[ News | Newsletters | Blogs | Lists | Media | Jobs ] HoneyDB
DarkReading
6-Year Ransomware Campaign Targets Turkish Homes & SMBs
Critical MCP Integration Flaw Puts NGINX at Risk
Navigating the Unique Security Risks of Asia's Digital Supply Chain
Prepping for 'Q-Day': Why Quantum Risk Management Should Start Now
Audit: Big Tech Often Ignores CA Privacy Law Opt-Out Requests
Microsoft, Salesforce Patch AI Agent Data Leak Flaws
Microsoft Bets $10B to Boost Japan's AI, Cybersecurity
Privilege Elevation Dominates Massive Microsoft Patch Update
EDR-Killer Ecosystem Expansion Requires Stronger BYOVD Defenses
War Game Exercise Demonstrates How Social Media Manipulation Works
Ars Technica
“Negative” views of Broadcom driving thousands of VMware migrations, rival says
Iran-linked hackers disrupt operations at US critical infrastructure sites
Thousands of consumer routers hacked by Russia's military
OpenClaw gives users yet another reason to be freaked out about security
New Rowhammer attacks give complete control of machines running Nvidia GPUs
Quantum computers need vastly fewer resources than thought to break vital encryption
Google bumps up Q Day deadline to 2029, far sooner than previously thought
Self-propagating malware poisons open source software and wipes Iran-based machines
Widely used Trivy scanner compromised in ongoing supply-chain attack
Cloud service providers ask EU regulator to reinstate VMware partner program
CyberScoop
NIST narrows scope of CVE analysis to keep up with rising tide of vulnerabilities
Executive orders likely ahead in next steps for national cyber strategy
OpenAI expands Trusted Access for Cyber program with new GPT 5.4 Cyber model 
We’re only seeing the tip of the chip-smuggling iceberg
CISA cancels summer internships for cyber scholarship students amid DHS funding lapse
Microsoft drops its second-largest monthly batch of defects on record
Space Force official touts AI’s impact on cyber compliance
Black Basta’s playbook lives on as former affiliates launch fast-scale intrusion campaign
Secretary Mullin must help finish the job: Urge the Senate to confirm Plankey
Here’s how cyber heavyweights in the US and UK are dealing with Claude Mythos
InfoSecurity Magazine
OpenAI Unveils GPT-5.4-Cyber for Improving Cyber Defense With AI
European Cybersecurity Agency ENISA Seeks Top-Tier Status in CVE Program
Signed Adware Operation Disables Antivirus Across 23,000 Hosts
Critical Nginx-ui MCP Flaw Actively Exploited in the Wild
AI Companies to Play Bigger Role in CVE Program, Says CISA
Researchers Spot Surge in Brute-Force Attacks from Middle East
Microsoft Fixes Two Zero-Days in April Patch Tuesday
CISOs Urged to Innovate with Talent Retention as Job Satisfaction Declines
Triad Nexus Expands Global Fraud Operations Despite US Sanctions
Malicious Chrome Extensions Campaign Exposes User Data
SecurityWeek
Sweden Blames Pro-Russian Group for Cyberattack Last Year on Its Energy Infrastructure
Exploited Vulnerability Exposes Nginx Servers to Hacking
Capsule Security Emerges From Stealth With $7 Million in Funding
‘By Design’ Flaw in MCP Could Enable Widespread AI Supply Chain Attacks
100 Chrome Extensions Steal User Data, Create Backdoor
CISO Conversations: Ross McKerchar, CISO at Sophos
Mirax RAT Targeting Android Users in Europe
Two Vulnerabilities Patched in Ivanti Neurons for ITSM 
$10 Domain Could Have Handed Hackers 25k Endpoints, Including in OT and Gov Networks
Trump Urges Extending Foreign Surveillance Program as Some Lawmakers Push for US Privacy Protections
ZDNet
I found a way to roll back buggy Google Services updates on Android - in just a few clicks
Don't fall for the 'Vivid' TV trap when shopping - how I get the most color accurate setup
The same Microsoft Surface I bought 4 months ago is 69% more expensive now - here's why
I've been subscribed to a data removal service a month now - what I wish I knew sooner
