[
News
|
Newsletters
|
Blogs
|
Lists
|
Media
|
Jobs
]
HoneyDB
DarkReading
Manage Vendor Risk in a Few Practical Steps
Frontier AI: The Genie's Out of the Bottle, but Where's the Rulebook?
ClickFix's Mushrooming Ecosystem Demands New Defense Tactics
Cursor IDE Auto-Executes Malicious Code in Poisoned Repos
Weak Security Continues to Fuel Russian Cyberattacks
'Yellow Teams' Are Defining the Future of AI Security
GigaWiper Lets Threat Actors Choose Their Own Destructive Attack
Turning the Tables on Email Scammers With 'ScamBuster'
Jen Ellis: Connecting Cyber Community With Political Machinery
Cybercriminals Flock to Healthcare Businesses as Attacks Surge
Ars Technica
The US government warns that Russia state hackers are coming after your router
Now, defenders are embracing the prompt injection, too
Patch for Windows Defender 0-day could allow attackers to fill hard disk
Allstate accuses Broadcom of auditing it because it quit VMware, CA
Google pays $250K for Linux vulnerability allowing guest VM escapes
Aussie gov't tells volunteers to throw out thousands of functioning test routers
US rare earths flow to Asia as domestic demand is slow to emerge
Hackers can use 9 of the most popular AI tools to assemble massive botnets
Newly discovered PamStealer isn't your typical macOS malware
T-Mobile moving tens of thousands of virtual machines off VMware amid lawsuit
CyberScoop
Treasury sanctions First VPN Service, others for abetting ransomware gangs
States are building their own election defense networks as federal support evaporates
Europe strikes out against Russia’s Turla over espionage, ‘destructive attacks’
Officials once again warn defenders that Russian hackers are targeting network devices
AI-generated code has made security debt a governance problem
Armenian national pleads guilty to Ryuk ransomware attacks
CISA looks to remedy ailments from big May credential leak
Former DigitalMint ransomware negotiator who duped clients sentenced to 70 months in jail
Interpol cybercrime crackdown nets 5,800 arrests across 97 countries
764 splinter group leader sentenced to 40 years in jail
InfoSecurity Magazine
US: Pentagon Suspends CMMC Phase II Requirements for Defense Contractors
New MacOS Malware Exploits Legitimate Developer ID to Pose as Apple Crash Reporter
Lidl Notifies Customers of Third-Party Data Breach
Five Charged in “Russian Coms” Fraud Platform Case
Open Directory Exposes Three Evilginx Phishing Operators
Pakistani Police Systems Hit by Chinese and Indian Espionage
Novel OAuth Client ID Spoofing Technique Targets Cloud Environments
Progress Software Warns of "External Security Threat" to ShareFile
Russian State Hackers Target Vulnerable Routers Worldwide, Joint Advisory Warns
Hacker Extradited from Ukraine Pleads Guilty to Ryuk Ransomware Charges
SecurityWeek
Microsoft Patches Record 622 Vulnerabilities, Including Two Exploited Zero-Days
Synopsys Finds No Evidence of Data Breach Amid Bosch Hack Claims
Adobe Patches Critical ColdFusion Vulnerabilities
7 Severe Vulnerabilities Patched in VMware Avi Load Balancer
Unpatched Claude for Chrome Flaw Lets Extensions Read Gmail, Calendar
SAP Patches Critical Vulnerabilities in NetWeaver, Approuter, Commerce Cloud
US, Allies Warn of Russian Cyberattacks Targeting Critical Infrastructure Routers
Valarian Raises $50 Million for Sovereign Infrastructure Control Layer
Multiple Jscrambler Packages Impacted by Supply Chain Attack
Pentagon Suspends CMMC Phase 2 as It Rethinks Contractor Cybersecurity Rules
ZDNet
The only Apple Watch strap you'll ever need is down to its lowest price yet
How to download iPadOS 27 right now - and which models support it
Every iPhone model that supports iOS 27 (and which older ones don't)
How to download iOS 27 right now (and which iPhone models support it)
Google is training AI on even more of your data now, unless you opt out - here's how
5 smart home gadgets I actually recommend, after years of testing
Google Search will let you instantly generate AI images for free - here's how
I'm a serial Linux distro hopper - these 7 signs mean it's time to switch
