[ News | Newsletters | Blogs | Lists | Media | Jobs ] HoneyDB
DarkReading
6-Year Ransomware Campaign Targets Turkish Homes & SMBs
Critical MCP Integration Flaw Puts NGINX at Risk
Navigating the Unique Security Risks of Asia's Digital Supply Chain
Prepping for 'Q-Day': Why Quantum Risk Management Should Start Now
Audit: Big Tech Often Ignores CA Privacy Law Opt-Out Requests
Microsoft, Salesforce Patch AI Agent Data Leak Flaws
Microsoft Bets $10B to Boost Japan's AI, Cybersecurity
Privilege Elevation Dominates Massive Microsoft Patch Update
EDR-Killer Ecosystem Expansion Requires Stronger BYOVD Defenses
War Game Exercise Demonstrates How Social Media Manipulation Works
Ars Technica
“Negative” views of Broadcom driving thousands of VMware migrations, rival says
Iran-linked hackers disrupt operations at US critical infrastructure sites
Thousands of consumer routers hacked by Russia's military
OpenClaw gives users yet another reason to be freaked out about security
New Rowhammer attacks give complete control of machines running Nvidia GPUs
Quantum computers need vastly fewer resources than thought to break vital encryption
Google bumps up Q Day deadline to 2029, far sooner than previously thought
Self-propagating malware poisons open source software and wipes Iran-based machines
Widely used Trivy scanner compromised in ongoing supply-chain attack
Cloud service providers ask EU regulator to reinstate VMware partner program
CyberScoop
Ghost breaches: How AI-mediated narratives have become a new threat vector
NIST narrows scope of CVE analysis to keep up with rising tide of vulnerabilities
Executive orders likely ahead in next steps for national cyber strategy
OpenAI expands Trusted Access for Cyber program with new GPT 5.4 Cyber model 
We’re only seeing the tip of the chip-smuggling iceberg
CISA cancels summer internships for cyber scholarship students amid DHS funding lapse
Microsoft drops its second-largest monthly batch of defects on record
Space Force official touts AI’s impact on cyber compliance
Black Basta’s playbook lives on as former affiliates launch fast-scale intrusion campaign
Secretary Mullin must help finish the job: Urge the Senate to confirm Plankey
InfoSecurity Magazine
Systemic Flaw in MCP Protocol Could Expose 150 Million Downloads
Automotive Ransomware Attacks Double in a Year
OpenAI Unveils GPT-5.4-Cyber for Improving Cyber Defense With AI
European Cybersecurity Agency ENISA Seeks Top-Tier Status in CVE Program
Signed Adware Operation Disables Antivirus Across 23,000 Hosts
Critical Nginx-ui MCP Flaw Actively Exploited in the Wild
AI Companies to Play Bigger Role in CVE Program, Says CISA
Researchers Spot Surge in Brute-Force Attacks from Middle East
Microsoft Fixes Two Zero-Days in April Patch Tuesday
CISOs Urged to Innovate with Talent Retention as Job Satisfaction Declines
SecurityWeek
Splunk Enterprise Update Patches Code Execution Vulnerability
Microsoft Paid Out $2.3 Million at Zero Day Quest 2026 Hacking Contest
NIST Prioritizes NVD Enrichment for CVEs in CISA KEV, Critical Software
Cisco Patches Critical Vulnerabilities in Webex, ISE
Ransomware Hits Automotive Data Expert Autovista
Claude Code, Gemini CLI, GitHub Copilot Agents Vulnerable to Prompt Injection via Comments
Sweden Blames Pro-Russian Group for Cyberattack Last Year on Its Energy Infrastructure
Exploited Vulnerability Exposes Nginx Servers to Hacking
Capsule Security Emerges From Stealth With $7 Million in Funding
‘By Design’ Flaw in MCP Could Enable Widespread AI Supply Chain Attacks
ZDNet
This stroller turns into a carry on-suitcase, and I recommend it for traveling parents
The best small business VoIP providers of 2026: Expert tested and reviewed
Protect your devices with our pick for the best antivirus software, now over 60% off
I found a way to roll back buggy Google Services updates on Android - in just a few clicks
Don't fall for the 'Vivid' TV trap when shopping - how I get the most color accurate setup
The same Microsoft Surface I bought 4 months ago is 69% more expensive now - here's why
I've been subscribed to a data removal service a month now - what I wish I knew sooner
I tried Google's new desktop app for Windows, and I'll never search the old way again
Microsoft's Windows 11 laptop deal for students comes with a $500 bonus - what's included
