[ News | Newsletters | Blogs | Lists | Media | Jobs ] HoneyDB
DarkReading
Coast Guard's New Cybersecurity Rules Offers Lessons for CISOs
NIST Revamps CVE Framework to Focus on High-Impact Vulnerabilities
North Korea Uses ClickFix to Target macOS Users' Data
'Harmless' Global Adware Transforms Into an AV Killer
Two-Factor Authentication Breaks Free from the Desktop
Microsoft's Original Windows Secure Boot Certificate Is Expiring
6-Year Ransomware Campaign Targets Turkish Homes & SMBs
Critical MCP Integration Flaw Puts NGINX at Risk
Navigating the Unique Security Risks of Asia's Digital Supply Chain
Prepping for 'Q-Day': Why Quantum Risk Management Should Start Now
Ars Technica
Recent advances push Big Tech closer to the Q-Day danger zone
“Negative” views of Broadcom driving thousands of VMware migrations, rival says
Iran-linked hackers disrupt operations at US critical infrastructure sites
Thousands of consumer routers hacked by Russia's military
OpenClaw gives users yet another reason to be freaked out about security
New Rowhammer attacks give complete control of machines running Nvidia GPUs
Quantum computers need vastly fewer resources than thought to break vital encryption
Google bumps up Q Day deadline to 2029, far sooner than previously thought
Self-propagating malware poisons open source software and wipes Iran-based machines
Widely used Trivy scanner compromised in ongoing supply-chain attack
CyberScoop
US nationals sentenced for aiding North Korea’s tech worker scheme
Officials seize 53 DDoS-for-hire domains in ongoing crackdown
Ghost breaches: How AI-mediated narratives have become a new threat vector
NIST narrows scope of CVE analysis to keep up with rising tide of vulnerabilities
Executive orders likely ahead in next steps for national cyber strategy
OpenAI expands Trusted Access for Cyber program with new GPT 5.4 Cyber model 
We’re only seeing the tip of the chip-smuggling iceberg
CISA cancels summer internships for cyber scholarship students amid DHS funding lapse
Microsoft drops its second-largest monthly batch of defects on record
Space Force official touts AI’s impact on cyber compliance
InfoSecurity Magazine
Commercial AI Models Show Rapid Gains in Vulnerability Research
DDoS-For-Hire Services Disrupted by International Police Action in ‘Operation PowerOff’
US Nationals Jailed for Operating Fake Remote Worker Laptop Farms for North Korea
APK Malformation Found in Thousands of Android Malware Samples
Cookeville Medical Center Notifies Patients After July 2025 Ransomware Attack
NIST Drops NVD Enrichment for Pre-March 2026 Vulnerabilities
Systemic Flaw in MCP Protocol Could Expose 150 Million Downloads
Automotive Ransomware Attacks Double in a Year
OpenAI Unveils GPT-5.4-Cyber for Improving Cyber Defense With AI
European Cybersecurity Agency ENISA Seeks Top-Tier Status in CVE Program
SecurityWeek
In Other News: Satellite Cybersecurity Act, $90K Chrome Flaw, Teen Hacker Arrested
Another DraftKings Hacker Sentenced to Prison
Lawmakers Gathered Quietly to Talk About AI. Angst and Fears of ‘Destruction’ Followed
Recent Apache ActiveMQ Vulnerability Exploited in the Wild
Two North Korean IT Worker Scheme Facilitators Jailed in the US
ZionSiphon Malware Targets ICS in Water Facilities
Cursor AI Vulnerability Exposed Developer Devices
53 DDoS Domains Taken Down by Law Enforcement
Government Can’t Win the Cyber War Without the Private Sector
OpenAI Widens Access to Cybersecurity Model After Anthropic’s Mythos Reveal
ZDNet
Does Best Buy price match? Everything to know about matching prices online and in-store
I tried the new Gemini app for Mac - it has one major advantage over the web version
The best WordPress hosting services of 2026: Expert tested and reviewed
The best Apple Watch of 2026: Expert tested and reviewed
The best TV screen cleaners of 2026: Expert recommended
The best 50-inch TVs of 2026: Expert tested