These 5 gadgets will upgrade your Apple Watch - and I recommend them
How to install the MacOS 27 public beta on your Mac today - it's live now
The Hacker News
LabubaRAT Masquerades as NVIDIA Software to Control Windows Hosts
RabbitMQ Flaws Could Leak OAuth Secrets and Expose Cross-Tenant Queue Metadata
11 Old Microsoft-Signed Linux UEFI Shims Could Let Attackers Bypass Secure Boot
Study of 85 Crypto Wallet Extensions Finds Address Leaks and Cross-Site Tracking Risks
How Pentera Turns AI Security Workflows into Validation Engines
OAuth Client ID Spoofing Lets Attackers Validate Stolen Microsoft Entra Credentials
Grok Build Uploaded Entire Git Repositories to xAI Storage, Not Just Files It Read
U.S. Sanctions First VPN Service and Malware Cryptor Seller Over Ransomware Support
148 npm Packages Disguised as Student Proxies Turned Browsers Into a DDoS Botnet
Microsoft Maps Three Salesforce Attack Paths Tied to a Year of ShinyHunters Activity
BleepingComputer
Microsoft releases Windows 10 KB5099539 extended security update
Microsoft July 2026 Patch Tuesday fixes massive 570 flaws, 3 zero-days
Windows 11 KB5101650 & KB5099414 cumulative updates released
Progress confirms ShareFile zero-day flaw behind Storage Zone shutdown
LastPass, Bitwarden users targeted with fake security alerts
You Don't Have to Run an Exploit to Know If You're Vulnerable
Microsoft Entra ID gets passkeys default authentication starting September
New phishing kits target Microsoft 365 accounts, evade MFA
SAP warns of critical flaws in NetWeaver and Commerce Cloud
Microsoft starts testing cleaner Windows Search without ads
gbhackers
Miasma Worm Returns as RAT-First npm Attack With Automatic Propagation Disabled
xAI Grok CLI Exposed Developer Code Through Automatic Whole-Repository Uploads
Attackers Distribute Password Attacks Across Fictional OAuth Apps to Evade SOC Alerts
Cybercriminals Target Turkish Banks With 8,400 Phishing Domains and 6,600 Scam Ads
ANY.RUN Integrates Threat Intelligence and Interactive Sandbox to Streamline SOC Workflows
CISA Adds Cisco IOS CSRF Flaw Enabling Arbitrary Command Execution to KEV Catalog
Greenhat Announces Successful Delegation at Web Summit Vancouver 2026
SAP July 2026 Patch Day Fixes Critical NetWeaver, Approuter, and Commerce Cloud Vulnerabilities
WinFsp Race Condition Flaw Allows Attackers to Gain SYSTEM-Level Access on Windows
Why programming true randomness in emulators is a developer worst nightmare
Cybersecurity Dive
Sharp rise in AI adoption for cyber defense exposes major governance gap
Healthcare sector faces persistent challenges with supply-chain security, identity management
US authorities warn that state-linked hackers are targeting vulnerable networking devices
Hackers find a new trick to collect Microsoft Entra user data without raising red flags
Copy-paste might be the riskiest thing your enterprise employees do all day
When cybercriminals outrun the feed
Initial access broker linked to weaponization of CitrixBleed2 flaw
CISA details security lapses that led to GitHub leak of passwords, cloud access keys
Data breach hits car insurance provider
Ransomware ecosystem grows, but ‘four-headed monster’ dominates
Threatpost
Student Loan Breach Exposes 2.5M Records
Watering Hole Attacks Push ScanBox Keylogger
Tentacles of ‘0ktapus’ Threat Group Victimize 130 Firms
Ransomware Attacks are on the Rise
Cybercriminals Are Selling Access to Chinese Surveillance Cameras
Twitter Whistleblower Complaint: The TL;DR Version
Firewall Bug Under Active Attack Triggers CISA Warning
Fake Reservation Links Prey on Weary Travelers
iPhone Users Urged to Update to Patch 2 Zero-Days
Google Patches Chrome’s Fifth Zero-Day of the Year
The Register
Welsh Doxbin admin jailed for egging on swatters from behind a screen
Musk promises purge after Grok Build caught sending entire repos to the cloud
'The bots are alive!' Jailbroken Gemini spun up new C2 server for Russian fraudster in just 6 minutes
Baddies caught exploiting extensions bugs with perfect 10 scores on vulnerable Joomla websites
EU and UK officially blame Russian spies for cyberattack on Poland's power grid