I tried Google's new desktop app for Windows, and I'll never search the old way again
Microsoft's Windows 11 laptop deal for students comes with a $500 bonus - what's included
Best Buy will give you a free LG TV when you buy the B5 OLED at 50% off - seriously
Why Zorin OS 18.1 is simply the best Linux distro - for anyone
Why Netgear just got the first FCC router ban exemption in the US
Microsoft's latest Windows update now confirms if your PC is Secure Boot-protected - how it works
The Hacker News
UAC-0247 Targets Ukrainian Clinics and Government in Data-Theft Malware Campaign
n8n Webhooks Abused Since October 2025 to Deliver Malware via Phishing Emails
Actively Exploited nginx-ui Flaw (CVE-2026-33032) Enables Full Nginx Server Takeover
April Patch Tuesday Fixes Critical Flaws Across SAP, Adobe, Microsoft, Fortinet, and More
Deterministic + Agentic AI: The Architecture Exposure Validation Requires
Microsoft Issues Patches for SharePoint Zero-Day and 168 Other New Vulnerabilities
OpenAI Launches GPT-5.4-Cyber with Expanded Access for Security Teams
New PHP Composer Flaws Enable Arbitrary Command Execution — Patches Released
Google Adds Rust-Based DNS Parser into Pixel 10 Modem to Enhance Security
AI-Driven Pushpaganda Scam Exploits Google Discover to Spread Scareware and Ad Fraud
BleepingComputer
Microsoft: April Windows Server 2025 update may fail to install
Critical Nginx UI auth bypass flaw now actively exploited in the wild
New AgingFly malware used in attacks on Ukraine govt, hospitals
WordPress plugin suite hacked to push malware to thousands of sites
Signed software abused to deploy antivirus-killing scripts
Microsoft pays $2.3M for cloud and AI flaws at Zero Day Quest
CISA flags Windows Task Host vulnerability as exploited in attacks
Rolling Networks: Securing the Transportation Sector
Microsoft: April updates trigger BitLocker key prompts on some servers
Microsoft fixes bug behind Windows Server 2025 automatic upgrades
gbhackers
Cisco FMC Zero-Day Among 31 High-Impact Vulnerabilities Exploited in March
Chrome Privacy Vulnerability Exposes Users via Fingerprinting and Header Leaks
Critical Cisco ISE Flaws Let Remote Attackers Execute Malicious Code
Cisco Webex Vulnerability Allows User Impersonation Attacks
Fake Adobe Reader Download Drops ScreenConnect via Fileless Loader
Russian Hosting Tied to 1,250+ C2 Servers Across 165 Providers
Nginx-UI Flaw Actively Exploited to Enable Full Server Takeover
Splunk Enterprise and Cloud Platform Exposed to Dangerous RCE Vulnerability
AI Content Hijacks Google Discover to Deliver Malicious Alerts
Critical Chrome Flaws Allow Arbitrary Code Execution – Patch Immediately
Cybersecurity Dive
FCC exempts Netgear from foreign router ban
Medium-severity flaw in Microsoft SharePoint exploited
Brute-force cyberattacks originating in Middle East surge in Q1
FCC signals continued commitment to Cyber Trust Mark program
CISOs see gaps in their incident response playbooks
US, Indonesia shut down ‘sophisticated’ phishing kit
Stryker warns of earnings fallout from March cyberattack
Nearly 4K industrial control devices vulnerable to Iran-linked hacking campaign
NERC is ‘actively monitoring the grid’ following Iran-linked cyber threat
CISA adds second critical flaw in Ivanti EPMM to exploited vulnerabilities catalog
Threatpost
Student Loan Breach Exposes 2.5M Records
Watering Hole Attacks Push ScanBox Keylogger
Tentacles of ‘0ktapus’ Threat Group Victimize 130 Firms
Ransomware Attacks are on the Rise
Cybercriminals Are Selling Access to Chinese Surveillance Cameras
Twitter Whistleblower Complaint: The TL;DR Version
Firewall Bug Under Active Attack Triggers CISA Warning
Fake Reservation Links Prey on Weary Travelers
iPhone Users Urged to Update to Patch 2 Zero-Days
Google Patches Chrome’s Fifth Zero-Day of the Year
The Register
Server-room lock was nothing but a crock