I traded my Sonos Era 300 for Denon's new home speaker - and see no reason to go back
AI-powered website builders have come a long way - here's your best option in 2026
Amazon just slashed $250 off the Google Pixel 10 - and a Prime subscription isn't required
I found the apps slowing down my PC - how to kill the biggest memory hogs
The Hacker News
Three Microsoft Defender Zero-Days Actively Exploited; Two Still Unpatched
Google Blocks 8.3B Policy-Violating Ads in 2025, Launches Android 17 Privacy Overhaul
NIST Limits CVE Enrichment After 263% Surge in Vulnerability Submissions
Operation PowerOFF Seizes 53 DDoS Domains, Exposes 3 Million Criminal Accounts
Apache ActiveMQ CVE-2026-34197 Added to CISA KEV Amid Active Exploitation
Newly Discovered PowMix Botnet Hits Czech Workers Using Randomized C2 Traffic
ThreatsDay Bulletin: Defender 0-Day, SonicWall Brute-Force, 17-Year-Old Excel RCE and 15 More Stories
[Webinar] Find and Eliminate Orphaned Non-Human Identities in Your Environment
Cisco Patches Four Critical Identity Services, Webex Flaws Enabling Code Execution
Obsidian Plugin Abuse Delivers PHANTOMPULSE RAT in Targeted Finance, Crypto Attacks
BleepingComputer
Inside an Underground Guide: How Threat Actors Vet Stolen Credit Card Shops
Webinar: From phishing to fallout — Why MSPs must rethink both security and recovery
CISA flags Apache ActiveMQ flaw as actively exploited in attacks
Microsoft: Some Windows servers enter reboot loops after April patches
Man gets 30 months for selling thousands of hacked DraftKings accounts
Recently leaked Windows zero-days now exploited in attacks
Operation PowerOFF identifies 75k DDoS users, takes down 53 domains
ZionSiphon malware designed to sabotage water treatment systems
New Microsoft Defender “RedSun” zero-day PoC grants SYSTEM privileges
Hackers exploit Marimo flaw to deploy NKAbuse malware from Hugging Face
gbhackers
TP-Link Routers Hit by Mirai in CVE-2023-33538 Attacks
SEO Poisoning Attack Uses Microsoft Binary to Install RMM Tool
Operation PowerOFF Knocks Out 75,000 DDoS Attackers and Over 50 Service Domains
Industrial Systems Hit by New Email-Worm Threat Wave
OpenAI Extends GPT-5.4-Cyber Access to Trusted Organizations Worldwide
Microsoft Acknowledges Reboot Loop Issue on Windows Servers Following April Patches
Fake Zoom SDK Update Spreads Sapphire Sleet Malware in New macOS Attack Chain
PoC Released for FortiSandbox Flaw Enabling Arbitrary Command Execution
Critical Flowise Flaw Enables Remote Command Execution via MCP Adapters
Weaponized CVE-2026-39987 Pushes Blockchain Backdoor Through Hugging Face
Cybersecurity Dive
US joins nearly two dozen other countries in striking back against DDoS-for-hire platforms
CIOs fret over rising security concerns amid AI adoption
CISA cancels prestigious summer internships, citing government shutdown
NIST limits vulnerability analysis as CVE backlog swells
FCC exempts Netgear from foreign router ban
Medium-severity flaw in Microsoft SharePoint exploited
Brute-force cyberattacks originating in Middle East surge in Q1
FCC signals continued commitment to Cyber Trust Mark program
CISOs see gaps in their incident response playbooks
US, Indonesia shut down ‘sophisticated’ phishing kit
Threatpost
Student Loan Breach Exposes 2.5M Records
Watering Hole Attacks Push ScanBox Keylogger
Tentacles of ‘0ktapus’ Threat Group Victimize 130 Firms
Ransomware Attacks are on the Rise
Cybercriminals Are Selling Access to Chinese Surveillance Cameras
Twitter Whistleblower Complaint: The TL;DR Version
Firewall Bug Under Active Attack Triggers CISA Warning
Fake Reservation Links Prey on Weary Travelers
iPhone Users Urged to Update to Patch 2 Zero-Days
Google Patches Chrome’s Fifth Zero-Day of the Year
The Register
Locked-out iPhone user tells The Reg that Apple is scrambling to fix character flaw passcode bug
Claude Opus wrote a Chrome exploit for $2,283
Anthropic won't own MCP 'design flaw' putting 200K servers at risk, researchers say
