship.
Vercel breach exposes the OAuth gap most security teams cannot detect, scope or contain
Three AI coding agents leaked secrets through a single prompt injection. One vendor's system card predicted it
Adversaries hijacked AI security tools at 90+ organizations. The next wave has write access to the firewall
The enforcement gap: 88% of enterprises reported AI agent security incidents last year
Microsoft patched a Copilot Studio prompt injection. The data exfiltrated anyway
TechCrunch
Sri Lanka discloses another missing payment, days after hackers stole $2.5M from its finance ministry
Paragon is not collaborating with Italian authorities probing spyware attacks, report says
US Supreme Court appears split over controversial use of ‘geofence’ search warrants
Hacker who allegedly carried out cyberattacks for China is extradited to US
Critical infrastructure giant Itron says it was hacked
Another spyware maker caught distributing fake Android snooping apps
Trump’s pick to run US cyber agency CISA asks to drop out
Vercel says some of its customers’ data was stolen prior to its recent hack
Surveillance vendors caught abusing access to telcos to track people’s phone locations, researchers say
France confirms data breach at government agency that manages citizens’ IDs
Network World Security
Deconstructing the data center: A massive (and massively liberating) project
Cisco bolsters security, AI support in latest SD-WAN release
The era of chatbot AIOps is fading as agentic AI gains traction
Auvik bets agentic AI can fill the networking skills gap
2026 network outage report and internet health check
Infected Cisco firewalls need cold start to clear persistent Firestarter backdoor
AI data bursts force rethink of data center networking at Backblaze
Nvidia’s ‘AI insurance policy’ balances immediate and future AI approaches
Top network and data center events of 2026
Meta’s compute grab continues with agreement to deploy tens of millions of AWS Graviton cores
Help Net Security
SC Magazine
Securing every door: Scalable strategies to manage machine and AI agent risks
LiteLLM exploited within 36 hours of disclosure via SQL injection bug
A Founder's Journey: From Microsoft Active Directory MVP to Co-Founder and CTO - Guy Teverovsky - FS #14
Swisscom radar warns of geopolitical cyber surge
Global education sector attacks surge 63%
AI lowers attack barriers, Google intel chief warns
Cybercriminals adopt structured operational security to evade detection
Microsoft to block legacy TLS connections for POP and IMAP in Exchange Online
Supreme Court hears arguments on controversial geofence warrants
Suspected Russian phishing campaign targets German officials via Signal
© 2026 RiskDiscovery | Sponsored by: Deception Logic