[ News | Newsletters | Blogs | Lists | Media | Jobs ] HoneyDB
DarkReading
Fresh Wave of GlassWorm VS Code Extensions Slices Through Supply Chain
UNC6692 Combines Social Engineering, Malware, Cloud Abuse
Unpatched 'PhantomRPC' Flaw in Windows Enables Privilege Escalation
20-Year-Old Malware Rewrites History of Cyber Sabotage
Parsing Agentic Offensive Security's Existential Threat
Helping Romance Scam Victims Requires a Proactive, Empathic Approach
US Busts Myanmar Ring Targeting US Citizens in Financial Fraud
Glasswing Secured the Code. The Rest of Your Stack Is Still on You
AI Phishing Is No. 1 With a Bullet for Cyberattackers
North Korea's Lazarus Targets macOS Users via ClickFix
Ars Technica
Open source package with 1 million monthly downloads stole user credentials
Why are top university websites serving porn? It comes down to shoddy housekeeping.
In a first, a ransomware family is confirmed to be quantum-safe
Microsoft issues emergency update for macOS and Linux ASP.NET threat
Contrary to popular superstition, AES 128 is just fine in a post-quantum world
US-sanctioned currency exchange says $15 million heist done by "unfriendly states"
Recent advances push Big Tech closer to the Q-Day danger zone
“Negative” views of Broadcom driving thousands of VMware migrations, rival says
Iran-linked hackers disrupt operations at US critical infrastructure sites
Thousands of consumer routers hacked by Russia's military
CyberScoop
Rep. Delia Ramirez takes over as top House cybersecurity Dem
U.S. companies hit with record fines for privacy in 2025
Chinese national extradited to US for pandemic-era Silk Typhoon attacks
Supreme Court justices skeptically question both sides in geofence surveillance case
Senators seek answers about hackers obtaining sensitive student data from ostensibly anonymous tip line
BlackFile actively extorting data-theft victims in retail and hospitality sector
Latest spy power reauthorization bill leaves critics unimpressed
Vercel attack fallout expands to more customers and third-party systems
US, UK agencies warn hackers were hiding on Cisco firewalls long after patches were applied
Dragos: Despite AI use, new malware targeting water plants is ‘hype’
InfoSecurity Magazine
Medtronic Confirms Data Breach After ShinyHunters Claims
Ransomware Turf War as 0APT and KryBit Groups Trade Blows
Chinese National Extradited Over Silk Typhoon Cyber Campaign
No Metrics Are Better Than Bad Metrics in the SOC, Says NCSC
North Korean Hackers Target Crypto Firms with ClickFix and AI-Made Zoom Lures
US Sanctions Target Cambodian Scam Network Leaders
Utilities Tech Supplier Itron Discloses Cyber-Attack, Operations Unaffected
Widely Used Browser Extensions Selling User Data
Most Cybersecurity Professionals Feel Undervalued and Underpaid
Researchers Identify Fast16 Sabotage Malware That Pre-Dates Stuxnet
SecurityWeek
The Mythos Moment: Enterprises Must Fight Agents with Agents
Webinar Today: A Step-by-Step Approach to AI Governance
Robinhood Vulnerability Exploited for Phishing Attacks
Alleged Chinese State Hacker Extradited to US
Dozens of Open VSX Extension Clones Linked to GlassWorm Malware
Sevii Launches Cyber Swarm Defense to Make Agentic AI Security Costs Predictable
Electric Motorcycles and Scooters Face Hacking Risks to Security and Rider Safety
No Patch for New PhantomRPC Privilege Escalation Technique in Windows
Germany Suspects Russia Is Behind Signal Phishing That Targeted Top Officials
Spectrum Security Emerges From Stealth Mode With $19 Million
ZDNet
I tested a BlackBerry-style Android phone with a keyboard, and it's weirdly practical in 2026
I earned nearly $700 by shopping with the Rakuten plugin - 6 tips from a shopping expert
Canonical's approach to AI is refreshingly thoughtful - Microsoft should take note