North Korea targets macOS users in latest heist
Americans who masterminded Nork IT worker fraud sentenced to 200 months behind bars
Git identity spoof fools Claude into giving bad code the nod
Textbook titan McGraw Hill on ransomware crew's reading list after 13.5M records exposed
Microsoft announces product it doesn't want anyone to buy
Server-room lock was nothing but a crock
Google Chrome lacks protection against one of the most basic and common ways to track users online
VentureBeat
Microsoft patched a Copilot Studio prompt injection. The data exfiltrated anyway
Frontier models are failing one in three production attempts — and getting harder to audit
43% of AI-generated code changes need debugging in production, survey finds
Five signs data drift is already undermining your security models
Your developers are already running AI locally: Why on-device inference is the CISO’s new blind spot
AI agent credentials live in the same box as untrusted code. Two new architectures show where the blast radius actually stops.
Mythos autonomously exploited vulnerabilities that survived 27 years of human review. Security teams need a new detection playbook
TechCrunch
With US spy laws set to expire, lawmakers are split over protecting Americans from warrantless surveillance
Bluesky confirms DDoS attack is cause of continued app outages
European police email 75,000 people asking them to stop DDoS attacks
Two Americans sentenced for helping North Korea steal $5 million in fake IT worker scheme
Fashion retailer Express left customers’ personal data and order details exposed to the internet
Sweden blames Russian hackers for attempting ‘destructive’ cyberattack on thermal plant
Someone planted backdoors in dozens of WordPress plug-ins used in thousands of websites
Anthropic co-founder confirms the company briefed the Trump administration on Mythos
Adobe fixes PDF zero-day security bug that hackers have exploited for months
FBI announces takedown of phishing operation that targeted thousands of victims
Network World Security
AI shifts IT roles from operator to orchestrator
IBM unveils security services for thwarting agentic attacks, automating threat assessment
OpenAI pulls out of a second Stargate data center deal
Maine to put brakes on big data centers as AI expansion collides with power limits
Satellite backhaul service Globalstar has a new, rich owner amid challenging market conditions
Cisco just made moves to own the AI infrastructure stack
Data centers are moving inland, away from some traditional locations
2026 network outage report and internet health check
DNS security is often inadequate, and network engineers should get more involved
Curious about quantum? Check out training options from ISC2, IBM, AWS and more
Help Net Security
Google wipes out 602 million scam ads with Gemini on duty
Researcher drops two more Microsoft Defender zero-days, all three now exploited in the wild
GitLab 18.11 brings agentic AI to security fixes, CI pipelines, and delivery analytics
Liongard upgrades LiongardIQ with AI access, live asset data, and deeper discovery
Mozilla challenges enterprise AI providers with Thunderbolt, open-source AI client under your control
SC Magazine
Bot traffic makes up 49% of online activity, but 99% of bots unwanted
AI as the defender: Reinventing proactive cybersecurity through intelligent automation
The AI "Vulnpocolypse" Is Real? - PSW #922
Cisco patches critical bugs in Webex, ISE
Netgear gets FCC exemption from foreign-made router ban
DOE, Lawrence Livermore National Laboratory partner on AI testbed
Microsoft, others patch hundreds of security flaws
Spanish, Australian hospitality platform breaches impact nearly 5M
Major luxury clothing retailers allegedly breached, samples leaked
Google Cloud Storage weaponized for clandestine Remcos RAT delivery
© 2026 RiskDiscovery | Sponsored by: Deception Logic