Best Buy will give you a free LG TV when you buy the B5 OLED at 50% off - seriously
The Hacker News
Cisco Patches Four Critical Identity Services, Webex Flaws Enabling Code Execution
Obsidian Plugin Abuse Delivers PHANTOMPULSE RAT in Targeted Finance, Crypto Attacks
Hidden Passenger? How Taboola Routes Logged-In Banking Sessions to Temu
UAC-0247 Targets Ukrainian Clinics and Government in Data-Theft Malware Campaign
n8n Webhooks Abused Since October 2025 to Deliver Malware via Phishing Emails
Actively Exploited nginx-ui Flaw (CVE-2026-33032) Enables Full Nginx Server Takeover
April Patch Tuesday Fixes Critical Flaws Across SAP, Adobe, Microsoft, Fortinet, and More
Deterministic + Agentic AI: The Architecture Exposure Validation Requires
Microsoft Issues Patches for SharePoint Zero-Day and 168 Other New Vulnerabilities
OpenAI Launches GPT-5.4-Cyber with Expanded Access for Security Teams
BleepingComputer
Data breach at edtech giant McGraw Hill affects 13.5 million accounts
US nationals behind DPRK IT worker 'laptop farm' sent to prison
Microsoft: April Windows Server 2025 update may fail to install
Critical Nginx UI auth bypass flaw now actively exploited in the wild
New AgingFly malware used in attacks on Ukraine govt, hospitals
WordPress plugin suite hacked to push malware to thousands of sites
Signed software abused to deploy antivirus-killing scripts
Microsoft pays $2.3M for cloud and AI flaws at Zero Day Quest
CISA flags Windows Task Host vulnerability as exploited in attacks
Rolling Networks: Securing the Transportation Sector
gbhackers
Fake ProtonVPN, game mod sites spread NWHStealer in new Windows malware campaign
Hackers Exploit n8n Webhooks to Spread Malware
Two U.S. Nationals Sentenced in $5 Million DPRK Remote Worker Laptop Farm Scheme
New PoC Exploit Published for Microsoft Defender 0-Day Flaw
Cisco FMC Zero-Day Among 31 High-Impact Vulnerabilities Exploited in March
Chrome Privacy Vulnerability Exposes Users via Fingerprinting and Header Leaks
Critical Cisco ISE Flaws Let Remote Attackers Execute Malicious Code
Cisco Webex Vulnerability Allows User Impersonation Attacks
Fake Adobe Reader Download Drops ScreenConnect via Fileless Loader
Russian Hosting Tied to 1,250+ C2 Servers Across 165 Providers
Cybersecurity Dive
FCC exempts Netgear from foreign router ban
Medium-severity flaw in Microsoft SharePoint exploited
Brute-force cyberattacks originating in Middle East surge in Q1
FCC signals continued commitment to Cyber Trust Mark program
CISOs see gaps in their incident response playbooks
US, Indonesia shut down ‘sophisticated’ phishing kit
Stryker warns of earnings fallout from March cyberattack
Nearly 4K industrial control devices vulnerable to Iran-linked hacking campaign
NERC is ‘actively monitoring the grid’ following Iran-linked cyber threat
CISA adds second critical flaw in Ivanti EPMM to exploited vulnerabilities catalog
Threatpost
Student Loan Breach Exposes 2.5M Records
Watering Hole Attacks Push ScanBox Keylogger
Tentacles of ‘0ktapus’ Threat Group Victimize 130 Firms
Ransomware Attacks are on the Rise
Cybercriminals Are Selling Access to Chinese Surveillance Cameras
Twitter Whistleblower Complaint: The TL;DR Version
Firewall Bug Under Active Attack Triggers CISA Warning
Fake Reservation Links Prey on Weary Travelers
iPhone Users Urged to Update to Patch 2 Zero-Days
Google Patches Chrome’s Fifth Zero-Day of the Year
The Register
Textbook titan McGraw Hill on ransomware crew's reading list after 13.5M records exposed
Microsoft announces product it doesn't want you to buy: Extended security updates for old Exchange, and Skype for Biz
Server-room lock was nothing but a crock
Google Chrome lacks protection against one of the most basic and common ways to track users online
Anthropic's Project Glasswing CVE tally is still anyone's guess
Patch these critical Fortinet sandbox bugs that let attackers bypass login, run commands over HTTP
Automotive data biz Autovista blames ransomware for service disruption
French cops free mother and son after 20-hour crypto kidnap ordeal
Ancient Excel bug comes out of retirement for active attacks
Raspberry Pi OS ends open-door policy for sudo
VentureBeat
Microsoft patched a Copilot Studio prompt injection. The data exfiltrated anyway.