Finally, I found an ergonomic office keyboard that's just as good for gaming
Why virtual desktops are so useful - and my top 4 tips for beginners
This Bluetti power station with wheels has spoiled the way I charge my tools and devices
How to turn on Data Saver mode on your Android phone - and why it's critical to do so
My 5 favorite open source operating systems that aren't Linux
This hidden TV feature tracks your viewing - here's how to turn it off (no matter what brand)
77% of IT managers say their AI agents are out of control - 5 ways to rein in yours
The Hacker News
VECT 2.0 Ransomware Irreversibly Destroys Files Over 131KB on Windows, Linux, ESXi
Why Secure Data Movement Is the Zero Trust Bottleneck Nobody Talks About
Critical Unpatched Flaw Leaves Hugging Face LeRobot Open to Unauthenticated RCE
After Mythos: New Playbooks For a Zero-Window Era
Chinese Silk Typhoon Hacker Extradited to U.S. Over COVID Research Cyberattacks
Microsoft Patches Entra ID Role Flaw That Enabled Service Principal Takeover
Microsoft Confirms Active Exploitation of Windows Shell CVE-2026-32202
Checkmarx Confirms GitHub Repository Data Posted on Dark Web After March 23 Attack
⚡ Weekly Recap: Fast16 Malware, XChat Launch, Federal Backdoor, AI Employee Tracking & More
Mythos Changed the Math on Vulnerability Discovery. Most Teams Aren't Ready for the Remediation Side
BleepingComputer
US reportedly charges Scattered Spider hacker arrested in Finland
Checkmarx confirms LAPSUS$ hackers leaked its stolen GitHub data
Microsoft to deprecate legacy TLS in Exchange Online starting July
Inside an OPSEC Playbook: How Threat Actors Evade Detection
Microsoft: New Remote Desktop warnings may display incorrectly
Microsoft asks iPhone users to reauthenticate after Outlook outage
Robinhood account creation flaw abused to send phishing emails
GlassWorm malware attacks return via 73 OpenVSX "sleeper" extensions
Canada arrests three for operating “SMS blaster” device in Toronto
Alleged Silk Typhoon hacker extradited to US for cyberespionage
gbhackers
Hugging Face LeRobot Flaw Opens Door to Remote Code Execution Attacks
Silk Typhoon Hacker Extradited to U.S. from Italy
Checkmarx Confirms Security Incident Involving GitHub Repository Exposure
Fake Tax Audits and Updates Fuel Silver Fox Malware Campaign
Microsoft Expands Copilot Agent Mode for Outlook Inbox and Calendar Tasks
Chinese-Backed Smishing Rings Scale Credential Theft via SMS and OTT Apps
Sandworm Uses SSH-over-Tor Tunnel for Stealthy Long-Term Persistence
WhatsApp Tests Encrypted Cloud Backup Service for Safer Message Storage
Critical LiteLLM Flaw Enables Database Attacks Through SQL Injection
OilRig Hides C2 Config in Google Drive Image via LSB Steganography
Cybersecurity Dive
‘Fundamental tension’ undermines manufacturers’ cybersecurity
North Korea-linked actor targets Web3 execs in social-engineering campaign
Major critical infrastructure supplier reports cyberattack
US, UK authorities warn that Firestarter backdoor malware survives patching
When security becomes the attack surface: Why endpoint protection must evolve
Hasbro expects March cyberattack to impact second-quarter revenue
AI-written software creates hassles for wary security teams
China disguises cyberattacks with ‘covert network’ botnets, US and allies warn
Iran-nexus threat groups refine attacks against critical infrastructure
Trump’s CISA director pick withdraws after tumultuous nomination
Threatpost
Student Loan Breach Exposes 2.5M Records
Watering Hole Attacks Push ScanBox Keylogger
Tentacles of ‘0ktapus’ Threat Group Victimize 130 Firms
Ransomware Attacks are on the Rise
Cybercriminals Are Selling Access to Chinese Surveillance Cameras
Twitter Whistleblower Complaint: The TL;DR Version