World Cup grudge attackers may have scored Argentine FA access via year-old infostealer infection
Progress orders emergency ShareFile server shutdown over mystery security threat
Destructive Windows backdoor stuffs multiple wipers and ransomware code into a single package
Fashion mart Miinto unzips breach details, warns shoppers to watch for phisherfolk
Scot NHS Trust probes email stuffup involving maternity patients' data
VentureBeat
1Password moves into AI cost management, betting that token spend is the next enterprise budget crisis
Forget typosquatting; slopsquatting is the software supply chain threat created by AI coding tools
Shared API keys expose AI agents at 69% of enterprises, new VentureBeat research finds
AI has collapsed the cyber response window — resilience now starts before the attack
The real cost, security, and culture problems behind enterprise AI agents
Digital resilience compounds when AI and human expertise scale together
The attack that hijacked Claude Code came through Sentry. Datadog, PagerDuty, and Jira have the same exposure.
TechCrunch
Iran abused mobile networks’ vulnerabilities to locate US military in the Middle East, report says
Telegram’s shortlink domain is back online after day-long suspension
Apple says former employee exploited ‘rare’ bug to download confidential files after leaving for OpenAI
LAPD lets contract with surveillance giant Flock expire, citing ‘serious concerns’ over civil liberties and privacy
US cybersecurity agency CISA had to build its incident playbook during the incident, agency reveals
Florida ransomware negotiator convicted for helping ransomware gang extort US companies
Another massive data breach exposed millions of driver’s license numbers
Hacked, leaked, and held for ransom: The worst breaches of 2026 so far
Hacktivists call out Trump by hacking and defacing US Army websites
Savi’s app aims to protect consumers from realistic AI scams like kidnappers demanding ransom
Network World Security
2026 network outage report and internet health check
Governments to enterprises: Improve your router security hygiene
Weather grows as one of data center growth’s greatest risks
Routine maintenance as a failure vector in modern networks
Network jobs watch: Hiring, skills and certification trends
AI job titles expand beyond tech as IT hiring remains strong
Broadcom will sell more US-made components to Apple
AI tie-in accelerates quantum usefulness, early adopters say
Infoblox acquires Kentik, adding network observability to its DNS and DDI platform
SpaceXAI wants to compete on AI infrastructure, not just AI models
Help Net Security
SonicWall SMA appliances targeted in zero-day attacks (CVE-2026-15409, CVE-2026-15410)
New macOS malware steals passwords by posing as Apple’s crash-reporting tool
Download: The ultimate guide to network operations management
“Context bombs” can frustrate AI-driven attacks, researchers found
Google adds FIDO2 keys and phone passkeys to Windows login via GCPW
No one knows how many old shims can still bypass UEFI Secure Boot
UK charges five persons linked to fraud platform behind more than a million scam calls
Microsoft Entra ID authentication overhaul to start in September 2026
New tutorials on underground hacking forums have roughly doubled
The best defense against AI attacks turns out to be a skeptical human
SC Magazine
OAuth client ID spoofing silently validates stolen Microsoft Entra ID credentials
What Data Protection Actually Controls
How to Evaluate Risk-Based Vulnerability Prioritization Platforms
How security can help build trusted AI programs
Pentagon suspends CMMC phase 2 cybersecurity requirements
Japan's largest taxi operator suffers cyberattack, disrupting services
5 charged in UK investigation into Russian Coms scam platform
RabbitMQ fixes flaw that allowed broker takeover via OAuth secret disclosure
Your phishing defense was built for 2016, but attackers are operating in 2026
Discovering & Securing Your AI Agent Attack Surface - Jeremy Snyder - ASW #391
© 2026 RiskDiscovery | Sponsored by:
Deception Logic