Google Chrome lacks protection against one of the most basic and common ways to track users online
Anthropic's Project Glasswing CVE tally is still anyone's guess
Patch these critical Fortinet sandbox bugs that let attackers bypass login, run commands over HTTP
Automotive data biz Autovista blames ransomware for service disruption
French cops free mother and son after 20-hour crypto kidnap ordeal
Ancient Excel bug comes out of retirement for active attacks
Raspberry Pi OS ends open-door policy for sudo
UK told its Big Tech habit is now a national security risk
Agents hooked into GitHub can steal creds – but Anthropic, Google, and Microsoft haven't warned users
VentureBeat
Microsoft patched a Copilot Studio prompt injection. The data exfiltrated anyway.
Frontier models are failing one in three production attempts — and getting harder to audit
43% of AI-generated code changes need debugging in production, survey finds
Five signs data drift is already undermining your security models
Your developers are already running AI locally: Why on-device inference is the CISO’s new blind spot
AI agent credentials live in the same box as untrusted code. Two new architectures show where the blast radius actually stops.
Mythos autonomously exploited vulnerabilities that survived 27 years of human review. Security teams need a new detection playbook
TechCrunch
Sweden blames Russian hackers for attempting ‘destructive’ cyberattack on thermal plant
Someone planted backdoors in dozens of WordPress plug-ins used in thousands of websites
Anthropic co-founder confirms the company briefed the Trump administration on Mythos
Adobe fixes PDF zero-day security bug that hackers have exploited for months
FBI announces takedown of phishing operation that targeted thousands of victims
Booking.com confirms hackers accessed customers’ data
Hack at Anodot leaves over a dozen breached companies facing extortion
France to ditch Windows for Linux to reduce reliance on US tech
Hacker stole £700,000 from UK energy company by redirecting payment
WireGuard VPN developer can’t ship software updates after Microsoft locks account
Network World Security
OpenAI pulls out of a second Stargate data center deal
Maine to put brakes on big data centers as AI expansion collides with power limits
Satellite backhaul service Globalstar has a new, rich owner amid challenging market conditions
Cisco just made moves to own the AI infrastructure stack
Data centers are moving inland, away from some traditional locations
2026 network outage report and internet health check
DNS security is often inadequate, and network engineers should get more involved
Fixing encryption isn’t enough. Quantum developments put focus on authentication
Curious about quantum? Check out training options from ISC2, IBM, AWS and more
Linux 7.0 debuts with some big changes for networking
Help Net Security
Anthropic tests user trust with ID and selfie checks for Claude
GitHub lays out copyright liability changes and upcoming DMCA review for developers
EU cybersecurity standards are at risk if supplier ban passes
Command integrity breaks in the LLM routing layer
What the EU AI Act requires for AI agent logging
SC Magazine
OpenAI unveils GPT-5.4-Cyber, expands access for verified security experts
FCC picks new Cyber Trust Mark program overseer
Vulnerability-related breach exposes RCI Hospitality Holdings' contractor data
Amtrak allegedly breached by ShinyHunters, massive data leak threatened
McGraw-Hill downplays Salesforce misconfiguration-related breach
0APT threatens to expose Krybit ransomware operation's data
Novel ad fraud scheme weaponizes Google Discover
Over 25K systems exposed by adware app to supply chain compromise
Middle East-based brute-force cyber intrusions surge
Triad Nexus cybercrime operation flourishes despite US sanctions
© 2026 RiskDiscovery | Sponsored by: Deception Logic