Firewall Bug Under Active Attack Triggers CISA Warning
Fake Reservation Links Prey on Weary Travelers
iPhone Users Urged to Update to Patch 2 Zero-Days
Google Patches Chrome’s Fifth Zero-Day of the Year
The Register
Have I Been Pwned claims Pitney Bowes hit by 8.2M email address leak
SUSE's sovereignty pitch meets an inconvenient $6 billion question
Ongoing supply-chain attack 'explicitly targeting' security, dev tools
Medical and utility tech companies admit digital breakins
Trump's Golden Dome gets $3.2B of contractors and an AI sprinkle
Cybersec is a thankless job: expanding workload and shrinking pay packet
Burglar alarm biz burgled: ADT confirms cyber intrusion after ShinyHunters extortion attempt
Microsoft updates the Windows Update Experience: You can hit pause now
ICO chief John Edwards steps back as workplace probe quietly unfolds
Anthropic's magic code-sniffer: More Swiss cheese than cheddar, for now
VentureBeat
CVSS scored these two Palo Alto CVEs as manageable. Chained, they gave attackers root access to 13,000 devices.
85% of enterprises are running AI agents. Only 5% trust them enough to ship.
Vercel breach exposes the OAuth gap most security teams cannot detect, scope or contain
Three AI coding agents leaked secrets through a single prompt injection. One vendor's system card predicted it
Adversaries hijacked AI security tools at 90+ organizations. The next wave has write access to the firewall
Most enterprises can't stop stage-three AI agent threats, VentureBeat survey finds
Microsoft patched a Copilot Studio prompt injection. The data exfiltrated anyway
TechCrunch
Hacker who allegedly carried out cyberattacks for China is extradited to US
Critical infrastructure giant Itron says it was hacked
Another spyware maker caught distributing fake Android snooping apps
Trump’s pick to run US cyber agency CISA asks to drop out
Vercel says some of its customers’ data was stolen prior to its recent hack
Surveillance vendors caught abusing access to telcos to track people’s phone locations, researchers say
France confirms data breach at government agency that manages citizens’ IDs
Apple fixes bug that cops used to extract deleted chat messages from iPhones
Cosmetics giant Rituals confirms data breach of customer membership records
UK government says 100 countries have spyware that can hack people’s phones
Network World Security
Infected Cisco firewalls need cold start to clear persistent Firestarter backdoor
AI data bursts force rethink of data center networking at Backblaze
Nvidia’s ‘AI insurance policy’ balances immediate and future AI approaches
Top network and data center events of 2026
Meta’s compute grab continues with agreement to deploy tens of millions of AWS Graviton cores
Cirrascale to offer on-prem Google Gemini models
Space data-center news: Roundup of extraterrestrial AI endeavors
Network jobs watch: Hiring, skills and certification trends
Cisco switch aimed at building practical quantum networks
How AI is reshaping copper, fiber networking
Help Net Security
SC Magazine
Fake CAPTCHA scam drains bank accounts through international revenue share fraud
4 ways to build resilience in an era of geopolitical tension and rising AI threats
GlassWorm attackers activate new ‘sleeper’ extensions on Open VSX
Top 10 Web Hacking Techniques of 2025 and a Hint for 2026 - James Kettle - ASW #380
Tropic Trooper targets Chinese speakers with SumatraPDF trojan and VS Code tunnels
Thousands of Zimbra servers vulnerable to actively exploited flaw
LMDeploy vulnerability exploited, highlighting AI infrastructure risks
Pack2TheRoot flaw allows Linux privilege escalation
Fast16 malware: Pre-Stuxnet sabotage tool discovered
UK government's digital ID panel seeks public input
© 2026 RiskDiscovery | Sponsored by: Deception Logic