Frontier models are failing one in three production attempts — and getting harder to audit
43% of AI-generated code changes need debugging in production, survey finds
Five signs data drift is already undermining your security models
Your developers are already running AI locally: Why on-device inference is the CISO’s new blind spot
AI agent credentials live in the same box as untrusted code. Two new architectures show where the blast radius actually stops.
Mythos autonomously exploited vulnerabilities that survived 27 years of human review. Security teams need a new detection playbook
TechCrunch
Sweden blames Russian hackers for attempting ‘destructive’ cyberattack on thermal plant
Someone planted backdoors in dozens of WordPress plug-ins used in thousands of websites
Anthropic co-founder confirms the company briefed the Trump administration on Mythos
Adobe fixes PDF zero-day security bug that hackers have exploited for months
FBI announces takedown of phishing operation that targeted thousands of victims
Booking.com confirms hackers accessed customers’ data
Hack at Anodot leaves over a dozen breached companies facing extortion
France to ditch Windows for Linux to reduce reliance on US tech
Hacker stole £700,000 from UK energy company by redirecting payment
WireGuard VPN developer can’t ship software updates after Microsoft locks account
Network World Security
OpenAI pulls out of a second Stargate data center deal
Maine to put brakes on big data centers as AI expansion collides with power limits
Satellite backhaul service Globalstar has a new, rich owner amid challenging market conditions
Cisco just made moves to own the AI infrastructure stack
Data centers are moving inland, away from some traditional locations
2026 network outage report and internet health check
DNS security is often inadequate, and network engineers should get more involved
Fixing encryption isn’t enough. Quantum developments put focus on authentication
Curious about quantum? Check out training options from ISC2, IBM, AWS and more
Linux 7.0 debuts with some big changes for networking
Help Net Security
Google Play is changing how Android apps access your contacts and location
Tails 7.6.2 patches vulnerability that could expose saved files
Cargo theft malware actor spent a month inside a decoy network before researchers pulled the plug
Two US nationals jailed over scheme that generated $5 million for the North Korean regime
OpenAI updates Agents SDK, adds sandbox for safer code execution
SC Magazine
Nginx-ui MCP missing authentication flaw actively exploited
OpenAI unveils GPT-5.4-Cyber, expands access for verified security experts
FCC picks new Cyber Trust Mark program overseer
Vulnerability-related breach exposes RCI Hospitality Holdings' contractor data
Amtrak allegedly breached by ShinyHunters, massive data leak threatened
McGraw-Hill downplays Salesforce misconfiguration-related breach
0APT threatens to expose Krybit ransomware operation's data
Novel ad fraud scheme weaponizes Google Discover
Over 25K systems exposed by adware app to supply chain compromise
Middle East-based brute-force cyber intrusions surge
© 2026 RiskDiscovery | Sponsored by: Deception Logic